do
eval HOSTLOGIN=root@\$ipv4_${host}
- RADIUS_DIR=/etc/freeradius/3.0
- RADIUS_EAP_FILE=mods-enabled/eap
- RADIUS_EAP_NAME=eap
- if [ "$BASEIMGSUITE" == "jessie" ]
- then
- RADIUS_DIR=/etc/freeradius
- RADIUS_EAP_FILE=eap.conf
- RADIUS_EAP_NAME=eap.conf
- fi
-
- for file in clients.conf radiusd.conf proxy.conf users sites-enabled/default sites-enabled/inner-tunnel $RADIUS_EAP_FILE
+ for file in clients.conf radiusd.conf proxy.conf users sites-enabled/default sites-enabled/inner-tunnel mods-enabled/eap
do
- scp $SSHCONF $HOSTLOGIN:$RADIUS_DIR/$file \
+ scp $SSHCONF $HOSTLOGIN:/etc/freeradius/3.0/$file \
$TESTRESULTDIR/${host}.$(basename $file) > /dev/null 2>&1
done
<ul>
<li><a href="$host.clients.conf">clients.conf</a></li>
<li><a href="$host.radiusd.conf">radiusd.conf</a></li>
- <li><a href="$host.$RADIUS_EAP_NAME">$RADIUS_EAP_NAME</a></li>
+ <li><a href="$host.eap">eap</a></li>
</ul>
</td>
<td valign="top">
+++ /dev/null
-client 10.1.0.1 {
- secret = gv6URkSs
- shortname = moon
-}
+++ /dev/null
-#
-# This is the master dictionary file, which references the
-# pre-defined dictionary files included with the server.
-#
-# Any new/changed attributes MUST be placed in this file, as
-# the pre-defined dictionaries SHOULD NOT be edited.
-#
-# $Id$
-#
-
-#
-# The filename given here should be an absolute path.
-#
-$INCLUDE /usr/share/freeradius/dictionary
-
-#
-# Place additional attributes or $INCLUDEs here. They will
-# over-ride the definitions in the pre-defined dictionaries.
-#
-# See the 'man' page for 'dictionary' for information on
-# the format of the dictionary files.
-
-#
-# If you want to add entries to the dictionary file,
-# which are NOT going to be placed in a RADIUS packet,
-# add them here. The numbers you pick should be between
-# 3000 and 4000.
-#
-
-#ATTRIBUTE My-Local-String 3000 string
-#ATTRIBUTE My-Local-IPAddr 3001 ipaddr
-#ATTRIBUTE My-Local-Integer 3002 integer
+++ /dev/null
-# radiusd.conf -- FreeRADIUS server configuration file.
-
-prefix = /usr
-exec_prefix = ${prefix}
-sysconfdir = /etc
-localstatedir = /var
-sbindir = ${exec_prefix}/sbin
-logdir = ${localstatedir}/log/freeradius
-raddbdir = ${sysconfdir}/freeradius
-radacctdir = ${logdir}/radacct
-
-# name of the running server. See also the "-n" command-line option.
-name = freeradius
-
-# Location of config and logfiles.
-confdir = ${raddbdir}
-run_dir = ${localstatedir}/run
-
-# Should likely be ${localstatedir}/lib/radiusd
-db_dir = ${raddbdir}
-
-# libdir: Where to find the rlm_* modules.
-libdir = ${exec_prefix}/lib
-
-# pidfile: Where to place the PID of the RADIUS server.
-pidfile = ${run_dir}/${name}.pid
-
-# max_request_time: The maximum time (in seconds) to handle a request.
-max_request_time = 30
-
-# cleanup_delay: The time to wait (in seconds) before cleaning up
-cleanup_delay = 5
-
-# max_requests: The maximum number of requests which the server keeps
-max_requests = 1024
-
-# listen: Make the server listen on a particular IP address, and send
-listen {
- type = auth
- ipaddr = 10.1.0.10
- port = 0
-}
-
-# This second "listen" section is for listening on the accounting
-# port, too.
-#
-listen {
- type = acct
- ipaddr = 10.1.0.10
- port = 0
-}
-
-# hostname_lookups: Log the names of clients or just their IP addresses
-hostname_lookups = no
-
-# Core dumps are a bad thing. This should only be set to 'yes'
-allow_core_dumps = no
-
-# Regular expressions
-regular_expressions = yes
-extended_expressions = yes
-
-# Logging section. The various "log_*" configuration items
-log {
- destination = files
- file = ${logdir}/radius.log
- syslog_facility = daemon
- stripped_names = no
- auth = yes
- auth_badpass = yes
- auth_goodpass = yes
-}
-
-# The program to execute to do concurrency checks.
-checkrad = ${sbindir}/checkrad
-
-# Security considerations
-security {
- max_attributes = 200
- reject_delay = 1
- status_server = yes
-}
-
-# PROXY CONFIGURATION
-proxy_requests = yes
-$INCLUDE proxy.conf
-
-# CLIENTS CONFIGURATION
-$INCLUDE clients.conf
-
-# THREAD POOL CONFIGURATION
-thread pool {
- start_servers = 5
- max_servers = 32
- min_spare_servers = 3
- max_spare_servers = 10
- max_requests_per_server = 0
-}
-
-# MODULE CONFIGURATION
-modules {
- $INCLUDE ${confdir}/modules/
- $INCLUDE eap.conf
-}
-
-# Instantiation
-instantiate {
- exec
- expr
- expiration
- logintime
-}
-
-# Policies
-$INCLUDE policy.conf
-
-# Include all enabled virtual hosts
-$INCLUDE sites-enabled/
;;
esac
case "$BASEIMGSUITE" in
-jessie)
- INC=$INC,libahven4-dev,libxmlada5-dev,libgmpada5-dev
- INC=$INC,libalog1-dev
- ;;
stretch)
INC=$INC,libahven5-dev,libxmlada-schema6-dev,libgmpada6-dev
INC=$INC,libalog2-dev
+++ /dev/null
-eap {
- default_eap_type = md5
- md5 {
- }
-}
+++ /dev/null
-realm strongswan.org {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- suffix
- eap {
- ok = return
- }
- files
-}
-
-authenticate {
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-carol Cleartext-Password := "4iChxLT3"
+++ /dev/null
-eap {
- default_eap_type = md5
- md5 {
- }
-}
+++ /dev/null
-realm strongswan.org {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- suffix
- files
-}
-
-authenticate {
- pap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
-}
+++ /dev/null
-carol Cleartext-Password := "4iChxLT3"
+++ /dev/null
-eap {
- default_eap_type = md5
- md5 {
- }
-}
+++ /dev/null
-realm LOCAL {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- eap {
- ok = return
- }
- files
-}
-
-authenticate {
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-carol Cleartext-Password := "Ar3etTnp"
+++ /dev/null
-eap {
- default_eap_type = md5
- md5 {
- }
-}
+++ /dev/null
-realm strongswan.org {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- suffix
- eap {
- ok = return
- }
- files
-}
-
-authenticate {
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-carol Cleartext-Password := "Ar3etTnp"
+++ /dev/null
-eap {
- md5 {
- }
- default_eap_type = peap
- tls {
- private_key_file = /etc/raddb/certs/aaaKey.pem
- certificate_file = /etc/raddb/certs/aaaCert.pem
- CA_file = /etc/raddb/certs/strongswanCert.pem
- cipher_list = "DEFAULT"
- dh_file = /etc/raddb/certs/dh
- random_file = /etc/raddb/certs/random
- }
- peap {
- default_eap_type = md5
- use_tunneled_reply = yes
- virtual_server = "inner-tunnel"
- }
-}
+++ /dev/null
-realm strongswan.org {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- suffix
- eap {
- ok = return
- }
- files
-}
-
-authenticate {
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-server inner-tunnel {
-
-authorize {
- suffix
- eap {
- ok = return
- }
- files
-}
-
-authenticate {
- eap
-}
-
-session {
- radutmp
-}
-
-post-auth {
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
-
-} # inner-tunnel server block
+++ /dev/null
-carol Cleartext-Password := "Ar3etTnp"
-dave Cleartext-Password := "W7R0g3do"
+++ /dev/null
-eap {
- default_eap_type = sim
- sim {
- }
-}
+++ /dev/null
-realm LOCAL {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- files
- update reply {
- EAP-Sim-Rand1 := "%{control:EAP-Sim-Rand1}"
- EAP-Sim-Rand2 := "%{control:EAP-Sim-Rand2}"
- EAP-Sim-Rand3 := "%{control:EAP-Sim-Rand3}"
- EAP-Sim-SRES1 := "%{control:EAP-Sim-SRES1}"
- EAP-Sim-SRES2 := "%{control:EAP-Sim-SRES2}"
- EAP-Sim-SRES3 := "%{control:EAP-Sim-SRES3}"
- EAP-Sim-KC1 := "%{control:EAP-Sim-KC1}"
- EAP-Sim-KC2 := "%{control:EAP-Sim-KC2}"
- EAP-Sim-KC3 := "%{control:EAP-Sim-KC3}"
- }
- eap {
- ok = return
- }
-}
-
-authenticate {
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-228060123456001 EAP-Type := SIM, EAP-Sim-RAND1 := 0x30000000000000000000000000000000, EAP-Sim-SRES1 := 0x30112233, EAP-Sim-KC1 := 0x305566778899AABB, EAP-Sim-RAND2 := 0x31000000000000000000000000000000, EAP-Sim-SRES2 := 0x31112233, EAP-Sim-KC2 := 0x315566778899AABB, EAP-Sim-RAND3 := 0x32000000000000000000000000000000, EAP-Sim-SRES3 := 0x32112233, EAP-Sim-KC3 := 0x325566778899AABB
+++ /dev/null
-eap {
- default_eap_type = sim
- sim {
- }
-}
+++ /dev/null
-realm strongswan.org {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- files
- suffix
- update reply {
- EAP-Sim-Rand1 := "%{control:EAP-Sim-Rand1}"
- EAP-Sim-Rand2 := "%{control:EAP-Sim-Rand2}"
- EAP-Sim-Rand3 := "%{control:EAP-Sim-Rand3}"
- EAP-Sim-SRES1 := "%{control:EAP-Sim-SRES1}"
- EAP-Sim-SRES2 := "%{control:EAP-Sim-SRES2}"
- EAP-Sim-SRES3 := "%{control:EAP-Sim-SRES3}"
- EAP-Sim-KC1 := "%{control:EAP-Sim-KC1}"
- EAP-Sim-KC2 := "%{control:EAP-Sim-KC2}"
- EAP-Sim-KC3 := "%{control:EAP-Sim-KC3}"
- }
- eap {
- ok = return
- }
-}
-
-authenticate {
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-carol@strongswan.org EAP-Type := SIM, EAP-Sim-RAND1 := 0x30000000000000000000000000000000, EAP-Sim-SRES1 := 0x30112233, EAP-Sim-KC1 := 0x305566778899AABB, EAP-Sim-RAND2 := 0x31000000000000000000000000000000, EAP-Sim-SRES2 := 0x31112233, EAP-Sim-KC2 := 0x315566778899AABB, EAP-Sim-RAND3 := 0x32000000000000000000000000000000, EAP-Sim-SRES3 := 0x32112233, EAP-Sim-KC3 := 0x325566778899AABB
-dave@strongswan.org EAP-Type := SIM, EAP-Sim-RAND1 := 0x33000000000000000000000000000000, EAP-Sim-SRES1 := 0x33112233, EAP-Sim-KC1 := 0x335566778899AABB, EAP-Sim-RAND2 := 0x34000000000000000000000000000000, EAP-Sim-SRES2 := 0x34112233, EAP-Sim-KC2 := 0x345566778899AABB, EAP-Sim-RAND3 := 0x35000000000000000000000000000000, EAP-Sim-SRES3 := 0x35112233, EAP-Sim-KC3 := 0x355566778899AABB
+++ /dev/null
-eap {
- default_eap_type = sim
- sim {
- }
-}
+++ /dev/null
-realm strongswan.org {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- preprocess
- chap
- mschap
- files
- suffix
- update reply {
- EAP-Sim-Rand1 := "%{control:EAP-Sim-Rand1}"
- EAP-Sim-Rand2 := "%{control:EAP-Sim-Rand2}"
- EAP-Sim-Rand3 := "%{control:EAP-Sim-Rand3}"
- EAP-Sim-SRES1 := "%{control:EAP-Sim-SRES1}"
- EAP-Sim-SRES2 := "%{control:EAP-Sim-SRES2}"
- EAP-Sim-SRES3 := "%{control:EAP-Sim-SRES3}"
- EAP-Sim-KC1 := "%{control:EAP-Sim-KC1}"
- EAP-Sim-KC2 := "%{control:EAP-Sim-KC2}"
- EAP-Sim-KC3 := "%{control:EAP-Sim-KC3}"
- }
- eap {
- ok = return
- }
- unix
- files
- expiration
- logintime
- pap
-}
-
-authenticate {
- Auth-Type PAP {
- pap
- }
- Auth-Type CHAP {
- chap
- }
- Auth-Type MS-CHAP {
- mschap
- }
- unix
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-carol@strongswan.org EAP-Type := SIM, EAP-Sim-RAND1 := 0x30000000000000000000000000000000, EAP-Sim-SRES1 := 0x30112233, EAP-Sim-KC1 := 0x305566778899AABB, EAP-Sim-RAND2 := 0x31000000000000000000000000000000, EAP-Sim-SRES2 := 0x31112233, EAP-Sim-KC2 := 0x315566778899AABB, EAP-Sim-RAND3 := 0x32000000000000000000000000000000, EAP-Sim-SRES3 := 0x32112233, EAP-Sim-KC3 := 0x325566778899AABB
-dave@strongswan.org EAP-Type := SIM, EAP-Sim-RAND1 := 0x33000000000000000000000000000000, EAP-Sim-SRES1 := 0x33112233, EAP-Sim-KC1 := 0x335566778899AABB, EAP-Sim-RAND2 := 0x34000000000000000000000000000000, EAP-Sim-SRES2 := 0x34112233, EAP-Sim-KC2 := 0x345566778899AABB, EAP-Sim-RAND3 := 0x35000000000000000000000000000000, EAP-Sim-SRES3 := 0x35112233, EAP-Sim-KC3 := 0x355566778899AABB
+++ /dev/null
-eap {
- default_eap_type = tls
- tls {
- certdir = /etc/raddb/certs
- cadir = /etc/raddb/certs
- private_key_file = /etc/raddb/certs/aaaKey.pem
- certificate_file = /etc/raddb/certs/aaaCert.pem
- CA_file = /etc/raddb/certs/strongswanCert.pem
- cipher_list = "DEFAULT"
- dh_file = /etc/raddb/certs/dh
- random_file = /etc/raddb/certs/random
- }
-}
+++ /dev/null
-realm strongswan.org {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- eap {
- ok = return
- }
-}
-
-authenticate {
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-carol Cleartext-Password := "Ar3etTnp"
+++ /dev/null
-eap {
- md5 {
- }
- default_eap_type = ttls
- tls {
- private_key_file = /etc/raddb/certs/aaaKey.pem
- certificate_file = /etc/raddb/certs/aaaCert.pem
- CA_file = /etc/raddb/certs/strongswanCert.pem
- cipher_list = "DEFAULT"
- dh_file = /etc/raddb/certs/dh
- random_file = /etc/raddb/certs/random
- }
- ttls {
- default_eap_type = md5
- use_tunneled_reply = yes
- virtual_server = "inner-tunnel"
- }
-}
+++ /dev/null
-realm strongswan.org {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- suffix
- eap {
- ok = return
- }
- files
-}
-
-authenticate {
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-server inner-tunnel {
-
-authorize {
- suffix
- eap {
- ok = return
- }
- files
-}
-
-authenticate {
- eap
-}
-
-session {
- radutmp
-}
-
-post-auth {
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
-
-} # inner-tunnel server block
+++ /dev/null
-carol Cleartext-Password := "Ar3etTnp"
-dave Cleartext-Password := "W7R0g3do"
+++ /dev/null
-eap {
- default_eap_type = sim
- sim {
- }
-}
+++ /dev/null
-realm strongswan.org {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- preprocess
- chap
- mschap
- files
- suffix
- update reply {
- EAP-Sim-Rand1 := "%{control:EAP-Sim-Rand1}"
- EAP-Sim-Rand2 := "%{control:EAP-Sim-Rand2}"
- EAP-Sim-Rand3 := "%{control:EAP-Sim-Rand3}"
- EAP-Sim-SRES1 := "%{control:EAP-Sim-SRES1}"
- EAP-Sim-SRES2 := "%{control:EAP-Sim-SRES2}"
- EAP-Sim-SRES3 := "%{control:EAP-Sim-SRES3}"
- EAP-Sim-KC1 := "%{control:EAP-Sim-KC1}"
- EAP-Sim-KC2 := "%{control:EAP-Sim-KC2}"
- EAP-Sim-KC3 := "%{control:EAP-Sim-KC3}"
- }
- eap {
- ok = return
- }
- unix
- files
- expiration
- logintime
- pap
-}
-
-authenticate {
- Auth-Type PAP {
- pap
- }
- Auth-Type CHAP {
- chap
- }
- Auth-Type MS-CHAP {
- mschap
- }
- unix
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-228060123456001 EAP-Type := SIM, EAP-Sim-RAND1 := 0x30000000000000000000000000000000, EAP-Sim-SRES1 := 0x30112233, EAP-Sim-KC1 := 0x305566778899AABB, EAP-Sim-RAND2 := 0x31000000000000000000000000000000, EAP-Sim-SRES2 := 0x31112233, EAP-Sim-KC2 := 0x315566778899AABB, EAP-Sim-RAND3 := 0x32000000000000000000000000000000, EAP-Sim-SRES3 := 0x32112233, EAP-Sim-KC3 := 0x325566778899AABB
-228060123456002 EAP-Type := SIM, EAP-Sim-RAND1 := 0x33000000000000000000000000000000, EAP-Sim-SRES1 := 0x33112233, EAP-Sim-KC1 := 0x335566778899AABB, EAP-Sim-RAND2 := 0x34000000000000000000000000000000, EAP-Sim-SRES2 := 0x34112233, EAP-Sim-KC2 := 0x345566778899AABB, EAP-Sim-RAND3 := 0x35000000000000000000000000000000, EAP-Sim-SRES3 := 0x35112233, EAP-Sim-KC3 := 0x355566778899AABB
+++ /dev/null
-eap {
- default_eap_type = md5
- md5 {
- }
-}
+++ /dev/null
-realm LOCAL {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- eap {
- ok = return
- }
- files
-}
-
-authenticate {
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-carol Cleartext-Password := "Ar3etTnp"
- Framed-IP-Address = 10.3.0.1
-dave Cleartext-Password := "W7R0g3do"
- Framed-IP-Address = 10.3.0.2
+++ /dev/null
-eap {
- default_eap_type = md5
- md5 {
- }
-}
+++ /dev/null
-realm LOCAL {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- eap {
- ok = return
- }
- files
-}
-
-authenticate {
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-carol Cleartext-Password := "Ar3etTnp"
- Class = "Research"
-dave Cleartext-Password := "W7R0g3do"
- Class = "Accounting"
+++ /dev/null
-eap {
- default_eap_type = md5
- md5 {
- }
-}
+++ /dev/null
-realm strongswan.org {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- suffix
- eap {
- ok = return
- }
- files
-}
-
-authenticate {
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-carol Cleartext-Password := "Ar3etTnp"
+++ /dev/null
-eap {
- default_eap_type = md5
- md5 {
- }
-}
+++ /dev/null
-realm strongswan.org {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- suffix
- eap {
- ok = return
- }
- files
-}
-
-authenticate {
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-carol Cleartext-Password := "Ar3etTnp"
+++ /dev/null
-eap {
- md5 {
- }
- default_eap_type = peap
- tls {
- private_key_file = /etc/raddb/certs/aaaKey.pem
- certificate_file = /etc/raddb/certs/aaaCert.pem
- CA_file = /etc/raddb/certs/strongswanCert.pem
- cipher_list = "DEFAULT"
- dh_file = /etc/raddb/certs/dh
- random_file = /etc/raddb/certs/random
- }
- peap {
- default_eap_type = md5
- use_tunneled_reply = yes
- virtual_server = "inner-tunnel"
- }
-}
+++ /dev/null
-realm strongswan.org {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- suffix
- eap {
- ok = return
- }
- files
-}
-
-authenticate {
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-server inner-tunnel {
-
-authorize {
- suffix
- eap {
- ok = return
- }
- files
-}
-
-authenticate {
- eap
-}
-
-session {
- radutmp
-}
-
-post-auth {
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
-
-} # inner-tunnel server block
+++ /dev/null
-carol Cleartext-Password := "Ar3etTnp"
-dave Cleartext-Password := "W7R0g3do"
+++ /dev/null
-eap {
- default_eap_type = sim
- sim {
- }
-}
+++ /dev/null
-realm LOCAL {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- files
- update reply {
- EAP-Sim-Rand1 := "%{control:EAP-Sim-Rand1}"
- EAP-Sim-Rand2 := "%{control:EAP-Sim-Rand2}"
- EAP-Sim-Rand3 := "%{control:EAP-Sim-Rand3}"
- EAP-Sim-SRES1 := "%{control:EAP-Sim-SRES1}"
- EAP-Sim-SRES2 := "%{control:EAP-Sim-SRES2}"
- EAP-Sim-SRES3 := "%{control:EAP-Sim-SRES3}"
- EAP-Sim-KC1 := "%{control:EAP-Sim-KC1}"
- EAP-Sim-KC2 := "%{control:EAP-Sim-KC2}"
- EAP-Sim-KC3 := "%{control:EAP-Sim-KC3}"
- }
- eap {
- ok = return
- }
-}
-
-authenticate {
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-228060123456001 EAP-Type := SIM, EAP-Sim-RAND1 := 0x30000000000000000000000000000000, EAP-Sim-SRES1 := 0x30112233, EAP-Sim-KC1 := 0x305566778899AABB, EAP-Sim-RAND2 := 0x31000000000000000000000000000000, EAP-Sim-SRES2 := 0x31112233, EAP-Sim-KC2 := 0x315566778899AABB, EAP-Sim-RAND3 := 0x32000000000000000000000000000000, EAP-Sim-SRES3 := 0x32112233, EAP-Sim-KC3 := 0x325566778899AABB
+++ /dev/null
-eap {
- default_eap_type = sim
- sim {
- }
-}
+++ /dev/null
-realm strongswan.org {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- preprocess
- chap
- mschap
- files
- suffix
- update reply {
- EAP-Sim-Rand1 := "%{control:EAP-Sim-Rand1}"
- EAP-Sim-Rand2 := "%{control:EAP-Sim-Rand2}"
- EAP-Sim-Rand3 := "%{control:EAP-Sim-Rand3}"
- EAP-Sim-SRES1 := "%{control:EAP-Sim-SRES1}"
- EAP-Sim-SRES2 := "%{control:EAP-Sim-SRES2}"
- EAP-Sim-SRES3 := "%{control:EAP-Sim-SRES3}"
- EAP-Sim-KC1 := "%{control:EAP-Sim-KC1}"
- EAP-Sim-KC2 := "%{control:EAP-Sim-KC2}"
- EAP-Sim-KC3 := "%{control:EAP-Sim-KC3}"
- }
- eap {
- ok = return
- }
- unix
- files
- expiration
- logintime
- pap
-}
-
-authenticate {
- Auth-Type PAP {
- pap
- }
- Auth-Type CHAP {
- chap
- }
- Auth-Type MS-CHAP {
- mschap
- }
- unix
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-carol@strongswan.org EAP-Type := SIM, EAP-Sim-RAND1 := 0x30000000000000000000000000000000, EAP-Sim-SRES1 := 0x30112233, EAP-Sim-KC1 := 0x305566778899AABB, EAP-Sim-RAND2 := 0x31000000000000000000000000000000, EAP-Sim-SRES2 := 0x31112233, EAP-Sim-KC2 := 0x315566778899AABB, EAP-Sim-RAND3 := 0x32000000000000000000000000000000, EAP-Sim-SRES3 := 0x32112233, EAP-Sim-KC3 := 0x325566778899AABB
-dave@strongswan.org EAP-Type := SIM, EAP-Sim-RAND1 := 0x33000000000000000000000000000000, EAP-Sim-SRES1 := 0x33112233, EAP-Sim-KC1 := 0x335566778899AABB, EAP-Sim-RAND2 := 0x34000000000000000000000000000000, EAP-Sim-SRES2 := 0x34112233, EAP-Sim-KC2 := 0x345566778899AABB, EAP-Sim-RAND3 := 0x35000000000000000000000000000000, EAP-Sim-SRES3 := 0x35112233, EAP-Sim-KC3 := 0x355566778899AABB
+++ /dev/null
-eap {
- default_eap_type = sim
- sim {
- }
-}
+++ /dev/null
-realm strongswan.org {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- preprocess
- chap
- mschap
- files
- suffix
- update reply {
- EAP-Sim-Rand1 := "%{control:EAP-Sim-Rand1}"
- EAP-Sim-Rand2 := "%{control:EAP-Sim-Rand2}"
- EAP-Sim-Rand3 := "%{control:EAP-Sim-Rand3}"
- EAP-Sim-SRES1 := "%{control:EAP-Sim-SRES1}"
- EAP-Sim-SRES2 := "%{control:EAP-Sim-SRES2}"
- EAP-Sim-SRES3 := "%{control:EAP-Sim-SRES3}"
- EAP-Sim-KC1 := "%{control:EAP-Sim-KC1}"
- EAP-Sim-KC2 := "%{control:EAP-Sim-KC2}"
- EAP-Sim-KC3 := "%{control:EAP-Sim-KC3}"
- }
- eap {
- ok = return
- }
- unix
- files
- expiration
- logintime
- pap
-}
-
-authenticate {
- Auth-Type PAP {
- pap
- }
- Auth-Type CHAP {
- chap
- }
- Auth-Type MS-CHAP {
- mschap
- }
- unix
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-carol@strongswan.org EAP-Type := SIM, EAP-Sim-RAND1 := 0x30000000000000000000000000000000, EAP-Sim-SRES1 := 0x30112233, EAP-Sim-KC1 := 0x305566778899AABB, EAP-Sim-RAND2 := 0x31000000000000000000000000000000, EAP-Sim-SRES2 := 0x31112233, EAP-Sim-KC2 := 0x315566778899AABB, EAP-Sim-RAND3 := 0x32000000000000000000000000000000, EAP-Sim-SRES3 := 0x32112233, EAP-Sim-KC3 := 0x325566778899AABB
-dave@strongswan.org EAP-Type := SIM, EAP-Sim-RAND1 := 0x33000000000000000000000000000000, EAP-Sim-SRES1 := 0x33112233, EAP-Sim-KC1 := 0x335566778899AABB, EAP-Sim-RAND2 := 0x34000000000000000000000000000000, EAP-Sim-SRES2 := 0x34112233, EAP-Sim-KC2 := 0x345566778899AABB, EAP-Sim-RAND3 := 0x35000000000000000000000000000000, EAP-Sim-SRES3 := 0x35112233, EAP-Sim-KC3 := 0x355566778899AABB
+++ /dev/null
-eap {
- default_eap_type = tls
- tls {
- certdir = /etc/raddb/certs
- cadir = /etc/raddb/certs
- private_key_file = /etc/raddb/certs/aaaKey.pem
- certificate_file = /etc/raddb/certs/aaaCert.pem
- CA_file = /etc/raddb/certs/strongswanCert.pem
- cipher_list = "DEFAULT"
- dh_file = /etc/raddb/certs/dh
- random_file = /etc/raddb/certs/random
- }
-}
+++ /dev/null
-realm strongswan.org {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- eap {
- ok = return
- }
-}
-
-authenticate {
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-carol Cleartext-Password := "Ar3etTnp"
+++ /dev/null
-eap {
- md5 {
- }
- default_eap_type = ttls
- tls {
- private_key_file = /etc/raddb/certs/aaaKey.pem
- certificate_file = /etc/raddb/certs/aaaCert.pem
- CA_file = /etc/raddb/certs/strongswanCert.pem
- cipher_list = "DEFAULT"
- dh_file = /etc/raddb/certs/dh
- random_file = /etc/raddb/certs/random
- }
- ttls {
- default_eap_type = md5
- use_tunneled_reply = yes
- virtual_server = "inner-tunnel"
- }
-}
+++ /dev/null
-realm strongswan.org {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- suffix
- eap {
- ok = return
- }
- files
-}
-
-authenticate {
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-server inner-tunnel {
-
-authorize {
- suffix
- eap {
- ok = return
- }
- files
-}
-
-authenticate {
- eap
-}
-
-session {
- radutmp
-}
-
-post-auth {
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
-
-} # inner-tunnel server block
+++ /dev/null
-carol Cleartext-Password := "Ar3etTnp"
-dave Cleartext-Password := "W7R0g3do"
+++ /dev/null
-eap {
- default_eap_type = md5
- md5 {
- }
-}
+++ /dev/null
-realm LOCAL {
- type = radius
- authhost = LOCAL
- accthost = LOCAL
-}
+++ /dev/null
-authorize {
- eap {
- ok = return
- }
- files
-}
-
-authenticate {
- eap
-}
-
-preacct {
- preprocess
- acct_unique
- suffix
- files
-}
-
-accounting {
- detail
- unix
- radutmp
- attr_filter.accounting_response
-}
-
-session {
- radutmp
-}
-
-post-auth {
- exec
- Post-Auth-Type REJECT {
- attr_filter.access_reject
- }
-}
-
-pre-proxy {
-}
-
-post-proxy {
- eap
-}
+++ /dev/null
-carol Cleartext-Password := "Ar3etTnp"