# Sneak in more data after a BFD packet!
#
# reply.Additional-Data := {
-# &more-data := 0xabcdef
+# more-data := 0xabcdef
# }
}
#
# reply += {
# Vendor-Specific.WiMAX = {
-# &FA-RK-Key = 0x00
-# &MSK = reply.EAP-MSK
+# FA-RK-Key = 0x00
+# MSK = reply.EAP-MSK
# }
# }
control.Server-Identifier = 192.0.2.1
# If the request is not for this server then silently discard it
- if (request.Server-Identifier && \
+ if (request.Server-Identifier &&
request.Server-Identifier != control.Server-Identifier) {
do_not_respond
}
# It's meant to be a _flexible_ DNS server. Want to give different answers to VoIP phones
# and desktops, or other types of split horizon? It can do that.
#
-# Because DNS uses the &Header.Rcode to communicate the result of a query (instead of opcode)
+# Because DNS uses the Header.Rcode to communicate the result of a query (instead of opcode)
# the DNS state machine works differently to other protocols.
#
# Requests will pass through the following processing sections:
recv Query {
if (Question[0].Name == 'foo.example.com') {
reply.Resource-Record := {
- &Name = 'foo.example.com'
- &Type = A
- &Class = ::Internet
- &TTL = 0
- &Type.A.IP = 127.0.0.1
+ Name = 'foo.example.com'
+ Type = ::A
+ Class = ::Internet
+ TTL = 0
+ Type.A.IP = 127.0.0.1
}
}
# If for whatever reason the identity cannot be validated, you should
# return `notfound` to request an additional identity.
#
- # NOTE: Setting `&Method-Hint = Pseudonym` here will cause the server
+ # NOTE: Setting `Method-Hint = Pseudonym` here will cause the server
# to execute the `load pseudonym { ... }` section next. This is
# sometimes useful when dealing with non-standard pseudonym identities.
#
# If the identity cannot be resolved, you should return `notfound` to
# request an additional identity.
#
- # NOTE: Setting `&Method-Hint = Fastauth` here will cause the server
+ # NOTE: Setting `Method-Hint = Fastauth` here will cause the server
# to execute the `load session { ... }` section next. This is
# sometimes useful when dealing with non-standard fastauth identities.
#
#
# ### `recv Client-Error { ... }` - Log the fact that the supplicant has terminated authentication
#
- # The reason for the error should be available in `&Client-Error-Code`
+ # The reason for the error should be available in `Client-Error-Code`
#
# After this section is run authentication fails immediately with no
# EAP-Response/AKA-Notification round.
# FreeRADIUS attributes.
#
# update {
-# &member += "member"
+# member += "member"
# }
# }
# update {
# Proto.radius.User-Name = 'sAMAccountName'
# user-acct-control = 'userAccountControl'
-# &last-known-parent = 'lastKnownParent'
+# last-known-parent = 'lastKnownParent'
# }
# }
}
# if (!reply.LDAP-Sync.Cookie) {
# string csn
#
-# &csn := %concat(%ldap("ldap:///%ldap.uri.safe(%{LDAP-Sync.Directory-Root-DN})?contextCSN?base"), ';')
+# csn := %concat(%ldap("ldap:///%ldap.uri.safe(%{LDAP-Sync.Directory-Root-DN})?contextCSN?base"), ';')
# reply.LDAP-Sync.Cookie := "rid=000,csn=%{csn}"
# }
}
# - request.LDAP-Sync.DN the base_dn of the sync.
# - request.LDAP-Sync.Entry-UUID the UUID of the object. (RFC 4533 directories only)
# - request.LDAP-Sync.Entry-DN the DN of the object that was added.
- # - &*:* attributes mapped from the LDAP entry to FreeRADIUS
+ # - *:* attributes mapped from the LDAP entry to FreeRADIUS
# attributes using the update section within the sync.
# - request.LDAP-Sync.Filter the filter of the sync (optional).
# - request.LDAP-Sync.Scope the scope of the sync (optional).
# - request.LDAP-Sync.DN the base_dn of the sync.
# - request.LDAP-Sync.Entry-UUID the UUID of the object. (RFC 4533 directories only)
# - request.LDAP-Sync.Entry-DN the DN of the object that was added.
- # - &*:* attributes mapped from the LDAP entry to FreeRADIUS
+ # - *:* attributes mapped from the LDAP entry to FreeRADIUS
# attributes using the update section within the sync.
# - request.LDAP-Sync.Filter the filter of the sync (optional).
# - request.LDAP-Sync.Scope the scope of the sync (optional).
# - request.LDAP-Sync.DN the base_dn of the sync.
# - request.LDAP-Sync.Entry-UUID the UUID of the object. (RFC 4533 directories only)
# - request.LDAP-Sync.Entry-DN the DN of the object that was removed (optional).
- # - &*:* attributes mapped from the LDAP entry to FreeRADIUS
+ # - *:* attributes mapped from the LDAP entry to FreeRADIUS
# attributes using the update section within the sync,
# if the attributes are returned by the directory.
# - request.LDAP-Sync.Filter the filter of the sync (optional).
# subrequest Disconnect-Request {
# User-Name = parent.request.User-Name
# Acct-Session-Id = parent.request.Acct-Session-Id
-# &NAS-IP-Address = parent.NAS-IP-Address}
+# NAS-IP-Address = parent.NAS-IP-Address}
# ...
# }
#
request.MAC-Address = "%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
}
else {
- request.MAC-Address = &Cookie
+ request.MAC-Address = Cookie
}
}
#
reply.Packet-Type = Join-Response
reply.Error-Code = No-Error
- reply.Cookie = &MAC-Address
+ reply.Cookie = MAC-Address
reply.VLAN-Name = "please_use_real_vlan_here"
projects / thirdparty / freeradius-server.git / commitdiff
