#
# Set CHAP-Password
#
-update request {
- &CHAP-Password := "%(chap_password:%{request.CHAP-Password})"
-}
+&CHAP-Password := "%(chap_password:%{CHAP-Password})"
#
# over-ride password set in radiusd.conf
#
-update control {
- &Password.Cleartext -= 'hello'
- &Password.With-Header := 'oracle01'
+&control -= {
+ &Password.Cleartext == 'hello'
}
+&control.Password.With-Header := 'oracle01'
+
#
# Set CHAP-Password
#
-update request {
- &CHAP-Password := "%(chap_password:%{request.CHAP-Password})"
-}
+&request.CHAP-Password := "%(chap_password:%{request.CHAP-Password})"
-update control {
- &Password.Cleartext := &User-Name
-}
+&control.Password.Cleartext := &User-Name
-update control {
- &Password.Cleartext := &User-Name
-}
+&control.Password.Cleartext := &User-Name
-update control {
- &Password.Cleartext := "zanzibar"
-}
+&control.Password.Cleartext := "zanzibar"
#
# over-ride password set in radiusd.conf
#
-update control {
- &Password.Cleartext -= ANY
- &Password.With-Header := '{md5}5d41402abc4b2a76b9719d911017c592'
-}
+&control -= &Password.Cleartext[*]
+&control.Password.With-Header := '{md5}5d41402abc4b2a76b9719d911017c592'
#
# over-ride password set in radiusd.conf
#
-update control {
- &Password.Cleartext -= 'hello'
- &Password.With-Header := '{clear}hello'
+&control -= {
+ &Password.Cleartext == 'hello'
}
+
+&control.Password.With-Header := '{clear}hello'
#
# over-ride password set in radiusd.conf
#
-update control {
- &Password.Cleartext -= 'hello'
- &Password.With-Header := 'hello'
+&control -= {
+ &Password.Cleartext == 'hello'
}
+
+&control.Password.With-Header := 'hello'
}
recv Access-Request {
- update control {
- &Password.Cleartext := 'hello'
- }
+ &control.Password.Cleartext := 'hello'
#
# Include the test file specified by the
}
recv Access-Request {
- update control {
- &Auth-Type := accept
- }
+ &control.Auth-Type := accept
}
recv CoA-Request {
policy {
files.authorize {
if (&User-Name == "bob") {
- update control {
- &Password.Cleartext := "bob"
- }
+ &control.Password.Cleartext := "bob"
}
}
$INCLUDE ${maindir}/policy.d/
#
if (&Digest-Response) {
if (&Vendor-Specific.Test.Test-Number == "1") {
- update control {
- &Password.Cleartext := "zanzibar"
- }
+ &control.Password.Cleartext := "zanzibar"
}
elsif (&Vendor-Specific.Test.Test-Number == "2") {
- update control {
- &Digest-Attributes.HA1 := 12af60467a33e8518da5c68bbff12b11
- }
+ &control.Digest-Attributes.HA1 := 12af60467a33e8518da5c68bbff12b11
}
}
else {
- update control {
- &Password.Cleartext := "bob"
- }
+ &control.Password.Cleartext := "bob"
}
}
if (&User-Name =~ /^(.*)@test\.example\.com$/) {
- update request {
- &Stripped-User-Name := "%{1}"
- }
-
- update control {
- &Password.Cleartext := "bob"
- }
+ &Stripped-User-Name := "%{1}"
+ &control.Password.Cleartext := "bob"
}
chap
recv Identity-Response {
"%(debug_attr:&session-state.)"
if (!&session-state.Tmp-String-0) {
- update reply {
- &Any-ID-Req := yes
- }
- update session-state {
- &Tmp-String-0 := yes
- }
+ &reply.Any-ID-Req := yes
+ &session-state.Tmp-String-0 := yes
}
ok
}
}
send Challenge-Request {
- update control {
- &Sim-Ki := 0x465b5ce8b199b49faa5f0a2ee238a6bc
- &Sim-Opc := 0xcd63cb71954a9f4e48a5994e37a02baf
- &Sim-SQN := 3
- }
- update reply {
- &Encr-Data.Next-Reauth-Id := ""
- &Encr-Data.Next-Pseudonym := ""
- }
+ &control.SIM-Ki := 0x465b5ce8b199b49faa5f0a2ee238a6bc
+ &control.SIM-Opc := 0xcd63cb71954a9f4e48a5994e37a02baf
+ &control.SIM-SQN := 3
+
+ &reply.Encr-Data.Next-Reauth-Id := ""
+ &reply.Encr-Data.Next-Pseudonym := ""
}
send Reauthentication-Request {
- update reply {
- &Encr-Data.Next-Reauth-Id := ""
- &Encr-Data.Next-Pseudonym := ""
- }
+ &reply.Encr-Data.Next-Reauth-Id := ""
+ &reply.Encr-Data.Next-Pseudonym := ""
+
ok
}
recv Identity-Response {
"%(debug_attr:&session-state.)"
if (!&session-state.Tmp-String-0) {
- update reply {
- &Any-ID-Req := yes
- }
- update session-state {
- &Tmp-String-0 := yes
- }
+ &reply.Any-ID-Req := yes
+ &session-state.Tmp-String-0 := yes
}
ok
}
}
send Challenge-Request {
- update control {
- &Sim-Ki := 0x465b5ce8b199b49faa5f0a2ee238a6bc
- &Sim-Opc := 0xcd63cb71954a9f4e48a5994e37a02baf
- &Sim-SQN := 3
- }
- update reply {
- &Encr-Data.Next-Reauth-Id := ""
- &Encr-Data.Next-Pseudonym := ""
- }
+ &control.SIM-Ki := 0x465b5ce8b199b49faa5f0a2ee238a6bc
+ &control.SIM-Opc := 0xcd63cb71954a9f4e48a5994e37a02baf
+ &control.SIM-SQN := 3
+
+ &reply.Encr-Data.Next-Reauth-Id := ""
+ &reply.Encr-Data.Next-Pseudonym := ""
}
send Reauthentication-Request {
- update reply {
- &Encr-Data.Next-Reauth-Id := ""
- &Encr-Data.Next-Pseudonym := ""
- }
+ &reply.Encr-Data.Next-Reauth-Id := ""
+ &reply.Encr-Data.Next-Pseudonym := ""
+
ok
}
files.authorize {
split_username_nai
if (&Stripped-User-Name == "bob") {
- update control {
- &Password.Cleartext := "bob"
- }
+ &control.Password.Cleartext := "bob"
}
}
recv Access-Request {
if (&User-Name =~ /with.*client.*cert/) {
- update control {
- &EAP-TLS-Require-Client-Cert := yes
- }
+ &control.EAP-TLS-Require-Client-Cert := yes
}
files
eap
recv Identity-Response {
"%(debug_attr:&session-state.)"
if (!&session-state.Tmp-String-0) {
- update reply {
- &Any-ID-Req := yes
- }
- update session-state {
- &Tmp-String-0 := yes
- }
+ &reply.Any-ID-Req := yes
+ &session-state.Tmp-String-0 := yes
}
ok
}
}
send Challenge-Request {
- update control {
- &Sim-Ki := 0x465b5ce8b199b49faa5f0a2ee238a6bc
- &Sim-Opc := 0xcd63cb71954a9f4e48a5994e37a02baf
- &Sim-SQN := 3
- }
- update reply {
- &Encr-Data.Next-Reauth-Id := ""
- &Encr-Data.Next-Pseudonym := ""
- }
+ &control.SIM-Ki := 0x465b5ce8b199b49faa5f0a2ee238a6bc
+ &control.SIM-Opc := 0xcd63cb71954a9f4e48a5994e37a02baf
+ &control.SIM-SQN := 3
+
+ &reply.Encr-Data.Next-Reauth-Id := ""
+ &reply.Encr-Data.Next-Pseudonym := ""
+
ok
}
send Reauthentication-Request {
- update reply {
- &Encr-Data.Next-Reauth-Id := ""
- &Encr-Data.Next-Pseudonym := ""
- }
+ &reply.Encr-Data.Next-Reauth-Id := ""
+ &reply.Encr-Data.Next-Pseudonym := ""
+
ok
}
namespace = tls
load session {
- update control {
- &control.Cache-Allow-Insert := no
- }
+ &control.Cache-Allow-Insert := no
+
cache_tls_session
}
}
clear session {
- update control {
- &control.Cache-Allow-Insert := no
- &control.Cache-Allow-Merge := no
- &control.Cache-TTL := 0
- }
+ &control.Cache-Allow-Insert := no
+ &control.Cache-Allow-Merge := no
+ &control.Cache-TTL := 0
+
cache_tls_session
}
secret = testing123
}
recv Access-Request {
- update control {
- &Auth-Type := Accept
- }
+ &control.Auth-Type := Accept
}
send Access-Accept {
}
}
recv Access-Request {
- update control {
- &Auth-Type := proxy
- }
+ &control.Auth-Type := proxy
}
authenticate proxy {
radius_auth
recv Accounting-Request {
if (!&Event-Timestamp) {
- update request {
- &Event-Timestamp := "%l"
- }
+ &Event-Timestamp = "%l" # only sets it if there's no Event-Timestamp
}
radius_acct
}
policy {
files.authorize {
if (&User-Name == "bob") {
- update control {
- &Password.Cleartext := "bob"
- }
+ &control.Password.Cleartext := "bob"
}
}
$INCLUDE ${maindir}/policy.d/
# Ensure that we can send unknown attributes back.
#
if (&NAS-Identifier == "auth_4") {
- update reply {
- &Class := 0x483d342c493d34
- }
-
- update reply {
- &raw.26 := &reply.Class
- &raw.26 += 0x483d342c493d43
+ &reply.Class := 0x483d342c493d34
+ &reply += {
+ &raw.26 = &reply.Class
+ &raw.26 = 0x483d342c493d43
}
}
policy {
files.authorize {
if (&User-Name == "bob") {
- update control {
- &Password.Cleartext := "bob"
- }
+ &control.Password.Cleartext := "bob"
}
}
$INCLUDE ${maindir}/policy.d/
recv Authentication-Start {
if (&User-Name == "tapioca") {
- update reply {
- &Authentication-Status := Pass
- &Server-Message := "Authentication-Start accepted"
- }
+ &reply.Authentication-Status := Pass
+ &reply.Server-Message := "Authentication-Start accepted"
+
ok
} else {
- update reply {
- &Authentication-Status := Fail
- &Server-Message := "Authentication-Start failed for %{User-Name}"
- }
+ &reply.Authentication-Status := Fail
+ &reply.Server-Message := "Authentication-Start failed for %{User-Name}"
}
}
send Authentication-Start-Reply {
- update reply {
- &Data := "Authentication-Data"
- }
+ &reply.Data := "Authentication-Data"
}
recv Authentication-Continue {
if (&User-Name == "tapioca") {
- update reply {
- &Authentication-Status := Pass
- &Server-Message := "Authentication-Cont accepted"
- }
+ &reply.Authentication-Status := Pass
+ &reply.Server-Message := "Authentication-Cont accepted"
+
ok
} else {
- update reply {
- &Authentication-Status := Fail
- &Server-Message := "Authentication-Cont failed for %{User-Name}"
- }
+ &reply.Authentication-Status := Fail
+ &reply.Server-Message := "Authentication-Cont failed for %{User-Name}"
}
}
send Authentication-Continue-Reply {
- update reply {
- &Data := "Authentication-Data"
- }
+ &reply.Data := "Authentication-Data"
}
recv Authorization-Request {
if (&User-Name == "tapioca") {
- update reply {
- &Authorization-Status := Pass-Add
- &Server-Message := "Authorization-Request accepted"
- }
+ &reply.Authorization-Status := Pass-Add
+ &reply.Server-Message := "Authorization-Request accepted"
+
ok
} else {
- update reply {
- &Authorization-Status := Error
- &Server-Message := "Authorization-Request failed for %{User-Name}"
- }
+ &reply.Authorization-Status := Error
+ &reply.Server-Message := "Authorization-Request failed for %{User-Name}"
}
}
send Authorization-Response {
- update reply {
- &Data := "Authorization-Data"
- }
+ &reply.Data := "Authorization-Data"
}
recv Accounting-Request {
# First packet for a session
accounting Start {
- update reply {
- &Server-Message := "Accounting-Start Section"
- }
+ &reply.Server-Message := "Accounting-Start Section"
}
# Updates a session
accounting Watchdog {
- update reply {
- &Server-Message := "Accounting-Watchdog Section"
- }
+ &reply.Server-Message := "Accounting-Watchdog Section"
}
# Stops a session
accounting Stop {
- update reply {
- &Server-Message := "Accounting-Stop Section"
- }
+ &reply.Server-Message := "Accounting-Stop Section"
}
send Accounting-Reply {
- update reply {
- &Accounting-Status := Success
- &Data := 0x12
- }
+ &reply.Accounting-Status := Success
+ &reply.Data := 0x12
}
}
# Validate reply
#
if ("%{VLAN-Name}" == "Kalos0") {
- update reply {
- &Error-Code := No-Error
- }
+ &reply.Error-Code := No-Error
} else {
- update reply {
- &Error-Code := Deny
- }
+ &reply.Error-Code := Deny
}
}
send Join-Response {
- update reply {
- &Packet-Type = Join-Response
- &Cookie = &MAC-Address
- &VLAN-Name := &VLAN-Name
- }
+ &reply.Packet-Type = Join-Response
+ &reply.Cookie = &MAC-Address
+ &reply.VLAN-Name := &VLAN-Name
}
recv Reconfirm-Request {
}
recv Access-Request {
- update control {
- &Password.Cleartext := 'hello'
- }
+ &control.Password.Cleartext := 'hello'
pap
}
projects / thirdparty / freeradius-server.git / commitdiff
