Mercurial > hg > fD-testbed
diff conf/radpxy.eap.testbed.aaa/freeradius/policy.conf @ 11:44f87917c579
Added a RADIUS proxy using freeradius in the eap testbed
author | Sebastien Decugis <sdecugis@nict.go.jp> |
---|---|
date | Thu, 16 Sep 2010 14:23:42 +0900 |
parents | |
children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/conf/radpxy.eap.testbed.aaa/freeradius/policy.conf Thu Sep 16 14:23:42 2010 +0900 @@ -0,0 +1,54 @@ +# -*- text -*- +## +## policy.conf -- FreeRADIUS server configuration file. +## +## http://www.freeradius.org/ +## $Id: policy.conf,v 1.2 2008/01/15 16:29:55 aland Exp $ +## + +# +# Policies are virtual modules, similar to those defined in the +# "instantate" section of radiusd.conf. +# +# Defining a policy here means that it can be referenced in multiple +# places as a *name*, rather than as a series of conditions to match, +# and actions to take. +# +# Policies are something like subroutines in a normal language, but +# they cannot be called recursively. They MUST be defined in order. +# If policy A calls policy B, then B MUST be defined before A. +# +policy { + # + # Forbid all EAP types. + # +## forbid_eap { +## if (EAP-Message) { +## reject +## } +## } + + # + # Forbid all non-EAP types outside of an EAP tunnel. + # +## permit_only_eap { +## if (!EAP-Message) { + # We MAY be inside of a TTLS tunnel. + # PEAP and EAP-FAST require EAP inside of + # the tunnel, so this check is OK. + # If so, then there MUST be an outer EAP message. +## if (!"%{outer.request:EAP-Message}") { +## reject +## } +## } +## } + + # + # Forbid all attempts to login via realms. + # +## deny_realms { +## if (User-Name =~ /@|\\/) { +## reject +## } +## } +}