Mercurial > hg > fD-testbed
view conf/radpxy.eap.testbed.aaa/freeradius/policy.conf @ 11:44f87917c579
Added a RADIUS proxy using freeradius in the eap testbed
author | Sebastien Decugis <sdecugis@nict.go.jp> |
---|---|
date | Thu, 16 Sep 2010 14:23:42 +0900 |
parents | |
children |
line wrap: on
line source
# -*- text -*- ## ## policy.conf -- FreeRADIUS server configuration file. ## ## http://www.freeradius.org/ ## $Id: policy.conf,v 1.2 2008/01/15 16:29:55 aland Exp $ ## # # Policies are virtual modules, similar to those defined in the # "instantate" section of radiusd.conf. # # Defining a policy here means that it can be referenced in multiple # places as a *name*, rather than as a series of conditions to match, # and actions to take. # # Policies are something like subroutines in a normal language, but # they cannot be called recursively. They MUST be defined in order. # If policy A calls policy B, then B MUST be defined before A. # policy { # # Forbid all EAP types. # ## forbid_eap { ## if (EAP-Message) { ## reject ## } ## } # # Forbid all non-EAP types outside of an EAP tunnel. # ## permit_only_eap { ## if (!EAP-Message) { # We MAY be inside of a TTLS tunnel. # PEAP and EAP-FAST require EAP inside of # the tunnel, so this check is OK. # If so, then there MUST be an outer EAP message. ## if (!"%{outer.request:EAP-Message}") { ## reject ## } ## } ## } # # Forbid all attempts to login via realms. # ## deny_realms { ## if (User-Name =~ /@|\\/) { ## reject ## } ## } }