#!radius1.cesnet.cz

Foreground
LogStdout
Trace 		4
LogDir		/var/log/radiator
DbDir		/usr/share/radiator

<AuthLog SYSLOG>
		Identifier authlogger
		Facility	local7
		LogSuccess	1
		LogFailure	1
		SuccessFormat	%U::OK
		FailureFormat	%U::FAIL
</AuthLog>
<Log SYSLOG>
		Facility	local7
		LogIdent	radiator
		Trace		2
</Log>
<Log FILE>
		Filename	/var/log/arch/radiator/radiator.%Y_%m_%d.log
		Trace		4
</Log>

AuthPort	1812
AcctPort	1813
	

<Client localhost>
	Secret		XX
	DupInterval 	0
</Client>

<Client DEFAULT>
	Secret		XX
	DupInterval 	2
</Client>

# -- Definition of local authentication ---------------------------------------
<AuthBy FILE>
	Identifier CheckFILE

	Filename 		/etc/radiator/user_accounts

	EAPType			MSCHAP-V2,LEAP,PEAP,TTLS,TLS,MD5,MD5-Challenge

	EAPTLS_CAFile		/etc/ssl/certs/cesnet-ca.cz.crt.pem
	EAPTLS_CertificateFile	/etc/ssl/certs/r1orgA.etest.cesnet.cz.crt
	EAPTLS_CertificateType	PEM
	EAPTLS_PrivateKeyFile	/etc/ssl/private/r1orgA.etest.cesnet.cz.key
	EAPTLS_MaxFragmentSize	1000

	AutoMPPEKeys

	EAPTLS_PEAPVersion	0

	SSLeayTrace		0

	AddToReplyIfNotExist	Tunnel-Private-Group-ID=1:100
	AddToReply		Tunnel-Type=1:VLAN,\
				Tunnel-Medium-Type=1:Ether_802

#	SessionDatabase		SQL
</AuthBy>

# -- Local realms -------------------------------------------------------------
<Handler Realm=/^tomasek.cz$/io>
	AuthBy	CheckFILE

	SessionDatabase		SessionDB
	#DefaultSimultaneousUse	2
	MaxSessions		1

	AuthLog authlogger
</Handler>

<Handler TunnelledByTTLS=1>
	AuthBy	CheckFILE
	AuthLog authlogger
	SessionDatabase		SessionDBNull
</Handler>

<Handler TunnelledByPEAP=1>
	AuthBy	CheckFILE
	AuthLog authlogger
	SessionDatabase		SessionDBNull
</Handler>
# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

<ServerRADSEC>
        Secret XX

        UseTLS
        TLS_CAPath		/etc/ssl/certs
        TLS_CertificateFile	/etc/ssl/certs/r1orgA.etest.cesnet.cz.crt
        TLS_CertificateType PEM
        TLS_PrivateKeyFile 	/etc/ssl/private/r1orgA.etest.cesnet.cz.key
     TLS_ExpectedPeerName  .+
</ServerRADSEC>

<Handler>
   Identifier		TOPLEVEL
   <AuthBy RADSEC>
     MaxFailedRequests 		1000
     MaxFailedGraceTime 	360
     FailureBackoffTime 	1

     #UseExtendedIds

     Host radius1.cesnet.cz
     Secret XX

     UseTLS
     TLS_CAPath         	/etc/ssl/certs
     TLS_CertificateFile	/etc/ssl/certs/r1orgA.etest.cesnet.cz.crt
     TLS_CertificateType	PEM
     TLS_PrivateKeyFile 	/etc/ssl/private/r1orgA.etest.cesnet.cz.key
     TLS_ExpectedPeerName  .+
   </AuthBy>
</Handler>

<SessionDatabase SQL>
        Identifier      SessionDB
        DBSource        DBI:mysql:radiator:localhost:3306
        DBUsername      root
        DBAuth          XX

#       AddQuery insert into RadOnline (UserName, NASIdentifier, NASPort, AcctSessionID, TimeStamp, FramedIPAddress, NASPortType, ServiceType) values \
#        ("%u", "%1", %2, "%3", %{Timestamp}, "%{Framed-IP-Address}", "%{NAS-Port-Type}", "%{Service-Type}")
        AddQuery insert into RadOnline (UserName, NASIdentifier, NASPort, AcctSessionID, TimeStamp, FramedIPAddress, NASPortType, ServiceType) values \
        (lower("%u"), "%1", %2, "%3", %{Timestamp}, "%{Framed-IP-Address}", "%{NAS-Port-Type}", "%{Service-Type}")

        DeleteQuery DELETE FROM RadOnline WHERE NASIdentifier="%1" AND lower(UserName)=lower("%u") AND AcctSessionID="%3"

        ClearNasQuery delete from RadOnline where NASIdentifier="%0"

        CountQuery select NASIdentifier, NASPort, AcctSessionID, FramedIPAddress from RadOnline where lower(UserName)=lower("%u")
</SessionDatabase>

<SessionDatabase NULL>
        Identifier      SessionDBNull
</SessionDatabase>