LogDir /var/log/radius
DbDir /etc/radiator
AuthPort 1645,1812
AcctPort 1646,1813
Trace 4
#####################################################
## NAS Client IPs ##
#####################################################
##Test NAS for Wireless
Secret xxxxx
Identifier AP
DupInterval 0
#####################################################
## Authorization ##
#####################################################
#Authorization Using Flat File
Identifier WifiClients
Filename /etc/radiator/WifiClients
#Authorization using Radius Application
Identifier CheckPLATYPUS
DBSource dbi:Sybase:Platypus
DBUsername xxxxxxx
DBAuth xxxxxxx
AuthCheck SELECT id,UserName,case Attribute when 'Cleartext-Password' then 'User-Password' else Attribute end,Value,op FROM freeradius_service_radcheck WHERE Username = ? ORDER BY id
AuthReply SELECT id,UserName,Attribute,Value,op FROM freeradius_service_radreply WHERE Username = ? ORDER BY id
AuthGroupCheck SELECT freeradius_service_radgroupcheck.id,freeradius_service_radgroupcheck.GroupName,freeradius_service_radgroupcheck.Attribute,freeradius_service_radgroupcheck.Value,freeradius_service_radgroupcheck.op FROM freeradius_service_radgroupcheck,freeradius_service_radusergroup WHERE freeradius_service_radusergroup.Username = ? AND freeradius_service_radusergroup.GroupName = freeradius_service_radgroupcheck.GroupName ORDER BY freeradius_service_radgroupcheck.id
AuthGroupReply SELECT freeradius_service_radgroupreply.id,freeradius_service_radgroupreply.GroupName,freeradius_service_radgroupreply.Attribute,freeradius_service_radgroupreply.Value,freeradius_service_radgroupreply.op FROM freeradius_service_radgroupreply,freeradius_service_radusergroup WHERE freeradius_service_radusergroup.Username = ? AND freeradius_service_radusergroup.GroupName = freeradius_service_radgroupreply.GroupName ORDER BY freeradius_service_radgroupreply.id
AcctStartQuery INSERT into freeradius_service_radacct (AcctSessionId, AcctUniqueId, UserName, GroupName, Realm, NASIPAddress, NASPort, NASPortType, AcctStartTime, AcctStopTime,AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay, XAscendSessionSvrKey) VALUES('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', %0, null, '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%J', '1900-01-01 00:00:00', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0', null)
AcctUpdateQuery UPDATE freeradius_service_radacct SET FramedIPAddress = '%{Framed-IP-Address}', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = cast(((0%{Acct-Input-Gigawords} * 4294967296) + %{Acct-Input-Octets}) as numeric(18,0)), AcctOutputOctets = cast(((0%{Acct-Output-Gigawords} * 4294967296) + %{Acct-Output-Octets}) as numeric(18,0)) WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = %0 AND NASIPAddress= '%{NAS-IP-Address}'
AcctStopQuery UPDATE freeradius_service_radacct SET AcctStopTime = '%J', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = cast(((0%{Acct-Input-Gigawords} * 4294967296) + %{Acct-Input-Octets}) as numeric(18,0)), AcctOutputOctets = cast(((0%{Acct-Output-Gigawords} * 4294967296) + %{Acct-Output-Octets}) as numeric(18,0)), AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = %0 AND NASIPAddress = '%{NAS-IP-Address}'
#####################################################
## Access-Request - Handler Requests ##
#####################################################
#Authorize Clients by Billing System - Platypus - Wireless
RewriteUsername s/^(.*)\\(.*)/$2\@$1/
RewriteUsername s/^(.*)\/(.*)/$2\@$1/
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername s/(.*)/$1\@dsl.myisp.ca/
RewriteUsername tr/A-Z/a-z/
RewriteUsername s/\s+//g
PreProcessingHook sub { my $p = ${$_[0]};\
if ($p->code() eq 'Accounting-Request'){\
my $key = $p->get_attr('User-Name') . ',' \
. $p->get_attr('Acct-Session-Id') . ',' \
. $p->get_attr('NAS-IP-Address') . ',' \
. $p->get_attr('NAS-Port');\
my $hash = Digest::MD5::md5_hex($key);\
$p->add_attr('Acct-Unique-Session-Id', $hash);\
}}
AuthByPolicy ContinueUntilAccept
AuthBy CheckPLATYPUS
AuthLog Logger
Authlog Syslog
AuthLog AuthSyslog
#Authorize Clients by Flat File - ClientFile
AuthByPolicy ContinueUntilAccept
AuthBy WifiClients
AuthLog Logger
AuthLog Syslog
AuthLog AuthSyslog
## Outter Handler ##
Filename /etc/radius/anuser
EAPType TTLS, TLS, MSCHAP-V2, PEAP
EAPTLS_CAFile /usr/share/doc/packages/Radiator/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile /usr/share/doc/packages/Radiator/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile /usr/share/doc/packages/Radiator/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
EAPAnonymous anonymous@some.other.realm