41 lines
1.7 KiB
Plaintext
41 lines
1.7 KiB
Plaintext
server inner-tunnel {
|
|
listen {
|
|
type = auth
|
|
ipaddr = 127.0.0.1
|
|
port = 18120
|
|
}
|
|
|
|
authorize {
|
|
# Cargar credenciales/atributos del usuario desde SQL
|
|
sql
|
|
# En caso de que el módulo SQL no haya poblado Cleartext-Password, obténlo vía xlat
|
|
update control {
|
|
Cleartext-Password := "%{sql:SELECT value FROM radcheck WHERE username='%{User-Name}' AND attribute='Cleartext-Password' ORDER BY id DESC LIMIT 1}"
|
|
}
|
|
# Cargar atributos de respuesta desde SQL (VLAN y ancho de banda) para PEAP (se copian al outer)
|
|
update reply {
|
|
Tunnel-Type := "%{sql:SELECT value FROM radreply WHERE username='%{User-Name}' AND attribute='Tunnel-Type' ORDER BY id DESC LIMIT 1}"
|
|
Tunnel-Medium-Type := "%{sql:SELECT value FROM radreply WHERE username='%{User-Name}' AND attribute='Tunnel-Medium-Type' ORDER BY id DESC LIMIT 1}"
|
|
Tunnel-Private-Group-Id := "%{sql:SELECT value FROM radreply WHERE username='%{User-Name}' AND attribute='Tunnel-Private-Group-Id' ORDER BY id DESC LIMIT 1}"
|
|
WISPr-Bandwidth-Max-Down := "%{sql:SELECT value FROM radreply WHERE username='%{User-Name}' AND attribute='WISPr-Bandwidth-Max-Down' ORDER BY id DESC LIMIT 1}"
|
|
WISPr-Bandwidth-Max-Up := "%{sql:SELECT value FROM radreply WHERE username='%{User-Name}' AND attribute='WISPr-Bandwidth-Max-Up' ORDER BY id DESC LIMIT 1}"
|
|
}
|
|
# Fallback/local: también consultar backend 'files'
|
|
files
|
|
# Procesar EAP (PEAP) y MS-CHAPv2
|
|
eap
|
|
mschap
|
|
}
|
|
|
|
authenticate {
|
|
eap
|
|
Auth-Type MS-CHAP {
|
|
mschap
|
|
}
|
|
}
|
|
|
|
post-auth {
|
|
# Nada: los atributos se copian fuera si use_tunneled_reply = yes
|
|
}
|
|
}
|