forked from infra/ansible
63 lines
2.0 KiB
Plaintext
63 lines
2.0 KiB
Plaintext
#
|
|
# Configuration file for the rlm_attr_filter module.
|
|
# Please see rlm_attr_filter(5) manpage for more information.
|
|
#
|
|
# $Id: 8c601cf205f9d85b75c1ec7fc8e816e7341a5ba4 $
|
|
#
|
|
# This file contains security and configuration information
|
|
# for each realm. It can be used be an rlm_attr_filter module
|
|
# instance to filter attributes before sending packets to the
|
|
# home server of a realm.
|
|
#
|
|
# When a packet is sent to a home server, these attributes
|
|
# and values are tested. Only the first match is used unless
|
|
# the "Fall-Through" variable is set to "Yes". In that case
|
|
# the rules defined in the DEFAULT case are processed as well.
|
|
#
|
|
# A special realm named "DEFAULT" matches on all realm names.
|
|
# You can have only one DEFAULT entry. All entries are processed
|
|
# in the order they appear in this file. The first entry that
|
|
# matches the login-request will stop processing unless you use
|
|
# the Fall-Through variable.
|
|
#
|
|
# The first line indicates the realm to which the rules apply.
|
|
# Indented (with the tab character) lines following the first
|
|
# line indicate the filter rules.
|
|
#
|
|
|
|
# This is a complete entry for 'nochap' realm. It allows to send very
|
|
# basic attributes to the home server. Note that there is no Fall-Through
|
|
# entry so that no DEFAULT entry will be used. Only the listed attributes
|
|
# will be sent in the packet, all other attributes will be filtered out.
|
|
#
|
|
#nochap
|
|
# User-Name =* ANY,
|
|
# User-Password =* ANY,
|
|
# NAS-Ip-Address =* ANY,
|
|
# NAS-Identifier =* ANY
|
|
|
|
# The entry for the 'brokenas' realm removes the attribute NAS-Port-Type
|
|
# if its value is different from 'Ethernet'. Then the default rules are
|
|
# applied.
|
|
#
|
|
#brokenas
|
|
# NAS-Port-Type == Ethernet
|
|
# Fall-Through = Yes
|
|
|
|
# The rest of this file contains the DEFAULT entry.
|
|
# DEFAULT matches with all realm names.
|
|
|
|
DEFAULT
|
|
User-Name =* ANY,
|
|
User-Password =* ANY,
|
|
CHAP-Password =* ANY,
|
|
CHAP-Challenge =* ANY,
|
|
MS-CHAP-Challenge =* ANY,
|
|
MS-CHAP-Response =* ANY,
|
|
EAP-Message =* ANY,
|
|
Message-Authenticator =* ANY,
|
|
State =* ANY,
|
|
NAS-IP-Address =* ANY,
|
|
NAS-Identifier =* ANY,
|
|
Proxy-State =* ANY
|