| 4 |
- |
1 |
#
|
|
|
2 |
# Configuration file for the rlm_attr_filter module.
|
|
|
3 |
# Please see rlm_attr_filter(5) manpage for more information.
|
|
|
4 |
#
|
|
|
5 |
# $Id$
|
|
|
6 |
#
|
|
|
7 |
# This file contains security and configuration information
|
|
|
8 |
# for each realm. It can be used be an rlm_attr_filter module
|
|
|
9 |
# instance to filter attributes before sending packets to the
|
|
|
10 |
# home server of a realm.
|
|
|
11 |
#
|
|
|
12 |
# When a packet is sent to a home server, these attributes
|
|
|
13 |
# and values are tested. Only the first match is used unless
|
|
|
14 |
# the "Fall-Through" variable is set to "Yes". In that case
|
|
|
15 |
# the rules defined in the DEFAULT case are processed as well.
|
|
|
16 |
#
|
|
|
17 |
# A special realm named "DEFAULT" matches on all realm names.
|
|
|
18 |
# You can have only one DEFAULT entry. All entries are processed
|
|
|
19 |
# in the order they appear in this file. The first entry that
|
|
|
20 |
# matches the login-request will stop processing unless you use
|
|
|
21 |
# the Fall-Through variable.
|
|
|
22 |
#
|
|
|
23 |
# The first line indicates the realm to which the rules apply.
|
|
|
24 |
# Indented (with the tab character) lines following the first
|
|
|
25 |
# line indicate the filter rules.
|
|
|
26 |
#
|
|
|
27 |
|
|
|
28 |
# This is a complete entry for 'nochap' realm. It allows to send very
|
|
|
29 |
# basic attributes to the home server. Note that there is no Fall-Through
|
|
|
30 |
# entry so that no DEFAULT entry will be used. Only the listed attributes
|
|
|
31 |
# will be sent in the packet, all other attributes will be filtered out.
|
|
|
32 |
#
|
|
|
33 |
#nochap
|
|
|
34 |
# User-Name =* ANY,
|
|
|
35 |
# User-Password =* ANY,
|
|
|
36 |
# NAS-Ip-Address =* ANY,
|
|
|
37 |
# NAS-Identifier =* ANY
|
|
|
38 |
|
|
|
39 |
# The entry for the 'brokenas' realm removes the attribute NAS-Port-Type
|
|
|
40 |
# if its value is different from 'Ethernet'. Then the default rules are
|
|
|
41 |
# applied.
|
|
|
42 |
#
|
|
|
43 |
#brokenas
|
|
|
44 |
# NAS-Port-Type == Ethernet
|
|
|
45 |
# Fall-Through = Yes
|
|
|
46 |
|
|
|
47 |
# The rest of this file contains the DEFAULT entry.
|
|
|
48 |
# DEFAULT matches with all realm names.
|
|
|
49 |
|
|
|
50 |
DEFAULT
|
|
|
51 |
User-Name =* ANY,
|
|
|
52 |
User-Password =* ANY,
|
|
|
53 |
CHAP-Password =* ANY,
|
|
|
54 |
CHAP-Challenge =* ANY,
|
|
|
55 |
MS-CHAP-Challenge =* ANY,
|
|
|
56 |
MS-CHAP-Response =* ANY,
|
|
|
57 |
EAP-Message =* ANY,
|
|
|
58 |
Message-Authenticator =* ANY,
|
|
|
59 |
State =* ANY,
|
|
|
60 |
NAS-IP-Address =* ANY,
|
|
|
61 |
NAS-Identifier =* ANY,
|
|
|
62 |
Proxy-State =* ANY
|