AuthPort    12812
AcctPort    12813

Foreground
LogStdout
LogDir		C:\Radiator\Logs
LogFile		%L\Radiator-Test_%Y-%m-%d.log
DbDir		C:\Radiator
#This will log at DEBUG level:5 very verbose. Use a lower trace level in production systems, typically use 3
Trace 		4

#The name of the file where the radius PID will be written after startup, so we don't conflict with another radiusd
PidFile C:\Radiator\radiusd-test.pid
Include C:\Radiator\Config-Clients.cfg

<Handler Request-Type = Accounting-Request>
        Identifier Accounting_log
        AcctLogFileName %L/Wifi-ACCT_%Y-%m-%d.txt
        AccountingHandled
</Handler>

<Handler Connect-Info="From_QManage">
Identifier Handler_From_QManage
    <AuthBy HANDLER>
    HandlerId Auth_ActiveDirectory
    </AuthBy>
	<AuthLog FILE>
			Filename   %L\Test-Wifi-AUTH-QManage_%Y-%m-%d.log
			LogSuccess 1
        LogSuccess 1
        LogFailure 1
        SuccessFormat %H:%M:%S,Success,%1,%N,%U,%u,%n,%{Calling-Station-Id},%{NAS-Identifier}
        FailureFormat %H:%M:%S,Failure,%1,%N,%U,%u,%n,%{Calling-Station-Id},%{NAS-Identifier}
	</AuthLog>
	AcctLogFileName %L\Test-Wifi-ACCT-QManage_%Y-%m-%d.log
</Handler>

<Handler TunnelledByPEAP=1>
Identifier Handler_PEAP
    <AuthBy HANDLER>
    HandlerId Auth_ActiveDirectory2
    </AuthBy>
	<AuthLog FILE>
			Filename   %L\Test-Wifi-AUTH-PEAP_%Y-%m-%d.log
        LogSuccess 1
        LogFailure 1
        SuccessFormat %H:%M:%S,Success,%1,%N,%U,%u,%n,%{Calling-Station-Id},%{NAS-Identifier}
        FailureFormat %H:%M:%S,Failure,%1,%N,%U,%u,%n,%{Calling-Station-Id},%{NAS-Identifier}
	</AuthLog>
	AcctLogFileName %L\Test-Wifi-ACCT-PEAP_%Y-%m-%d.log
</Handler>

<Handler TunnelledByTTLS=1>
Identifier Handler_TTLS
    <AuthBy HANDLER>
    HandlerId Auth_ActiveDirectory2
    </AuthBy>
	<AuthLog FILE>
			Filename   %L\Test-Wifi-AUTH-TTLS_%Y-%m-%d.log
        LogSuccess 1
        LogFailure 1
        SuccessFormat %H:%M:%S,Success,%1,%N,%U,%u,%n,%{Calling-Station-Id},%{NAS-Identifier}
        FailureFormat %H:%M:%S,Failure,%1,%N,%U,%u,%n,%{Calling-Station-Id},%{NAS-Identifier}
	</AuthLog>
	AcctLogFileName %L\Test-Wifi-ACCT-TTLS_%Y-%m-%d.log
</Handler>

<Handler Identifier=^(Handler_PEAP|Handler_TTLS)$>
Identifier Auth_ActiveDirectory2
    <AuthBy GROUP>
    AuthByPolicy ContinueUntilAcceptOrChallenge    
          <AuthBy LSA>
          # eduroam override
             EAPType MSCHAP-V2
             DefaultDomain lumcnet
             UsernameMatchesWithoutRealm
             Group eduroam-wireless
             AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:420
          </AuthBy>
          <AuthBy LSA>
          # divisie 1
             EAPType MSCHAP-V2
             DefaultDomain lumcnet
             UsernameMatchesWithoutRealm
             Group lumc-wireless-0
             AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:281
          </AuthBy>          
    </AuthBy>
</Handler>

<Handler Identifier=^(Handler_PEAP|Handler_TTLS|Handler_From_QManage)$>
Identifier Auth_ActiveDirectory
    <AuthBy GROUP>
    AuthByPolicy ContinueWhileReject
          <AuthBy LSA>
          # eduroam override
             EAPType MSCHAP-V2
             DefaultDomain lumcnet
             UsernameMatchesWithoutRealm
             Group eduroam-wireless
             AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:420
          </AuthBy>
          <AuthBy LSA>
          # divisie 1
             EAPType MSCHAP-V2
             DefaultDomain lumcnet
             UsernameMatchesWithoutRealm
             Group lumc-wireless-1
             AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:281
          </AuthBy>
          <AuthBy LSA>
          # divisie 2
             EAPType MSCHAP-V2
             DefaultDomain lumcnet
             UsernameMatchesWithoutRealm
             Group lumc-wireless-2
             AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:282
          </AuthBy>
          <AuthBy LSA>
          # divisie 3
             EAPType MSCHAP-V2
             DefaultDomain lumcnet
             UsernameMatchesWithoutRealm
             Group lumc-wireless-3
             AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:283
          </AuthBy>
          <AuthBy LSA>
          # divisie 4
             EAPType MSCHAP-V2
             DefaultDomain lumcnet
             UsernameMatchesWithoutRealm
             Group lumc-wireless-4
             AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:284
          </AuthBy>
          <AuthBy LSA>
          # divisie 5
             EAPType MSCHAP-V2
             DefaultDomain lumcnet
             UsernameMatchesWithoutRealm
             Group lumc-wireless-5
             AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:285
          </AuthBy>
          <AuthBy LSA>
          # Curium
             EAPType MSCHAP-V2
             DefaultDomain lumcnet
             UsernameMatchesWithoutRealm
             Group lumc-wireless-8
             AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:288
          </AuthBy>
          <AuthBy LSA>
          # divisie 0
             EAPType MSCHAP-V2
             DefaultDomain lumcnet
             UsernameMatchesWithoutRealm
             Group lumc-wireless-0
             AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:280
          </AuthBy>
    </AuthBy>
</Handler>

 Outer Handler, forwards based on tunnel type, to above handlers for TTLS or PEAP
<Handler Realm=/^lumc\.nl$/i, EAP-Message=/.+/>
	<AuthBy FILE>
	Identifier OuterAuthentication-AuthBy_File
	# file containing the word "anonymous" w/o quotes on its own line (for usage of TTLS identity privacy)
		Filename %D/userfile_anon
		EAPType TTLS, PEAP
		EAPAnonymous %0
		EAPTLS_CAFile %D/radius_lumc_nl.pem
		EAPTLS_CertificateFile %D/radius_lumc_nl.pem
		EAPTLS_CertificateType PEM
		EAPTLS_PrivateKeyFile %D/radius_lumc_nl.pem
    EAPTLS_MaxFragmentSize 1300
    #EAPTLS_Protocols TLSv1, TLSv1.1, TLSv1.2
    EAPTLS_Ciphers DEFAULT:!EXPORT:!LOW:!RC4
    #EAPTLS_PEAPVersion 0
    EAPTTLS_NoAckRequired
    AutoMPPEKeys
	</AuthBy>
	<AuthLog FILE>
		Filename   %L\Test-Wifi-AUTH-OuterHandler_%Y-%m-%d.log
        LogSuccess 1
        LogFailure 1
        SuccessFormat %H:%M:%S,Success,%1,%N,%U,%u,%n,%{Calling-Station-Id},%{NAS-Identifier}
        FailureFormat %H:%M:%S,Failure,%1,%N,%U,%u,%n,%{Calling-Station-Id},%{NAS-Identifier}
	</AuthLog>
	AcctLogFileName %L\Test-Wifi-ACCT-OuterHandler_%Y-%m-%d.log
</Handler>