AuthPort 12812
AcctPort 12813
Foreground
LogStdout
LogDir C:\Radiator\Logs
LogFile %L\Radiator-Test_%Y-%m-%d.log
DbDir C:\Radiator
#This will log at DEBUG level:5 very verbose. Use a lower trace level in production systems, typically use 3
Trace 4
#The name of the file where the radius PID will be written after startup, so we don't conflict with another radiusd
PidFile C:\Radiator\radiusd-test.pid
Include C:\Radiator\Config-Clients.cfg
Identifier Accounting_log
AcctLogFileName %L/Wifi-ACCT_%Y-%m-%d.txt
AccountingHandled
Identifier Handler_From_QManage
HandlerId Auth_ActiveDirectory
Filename %L\Test-Wifi-AUTH-QManage_%Y-%m-%d.log
LogSuccess 1
LogSuccess 1
LogFailure 1
SuccessFormat %H:%M:%S,Success,%1,%N,%U,%u,%n,%{Calling-Station-Id},%{NAS-Identifier}
FailureFormat %H:%M:%S,Failure,%1,%N,%U,%u,%n,%{Calling-Station-Id},%{NAS-Identifier}
AcctLogFileName %L\Test-Wifi-ACCT-QManage_%Y-%m-%d.log
Identifier Handler_PEAP
HandlerId Auth_ActiveDirectory2
Filename %L\Test-Wifi-AUTH-PEAP_%Y-%m-%d.log
LogSuccess 1
LogFailure 1
SuccessFormat %H:%M:%S,Success,%1,%N,%U,%u,%n,%{Calling-Station-Id},%{NAS-Identifier}
FailureFormat %H:%M:%S,Failure,%1,%N,%U,%u,%n,%{Calling-Station-Id},%{NAS-Identifier}
AcctLogFileName %L\Test-Wifi-ACCT-PEAP_%Y-%m-%d.log
Identifier Handler_TTLS
HandlerId Auth_ActiveDirectory2
Filename %L\Test-Wifi-AUTH-TTLS_%Y-%m-%d.log
LogSuccess 1
LogFailure 1
SuccessFormat %H:%M:%S,Success,%1,%N,%U,%u,%n,%{Calling-Station-Id},%{NAS-Identifier}
FailureFormat %H:%M:%S,Failure,%1,%N,%U,%u,%n,%{Calling-Station-Id},%{NAS-Identifier}
AcctLogFileName %L\Test-Wifi-ACCT-TTLS_%Y-%m-%d.log
Identifier Auth_ActiveDirectory2
AuthByPolicy ContinueUntilAcceptOrChallenge
# eduroam override
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group eduroam-wireless
AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:420
# divisie 1
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-0
AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:281
Identifier Auth_ActiveDirectory
AuthByPolicy ContinueWhileReject
# eduroam override
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group eduroam-wireless
AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:420
# divisie 1
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-1
AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:281
# divisie 2
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-2
AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:282
# divisie 3
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-3
AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:283
# divisie 4
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-4
AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:284
# divisie 5
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-5
AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:285
# Curium
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-8
AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:288
# divisie 0
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-0
AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:280
Outer Handler, forwards based on tunnel type, to above handlers for TTLS or PEAP
Identifier OuterAuthentication-AuthBy_File
# file containing the word "anonymous" w/o quotes on its own line (for usage of TTLS identity privacy)
Filename %D/userfile_anon
EAPType TTLS, PEAP
EAPAnonymous %0
EAPTLS_CAFile %D/radius_lumc_nl.pem
EAPTLS_CertificateFile %D/radius_lumc_nl.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/radius_lumc_nl.pem
EAPTLS_MaxFragmentSize 1300
#EAPTLS_Protocols TLSv1, TLSv1.1, TLSv1.2
EAPTLS_Ciphers DEFAULT:!EXPORT:!LOW:!RC4
#EAPTLS_PEAPVersion 0
EAPTTLS_NoAckRequired
AutoMPPEKeys
Filename %L\Test-Wifi-AUTH-OuterHandler_%Y-%m-%d.log
LogSuccess 1
LogFailure 1
SuccessFormat %H:%M:%S,Success,%1,%N,%U,%u,%n,%{Calling-Station-Id},%{NAS-Identifier}
FailureFormat %H:%M:%S,Failure,%1,%N,%U,%u,%n,%{Calling-Station-Id},%{NAS-Identifier}
AcctLogFileName %L\Test-Wifi-ACCT-OuterHandler_%Y-%m-%d.log