#eduroam Config #2016-09-09 eduroam-wireless test groep toegevoegd (lumc accounts in vlan420) #tracelevel 0 Foreground LogStdout AuthPort 1645,1812 AcctPort 1646,1813 DbDir C:\Program Files\Radiator LogDir D:\Radiator\Log LogFile %L\Radiator_%Y-%m-%d.txt Trace 0 # The name of the file where the radius PID will be written # after startup, so we don't conflict with another radiusd PidFile C:\Program Files\Radiator\radiusd.pid #-------------------------------------------------- #logt de succes en failure authentications int LUMCer Identifier logfile_LUMC_int Filename %L/authlog_LUMC_int_%Y-%m-%d.txt LogSuccess 1 SuccessFormat '%H:%M:%S', OK, '%N, %U, %u' LogFailure 1 FailureFormat '%H:%M:%S', %1, '%N, %U, %u' #logt de succes en failure authentications ext LUMCer Identifier logfile_LUMC_ext Filename %L/authlog_LUMC_ext_%Y-%m-%d.txt LogSuccess 1 SuccessFormat '%H:%M:%S', OK, '%N, %U, %u' LogFailure 1 FailureFormat '%H:%M:%S', %1, '%N, %U, %u' #logt de succes en failure authentications niet LUMCer Identifier logfile_niet_LUMC Filename %L/authlog_not_LUMC_%Y-%m-%d.txt LogSuccess 1 SuccessFormat '%H:%M:%S', OK, '%N, %U, %u' LogFailure 1 FailureFormat '%H:%M:%S', %1, '%N, %U, %u' #logt de unknown authentications Identifier logfile_unknown Filename %L/authlog_unknown_%Y-%m-%d.txt LogSuccess 1 SuccessFormat '%H:%M:%S', OK, '%N, %U, %u' LogFailure 1 FailureFormat '%H:%M:%S', %1, '%N, %U, %u' #-------------------------------------------------- #Accounting #Accounting status type = Alive Identifier Accounting_log1 #Log accounting to a detail accounting file AcctLogFileName %L/acct_log_%Y-%m-%d.txt AcctLogFileFormat %H:%M:%S,Alive,%{User-Name},%{Acct-Session-Id},%{Calling-Station-Id},\ %{Framed-IP-Address} AccountingHandled #Accounting status type = stop Identifier Accounting_log2 #Log accounting to a detail accounting file AcctLogFileName %L/acct_log_%Y-%m-%d.txt AcctLogFileFormat %H:%M:%S,Stop,%{User-Name},%{Acct-Session-Id},%{Calling-Station-Id} AccountingHandled #Accounting status type = start Identifier Accounting_log3 #Log accounting to a detail accounting file #AcctLogFileName %L/acct_logov_%Y-%m-%d.txt AccountingHandled #-------------------------------------------------- #Inner authentication voor externe LUMCers via surfnet Identifier PEAPTunnel_intern_LUMCext AuthByPolicy ContinueWhileReject # eduroam-test EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group eduroam-wireless # divisie 1 EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-1 # divisie 2 EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-2 # divisie 3 EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-3 # divisie 4 EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-4 # divisie 5 EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-5 # Curium EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-8 # divisie 0 EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-0 AuthLog logfile_LUMC_ext #Inner authentication voor externe LUMCers via surfnet # Identifier PEAPTunnel_intern_LUMCext AuthByPolicy ContinueWhileReject # eduroam-test EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group eduroam-wireless # divisie 1 EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-1 # divisie 2 EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-2 # divisie 3 EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-3 # divisie 4 EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-4 # divisie 5 EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-5 # Curium EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-8 # divisie 0 EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-0 AuthLog logfile_LUMC_ext #---------------------------------------------------------- #----------User Authentication----------------------------- #---------------------------------------------------------- #Inner authentication voor interne LUMCers direct vanuit qmanage zonder PEAP tunnel Identifier LUMCusers HandlerId LUMCusers_AD AuthLog logfile_LUMC_int #---------------------------------------------------------- #Inner authentication voor interne LUMCers direct vanuit de wireless controlers met PEAP tunnel Identifier LUMCusers HandlerId LUMCusers_AD AuthLog logfile_LUMC_int #--------------------------------------------------------- #Inner authentication voor interne LUMCers met windows AD Identifier LUMCusers_AD AuthByPolicy ContinueWhileReject # eduroam override EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group eduroam-wireless AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:420 # divisie 1 EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-1 AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:281 # divisie 2 EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-2 AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:282 # divisie 3 EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-3 AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:283 # divisie 4 EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-4 AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:284 # divisie 5 EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-5 AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:285 # Curium EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-8 AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:288 # divisie 0 EAPType MSCHAP-V2 DefaultDomain lumcnet UsernameMatchesWithoutRealm Group lumc-wireless-0 AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:280 #-------------------------------------------------- #outer authentication Identifier OuterAuth EAPType PEAP EAPAnonymous %0 EAPTLS_CAFile %D/radius_lumc_nl.pem EAPTLS_CertificateFile %D/radius_lumc_nl.pem EAPTLS_CertificateType PEM EAPTLS_PrivateKeyFile %D/radius_lumc_nl.pem EAPTLS_SessionResumption 1 EAPTLS_MaxFragmentSize 1024 AutoMPPEKeys EAPTLS_PEAPVersion 0 DefaultResult reject AuthLog logfile_unknown