#eduroam Config
#2016-09-09 eduroam-wireless test groep toegevoegd (lumc accounts in vlan420)
#tracelevel 0
Foreground
LogStdout
AuthPort 1645,1812
AcctPort 1646,1813
DbDir C:\Program Files\Radiator
LogDir D:\Radiator\Log
LogFile %L\Radiator_%Y-%m-%d.txt
Trace 0
# The name of the file where the radius PID will be written
# after startup, so we don't conflict with another radiusd
PidFile C:\Program Files\Radiator\radiusd.pid
#--------------------------------------------------
#logt de succes en failure authentications int LUMCer
Identifier logfile_LUMC_int
Filename %L/authlog_LUMC_int_%Y-%m-%d.txt
LogSuccess 1
SuccessFormat '%H:%M:%S', OK, '%N, %U, %u'
LogFailure 1
FailureFormat '%H:%M:%S', %1, '%N, %U, %u'
#logt de succes en failure authentications ext LUMCer
Identifier logfile_LUMC_ext
Filename %L/authlog_LUMC_ext_%Y-%m-%d.txt
LogSuccess 1
SuccessFormat '%H:%M:%S', OK, '%N, %U, %u'
LogFailure 1
FailureFormat '%H:%M:%S', %1, '%N, %U, %u'
#logt de succes en failure authentications niet LUMCer
Identifier logfile_niet_LUMC
Filename %L/authlog_not_LUMC_%Y-%m-%d.txt
LogSuccess 1
SuccessFormat '%H:%M:%S', OK, '%N, %U, %u'
LogFailure 1
FailureFormat '%H:%M:%S', %1, '%N, %U, %u'
#logt de unknown authentications
Identifier logfile_unknown
Filename %L/authlog_unknown_%Y-%m-%d.txt
LogSuccess 1
SuccessFormat '%H:%M:%S', OK, '%N, %U, %u'
LogFailure 1
FailureFormat '%H:%M:%S', %1, '%N, %U, %u'
#--------------------------------------------------
#Accounting
#Accounting status type = Alive
Identifier Accounting_log1
#Log accounting to a detail accounting file
AcctLogFileName %L/acct_log_%Y-%m-%d.txt
AcctLogFileFormat %H:%M:%S,Alive,%{User-Name},%{Acct-Session-Id},%{Calling-Station-Id},\
%{Framed-IP-Address}
AccountingHandled
#Accounting status type = stop
Identifier Accounting_log2
#Log accounting to a detail accounting file
AcctLogFileName %L/acct_log_%Y-%m-%d.txt
AcctLogFileFormat %H:%M:%S,Stop,%{User-Name},%{Acct-Session-Id},%{Calling-Station-Id}
AccountingHandled
#Accounting status type = start
Identifier Accounting_log3
#Log accounting to a detail accounting file
#AcctLogFileName %L/acct_logov_%Y-%m-%d.txt
AccountingHandled
#--------------------------------------------------
#Inner authentication voor externe LUMCers via surfnet
Identifier PEAPTunnel_intern_LUMCext
AuthByPolicy ContinueWhileReject
# eduroam-test
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group eduroam-wireless
# divisie 1
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-1
# divisie 2
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-2
# divisie 3
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-3
# divisie 4
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-4
# divisie 5
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-5
# Curium
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-8
# divisie 0
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-0
AuthLog logfile_LUMC_ext
#Inner authentication voor externe LUMCers via surfnet
#
Identifier PEAPTunnel_intern_LUMCext
AuthByPolicy ContinueWhileReject
# eduroam-test
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group eduroam-wireless
# divisie 1
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-1
# divisie 2
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-2
# divisie 3
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-3
# divisie 4
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-4
# divisie 5
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-5
# Curium
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-8
# divisie 0
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-0
AuthLog logfile_LUMC_ext
#----------------------------------------------------------
#----------User Authentication-----------------------------
#----------------------------------------------------------
#Inner authentication voor interne LUMCers direct vanuit qmanage zonder PEAP tunnel
Identifier LUMCusers
HandlerId LUMCusers_AD
AuthLog logfile_LUMC_int
#----------------------------------------------------------
#Inner authentication voor interne LUMCers direct vanuit de wireless controlers met PEAP tunnel
Identifier LUMCusers
HandlerId LUMCusers_AD
AuthLog logfile_LUMC_int
#---------------------------------------------------------
#Inner authentication voor interne LUMCers met windows AD
Identifier LUMCusers_AD
AuthByPolicy ContinueWhileReject
# eduroam override
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group eduroam-wireless
AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:420
# divisie 1
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-1
AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:281
# divisie 2
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-2
AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:282
# divisie 3
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-3
AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:283
# divisie 4
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-4
AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:284
# divisie 5
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-5
AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:285
# Curium
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-8
AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:288
# divisie 0
EAPType MSCHAP-V2
DefaultDomain lumcnet
UsernameMatchesWithoutRealm
Group lumc-wireless-0
AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:280
#--------------------------------------------------
#outer authentication
Identifier OuterAuth
EAPType PEAP
EAPAnonymous %0
EAPTLS_CAFile %D/radius_lumc_nl.pem
EAPTLS_CertificateFile %D/radius_lumc_nl.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/radius_lumc_nl.pem
EAPTLS_SessionResumption 1
EAPTLS_MaxFragmentSize 1024
AutoMPPEKeys
EAPTLS_PEAPVersion 0
DefaultResult reject
AuthLog logfile_unknown