bvm-radius: actually add cuirecv policy file
This commit is contained in:
parent
79a06fc54f
commit
9ed22f57ad
1 changed files with 46 additions and 0 deletions
46
ops/nixos/bvm-radius/raddb/policy.d/cuirecv
Normal file
46
ops/nixos/bvm-radius/raddb/policy.d/cuirecv
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
#
|
||||||
|
# The following policies are for the Chargeable-User-Identity
|
||||||
|
# (CUI) configuration.
|
||||||
|
#
|
||||||
|
# The policies below can be called as just 'cui' (not
|
||||||
|
# cui.authorize etc..) from the various config sections.
|
||||||
|
#
|
||||||
|
|
||||||
|
## This is a limited configuration for Visited-only sites.
|
||||||
|
|
||||||
|
#
|
||||||
|
# The client indicates it can do CUI by sending a CUI attribute
|
||||||
|
# containing one zero byte.
|
||||||
|
# A non-empty value in Operator-Name can be an additional requirement.
|
||||||
|
# Normally CUI support is turned on only for such requests.
|
||||||
|
# CUI support can be used for local clients which do not
|
||||||
|
# supports CUI themselves, the server can simulate a CUI request
|
||||||
|
# adding the missing NUL CUI value and the Operator-Name attribute.
|
||||||
|
# Clients which are supposed to get this treatment should
|
||||||
|
# be marked by add_cui flag in clients.conf
|
||||||
|
# We assume that local clients are marked in the client.conf with
|
||||||
|
# add_cui flag, e.g.
|
||||||
|
# client xxxx {
|
||||||
|
# ...
|
||||||
|
# add_cui = yes
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
cui.authorize {
|
||||||
|
if ("%{client:add_cui}" == 'yes') {
|
||||||
|
update request {
|
||||||
|
&Chargeable-User-Identity := 0x00
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Before proxing an Access-Request to a remote server, a NUL CUI
|
||||||
|
# attribute should be added, unless it is already present in the request.
|
||||||
|
#
|
||||||
|
cui.pre-proxy {
|
||||||
|
if (("%{request:Packet-Type}" == 'Access-Request') && ("%{client:add_cui}" == 'yes')) {
|
||||||
|
update proxy-request {
|
||||||
|
&Chargeable-User-Identity = 0x00
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue