bvm-radius: actually add cuirecv policy file
This commit is contained in:
parent
79a06fc54f
commit
9ed22f57ad
1 changed files with 46 additions and 0 deletions
46
ops/nixos/bvm-radius/raddb/policy.d/cuirecv
Normal file
46
ops/nixos/bvm-radius/raddb/policy.d/cuirecv
Normal file
|
@ -0,0 +1,46 @@
|
|||
#
|
||||
# The following policies are for the Chargeable-User-Identity
|
||||
# (CUI) configuration.
|
||||
#
|
||||
# The policies below can be called as just 'cui' (not
|
||||
# cui.authorize etc..) from the various config sections.
|
||||
#
|
||||
|
||||
## This is a limited configuration for Visited-only sites.
|
||||
|
||||
#
|
||||
# The client indicates it can do CUI by sending a CUI attribute
|
||||
# containing one zero byte.
|
||||
# A non-empty value in Operator-Name can be an additional requirement.
|
||||
# Normally CUI support is turned on only for such requests.
|
||||
# CUI support can be used for local clients which do not
|
||||
# supports CUI themselves, the server can simulate a CUI request
|
||||
# adding the missing NUL CUI value and the Operator-Name attribute.
|
||||
# Clients which are supposed to get this treatment should
|
||||
# be marked by add_cui flag in clients.conf
|
||||
# We assume that local clients are marked in the client.conf with
|
||||
# add_cui flag, e.g.
|
||||
# client xxxx {
|
||||
# ...
|
||||
# add_cui = yes
|
||||
# }
|
||||
#
|
||||
cui.authorize {
|
||||
if ("%{client:add_cui}" == 'yes') {
|
||||
update request {
|
||||
&Chargeable-User-Identity := 0x00
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Before proxing an Access-Request to a remote server, a NUL CUI
|
||||
# attribute should be added, unless it is already present in the request.
|
||||
#
|
||||
cui.pre-proxy {
|
||||
if (("%{request:Packet-Type}" == 'Access-Request') && ("%{client:add_cui}" == 'yes')) {
|
||||
update proxy-request {
|
||||
&Chargeable-User-Identity = 0x00
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue