######################################################################
#
#	As of 2.0.0, FreeRADIUS supports virtual hosts using the
#	"server" section, and configuration directives.
#
#	Virtual hosts should be put into the "sites-available"
#	directory.  Soft links should be created in the "sites-enabled"
#	directory to these files.  This is done in a normal installation.
#
#	If you are using 802.1X (EAP) authentication, please see also
#	the "inner-tunnel" virtual server.  You will likely have to edit
#	that, too, for authentication to work.
#
#	$Id: 083407596aa5074d665adac9606e7de655b634aa $
#
######################################################################
#
#	Read "man radiusd" before editing this file.  See the section
#	titled DEBUGGING.  It outlines a method where you can quickly
#	obtain the configuration you want, without running into
#	trouble.  See also "man unlang", which documents the format
#	of this file.
#
#	This configuration is designed to work in the widest possible
#	set of circumstances, with the widest possible number of
#	authentication methods.  This means that in general, you should
#	need to make very few changes to this file.
#
#	The best way to configure the server for your local system
#	is to CAREFULLY edit this file.  Most attempts to make large
#	edits to this file will BREAK THE SERVER.  Any edits should
#	be small, and tested by running the server with "radiusd -X".
#	Once the edits have been verified to work, save a copy of these
#	configuration files somewhere.  (e.g. as a "tar" file).  Then,
#	make more edits, and test, as above.
#
#	There are many "commented out" references to modules such
#	as ldap, sql, etc.  These references serve as place-holders.
#	If you need the functionality of that module, then configure
#	it in radiusd.conf, and un-comment the references to it in
#	this file.  In most cases, those small changes will result
#	in the server being able to connect to the DB, and to
#	authenticate users.
#
######################################################################

server default {
listen {
	type = auth
	ipaddr = *
	port = 0

	limit {
	      max_connections = 16
	      lifetime = 0
	      idle_timeout = 30
	}
}

listen {
	ipaddr = *
	port = 0
	type = acct

	limit {
	}
}

# IPv6 versions of the above - read their full config to understand options
listen {
	type = auth
	ipv6addr = ::	# any.  ::1 == localhost
	port = 0
	limit {
	      max_connections = 16
	      lifetime = 0
	      idle_timeout = 30
	}
}

listen {
	ipv6addr = ::
	port = 0
	type = acct

	limit {
	}
}
}

server radius-wifi {
authorize {
        rewrite_calling_station_id

        if (User-Name =~ /^(.*)@(.*)/){
            if (User-Name !~ /^(.*)@(.*)example(.*)/){
                update control{
                    Proxy-To-Realm := 'FEDEREZ'
                }
            }

            if ("%{request:User-Name}" =~ /^(.*)@(.*)example(.*)/){
                update request{
                    Stripped-User-Name := "%{1}"
                }
            }
        }

	filter_username

	preprocess

	suffix

	eap {
		ok = return
	}

	expiration
	logintime

	pap

}

authenticate {
	Auth-Type PAP {
		pap
	}

	Auth-Type CHAP {
		chap
	}

	Auth-Type MS-CHAP {
		mschap
	}

	mschap

	digest

	eap
}


preacct {
	preprocess

	acct_unique

	suffix
	files
}

accounting {

	detail

	unix
	exec

}

session {
}

post-auth {
	update {
		&reply: += &session-state:
	}

	exec


	remove_reply_message_if_eap

	Post-Auth-Type REJECT {
		-sql
		attr_filter.access_reject

		eap

		remove_reply_message_if_eap
	}
}

pre-proxy {
}

post-proxy {
	eap
}
}



server radius-filaire{
    authorize{

            re2o
            expiration
            logintime
            pap
    }
    authenticate{
        Auth-Type PAP{
            pap
        }
        Auth-Type CHAP{
            chap
        }
        Auth-Type MS-CHAP{
            mschap
        }
        digest
        eap

    }
    preacct{
        preprocess
        acct_unique
        suffix
        files
    }
    accounting{
    }
    session{
    }
    post-auth{
       re2o
       exec
    }
    pre-proxy{
    }
    post-proxy{
        eap
    }
}