server inner-tunnel {
authorize {
        chap
        mschap
        suffix
        update control {
               Proxy-To-Realm := LOCAL
        }

        eap {
                ok = return
        }

        files

if(outer.EAP-Type == 21) {
        if (outer.NAS-IP-Address == 127.0.0.1) {
                ldap_vpn
        }
        elsif (outer.NAS-IP-Address == 10.69.5.6) {
                ldap_wireless
        }
        elsif (outer.NAS-IP-Address == 10.69.3.6) {
                ldap_wireless
        }
        elsif (outer.NAS-IP-Address == 10.69.2.2) {
                ldap_wireless
        }
        elsif (outer.NAS-IP-Address == 10.69.2.4) {
                ldap_wireless
        }
        elsif (outer.NAS-IP-Address == 10.69.3.2) {
                ldap_wireless
        }
        elsif (outer.NAS-IP-Address == 10.69.3.4) {
                ldap_wireless
        }
        elsif (outer.NAS-Port-Type == Ethernet) {
                ldap_wireless
        }
        elsif (outer.NAS-Port-Type == Wireless-802.11) {
                ldap_wireless
        }
}

        expiration
        logintime
        pap
}



authenticate {
        Auth-Type PAP {
                pap
        }
        Auth-Type CHAP {
                chap
        }
        Auth-Type MS-CHAP {
                mschap
        }
        ntlm_auth
        eap
}
session {
        radutmp

}
post-auth {
        Post-Auth-Type REJECT {
                attr_filter.access_reject
        }

        update outer.reply {
                User-Name = "%{request:User-Name}"
        }
}

pre-proxy {
}

post-proxy {
        eap
}