/etc/raddb# cat sites-enabled/default-bsn server default { listen { ipaddr = * port = 1812 type = auth # interface = eth0 } listen { ipv6addr = :: port = 1812 type = auth # interface = eth0 } listen { ipaddr = * port = 1813 type = acct # interface = eth0 } listen { ipv6addr = :: port = 1813 type = acct # interface = eth0 } authorize { preprocess linelog_auth suffix if(!updated) { if (NAS-Port-Type == Wireless-802.11) { update control { &Proxy-To-Realm := "my.domain.org" } } else { # if no Wi-Fi port process locally if ((Service-Type == Call-Check) || (Service-Type == Framed-User)) { authorized_macs if (!ok) { update control { &Auth-Type := Reject } } else { update control { &Auth-Type := Accept } } } else { # All local users by default are privileged shadow_ldap if (ok) { update reply { &Service-Type := Administrative-User } } shadow_local if (ok) { update reply { &Service-Type := Administrative-User } } } expiration pap } } } authenticate { Auth-Type PAP { pap } eap } preacct { preprocess acct_unique suffix if (NAS-Port-Type == Wireless-802.11) { update control { &Proxy-To-Realm := "my.domain.org" } } files } accounting { linelog_acct radutmp exec attr_filter.accounting_response } session { radutmp } post-auth { exec linelog_auth_accept Post-Auth-Type REJECT { linelog_auth_reject attr_filter.access_reject } } }