...
Most of the radsecproxy configuration file is static. Therefore, a template configuration file is provided at http://www.eduroam.org/downloads/docs/eduroam-cookbook-scripts.zip. A detailed explanation of this configuration file follows. However, the comments included in the file should make its action almost self- explanatory. This means you can start and experiment with it right after installation.
Base configuration / logging / F-Ticks
This walk-through goes through the template radsecproxy.conf line by line and explains the meaning of each stanza.
...
| Code Block |
|---|
client __SP_IP_ADDR__ {
type udp
secret __SP_SECRET__
FTicksVISCOUNTRY AQXZ # will generate F-Ticks for "a non-existant visited country = Antarctica"
}
|
Stanzas like this one are used for each connected service provider that is connected via RADIUS. You need to know the IP address of every SP's RADIUS server and negotiate a shared secret with the SP
...
| Code Block |
|---|
realm /myabc\.com$/ {
replymessage "Misconfigured client: default realm of Intel PRO/Wireless supplicant! Rejected by <TLD>."
accountingresponse on
}
realm /@.*3gppnetwork\.org$/ {
replymessage "Misconfigured client: Unsupported 3G EAP-SIM client!"
accountingresponse on
}
realm /^$/ {
replymessage "Misconfigured client: empty realm! Rejected by <TLD>."
accountingresponse on
}
|
...