server abfab-idp {
authorize {
- psk_authorize
+ psk_authorize
abfab_client_check
filter_username
preprocess
# cui
suffix {
- updated = 1
+ updated = 1
noop = reject
- }
+ }
eap {
ok = return
}
exec
# Remove reply message if the response contains an EAP-Message
remove_reply_message_if_eap
+
+ # Uncomment to enable logging of certain Moonshot attributes. See
+ # mods-available/moonshot_custom_linelog.
+ # log_moonshot_authn_rp_proxy
+
# Access-Reject packets are sent through the REJECT sub-section of the
# post-auth section.
#
# 'edir_account_policy_check = yes' in the ldap module configuration
#
Post-Auth-Type REJECT {
+ # Uncomment to enable logging of certain Moonshot attributes. See
+ # mods-available/moonshot_custom_linelog.
+ # log_moonshot_authn_rp_proxy
+
# log failed authentications in SQL, too.
-sql
attr_filter.access_reject
# Remove reply message if the response contains an EAP-Message
remove_reply_message_if_eap
}
+
+ # Uncomment to enable logging of certain Moonshot attributes. See
+ # mods-available/moonshot_custom_linelog.
+ # log_moonshot_authn_rp_proxy
}
#
# When the server decides to proxy a request to a home server,