-sql
#
- # Instead of sending the query to the SQL server,
- # write it into a log file.
- #
-# sql_log
-
- #
# Un-comment the following if you have set
# 'edir_account_policy_check = yes' in the ldap module sub-section of
# the 'modules' section.
#
# Un-comment the following if you want to generate Moonshot (ABFAB) TargetedIds
- # IMPORTANT: This requires the UUID package to be installed!
+ #
+ # IMPORTANT: This requires the UUID package to be installed, and a targeted_id_salt
+ # to be configured.
+ #
+ # This functionality also supports SQL backing. To use this functionality, enable
+ # and configure the moonshot-targeted-ids SQL module in the mods-enabled directory.
+ # Then remove the comments from the appropriate lines in each of the below
+ # policies in the policy.d/moonshot-targeted-ids file.
#
# moonshot_host_tid
# moonshot_realm_tid
EAP-Message !* ANY
Proxy-State !* ANY
MS-MPPE-Encryption-Types !* ANY
+ MS-MPPE-Encryption-Policy !* ANY
MS-MPPE-Send-Key !* ANY
MS-MPPE-Recv-Key !* ANY
}
}
}
+ # Uncomment to enable logging of certain Moonshot attributes. See
+ # mods-available/moonshot_custom_linelog.
+ # log_moonshot_authn_idp
+
#
# Access-Reject packets are sent through the REJECT sub-section of the
# post-auth section.
# 'edir_account_policy_check = yes' in the ldap module configuration
#
Post-Auth-Type REJECT {
+ # Uncomment to enable logging of certain Moonshot attributes. See
+ # mods-available/moonshot_custom_linelog.
+ # log_moonshot_authn_idp
+
# log failed authentications in SQL, too.
-sql
attr_filter.access_reject
&Module-Failure-Message := &request:Module-Failure-Message
}
}
+ # Uncomment to enable logging of certain Moonshot attributes. See
+ # mods-available/moonshot_custom_linelog.
+ # log_moonshot_authn_idp
}
#