--- /dev/null
+# This is a simple server for the MS SoH requests generated by the
+# peap module - see "eap.conf" for more info
+
+# Requests are ONLY passed through the authorize section, and cannot
+# current be proxied (in any event, the radius attributes used are
+# internal).
+
+server soh-server {
+ authorize {
+ if (SoH-Supported == no) {
+ # client NAKed our request for SoH - not supported, or turned off
+ update config {
+ Auth-Type = Accept
+ }
+ }
+ else {
+ # client replied; check something - this is a local policy issue!
+ if (SoH-MS-Windows-Health-Status =~ /antivirus (warn|error) /) {
+ update config {
+ Auth-Type = Reject
+ }
+ update reply {
+ Reply-Message = "You must have antivirus enabled & installed!"
+ }
+ }
+ else {
+ update config {
+ Auth-Type = Accept
+ }
+ }
+ }
+ }
+}
+