SoH docs & example

[freeradius.git] / raddb / sites-available / soh

diff --git a/raddb/sites-available/soh b/raddb/sites-available/soh
new file mode 100644 (file)
index 0000000..9196e5b
--- /dev/null
+++ b/raddb/sites-available/soh
@@ -0,0 +1,34 @@
+# This is a simple server for the MS SoH requests generated by the
+# peap module - see "eap.conf" for more info
+
+# Requests are ONLY passed through the authorize section, and cannot
+# current be proxied (in any event, the radius attributes used are
+# internal).
+
+server soh-server {
+       authorize {
+               if (SoH-Supported == no) {
+                       # client NAKed our request for SoH - not supported, or turned off
+                       update config {
+                               Auth-Type = Accept
+                       }
+               }
+               else {
+                       # client replied; check something - this is a local policy issue!
+                       if (SoH-MS-Windows-Health-Status =~ /antivirus (warn|error) /) {
+                               update config {
+                                       Auth-Type = Reject
+                               }
+                               update reply {
+                                       Reply-Message = "You must have antivirus enabled & installed!"
+                               }
+                       }
+                       else {
+                               update config {
+                                       Auth-Type = Accept
+                               }
+                       }
+               }
+       }
+}
+