feat: add radius role

roles/radius/templates/etc/raddb/mods-available/eap

@@ -0,0 +1,52 @@
+eap {
+	# The initial EAP type requested.  Change this to peap if you're
+	# using peap, or tls if you're using EAP-TLS.
+	default_eap_type = ttls
+
+	# The maximum time an EAP-Session can continue for
+	timer_expire = 60
+
+	# The maximum number of ongoing EAP sessions
+	max_sessions = ${max_requests}
+
+	tls-config tls-common {
+		# The public certificate that your server will present
+		certificate_file = /etc/raddb/cert.pem
+
+		# The private key for the public certificate
+		private_key_file = /etc/raddb/privkey.pem
+
+		# The password to decrypt 'private_key_file'
+		#private_key_password = ""
+
+		# The certificate of the authority that issued 'certificate_file'
+		ca_file = /etc/raddb/chain.pem
+
+		# If your AP drops packets towards the client, try reducing this.
+		fragment_size = 1024
+
+		# When issuing client certificates embed the OCSP URL in the
+		# certificate if you want to be able to revoke them later.
+		ocsp {
+			enable = yes
+			override_cert_url = no
+			use_nonce = yes
+		}
+	}
+
+	tls {
+		tls = tls-common
+	}
+
+	ttls {
+		tls = tls-common
+		default_eap_type = mschapv2
+		virtual_server = "eduroam-inner"
+	}
+
+	peap {
+		tls = tls-common
+		default_eap_type = mschapv2
+		virtual_server = "eduroam-inner"
+	}
+}

roles/radius/templates/etc/raddb/mods-available/inner-eap

@@ -0,0 +1,9 @@
+eap inner-eap {
+	default_eap_type = mschapv2
+	timer_expire = 60
+	max_sessions = ${max_requests}
+
+	mschapv2 {
+		send_error = yes
+	}
+}

roles/radius/templates/etc/raddb/mods-available/linelog

@@ -0,0 +1,39 @@
+linelog linelog_recv_request {
+	filename = syslog
+	syslog_facility = local0
+	syslog_severity = debug
+	format = "action = Recv-Request, %{pairs:request:}"
+}
+
+linelog linelog_send_accept {
+	filename = syslog
+	syslog_facility = local0
+	syslog_severity = debug
+	format = "action = Send-Accept, %{pairs:request:}"
+}
+
+linelog linelog_send_reject {
+	filename = syslog
+	syslog_facility = local0
+	syslog_severity = debug
+	format = "action = Send-Reject, %{pairs:request:}"
+}
+
+linelog linelog_send_proxy_request {
+	filename = syslog
+	syslog_facility = local0
+	syslog_severity = debug
+	format = "action = Send-Proxy-Request, %{pairs:proxy-request:}"
+}
+
+linelog linelog_recv_proxy_response {
+	filename = syslog
+	syslog_facility = local0
+	syslog_severity = debug
+	reference = "messages.%{proxy-reply:Response-Packet-Type}"
+	messages {
+		Access-Accept = "action = Recv-Proxy-Accept, User-Name = %{User-Name}, Calling-Station-Id = %{Calling-Station-Id}, %{pairs:proxy-reply:}"
+		Access-Reject = "action = Recv-Proxy-Reject, User-Name = %{User-Name}, Calling-Station-Id = %{Calling-Station-Id}, %{pairs:proxy-reply:}"
+		Access-Challenge = "action = Recv-Proxy-Challenge, User-Name = %{User-Name}, Calling-Station-ID = %{Calling-Station-Id}, %{pairs:proxy-reply:}"
+	}
+}