| # This is a simple server for the MS SoH requests generated by the |
| # peap module - see "eap.conf" for more info |
| |
| # Requests are ONLY passed through the authorize section, and cannot |
| # current be proxied (in any event, the radius attributes used are |
| # internal). |
| |
| server soh-server { |
| authorize { |
| if (SoH-Supported == no) { |
| # client NAKed our request for SoH - not supported, or turned off |
| update config { |
| Auth-Type = Accept |
| } |
| } |
| else { |
| # client replied; check something - this is a local policy issue! |
| if (SoH-MS-Windows-Health-Status =~ /antivirus (warn|error) /) { |
| update config { |
| Auth-Type = Reject |
| } |
| update reply { |
| Reply-Message = "You must have antivirus enabled & installed!" |
| } |
| } |
| else { |
| update config { |
| Auth-Type = Accept |
| } |
| } |
| } |
| } |
| } |
| |