Chetan Gaonker | 7f4bf74 | 2016-05-04 15:56:08 -0700 | [diff] [blame] | 1 | # This is a simple server for the MS SoH requests generated by the |
| 2 | # peap module - see "eap.conf" for more info |
| 3 | |
| 4 | # Requests are ONLY passed through the authorize section, and cannot |
| 5 | # current be proxied (in any event, the radius attributes used are |
| 6 | # internal). |
| 7 | |
| 8 | server soh-server { |
| 9 | authorize { |
| 10 | if (SoH-Supported == no) { |
| 11 | # client NAKed our request for SoH - not supported, or turned off |
| 12 | update config { |
| 13 | Auth-Type = Accept |
| 14 | } |
| 15 | } |
| 16 | else { |
| 17 | # client replied; check something - this is a local policy issue! |
| 18 | if (SoH-MS-Windows-Health-Status =~ /antivirus (warn|error) /) { |
| 19 | update config { |
| 20 | Auth-Type = Reject |
| 21 | } |
| 22 | update reply { |
| 23 | Reply-Message = "You must have antivirus enabled & installed!" |
| 24 | } |
| 25 | } |
| 26 | else { |
| 27 | update config { |
| 28 | Auth-Type = Accept |
| 29 | } |
| 30 | } |
| 31 | } |
| 32 | } |
| 33 | } |
| 34 | |