/etc/freeradius/sites-available/soh is in freeradius 2.1.12+dfsg-1.2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | # This is a simple server for the MS SoH requests generated by the
# peap module - see "eap.conf" for more info
# Requests are ONLY passed through the authorize section, and cannot
# current be proxied (in any event, the radius attributes used are
# internal).
server soh-server {
authorize {
if (SoH-Supported == no) {
# client NAKed our request for SoH - not supported, or turned off
update config {
Auth-Type = Accept
}
}
else {
# client replied; check something - this is a local policy issue!
if (SoH-MS-Windows-Health-Status =~ /antivirus (warn|error) /) {
update config {
Auth-Type = Reject
}
update reply {
Reply-Message = "You must have antivirus enabled & installed!"
}
}
else {
update config {
Auth-Type = Accept
}
}
}
}
}
|