...
Code Block |
---|
# my eduroam SP in Antarctica
<Client 203.0.113.5>
Secret adf7856asdcvxb5p
Identifier icecold-radius
AddToRequestIfNotExist Operator-Name=1foo.aq,eduroam-SP-Country=AQ
RequireMessageAuthenticator
</Client> |
Note: the Operator-Name attribute has the character "1" preceding the domain name. This is intentional and required as per the corresponding RFC. Please always prepend the character "one" to the domain names of the operator.
...
Code Block |
---|
<Client etlr1.eduroam.org>
IdenticalClients etlr2.eduroam.org
Secret (as negotiated with eduroam OT)
Identifier etlr1.eduroam.org
AddToRequestIfNotExist eduroam-SP-Country=UNKNOWN
RequireMessageAuthenticator
</Client> |
Two additional clients are useful: one client for localhost, which can be used for local debugging purposes (and which doesn't need a strong secret); and the client which used for European FLR monitoring (negotiate the actual client address eduroam OT) at
Code Block |
---|
<Client 192.0.2.1> Secret (as negotiated with eduroam OT) Identifier Monitoring-ETLR AddToRequestIfNotExist eduroam-SP-Country=NONE RequireMessageAuthenticator </Client> <Client localhost> Secret mysecret DupInterval 0 AddToRequestIfNotExist eduroam-SP-Country=NONE RequireMessageAuthenticator </Client> |
Note: all the Identifier names in the configuration need to be unique, and should be meaningful to you, the server operator.
...