# This is a simple server for the MS SoH requests generated by the
# peap module - see "eap.conf" for more info
# Requests are ONLY passed through the authorize section, and cannot
# current be proxied (in any event, the radius attributes used are
# internal).
server soh-server {
authorize {
if (SoH-Supported == no) {
# client NAKed our request for SoH - not supported, or turned off
update config {
Auth-Type = Accept
}
}
else {
# client replied; check something - this is a local policy issue!
if (SoH-MS-Windows-Health-Status =~ /antivirus (warn|error) /) {
update config {
Auth-Type = Reject
}
update reply {
Reply-Message = "You must have antivirus enabled & installed!"
}
}
else {
update config {
Auth-Type = Accept
}
}
}
}
}