
[% members %]

#  Put all of the servers into a pool.
home_server_pool eduroam_pool.cluster {
        type = keyed-balance

[% home_server %]

}


realm eduroam.cluster {
        auth_pool = eduroam_pool.cluster
}


server eduroam.cluster {
        pre-proxy {
                #  Insert pre-proxy rules here
        }

        post-proxy {
            update control {
                PacketFence-Proxied-To := "%{home_server:ipaddr}"
            }
        }

        authorize {
            packetfence-set-realm-if-machine
            suffix
            ntdomain
            [% local_realm %]
            if(!NAS-IP-Address || NAS-IP-Address == "0.0.0.0"){
                    update request {
                            NAS-IP-Address := "%{Packet-Src-IP-Address}"
                    }
            }
        }


        authenticate {
        }
        accounting {
            update control {
                    # It does not make sense to send accounting data to Eduroam
                    # so we keep it locally.
                    Proxy-To-Realm := "packetfence"
            }
            if(!NAS-IP-Address || NAS-IP-Address == "0.0.0.0"){
                    update request {
                            NAS-IP-Address := "%{Packet-Src-IP-Address}"
                    }
            }
        }

}
