
[% members %]

#  Put all of the servers into a pool.
home_server_pool pf_pool.cluster {
        type = keyed-balance

[% home_server %]

}

home_server_pool pfacct_pool.cluster {
        type = keyed-balance

[% home_server %]

}

realm packetfence {
        auth_pool = pf_pool.cluster
        acct_pool = pfacct_pool.cluster
}

realm packetfence-cli {
        auth_pool = pfcli_pool.cluster
}

home_server_pool pfcli_pool.cluster {
        type = keyed-balance

[% home_server_cli %]

}

server pf.cluster {
        pre-proxy {
                #  Insert pre-proxy rules here
        }

        post-proxy {
            update control {
                PacketFence-Proxied-To := "%{home_server:ipaddr}"
            }
        }

        authorize {
                packetfence-balanced-key-policy
                update control {
                        Proxy-To-Realm := "packetfence"
                }
                packetfence-nas-ip-address
                if ( "%{client:shortname}" =~ /eduroam_tlrs/ ) {
                        update request {
                                PacketFence-ShortName := "%{client:shortname}"
                        }
                }
        }


        authenticate {
        }
        accounting {
                packetfence-balanced-key-policy
                update control {
                        Proxy-To-Realm := "packetfence"
                }
                packetfence-nas-ip-address
                if ( "%{client:shortname}" =~ /eduroam_tlrs/ ) {
                        update request {
                                PacketFence-ShortName := "%{client:shortname}"
                        }
                }
        }

}

server pfcli.cluster {
        pre-proxy {
                #  Insert pre-proxy rules here
        }

        post-proxy {
                update control {
                        PacketFence-Proxied-To := "%{home_server:ipaddr}"
                }
        }

        authorize {
                update control {
                        Load-Balance-Key := "%{NAS-IP-Address}"
                        Proxy-To-Realm := "packetfence-cli"
                }
                packetfence-nas-ip-address
        }


        authenticate {
        }
        accounting {
        }

}
