server default {
listen {
	type = auth
	ipaddr = *
	port = 0
	limit {
		max_connections = 16
		lifetime = 0
		idle_timeout = 30
	}
}

listen {
	type = acct
	ipaddr = *
	port = 0
	limit {
		max_pps = 0
	}
}

authorize {
#	if (!(&User-Name =~ /^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/)) {
	if ((!&Calling-Station-Id) || (&User-Name != &Calling-Station-Id) || (!&User-Password) || (&User-Password != "password")) { # no LDAP query for @MAC
		ldap { fail = 1 }
		if ((ok || updated) && User-Password) {
			update control {
				Auth-Type := LDAP
				Tmp-String-0 := "ldap" # AuthType SQL group
			}
			update reply {
				Filter-Id := "%{control:Tmp-String-0}"
			}
		}
	}

	sql { notfound = 1 }
	if ((notfound) && (!control:Auth-Type)) {
		update reply {
			Reply-Message := "Username not found"
		}
		reject
	}

	expire_on_login { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your usage time has been reached"
		}
		reject
	}
	noresetcounter { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum usage time has been reached"
		}
		reject
	}
	monthlycounter { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum monthly usage time has been reached"
		}
		reject
	}
	dailycounter { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum daily usage time has been reached"
		}
		reject
	}

	counterCoovaChilliMaxAllTotalOctets { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum usage volume has been reached"
		}
		reject
	}
	counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum monthly usage volume has been reached"
		}
		reject
	}
	counterCoovaChilliMaxTotalOctetsDaily { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum daily usage volume has been reached"
		}
		reject
	}

	expiration { userlock = 1 }
	if (userlock) {
		update reply {
			Reply-Message := "Your expiration date has been reached"
		}
		userlock
	}

	logintime { userlock = 1 }
	if (userlock) {
		update reply {
			Reply-Message := "You are out your allowed time period"
		}
		userlock
	}

	pap
}
authenticate {
	Auth-Type PAP {
		pap
	}
	Auth-Type LDAP {
		ldap
	}
}

accounting {
	sql
}

session {
	sql
}

post-auth {
	Post-Auth-Type REJECT {
		update reply {
			Reply-Message = "Login failed"
		}
		attr_filter.access_reject
	}
}
}
