{% if authentication.mode is vyos_defined('local') %}
[chap-secrets]
chap-secrets={{ chap_secrets_file }}
{% elif authentication.mode is vyos_defined('radius') %}
[radius]
verbose=1
{%     for server, options in authentication.radius.server.items() if not options.disable is vyos_defined %}
{%         set _server_cfg = "server=" %}
{%         set _server_cfg = _server_cfg + server %}
{%         set _server_cfg = _server_cfg + "," + options.key %}
{%         set _server_cfg = _server_cfg + ",auth-port=" + options.port %}
{%         set _server_cfg = _server_cfg + ",acct-port=" + options.acct_port %}
{%         set _server_cfg = _server_cfg + ",req-limit=0" %}
{%         set _server_cfg = _server_cfg + ",fail-time=" + options.fail_time %}
{%         if options.priority is vyos_defined %}
{%             set _server_cfg = _server_cfg + ",weight=" + options.priority %}
{%         endif %}
{%         if options.backup is vyos_defined %}
{%             set _server_cfg = _server_cfg + ",backup" %}
{%         endif %}
{{ _server_cfg }}
{%     endfor %}
{%     if authentication.radius.accounting_interim_interval is vyos_defined %}
acct-interim-interval={{ authentication.radius.accounting_interim_interval }}
{%     endif %}
{%     if authentication.radius.acct_interim_jitter is vyos_defined %}
acct-interim-jitter={{ authentication.radius.acct_interim_jitter }}
{%     endif %}
acct-timeout={{ authentication.radius.acct_timeout }}
timeout={{ authentication.radius.timeout }}
max-try={{ authentication.radius.max_try }}
{%     if authentication.radius.nas_identifier is vyos_defined %}
nas-identifier={{ authentication.radius.nas_identifier }}
{%     endif %}
{%     if authentication.radius.nas_ip_address is vyos_defined %}
nas-ip-address={{ authentication.radius.nas_ip_address }}
{%     endif %}
{%     if authentication.radius.source_address is vyos_defined %}
bind={{ authentication.radius.source_address }}
{%     endif %}
{%     if authentication.radius.dynamic_author.server is vyos_defined %}
dae-server={{ authentication.radius.dynamic_author.server }}:{{ authentication.radius.dynamic_author.port }},{{ authentication.radius.dynamic_author.key }}
{%     endif %}
{% endif %}
{# Both chap-secrets and radius block required the gw-ip-address #}
{% if authentication.mode is vyos_defined('local') or authentication.mode is vyos_defined('radius') %}
{%     if gateway_address is vyos_defined %}
{%         if server_type == 'ipoe' %}
{%             for gw in gateway_address %}
{%                 set host_address, _ = gw.split('/') %}
gw-ip-address={{ host_address }}
{%             endfor %}
{%         else %}
gw-ip-address={{ gateway_address }}
{%         endif %}
{%     endif %}
{% endif %}