### Automatically generated by system_login.py ###
# RADIUS configuration file

{% if radius is vyos_defined %}
{#     RADIUS IPv6 source address must be specified in [] notation #}
{%     set source_address = namespace()  %}
{%     if radius.source_address is vyos_defined %}
{%         for address in radius.source_address %}
{%             if address | is_ipv4 %}
{%                 set source_address.ipv4 = address %}
{%             elif address | is_ipv6 %}
{%                 set source_address.ipv6 = "[" + address + "]" %}
{%             endif %}
{%         endfor %}
{%     endif %}
{%     if radius.server is vyos_defined %}
# server[:port]        shared_secret             timeout    source_ip
{# .items() returns a tuple of two elements: key and value. 1 relates to the 2nd element i.e. the value and .priority relates to the key from the internal dict #}
{%         for server, options in radius.server.items() | sort(attribute='1.priority') if not 'disable' in options %}
{#         RADIUS IPv6 servers must be specified in [] notation #}
{%             if server | is_ipv4 %}
{{ server }}:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv4 if source_address.ipv4 is vyos_defined }}
{%             else %}
[{{ server }}]:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv6 if source_address.ipv6 is vyos_defined }}
{%             endif %}
{%         endfor %}
{%     endif %}

priv-lvl 15
mapped_priv_user radius_priv_user

{%     if radius.vrf is vyos_defined %}
vrf-name {{ radius.vrf }}
{%     endif %}
{% endif %}