Creating a static Moonshot connection to a Moonshot IdP is straightforward:
Create a new file in /etc/raddb/sites-available called mainidp_localdomain:
/etc/raddb/sites-available/mainidp_localdomain
home_server mainidp_localdomain_server1 {
ipaddr = 192.168.213.24
port = 2083
type = auth
secret = radsec
proto = tcp
status_check = none
tls {
private_key_password = whatever
private_key_file = ${certdir}/mainidp_localdomain.pem
certificate_file = ${certdir}/mainidp_localdomain.pem
ca_file = ${cadir}/mainidp_ca.pem
dh_file = ${certdir}/dh
random_file = ${certdir}/random
fragment_size = 8192
ca_path = ${cadir}
cipher_list = "DEFAULT"
}
}
home_server_pool mainidp_localdomain_authpool {
home_server = mainidp_localdomain_server1
home_server = ...
}
realm mainidp_realm {
auth_pool = mainidp_localdomain_authpool
nostrip
}
# Invalid (but still valid for the time being) configuration
#realm mainidp_realm {
# authhost = mainidp_localdomain_server1
# secret = radsec
# nostrip
#}
Link to the file in /etc/raddb/sites-enabled to enable it.
Store a client certificate (client.pem) and the ca.pem from the identity provider in /etc/raddb/certs and call them mainidp_localdomain.pem and mainidp_ca.pem respectively.
Make sure they are readable by the radiusd group.
Restart the server.
Static connection is now enabled.