server inner-tunnel-second {

authorize {
	eap_tnc {
		ok = return
	}
}

authenticate {
	eap_tnc
}

session {
	radutmp
}

post-auth {
	Post-Auth-Type REJECT {
		attr_filter.access_reject
	}
}

} # inner-tunnel-second block
