Alan DeKok wrote:
Phil Mayers wrote:
The value of VQP-Error-Code may make a difference; the code in OpenVMPS
seems to work like this:
Do you have some sample "unlang" config we can add to the server examples?
We're currently using something almost identical to this (minor edits to
remove site-specific vlan assignment policy with a "switch/case"):
modules {
$INCLUDE postgresql.conf
exec logger {
wait = no
input_pairs = request
shell_escape = yes
output = none
program = "/usr/bin/logger -t vmpsd -- ALLOW: %{MyMac} ->
%{reply:VMPS-VLAN-Name}, switch %{VMPS-Client-IP-Address} port %
{VMPS-Port-Name}"
}
}
server {
listen {
...
type = vmps
}
vmps {
# the mac address can be in several places...
if ("%{VMPS-Ethernet-Frame}" =~
/0x............(..)(..)(..)(..)(..)(..).*/) {
update request {
MyMac = "%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
}
}
else {
update request {
MyMac = "%{%{VMPS-Cookie}:-%{VMPS-MAC}}"
}
}
# required VMPS reply attributes
update reply {
VMPS-Packet-Type = VMPS-Join-Response
VMPS-Cookie = "%{MyMac}"
}
# lookup the zone in sql
update reply {
VMPS-VLAN-Name = "%{sql:select ... where mac='%{MyMac}'}"
}
# an instance of the exec module logging to a similar format
# that openvmps used, for easy of operator transition :o)
logger
}
}
What's the easiest way to get the MAC address out of these?
I used this in the end:
# the mac address can be in several places...
if ("%{VMPS-Ethernet-Frame}" =~
/0x............(..)(..)(..)(..)(..)(..).*/) {
update request {
MyMac = "%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
Wow... I guess that works, but wow. It's been a while since I used
regular expressions to parse raw packets.
Yeah. It's pretty disgusting :o)
I originally tried:
/......(......).*/
...but of course the "octets" AVP is rendered to the hex 0xNN.. format
prior to the regexp match being applied.
Also, in 2.0.1, you don't need "%{..}" for VMPS-Ethernet-Frame. You
can just put the bare name before the =~ operator.
Yeah, I am waiting a change approval to update the software (sigh).
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html