bmccorkle wrote:
Ok, that info helped me out but not all the way. I created another virtual
server 'vmps' in the sites available folder and linked the file to
sites-enabled. I got this code off of another post here that uses a sql
db...
vmps {
# the mac address can be in several places...
if ("%{VMPS-Ethernet-Frame}" =~
/0x............(..)(..)(..)(..)(..)(..).*/) {
update request {
MyMac = "%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
}
}
else {
update request {
MyMac = "%{%{VMPS-Cookie}:-%{VMPS-MAC}}"
}
}
# required VMPS reply attributes
update reply {
VMPS-Packet-Type = VMPS-Join-Response
VMPS-Cookie = "%{MyMac}"
}
# lookup the zone in sql
update reply {
VMPS-VLAN-Name = "%{sql:select ... where mac='%{MyMac}'}"
}
}
I created a text file with Mac Addresses and Vlan Groups from what
rlm_passwd says but I'm still having trouble understanding how to make the
comparison.
If I do this...
update reply {
VMPS-VLAN-Name = "VLAN5"
}
Normally you simply configure the module correctly i.e. prefix the key
with a * and reply items with = as per "man rlm_passwd"
modules {
passwd mac2vlan {
filename = /etc/raddb/mac2vlan
format = "*MyMac:=VMPS-VLAN-Name"
hashsize = 100
}
}
...then call that module in your unlang section:
vmps {
... stuff
# now call the passwd module
mac2vlan
}
...however, the "vmps" section is really a re-named "post-auth" section,
and the rlm_passwd module does not have a post-auth handler; so you need
(I think) to do this:
vmps {
...stuff
# call the passwd "authorize" method
mac2vlan.authorize
}
This is not documented AFAICT, but I've seen Alan mention it in a
mailing list post and the code seems to be present in 2.0.3
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
