Re: vmps documentation?
Phil Mayers wrote:
server vmps {
... stuff
vmps {
... stuff
mac2vlan.authorize
If (!ok) {
update reply {
VMPS-VLAN-Name = Public
}
}
}
}
If is wrong - it should be if
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Ahhh, your right. Freeradius started right up after I fixed that. All
those english classes ruined my programming skills :) Everything seems to
be working, thanks Phil, Alan for all the help!
--
View this message in context:
http://www.nabble.com/vmps-documentation--tp16315996p16446927.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: vmps documentation?
Phil Mayers wrote:
Normally you simply configure the module correctly i.e. prefix the key
with a * and reply items with = as per man rlm_passwd
modules {
passwd mac2vlan {
filename = /etc/raddb/mac2vlan
format = *MyMac:=VMPS-VLAN-Name
hashsize = 100
You probably also want: delimiter = ,
The default is :, which is part of the MAC address...
...however, the vmps section is really a re-named post-auth section,
and the rlm_passwd module does not have a post-auth handler; so you need
(I think) to do this:
...
This is not documented AFAICT, but I've seen Alan mention it in a
mailing list post and the code seems to be present in 2.0.3
:) There are a few secret features in the server. Most don't
really matter, but they exist for future proofing.
In any case, I've updated the passwd module to permit it to be
listed in the post-auth section. There's no reason why it couldn't be
there in the first place.
I've also updated radiusd.conf sites-available/vmps with an
(edited) sample mac2vlan module. Please double-check it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: vmps documentation?
Phil Mayers wrote:
Normally you simply configure the module correctly i.e. prefix the key with
a * and reply items with = as per man rlm_passwd
modules {
passwd mac2vlan {
filename = /etc/raddb/mac2vlan
format = *MyMac:=VMPS-VLAN-Name
hashsize = 100
}
}
...then call that module in your unlang section:
vmps {
... stuff
# now call the passwd module
mac2vlan
}
...however, the vmps section is really a re-named post-auth section,
and the rlm_passwd module does not have a post-auth handler; so you need (I
think) to do this:
vmps {
...stuff
# call the passwd authorize method
mac2vlan.authorize
}
This is not documented AFAICT, but I've seen Alan mention it in a mailing
list post and the code seems to be present in 2.0.3
Ok, that let me get it working. I had to use mac2vlan.authorize instead of
just the module name. Perhaps I should have mentioned I'm running 2.0.1 on
FreeBSD (2.0.3 doesn't seem to be available on the ports collection yet).
I still have one more problem. I want it to call the mac2vlan module and if
the mac address isn't found in the file, assign our public vlan group to the
VMPS-VLAN-Name attribute. So I am trying to get the module return code from
mac2vlan. But when I do the following...
server vmps {
... stuff
vmps {
... stuff
mac2vlan.authorize
If (!ok) {
update reply {
VMPS-VLAN-Name = Public
}
}
}
}
The server refuses to start at all until I comment out the if statement.
Did I forget to read something on module return codes or am I calling it
wrong?
--
View this message in context:
http://www.nabble.com/vmps-documentation--tp16315996p16418725.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: vmps documentation?
bmccorkle wrote:
Ok, that let me get it working. I had to use mac2vlan.authorize instead of
just the module name. Perhaps I should have mentioned I'm running 2.0.1 on
FreeBSD (2.0.3 doesn't seem to be available on the ports collection yet).
Grab the current CVS snapshot. It has samples of this configuration.
mac2vlan.authorize
If (!ok) {
..
The server refuses to start at all until I comment out the if statement.
Did I forget to read something on module return codes or am I calling it
wrong?
You forgot to include the actual error message in your email.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: vmps documentation?
server vmps {
... stuff
vmps {
... stuff
mac2vlan.authorize
If (!ok) {
update reply {
VMPS-VLAN-Name = Public
}
}
}
}
If is wrong - it should be if
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: vmps documentation?
Ok, that info helped me out but not all the way. I created another virtual
server 'vmps' in the sites available folder and linked the file to
sites-enabled. I got this code off of another post here that uses a sql
db...
vmps {
# the mac address can be in several places...
if (%{VMPS-Ethernet-Frame} =~
/0x(..)(..)(..)(..)(..)(..).*/) {
update request {
MyMac = %{1}:%{2}:%{3}:%{4}:%{5}:%{6}
}
}
else {
update request {
MyMac = %{%{VMPS-Cookie}:-%{VMPS-MAC}}
}
}
# required VMPS reply attributes
update reply {
VMPS-Packet-Type = VMPS-Join-Response
VMPS-Cookie = %{MyMac}
}
# lookup the zone in sql
update reply {
VMPS-VLAN-Name = %{sql:select ... where mac='%{MyMac}'}
}
}
I created a text file with Mac Addresses and Vlan Groups from what
rlm_passwd says but I'm still having trouble understanding how to make the
comparison.
If I do this...
update reply {
VMPS-VLAN-Name = VLAN5
}
then the request gets properly assigned to VLAN 5. But how do I modify this
line to check the text file for the mac to vlan mapping? Nothing I tried
seemed to work. I'm trying to do something like this...
If Mac Address = Mac address in Text File then
VMPS-VLAN-NAME = VLAN Group in Text File
Else
VMPS-VLAN-NAME = Guest Access Group
--
View this message in context:
http://www.nabble.com/vmps-documentation--tp16315996p16396500.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: vmps documentation?
bmccorkle wrote:
Ok, that info helped me out but not all the way. I created another virtual
server 'vmps' in the sites available folder and linked the file to
sites-enabled. I got this code off of another post here that uses a sql
db...
vmps {
# the mac address can be in several places...
if (%{VMPS-Ethernet-Frame} =~
/0x(..)(..)(..)(..)(..)(..).*/) {
update request {
MyMac = %{1}:%{2}:%{3}:%{4}:%{5}:%{6}
}
}
else {
update request {
MyMac = %{%{VMPS-Cookie}:-%{VMPS-MAC}}
}
}
# required VMPS reply attributes
update reply {
VMPS-Packet-Type = VMPS-Join-Response
VMPS-Cookie = %{MyMac}
}
# lookup the zone in sql
update reply {
VMPS-VLAN-Name = %{sql:select ... where mac='%{MyMac}'}
}
}
I created a text file with Mac Addresses and Vlan Groups from what
rlm_passwd says but I'm still having trouble understanding how to make the
comparison.
If I do this...
update reply {
VMPS-VLAN-Name = VLAN5
}
Normally you simply configure the module correctly i.e. prefix the key
with a * and reply items with = as per man rlm_passwd
modules {
passwd mac2vlan {
filename = /etc/raddb/mac2vlan
format = *MyMac:=VMPS-VLAN-Name
hashsize = 100
}
}
...then call that module in your unlang section:
vmps {
... stuff
# now call the passwd module
mac2vlan
}
...however, the vmps section is really a re-named post-auth section,
and the rlm_passwd module does not have a post-auth handler; so you need
(I think) to do this:
vmps {
...stuff
# call the passwd authorize method
mac2vlan.authorize
}
This is not documented AFAICT, but I've seen Alan mention it in a
mailing list post and the code seems to be present in 2.0.3
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
vmps documentation?
Can someone point me to documentation on how to use vmps in freeradius 2? I've googled for documents but only find a few discussions on the topic (mostly from this forum). I get the part on adding the listen section in radiusd.conf so the server listens for vmps requests. However, I'm having trouble understanding the actual coding to do the comparison of the mac address in the request against the mac address list. Also, the one or two examples I have seen seem to use a mysql database to store the mac addresses. Can freeradius use a simple text file to store the mac addresses for comparison or do they need to be stored in a database? -- View this message in context: http://www.nabble.com/vmps-documentation--tp16315996p16315996.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: vmps documentation?
Yes, you can use users file. Ivan Kalik Kalik Informatika ISP Dana 27/3/2008, bmccorkle [EMAIL PROTECTED] piše: Can someone point me to documentation on how to use vmps in freeradius 2? I've googled for documents but only find a few discussions on the topic (mostly from this forum). I get the part on adding the listen section in radiusd.conf so the server listens for vmps requests. However, I'm having trouble understanding the actual coding to do the comparison of the mac address in the request against the mac address list. Also, the one or two examples I have seen seem to use a mysql database to store the mac addresses. Can freeradius use a simple text file to store the mac addresses for comparison or do they need to be stored in a database? -- View this message in context: http://www.nabble.com/vmps-documentation--tp16315996p16315996.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: vmps documentation?
bmccorkle wrote: Can someone point me to documentation on how to use vmps in freeradius 2? Er... Documentation? I've googled for documents but only find a few discussions on the topic (mostly from this forum). I get the part on adding the listen section in radiusd.conf so the server listens for vmps requests. However, I'm having trouble understanding the actual coding to do the comparison of the mac address in the request against the mac address list. You can do it any way you want! Yes, that's not very helpful... more examples and documentation would be very useful. Also, the one or two examples I have seen seem to use a mysql database to store the mac addresses. Can freeradius use a simple text file to store the mac addresses for comparison or do they need to be stored in a database? It can use a text file. You can store MAC addresses in a text file (man rlm_passwd), and then check membership of that text file at run time. If you have an example that works, please send it over, and we'll include it in the next release. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
