Re: vmps documentation?
Phil Mayers wrote: server vmps { ... stuff vmps { ... stuff mac2vlan.authorize If (!ok) { update reply { VMPS-VLAN-Name = Public } } } } If is wrong - it should be if - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Ahhh, your right. Freeradius started right up after I fixed that. All those english classes ruined my programming skills :) Everything seems to be working, thanks Phil, Alan for all the help! -- View this message in context: http://www.nabble.com/vmps-documentation--tp16315996p16446927.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: vmps documentation?
Phil Mayers wrote: Normally you simply configure the module correctly i.e. prefix the key with a * and reply items with = as per man rlm_passwd modules { passwd mac2vlan { filename = /etc/raddb/mac2vlan format = *MyMac:=VMPS-VLAN-Name hashsize = 100 You probably also want: delimiter = , The default is :, which is part of the MAC address... ...however, the vmps section is really a re-named post-auth section, and the rlm_passwd module does not have a post-auth handler; so you need (I think) to do this: ... This is not documented AFAICT, but I've seen Alan mention it in a mailing list post and the code seems to be present in 2.0.3 :) There are a few secret features in the server. Most don't really matter, but they exist for future proofing. In any case, I've updated the passwd module to permit it to be listed in the post-auth section. There's no reason why it couldn't be there in the first place. I've also updated radiusd.conf sites-available/vmps with an (edited) sample mac2vlan module. Please double-check it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: vmps documentation?
Phil Mayers wrote: Normally you simply configure the module correctly i.e. prefix the key with a * and reply items with = as per man rlm_passwd modules { passwd mac2vlan { filename = /etc/raddb/mac2vlan format = *MyMac:=VMPS-VLAN-Name hashsize = 100 } } ...then call that module in your unlang section: vmps { ... stuff # now call the passwd module mac2vlan } ...however, the vmps section is really a re-named post-auth section, and the rlm_passwd module does not have a post-auth handler; so you need (I think) to do this: vmps { ...stuff # call the passwd authorize method mac2vlan.authorize } This is not documented AFAICT, but I've seen Alan mention it in a mailing list post and the code seems to be present in 2.0.3 Ok, that let me get it working. I had to use mac2vlan.authorize instead of just the module name. Perhaps I should have mentioned I'm running 2.0.1 on FreeBSD (2.0.3 doesn't seem to be available on the ports collection yet). I still have one more problem. I want it to call the mac2vlan module and if the mac address isn't found in the file, assign our public vlan group to the VMPS-VLAN-Name attribute. So I am trying to get the module return code from mac2vlan. But when I do the following... server vmps { ... stuff vmps { ... stuff mac2vlan.authorize If (!ok) { update reply { VMPS-VLAN-Name = Public } } } } The server refuses to start at all until I comment out the if statement. Did I forget to read something on module return codes or am I calling it wrong? -- View this message in context: http://www.nabble.com/vmps-documentation--tp16315996p16418725.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: vmps documentation?
bmccorkle wrote: Ok, that let me get it working. I had to use mac2vlan.authorize instead of just the module name. Perhaps I should have mentioned I'm running 2.0.1 on FreeBSD (2.0.3 doesn't seem to be available on the ports collection yet). Grab the current CVS snapshot. It has samples of this configuration. mac2vlan.authorize If (!ok) { .. The server refuses to start at all until I comment out the if statement. Did I forget to read something on module return codes or am I calling it wrong? You forgot to include the actual error message in your email. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: vmps documentation?
server vmps { ... stuff vmps { ... stuff mac2vlan.authorize If (!ok) { update reply { VMPS-VLAN-Name = Public } } } } If is wrong - it should be if - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: vmps documentation?
Ok, that info helped me out but not all the way. I created another virtual server 'vmps' in the sites available folder and linked the file to sites-enabled. I got this code off of another post here that uses a sql db... vmps { # the mac address can be in several places... if (%{VMPS-Ethernet-Frame} =~ /0x(..)(..)(..)(..)(..)(..).*/) { update request { MyMac = %{1}:%{2}:%{3}:%{4}:%{5}:%{6} } } else { update request { MyMac = %{%{VMPS-Cookie}:-%{VMPS-MAC}} } } # required VMPS reply attributes update reply { VMPS-Packet-Type = VMPS-Join-Response VMPS-Cookie = %{MyMac} } # lookup the zone in sql update reply { VMPS-VLAN-Name = %{sql:select ... where mac='%{MyMac}'} } } I created a text file with Mac Addresses and Vlan Groups from what rlm_passwd says but I'm still having trouble understanding how to make the comparison. If I do this... update reply { VMPS-VLAN-Name = VLAN5 } then the request gets properly assigned to VLAN 5. But how do I modify this line to check the text file for the mac to vlan mapping? Nothing I tried seemed to work. I'm trying to do something like this... If Mac Address = Mac address in Text File then VMPS-VLAN-NAME = VLAN Group in Text File Else VMPS-VLAN-NAME = Guest Access Group -- View this message in context: http://www.nabble.com/vmps-documentation--tp16315996p16396500.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: vmps documentation?
bmccorkle wrote: Ok, that info helped me out but not all the way. I created another virtual server 'vmps' in the sites available folder and linked the file to sites-enabled. I got this code off of another post here that uses a sql db... vmps { # the mac address can be in several places... if (%{VMPS-Ethernet-Frame} =~ /0x(..)(..)(..)(..)(..)(..).*/) { update request { MyMac = %{1}:%{2}:%{3}:%{4}:%{5}:%{6} } } else { update request { MyMac = %{%{VMPS-Cookie}:-%{VMPS-MAC}} } } # required VMPS reply attributes update reply { VMPS-Packet-Type = VMPS-Join-Response VMPS-Cookie = %{MyMac} } # lookup the zone in sql update reply { VMPS-VLAN-Name = %{sql:select ... where mac='%{MyMac}'} } } I created a text file with Mac Addresses and Vlan Groups from what rlm_passwd says but I'm still having trouble understanding how to make the comparison. If I do this... update reply { VMPS-VLAN-Name = VLAN5 } Normally you simply configure the module correctly i.e. prefix the key with a * and reply items with = as per man rlm_passwd modules { passwd mac2vlan { filename = /etc/raddb/mac2vlan format = *MyMac:=VMPS-VLAN-Name hashsize = 100 } } ...then call that module in your unlang section: vmps { ... stuff # now call the passwd module mac2vlan } ...however, the vmps section is really a re-named post-auth section, and the rlm_passwd module does not have a post-auth handler; so you need (I think) to do this: vmps { ...stuff # call the passwd authorize method mac2vlan.authorize } This is not documented AFAICT, but I've seen Alan mention it in a mailing list post and the code seems to be present in 2.0.3 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
vmps documentation?
Can someone point me to documentation on how to use vmps in freeradius 2? I've googled for documents but only find a few discussions on the topic (mostly from this forum). I get the part on adding the listen section in radiusd.conf so the server listens for vmps requests. However, I'm having trouble understanding the actual coding to do the comparison of the mac address in the request against the mac address list. Also, the one or two examples I have seen seem to use a mysql database to store the mac addresses. Can freeradius use a simple text file to store the mac addresses for comparison or do they need to be stored in a database? -- View this message in context: http://www.nabble.com/vmps-documentation--tp16315996p16315996.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: vmps documentation?
Yes, you can use users file. Ivan Kalik Kalik Informatika ISP Dana 27/3/2008, bmccorkle [EMAIL PROTECTED] piše: Can someone point me to documentation on how to use vmps in freeradius 2? I've googled for documents but only find a few discussions on the topic (mostly from this forum). I get the part on adding the listen section in radiusd.conf so the server listens for vmps requests. However, I'm having trouble understanding the actual coding to do the comparison of the mac address in the request against the mac address list. Also, the one or two examples I have seen seem to use a mysql database to store the mac addresses. Can freeradius use a simple text file to store the mac addresses for comparison or do they need to be stored in a database? -- View this message in context: http://www.nabble.com/vmps-documentation--tp16315996p16315996.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: vmps documentation?
bmccorkle wrote: Can someone point me to documentation on how to use vmps in freeradius 2? Er... Documentation? I've googled for documents but only find a few discussions on the topic (mostly from this forum). I get the part on adding the listen section in radiusd.conf so the server listens for vmps requests. However, I'm having trouble understanding the actual coding to do the comparison of the mac address in the request against the mac address list. You can do it any way you want! Yes, that's not very helpful... more examples and documentation would be very useful. Also, the one or two examples I have seen seem to use a mysql database to store the mac addresses. Can freeradius use a simple text file to store the mac addresses for comparison or do they need to be stored in a database? It can use a text file. You can store MAC addresses in a text file (man rlm_passwd), and then check membership of that text file at run time. If you have an example that works, please send it over, and we'll include it in the next release. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html