| 4 |
- |
1 |
# -*- text -*-
|
|
|
2 |
######################################################################
|
|
|
3 |
#
|
|
|
4 |
# As of version 2.0.0, the server also supports the VMPS
|
|
|
5 |
# protocol.
|
|
|
6 |
#
|
|
|
7 |
# $Id$
|
|
|
8 |
#
|
|
|
9 |
######################################################################
|
|
|
10 |
|
|
|
11 |
server vmps {
|
|
|
12 |
listen {
|
|
|
13 |
# VMPS sockets only support IPv4 addresses.
|
|
|
14 |
ipaddr = *
|
|
|
15 |
|
|
|
16 |
# Port on which to listen.
|
|
|
17 |
# Allowed values are:
|
|
|
18 |
# integer port number
|
|
|
19 |
# 1589 is the default VMPS port.
|
|
|
20 |
port = 1589
|
|
|
21 |
|
|
|
22 |
# Type of packets to listen for. Here, it is VMPS.
|
|
|
23 |
type = vmps
|
|
|
24 |
|
|
|
25 |
# Some systems support binding to an interface, in addition
|
|
|
26 |
# to the IP address. This feature isn't strictly necessary,
|
|
|
27 |
# but for sites with many IP addresses on one interface,
|
|
|
28 |
# it's useful to say "listen on all addresses for
|
|
|
29 |
# eth0".
|
|
|
30 |
#
|
|
|
31 |
# If your system does not support this feature, you will
|
|
|
32 |
# get an error if you try to use it.
|
|
|
33 |
#
|
|
|
34 |
# interface = eth0
|
|
|
35 |
}
|
|
|
36 |
|
|
|
37 |
# If you have switches that are allowed to send VMPS, but NOT
|
|
|
38 |
# RADIUS packets, then list them here as "client" sections.
|
|
|
39 |
#
|
|
|
40 |
# Note that for compatibility with RADIUS, you still have to
|
|
|
41 |
# list a "secret" for each client, though that secret will not
|
|
|
42 |
# be used for anything.
|
|
|
43 |
|
|
|
44 |
|
|
|
45 |
# And the REAL contents. This section is just like the
|
|
|
46 |
# "post-auth" section of radiusd.conf. In fact, it calls the
|
|
|
47 |
# "post-auth" component of the modules that are listed here.
|
|
|
48 |
# But it's called "vmps" to highlight that it's for VMPS.
|
|
|
49 |
#
|
|
|
50 |
vmps {
|
|
|
51 |
#
|
|
|
52 |
# Some requests may not have a MAC address. Try to
|
|
|
53 |
# create one using other attributes.
|
|
|
54 |
if (!VMPS-Mac) {
|
|
|
55 |
if (VMPS-Ethernet-Frame =~ /0x.{12}(..)(..)(..)(..)(..)(..).*/) {
|
|
|
56 |
update request {
|
|
|
57 |
VMPS-Mac = "%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
|
|
|
58 |
}
|
|
|
59 |
}
|
|
|
60 |
else {
|
|
|
61 |
update request {
|
|
|
62 |
VMPS-Mac = "%{VMPS-Cookie}"
|
|
|
63 |
}
|
|
|
64 |
}
|
|
|
65 |
}
|
|
|
66 |
|
|
|
67 |
# Do a simple mapping of MAC to VLAN.
|
|
|
68 |
#
|
|
|
69 |
# See radiusd.conf for the definition of the "mac2vlan"
|
|
|
70 |
# module.
|
|
|
71 |
#
|
|
|
72 |
#mac2vlan
|
|
|
73 |
|
|
|
74 |
# required VMPS reply attributes
|
|
|
75 |
update reply {
|
|
|
76 |
VMPS-Packet-Type = VMPS-Join-Response
|
|
|
77 |
VMPS-Cookie = "%{VMPS-Mac}"
|
|
|
78 |
|
|
|
79 |
VMPS-VLAN-Name = "please_use_real_vlan_here"
|
|
|
80 |
|
|
|
81 |
#
|
|
|
82 |
# If you have VLAN's in a database, you can select
|
|
|
83 |
# the VLAN name based on the MAC address.
|
|
|
84 |
#
|
|
|
85 |
#VMPS-VLAN-Name = "%{sql:select ... where mac='%{VMPS-Mac}'}"
|
|
|
86 |
}
|
|
|
87 |
|
|
|
88 |
# correct reply packet type for reconfirmation requests
|
|
|
89 |
#
|
|
|
90 |
if (VMPS-Packet-Type == VMPS-Reconfirm-Request){
|
|
|
91 |
update reply {
|
|
|
92 |
VMPS-Packet-Type := VMPS-Reconfirm-Response
|
|
|
93 |
}
|
|
|
94 |
}
|
|
|
95 |
}
|
|
|
96 |
|
|
|
97 |
# Proxying of VMPS requests is NOT supported.
|
|
|
98 |
}
|