Mercurial > hg > fD-testbed
comparison conf/radpxy.eap.testbed.aaa/freeradius/sites-available/vmps @ 11:44f87917c579
Added a RADIUS proxy using freeradius in the eap testbed
| author | Sebastien Decugis <sdecugis@nict.go.jp> |
|---|---|
| date | Thu, 16 Sep 2010 14:23:42 +0900 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 10:7b569c198c7c | 11:44f87917c579 |
|---|---|
| 1 # -*- text -*- | |
| 2 ###################################################################### | |
| 3 # | |
| 4 # As of version 2.0.0, the server also supports the VMPS | |
| 5 # protocol. | |
| 6 # | |
| 7 # $Id: vmps,v 1.7 2008/04/01 08:20:13 aland Exp $ | |
| 8 # | |
| 9 ###################################################################### | |
| 10 | |
| 11 server vmps { | |
| 12 listen { | |
| 13 # VMPS sockets only support IPv4 addresses. | |
| 14 ipaddr = * | |
| 15 | |
| 16 # Port on which to listen. | |
| 17 # Allowed values are: | |
| 18 # integer port number | |
| 19 # 1589 is the default VMPS port. | |
| 20 port = 1589 | |
| 21 | |
| 22 # Type of packets to listen for. Here, it is VMPS. | |
| 23 type = vmps | |
| 24 | |
| 25 # Some systems support binding to an interface, in addition | |
| 26 # to the IP address. This feature isn't strictly necessary, | |
| 27 # but for sites with many IP addresses on one interface, | |
| 28 # it's useful to say "listen on all addresses for | |
| 29 # eth0". | |
| 30 # | |
| 31 # If your system does not support this feature, you will | |
| 32 # get an error if you try to use it. | |
| 33 # | |
| 34 # interface = eth0 | |
| 35 } | |
| 36 | |
| 37 # If you have switches that are allowed to send VMPS, but NOT | |
| 38 # RADIUS packets, then list them here as "client" sections. | |
| 39 # | |
| 40 # Note that for compatibility with RADIUS, you still have to | |
| 41 # list a "secret" for each client, though that secret will not | |
| 42 # be used for anything. | |
| 43 | |
| 44 | |
| 45 # And the REAL contents. This section is just like the | |
| 46 # "post-auth" section of radiusd.conf. In fact, it calls the | |
| 47 # "post-auth" component of the modules that are listed here. | |
| 48 # But it's called "vmps" to highlight that it's for VMPS. | |
| 49 # | |
| 50 vmps { | |
| 51 # | |
| 52 # Some requests may not have a MAC address. Try to | |
| 53 # create one using other attributes. | |
| 54 if (!VMPS-Mac) { | |
| 55 if (VMPS-Ethernet-Frame =~ /0x.{12}(..)(..)(..)(..)(..)(..).*/) { | |
| 56 update request { | |
| 57 VMPS-Mac = "%{1}:%{2}:%{3}:%{4}:%{5}:%{6}" | |
| 58 } | |
| 59 } | |
| 60 else { | |
| 61 update request { | |
| 62 VMPS-Mac = "%{VMPS-Cookie}" | |
| 63 } | |
| 64 } | |
| 65 } | |
| 66 | |
| 67 # Do a simple mapping of MAC to VLAN. | |
| 68 # | |
| 69 # See radiusd.conf for the definition of the "mac2vlan" | |
| 70 # module. | |
| 71 # | |
| 72 #mac2vlan | |
| 73 | |
| 74 # required VMPS reply attributes | |
| 75 update reply { | |
| 76 VMPS-Packet-Type = VMPS-Join-Response | |
| 77 VMPS-Cookie = "%{VMPS-Mac}" | |
| 78 | |
| 79 VMPS-VLAN-Name = "please_use_real_vlan_here" | |
| 80 | |
| 81 # | |
| 82 # If you have VLAN's in a database, you can select | |
| 83 # the VLAN name based on the MAC address. | |
| 84 # | |
| 85 #VMPS-VLAN-Name = "%{sql:select ... where mac='%{VMPS-Mac}'}" | |
| 86 } | |
| 87 } | |
| 88 | |
| 89 # Proxying of VMPS requests is NOT supported. | |
| 90 } |