Mercurial > hg > fD-testbed
comparison conf/radpxy.eap.testbed.aaa/freeradius/sites-available/vmps @ 11:44f87917c579
Added a RADIUS proxy using freeradius in the eap testbed
author | Sebastien Decugis <sdecugis@nict.go.jp> |
---|---|
date | Thu, 16 Sep 2010 14:23:42 +0900 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
10:7b569c198c7c | 11:44f87917c579 |
---|---|
1 # -*- text -*- | |
2 ###################################################################### | |
3 # | |
4 # As of version 2.0.0, the server also supports the VMPS | |
5 # protocol. | |
6 # | |
7 # $Id: vmps,v 1.7 2008/04/01 08:20:13 aland Exp $ | |
8 # | |
9 ###################################################################### | |
10 | |
11 server vmps { | |
12 listen { | |
13 # VMPS sockets only support IPv4 addresses. | |
14 ipaddr = * | |
15 | |
16 # Port on which to listen. | |
17 # Allowed values are: | |
18 # integer port number | |
19 # 1589 is the default VMPS port. | |
20 port = 1589 | |
21 | |
22 # Type of packets to listen for. Here, it is VMPS. | |
23 type = vmps | |
24 | |
25 # Some systems support binding to an interface, in addition | |
26 # to the IP address. This feature isn't strictly necessary, | |
27 # but for sites with many IP addresses on one interface, | |
28 # it's useful to say "listen on all addresses for | |
29 # eth0". | |
30 # | |
31 # If your system does not support this feature, you will | |
32 # get an error if you try to use it. | |
33 # | |
34 # interface = eth0 | |
35 } | |
36 | |
37 # If you have switches that are allowed to send VMPS, but NOT | |
38 # RADIUS packets, then list them here as "client" sections. | |
39 # | |
40 # Note that for compatibility with RADIUS, you still have to | |
41 # list a "secret" for each client, though that secret will not | |
42 # be used for anything. | |
43 | |
44 | |
45 # And the REAL contents. This section is just like the | |
46 # "post-auth" section of radiusd.conf. In fact, it calls the | |
47 # "post-auth" component of the modules that are listed here. | |
48 # But it's called "vmps" to highlight that it's for VMPS. | |
49 # | |
50 vmps { | |
51 # | |
52 # Some requests may not have a MAC address. Try to | |
53 # create one using other attributes. | |
54 if (!VMPS-Mac) { | |
55 if (VMPS-Ethernet-Frame =~ /0x.{12}(..)(..)(..)(..)(..)(..).*/) { | |
56 update request { | |
57 VMPS-Mac = "%{1}:%{2}:%{3}:%{4}:%{5}:%{6}" | |
58 } | |
59 } | |
60 else { | |
61 update request { | |
62 VMPS-Mac = "%{VMPS-Cookie}" | |
63 } | |
64 } | |
65 } | |
66 | |
67 # Do a simple mapping of MAC to VLAN. | |
68 # | |
69 # See radiusd.conf for the definition of the "mac2vlan" | |
70 # module. | |
71 # | |
72 #mac2vlan | |
73 | |
74 # required VMPS reply attributes | |
75 update reply { | |
76 VMPS-Packet-Type = VMPS-Join-Response | |
77 VMPS-Cookie = "%{VMPS-Mac}" | |
78 | |
79 VMPS-VLAN-Name = "please_use_real_vlan_here" | |
80 | |
81 # | |
82 # If you have VLAN's in a database, you can select | |
83 # the VLAN name based on the MAC address. | |
84 # | |
85 #VMPS-VLAN-Name = "%{sql:select ... where mac='%{VMPS-Mac}'}" | |
86 } | |
87 } | |
88 | |
89 # Proxying of VMPS requests is NOT supported. | |
90 } |