Mercurial > hg > fD-testbed
view conf/radpxy.eap.testbed.aaa/freeradius/sites-available/vmps @ 11:44f87917c579
Added a RADIUS proxy using freeradius in the eap testbed
author | Sebastien Decugis <sdecugis@nict.go.jp> |
---|---|
date | Thu, 16 Sep 2010 14:23:42 +0900 |
parents | |
children |
line wrap: on
line source
# -*- text -*- ###################################################################### # # As of version 2.0.0, the server also supports the VMPS # protocol. # # $Id: vmps,v 1.7 2008/04/01 08:20:13 aland Exp $ # ###################################################################### server vmps { listen { # VMPS sockets only support IPv4 addresses. ipaddr = * # Port on which to listen. # Allowed values are: # integer port number # 1589 is the default VMPS port. port = 1589 # Type of packets to listen for. Here, it is VMPS. type = vmps # Some systems support binding to an interface, in addition # to the IP address. This feature isn't strictly necessary, # but for sites with many IP addresses on one interface, # it's useful to say "listen on all addresses for # eth0". # # If your system does not support this feature, you will # get an error if you try to use it. # # interface = eth0 } # If you have switches that are allowed to send VMPS, but NOT # RADIUS packets, then list them here as "client" sections. # # Note that for compatibility with RADIUS, you still have to # list a "secret" for each client, though that secret will not # be used for anything. # And the REAL contents. This section is just like the # "post-auth" section of radiusd.conf. In fact, it calls the # "post-auth" component of the modules that are listed here. # But it's called "vmps" to highlight that it's for VMPS. # vmps { # # Some requests may not have a MAC address. Try to # create one using other attributes. if (!VMPS-Mac) { if (VMPS-Ethernet-Frame =~ /0x.{12}(..)(..)(..)(..)(..)(..).*/) { update request { VMPS-Mac = "%{1}:%{2}:%{3}:%{4}:%{5}:%{6}" } } else { update request { VMPS-Mac = "%{VMPS-Cookie}" } } } # Do a simple mapping of MAC to VLAN. # # See radiusd.conf for the definition of the "mac2vlan" # module. # #mac2vlan # required VMPS reply attributes update reply { VMPS-Packet-Type = VMPS-Join-Response VMPS-Cookie = "%{VMPS-Mac}" VMPS-VLAN-Name = "please_use_real_vlan_here" # # If you have VLAN's in a database, you can select # the VLAN name based on the MAC address. # #VMPS-VLAN-Name = "%{sql:select ... where mac='%{VMPS-Mac}'}" } } # Proxying of VMPS requests is NOT supported. }