freeradius-config 3.0.16+dfsg-1ubuntu3 / etc / freeradius / 3.0 / sites-available / vmps

This file is indexed.

/etc/freeradius/3.0/sites-available/vmps is in freeradius-config 3.0.16+dfsg-1ubuntu3.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# -*- text -*-
######################################################################
#
#	As of version 2.0.0, the server also supports the VMPS
#	protocol.
#
#	$Id: c5c50786f4f5563d27218c70bf98c3898f47e5ba $
#
######################################################################

server vmps {
	listen {
		# VMPS sockets only support IPv4 addresses.
		ipaddr = *

		#  Port on which to listen.
		#  Allowed values are:
		#	integer port number
		#	1589 is the default VMPS port.
		port = 1589

		#  Type of packets to listen for.  Here, it is VMPS.
		type = vmps

		#  Some systems support binding to an interface, in addition
		#  to the IP address.  This feature isn't strictly necessary,
		#  but for sites with many IP addresses on one interface,
		#  it's useful to say "listen on all addresses for
		#  eth0".
		#
		#  If your system does not support this feature, you will
		#  get an error if you try to use it.
		#
		#	interface = eth0
	}

	#  If you have switches that are allowed to send VMPS, but NOT
	#  RADIUS packets, then list them here as "client" sections.
	#
	#  Note that for compatibility with RADIUS, you still have to
	#  list a "secret" for each client, though that secret will not
	#  be used for anything.


	#  And the REAL contents.  This section is just like the
	#  "post-auth" section of radiusd.conf.  In fact, it calls the
	#  "post-auth" component of the modules that are listed here.
	#  But it's called "vmps" to highlight that it's for VMPS.
	#
	vmps {
		#
		#  Some requests may not have a MAC address.  Try to
		#  create one using other attributes.
		if (!&VMPS-Mac) {
			if (&VMPS-Ethernet-Frame =~ /0x.{12}(..)(..)(..)(..)(..)(..).*/) {
				update request {
					&VMPS-Mac = "%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
				}
			}
			else {
				update request {
					&VMPS-Mac = &VMPS-Cookie
				}
			}
		}

		#  Do a simple mapping of MAC to VLAN.
		#
		#  See radiusd.conf for the definition of the "mac2vlan"
		#  module.
		#
		#mac2vlan

		# required VMPS reply attributes
		update reply {
			&VMPS-Packet-Type = VMPS-Join-Response
			&VMPS-Cookie = &VMPS-Mac

			&VMPS-VLAN-Name = "please_use_real_vlan_here"

			#
			#  If you have VLAN's in a database, you can select
			#  the VLAN name based on the MAC address.
			#
			#&VMPS-VLAN-Name = "%{sql:select ... where mac='%{VMPS-Mac}'}"
		}

		# correct reply packet type for reconfirmation requests
		#
		if (&VMPS-Packet-Type == VMPS-Reconfirm-Request){
			update reply {
				&VMPS-Packet-Type := VMPS-Reconfirm-Response
			}
		}
	}

	# Proxying of VMPS requests is NOT supported.
}

APT Browse - Built by Thomas Orozco.