Proxying VMPS requests

Wed, 06 Feb 2008 07:58:09 -0800

I'm looking at using FreeRadius 2.0.1 to merge out old VMPS switches into the radius-based (SQL-backed) MAC auth.
For various reasons, the easiest thing for me would be to proxy the VMPS requests as PAP to our existing mac auth servers. 


The comments in raddb/sites-available/vmps imply that the packets can be 
proxied, but I'm not seeing that:


# VMPS server
server vmps {
        listen {
                # FIXME: should be .202 for production
                ipaddr = 192.168.x.y
                port = 1589
                type = vmps
        }

        #  And the REAL contents.  This section is just like the
        #  "post-auth" section of radiusd.conf.  In fact, it calls the
        #  "post-auth" component of the modules that are listed here.
        #  But it's called "vmps" to highlight that it's for VMPS.
        vmps {
                # we cheat, and proxy to the MACAUTH radius servers
                update control {
                        Proxy-To-Realm := "MACAUTH"
                }
        }

        post-proxy {
                # FIXME: log to sql_log actually
                detail
        }
}


Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on vmps address 155.198.63.122 port 1589 as server vmps
Ready to process requests.
        VMPS-Packet-Type = VMPS-Join-Request
        VMPS-Error-Code = VMPS-No-Error
        VMPS-Sequence-Number = 234881024
        VMPS-Client-IP-Address = 155.198.51.130
        VMPS-Port-Name = "4 "
        VMPS-VLAN-Name = "--NONE--"
        VMPS-Domain-Name = "HOR-PG"
        VMPS-Unknown = 0x00
        VMPS-MAC = 00:1b:24:a1:cf:2e
server vmps {
Doing VMPS
Done VMPS
} # server vmps
Failed encoding packet: Failed to find VQP-Packet-Type in response packet
Finished request 0.
Going to the next request
Waking up in 0.9 seconds.
Waking up in 3.9 seconds.
Cleaning up request 0 ID 234881024 with timestamp +1
Ready to process requests.


Looking at the source code, it seems the vmps code only runs the 
post-auth section and doesn't check any control variables, so 
Proxy-To-Realm is unlikely to work.



If this is intentional, could we remove the comments about proxying and 
pre/post proxy from sites-available/vmps?


Is there any reason the code doesn't run:

authorize
then either
  post-auth
or
  pre-proxy
  post-proxy
  post-auth

?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html






















					Reply via email to