Patch for >1 match in hints file

Phil Mayers p.mayers at imperial.ac.uk
Wed Aug 22 13:52:26 CEST 2007


All,

I would appreciate comments on:

http://bugs.freeradius.org/show_bug.cgi?id=477

This allows slightly more flexibility. Obviously tricks like this are
obsolete in 2.x but we're not there yet. We'll be running this locally -
I'd very much like it accepted upstream if possible.

Usage would be:

/etc/raddb/hints:

# lookup the machine zone in SQL
DEFAULT
	Zone = `%{sql:...}`,
	Fall-Through = yes

# strip the leading 3 bytes from MAC addresses
DEFAULT Calling-Station-Id =~ "(..):(..):(..):..:..:.."
        Vendor = `%{1}-%{2}-%{3}`

/etc/raddb/eth2name (used in a "passwd" to map Vendor to VendorName):

00-0c-29:virtual-vmware
00-16-3e:virtual-xen

/etc/raddb/users:

# don't send banned vlan to virtual machines
DEFAULT	VendorName =~ "virtual.*", Zone == "banned", Auth-Type := Reject

# real machines get a banned vlan as opposed to rejection
DEFAULT	Zone == "banned"
	Tunnel-Medium-Type = IEEE-802,
	Tunnel-Type = VLAN,
	Tunnel-Private-Group-Id = `%{sql:...}`




More information about the Freeradius-Users mailing list