vmps documentation?

[Phil Mayers]

bmccorkle wrote:
> Ok, that info helped me out but not all the way.  I created another virtual
> server 'vmps' in the sites available folder and linked the file to
> sites-enabled.  I got this code off of another post here that uses a sql
> db...
> 
> vmps {
>    # the mac address can be in several places...
>    if ("%{VMPS-Ethernet-Frame}" =~
> /0x............(..)(..)(..)(..)(..)(..).*/) {
>      update request {
>        MyMac = "%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
>      }
>    }
>    else {
>      update request {
>        MyMac = "%{%{VMPS-Cookie}:-%{VMPS-MAC}}"
>      }
>    }
> 
>    # required VMPS reply attributes
>    update reply {
>      VMPS-Packet-Type = VMPS-Join-Response
>      VMPS-Cookie = "%{MyMac}"
>    }
> 
>    # lookup the zone in sql
>    update reply {
>      VMPS-VLAN-Name = "%{sql:select ... where mac='%{MyMac}'}"
>    }
> } 
> 
> I created a text file with Mac Addresses and Vlan Groups from what
> rlm_passwd says but I'm still having trouble understanding how to make the
> comparison.
> 
> If I do this...
> 
> update reply {
>     VMPS-VLAN-Name = "VLAN5" 
> }

Normally you simply configure the module correctly i.e. prefix the key 
with a * and reply items with = as per "man rlm_passwd"

modules {
   passwd mac2vlan {
     filename = /etc/raddb/mac2vlan
     format = "*MyMac:=VMPS-VLAN-Name"
     hashsize = 100
   }
}

...then call that module in your unlang section:

vmps {
   ... stuff
   # now call the passwd module
   mac2vlan
}

...however, the "vmps" section is really a re-named "post-auth" section, 
and the rlm_passwd module does not have a post-auth handler; so you need 
(I think) to do this:

vmps {
   ...stuff
   # call the passwd "authorize" method
   mac2vlan.authorize
}

This is not documented AFAICT, but I've seen Alan mention it in a 
mailing list post and the code seems to be present in 2.0.3