Trouble setting up vmps with 3.0.8 (3 series)

Manny mvarroyo3+freeradius at gmail.com
Tue Jun 16 21:11:19 CEST 2015


Hello gents,

I love the the spirit of the freeradius software and am really hoping to
use it for some testing in my home environment. Alas,  I am having some
definate trouble setting it up. When I use the magical google, all examples
are for 2.0 and the documentation for setting up vmps with the 3 series
appears a bit... lacking at least for my taste.

What I have done so far.

radiusd.conf
[root at vmps01 raddb]# grep -v '^$' radiusd.conf|grep -v '#'
prefix = /usr/local/freeradius
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
name = radiusd
confdir = ${raddbdir}
modconfdir = ${confdir}/mods-config
certdir = ${confdir}/certs
cadir   = ${confdir}/certs
run_dir = ${localstatedir}/run/${name}
db_dir = ${raddbdir}
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/${name}.pid
correct_escapes = true
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
hostname_lookups = no
log {
        destination = files
        colourise = yes
        file = ${logdir}/radius.log
        syslog_facility = daemon
        stripped_names = no
        auth = no
        auth_badpass = no
        auth_goodpass = no
        msg_denied = "You are already logged in - access denied"
}
checkrad = ${sbindir}/checkrad
security {
        allow_core_dumps = no
        max_attributes = 200
        reject_delay = 1
        status_server = yes
        allow_vulnerable_openssl = yes
}
proxy_requests  = yes
$INCLUDE proxy.conf
$INCLUDE clients.conf
thread pool {
        start_servers = 5
        max_servers = 32
        min_spare_servers = 3
        max_spare_servers = 10
        max_requests_per_server = 0
        auto_limit_acct = no
}
modules {
        $INCLUDE mods-enabled/
}
instantiate {
}
policy {
        $INCLUDE policy.d/
}
$INCLUDE sites-enabled/
[root at vmps01 raddb]#


[root at vmps01 raddb]# grep -v '^$' mods-enabled/mac2vlan|grep -v '#'
passwd mac2vlan {
        filename = ${modconfdir}/${.:name}/${.:instance}
        format = "*VMPS-Mac:=VMPS-VLAN-Name"
        delimiter = ","
}
[root at vmps01 raddb]#


[root at vmps01 raddb]# grep -v '^$' mods-config/passwd/mac2vlan|grep -v '#'
00:1C:B3:09:85:15,Server
00:1C:B3:09:85:16,VLAN1
00:1C:B3:09:85:17,VLAN2
[root at vmps01 raddb]#

[root at vmps01 raddb]# grep -v '^$' clients.conf|grep -v '#'
client localhost {
        ipaddr = 127.0.0.1
        proto = *
        secret = testing123
        require_message_authenticator = no
        limit {
                max_connections = 16
                lifetime = 0
                idle_timeout = 30
        }
}
client localhost_ipv6 {
        ipv6addr        = ::1
        secret          = testing123
}
client lex {
        ipaddr          = 192.168.1.0/24
        secret          = testing123456
}
[root at vmps01 raddb]#

My switches are on 192.168.1.10 & 192.168.1.11

Neither config on the switches accepts a secret (as defined in the
clients.conf file) but I tried running the config without it, and the
service would not start.

Default installation enabled a bunch of other modules, but really I only
want vmps (mac2vlan), but documentation doesn't really detail what I can
remove to have vmps only service.


Please help, thank you in advance,

--
Manny


More information about the Freeradius-Users mailing list