0

I want to implement a client infrastructure where the devices connect to the network in different vlan.

I installed a freeradius server connected to our Active Directory. I have enabled the switches for dynamic vlan and assigned all the vlan to LDAP groups which in turn enable the authentication of mac addresses through radius policies.

Everything works correctly, manually creating mac address users in Active Directory that represent our network cards.

Since the clients that have to stay on the various vlans are dynamic based on the title attribute of a user connected to this device, I installed this server application (vmam), which would automatically manage the various mac-addresses based on the correct configuration.

Wow, it works correctly as I hoped, but ... as far as I understand, it should also manage the disabling of the various mac-addresses and with my current configuration it does not work.

This is my configuration:

LDAP:
  add_group_type:
  - user
  bind_pwd: password
  bind_user: test\admin
  computer_base_dn: OU=Computers,OU=My,DC=test,DC=com
  domain: test.com
  mac_user_base_dn: OU=MAC,DC=test,DC=com
  match: like
  max_computer_sync: 0
  mac_user_ttl: 30d # This is a TTL for mac-address than would disabled
  other_group:
  - ALL_MAC
  servers:
  - dc1
  - dc2
  ssl: false
  time_computer_sync: 1m
  tls: true
  user_base_dn: OU=My,DC=test,DC=com
  verify_attrib:
  - title
  write_attrib:
VMAM:
  filter_exclude:
  - TAP
  - VirtualBox
  - disconnect
  log: /usr/log/vmam.log
  remove_process: false
  automatic_process_wait: 3
  mac_format: none
  soft_deletion: true   # This would disabling mac-address
  user_match_id:
    Manager: 200
    Developer: 210
    Office: 220
    Customer: 230
  vlan_group_id:
    200: VLAN_Manager
    210: VLAN_Developer
    220: VLAN_Office
    230: VLAN_Customer
  winrm_pwd: password
  winrm_user: test\admin

Anyone know why it doesn't work? Have you ever used this software? Everything works great, it seems to me a real vlan manager, but I don't know how to activate the disables.

As work around it can be used as a python module and I could make a script, but I don't know how to use python.

Dave M
  • 4,494
  • 21
  • 30
  • 30
yoga84
  • 1
  • 1
  • 1
  • 1

1 Answers1

0

I believe your configuration is wrong. If you want vmam to automatically disable (attention, this means that, based on your configuration, the mac-users registered in your domain will be disabled within a month of inactivity) you must set this value: remove_process: true At this point, since you have enabled the soft_deletion, the disabling will come automatically.

vewipe
  • 1
  • 1
  • 1