I want to implement a client infrastructure where the devices connect to the network in different vlan.
I installed a freeradius server connected to our Active Directory. I have enabled the switches for dynamic vlan and assigned all the vlan to LDAP groups which in turn enable the authentication of mac addresses through radius policies.
Everything works correctly, manually creating mac address users in Active Directory that represent our network cards.
Since the clients that have to stay on the various vlans are dynamic based on the title attribute of a user connected to this device, I installed this server application (vmam), which would automatically manage the various mac-addresses based on the correct configuration.
Wow, it works correctly as I hoped, but … as far as I understand, it should also manage the disabling of the various mac-addresses and with my current configuration it does not work.
This is my configuration:
LDAP:
add_group_type:
- user
bind_pwd: password
bind_user: test\admin
computer_base_dn: OU=Computers,OU=My,DC=test,DC=com
domain: test.com
mac_user_base_dn: OU=MAC,DC=test,DC=com
match: like
max_computer_sync: 0
mac_user_ttl: 30d # This is a TTL for mac-address than would disabled
other_group:
- ALL_MAC
servers:
- dc1
- dc2
ssl: false
time_computer_sync: 1m
tls: true
user_base_dn: OU=My,DC=test,DC=com
verify_attrib:
- title
write_attrib:
VMAM:
filter_exclude:
- TAP
- VirtualBox
- disconnect
log: /usr/log/vmam.log
remove_process: false
automatic_process_wait: 3
mac_format: none
soft_deletion: true # This would disabling mac-address
user_match_id:
Manager: 200
Developer: 210
Office: 220
Customer: 230
vlan_group_id:
200: VLAN_Manager
210: VLAN_Developer
220: VLAN_Office
230: VLAN_Customer
winrm_pwd: password
winrm_user: test\admin
Anyone know why it doesn't work? Have you ever used this software?
Everything works great, it seems to me a real vlan manager, but I don't know how to activate the disables.
As work around it can be used as a python module and I could make a script, but I don't know how to use python.
Best Answer
I believe your configuration is wrong. If you want
vmam
to automatically disable (attention, this means that, based on your configuration, the mac-users registered in your domain will be disabled within a month of inactivity) you must set this value:remove_process: true
At this point, since you have enabled thesoft_deletion
, the disabling will come automatically.