GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → MatteoGuadrini → vmam

MatteoGuadrini / vmam

Licence: GPL-3.0 license
VLAN Mac-address Authentication Manager

Programming Languages

python
139335 projects - #7 most used programming language
Roff
2310 projects

Labels

ldapradiusldap-authenticationldap-servervlanmac-addressnetwork-architectureldap-managerradius-servernacmab80211pywinrm8021xldap3rfc-3579ldap-groupieee8021x

Projects that are alternatives of or similar to vmam

django-windowsauth
Easy integration and deployment of Django projects into Windows Environments
Stars: ✭ 23 (+21.05%)
Mutual labels:  ldap, ldap-authentication, ldap3
cassandra-ldap
LDAP Authenticator for Apache Cassandra
Stars: ✭ 20 (+5.26%)
Mutual labels:  ldap, ldap-authentication, ldap-server
existing-ldap-docker-registry
This is a docker application to run Docker Registry behind an Ngnix in order to obtain an authentication method using a company Active Directory.
Stars: ✭ 29 (+52.63%)
Mutual labels:  ldap, ldap-authentication
authentication
A framework agnostic authentication library based on PSR standards
Stars: ✭ 19 (+0%)
Mutual labels:  ldap, ldap-authentication
ldap write support
👥🖎 create, edit and delete LDAP users and groups from Nextcloud
Stars: ✭ 15 (-21.05%)
Mutual labels:  ldap, ldap-manager
paddle
A library simplifying LDAP usage in Elixir projects
Stars: ✭ 46 (+142.11%)
Mutual labels:  ldap, ldap-authentication
FreeRADIUS-Server-Configuration-Tool
🎯 FreeRADIUS Server Configuration Tool 🖥️
Stars: ✭ 33 (+73.68%)
Mutual labels:  radius, radius-server
kube-ldap
A Webhook Token Authentication plugin for kubernetes to use LDAP as authentication source
Stars: ✭ 29 (+52.63%)
Mutual labels:  ldap, ldap-authentication
keycloak-radius-plugin
Make the radius server as part of keycloak SSO
Stars: ✭ 102 (+436.84%)
Mutual labels:  radius, radius-server
radiusd
Distributed Radius-server to do authentication+accounting.
Stars: ✭ 50 (+163.16%)
Mutual labels:  radius, radius-server
Docker Openldap
A docker image to run OpenLDAP 🐳
Stars: ✭ 3,202 (+16752.63%)
Mutual labels:  ldap, ldap-server
Flexinets.Ldap.Server
Basic LDAP server for .Net. Parse and assemble LDAP packets
Stars: ✭ 34 (+78.95%)
Mutual labels:  ldap, ldap-server
pyreports
pyreports is a python library that allows you to create complex report from various sources
Stars: ✭ 78 (+310.53%)
Mutual labels:  ldap, ldap-manager
ldap-vagrant
A LDAP Server in a Vagrant sandbox
Stars: ✭ 20 (+5.26%)
Mutual labels:  ldap, ldap-server
SupperShape
🏡替代Shape和Selector和Layer-list的xml,减小apk体积
Stars: ✭ 57 (+200%)
Mutual labels:  radius
schema2ldif
Schema 2 ldif : tool to convert .schema to .ldif files and mange them live into an openldap server
Stars: ✭ 14 (-26.32%)
Mutual labels:  ldap
authelia
Instructions and configuration files to deploy Authelia in Unraid OS using Docker + FreeIPA LDAP.
Stars: ✭ 116 (+510.53%)
Mutual labels:  ldap
ldap3
A pure-Rust LDAP library using the Tokio stack
Stars: ✭ 161 (+747.37%)
Mutual labels:  ldap
TideBot
我的 IRC 机器人,虽然这个 Bot 能让聊天者在 IRC 里玩游戏,但除了游戏,还有其他很多功能。
Stars: ✭ 26 (+36.84%)
Mutual labels:  mac-address
bk-user
蓝鲸用户管理是蓝鲸智云提供的企业组织架构和用户管理解决方案,为企业统一登录提供认证源服务。
Stars: ✭ 31 (+63.16%)
Mutual labels:  ldap
View All Similar Projects ➔

vmam: VLAN Mac-address Authentication Manager

vmam



Codacy Badge CircleCI

vmam is a Free and Open Source network access control (NAC) solution. that access the network under a specific domain and a specific VLAN, through LDAP authentication and RADIUS server. This is based on RFC 3579.

Python module dependencies

What's vmam?

vmam is a Free and Open Source command line tool and python module, which manages, manually or automatically, access to the network based on the configurations of its network equipment through LDAP server (Active Directory, FreeIPA, etc.) and RADIUS server (Microsoft Radius or Free Radius) see IEEE 802.1X, based on RFC 3580, RFC 4014, RFC 2865, RFC 3579.

vmam architecture

vmam is a server-side application. Work with an open source LDAP server or Active Directory. Basically it creates mac-address users that represent the network card of a machine and associates these users with LDAP groups that represent the various VLANs specified created on their own network architecture (wi-fi, switches, routers, firewalls, etc.), centralized wired and wireless management, with 802.1X support. In addition, based on its configuration, it can also associate computer accounts with this group to allow access to the network by spending the credentials of the computer account.

vmam can be installed on a Unix base server. The computer accounts linked to the domain, for only automatic mode must be Microsoft Windows. Manual mode work with only mac-address user and therefore the operating system is indifferent.

How do you do it?

vmam is installed as a server.

Installation

The installation of vmam is very simple. With pip:

pip install vmam

Or just run these commands:

git clone https://github.com/MatteoGuadrini/vmam.git
cd vmam
sudo python3 setup.py install

Manual mode

In manual mode, mac-addresses are managed from the command line using the vmam mac command. The mac command has options to add, remove and disable the mac-addresses that can access the network. For more details, see the docs.

Automatic mode

In automatic mode, mac-addresses are managed by contacting LDAP server and taking the last machines (variable in the configuration file) that contacted the LDAP server from N seconds, minutes, hour or days, depending on the needs and policies decided.

Attention: Clients must have WINRM active. See the winrm quickconfig command.

This mode is activated by launching vmam start on the command line. Without any parameter, it reads the configuration file (if not specified, the default one), contacts ldap, takes the last machines that contact the LDAP server, contacts them via WinRM, takes the information of the last connected user and the tabs of active network, LDAP check to see which VLAN-ID (LDAP group) assign to the mac-address and then exit.

If you were to specify the --daemon/-d argument then the process would continue until a manual interrupt (kill the process).

For more details, see the docs.

How to start

Let's start with our network architecture.

Configure network architecture and radius server

Before starting to use vmam, you need to know your network architecture and configure it correctly. Read these RFCs carefully (RFC 3580, RFC 4014, RFC 2865, RFC 3579) and choose a radius server based on your architecture (freeradius or Microsoft Radius).

Once the network equipment and radius server have been configured, create ldap groups corresponding to the VLAN that you want to manage.

e.g .: VLAN_ID 100 on switch to group LDAP VLAN100.

This VLAN100 group must be configured on the VLAN ID in the radius server corresponding to the VLAN100 group.

Get configuration by vmam

You can configure vmam before configuring your network architecture.

You can start creating a default file by typing: vmam config --new

This will create a standard configuration file under /etc/vmam/vmam.conf.

Now it will be enough, edit and customize the configuration file following the documentation as guidelines. Once done, type vmam config --get-cmd

This command will return the guide to correctly configure LDAP and the radius server based on the configuration file.

Python module

vmam can also be used as a python module, to build your own scripts to manage mac addresses that access the network.

Here is a simple script to add mac addresses from a file.

from vmam import *
# activate debug
debug = True
# log writer
wt = logwriter('/tmp/log.log')
# start script
debugger(debug, wt, 'Start...')
# connect to LDAP server
conn = connect_ldap(['dc1.foo.bar'])
bind = bind_ldap(conn, r'domain\admin', 'password', tls=True)
ldap_version = check_ldap_version(bind, 'dc=foo,dc=bar')
for mac in get_mac_from_file('/tmp/mac_list.txt'):
    debugger(debug, wt, 'create mac address {}'.format(mac))
    # create mac address
    dn = 'cn={},ou=mac,dc=foo,dc=bar'.format(mac)
    attrs = {'givenname': 'mac-address',
                'sn': mac,
                'samaccountname': mac
            }
    # create mac-address user
    new_user(bind, dn, **attrs)
    # add mac user to vlan group
    add_to_group(bind,   'cn=vlan_group100,ou=groups,dc=foo,dc=bar', dn)
    # set password and password never expires
    set_user(bind, dn, pwdlastset=-1, useraccountcontrol=66048)
    set_user_password(bind, dn, mac, ldap_version=ldap_version)

Documentation

The official documentation for more details of configuration and implementations, is here: docs

Open source

vmam is a open source project. Any contribute, It's welcome.

A great thanks.

For donations, press this

For me

paypal

For Telethon

The Telethon Foundation is a non-profit organization recognized by the Ministry of University and Scientific and Technological Research. They were born in 1990 to respond to the appeal of patients suffering from rare diseases. Come today, we are organized to dare to listen to them and answers, every day of the year.

Telethon

Adopt the future

Acknowledgments

Thanks Alexey Diyan for pywinrm module; thanks Giovanni Cannata for ldap3 module; thanks Ben Finney for python-daemon module; thanks to all yaml team.

Thanks to Mark Lutz for writing the Learning Python and Programming Python books that make up my python foundation.

Thanks to Kenneth Reitz and Tanya Schlusser for writing the The Hitchhiker’s Guide to Python books.

Thanks to Dane Hillard for writing the Practices of the Python Pro books.

Special thanks go to my wife, who understood the hours of absence for this development. Thanks to my children, for the daily inspiration they give me and to make me realize, that life must be simple.

Thanks Python!

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].