[Freeswitch-users] Radius AAA
Tihomir Culjaga
tculjaga at gmail.com
Mon Nov 8 02:29:01 PST 2010
by looking at Access-Accept message you wil only need this:
<param name="CREDIT_AMOUNT" id="101" value="credit_amount" pec="9"
expr="0" direction="out"/>
<param name="CREDIT_TIME" id="102" value="credit_time" pec="9" expr="0"
direction="out"/>
<param name="RADIUS_RETURN_CODE" id="103" value="return_code" pec="9"
expr="0" direction="out"/>
than you will have 3 channel variables set:
- credit_amount
- credit_time
- return_code
you need to regexp it to extract values you need.
in your prev e-mail you can see in the logs that the mod_rad_auth is
complaining about the missing attributes .. and they are actually not
there... but you got mapped the attributes present (101, 102, 103) in
Access-Accept message.
2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
BILING_MODEL
2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
attribute id: 109, pec:9, (BILING_MODEL)
2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
CREDIT_AMOUNT
2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
attribute id: 101, pec:9, (CREDIT_AMOUNT)
2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
CURRENCY
2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
attribute id: 110, pec:9, (CURRENCY)
2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
PREFFERED_LANG
2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
attribute id: 107, pec:9, (PREFFERED_LANG)
2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
CREDIT_TIME
2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
attribute id: 102, pec:9, (CREDIT_TIME)
2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
H323-IVR-IN:DIRATION
2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
attribute id: 1, pec:9, (H323-IVR-IN:DIRATION)
2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
RADIUS_RETURN_CODE
2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
attribute id: 103, pec:9, (RADIUS_RETURN_CODE)
hope you will manage it ...
On Mon, Nov 8, 2010 at 11:15 AM, Tihomir Culjaga <tculjaga at gmail.com> wrote:
> please paste your rad_auth.conf.xml
>
>
>
>
> On Mon, Nov 8, 2010 at 10:41 AM, Abid Saleem <abid_freeswitch at live.com>wrote:
>
>> Hi,
>>
>> Please find the ethereal capture attached. Please let me know should you
>> need additional information. Thanks.
>>
>> Regards
>> ------------
>> Abid Saleem
>>
>> ------------------------------
>> Date: Mon, 8 Nov 2010 09:37:01 +0100
>>
>> From: tculjaga at gmail.com
>> To: freeswitch-users at lists.freeswitch.org
>> Subject: Re: [Freeswitch-users] Radius AAA
>>
>> can you provide a wireshark sniff ?
>>
>> On Fri, Nov 5, 2010 at 5:57 AM, Abid Saleem <abid_freeswitch at live.com>wrote:
>>
>> This is what I am saying that these variables do exist in returning
>> radius messages. My Radius response is as below for reference
>>
>> Sending Access-Accept of id 224 to 119.158.138.83 port 1027
>> h323-credit-amount := "h323-credit-amount=5"
>> h323-return-code := "h323-return-code=0"
>> h323-credit-time := "h323-credit-time=120"
>> Finished request 0.
>>
>> Please help me with this. Thanks.
>>
>> Regards
>> ------------
>> Abid Saleem
>>
>> ------------------------------
>> Date: Thu, 4 Nov 2010 15:14:57 +0100
>>
>> From: tculjaga at gmail.com
>> To: freeswitch-users at lists.freeswitch.org
>> Subject: Re: [Freeswitch-users] Radius AAA
>>
>> as i said you need to evaluate the returning value from app_function and
>> act accordingly...if the result is "OK" it measn authorizes if its "NOK" it
>> means its failed. Im not going into your application and how you are doing
>> it... you have an example on how to do it in my prev e-mail.
>>
>> you cannot populate variables that doesn't exist in the returning radius
>> messages:
>>
>>
>> No found out attribute id: 109, pec:9
>> No found out attribute id: 101, pec:9
>> No found out attribute id: 110, pec:9
>>
>> and so on ... simply, Access Accept messages doesn't have these attributes
>> that you are trying to map into channel variables.
>>
>>
>>
>>
>> On Thu, Nov 4, 2010 at 2:35 PM, Abid Saleem <abid_freeswitch at live.com>wrote:
>>
>> Hi,
>>
>> Thanks. This is good for Calling Card type IVR application but I am using
>> it for my SIP UA for authorization only where authorization is required when
>> I make a call from extension 1000. 1000 is a registered user in billing. Can
>> you please provide a simple example with this ANI Authorization scenerio.
>> Also I am getting the following in debug which means radius response values
>> are not being populated in credit_amount, credit_time and return_code
>> attributes. Please help me.
>>
>> 2010-11-04 18:09:53.396212 [DEBUG] mod_rad_auth.c:491 sending radius
>> packet ...
>> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:497 RADIUS
>> Authentication OK
>> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
>> BILING_MODEL
>> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
>> attribute id: 109, pec:9, (BILING_MODEL)
>> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
>> CREDIT_AMOUNT
>> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
>> attribute id: 101, pec:9, (CREDIT_AMOUNT)
>> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
>> CURRENCY
>> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
>> attribute id: 110, pec:9, (CURRENCY)
>> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
>> PREFFERED_LANG
>> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
>> attribute id: 107, pec:9, (PREFFERED_LANG)
>> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
>> CREDIT_TIME
>> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
>> attribute id: 102, pec:9, (CREDIT_TIME)
>> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
>> H323-IVR-IN:DIRATION
>> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
>> attribute id: 1, pec:9, (H323-IVR-IN:DIRATION)
>> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
>> RADIUS_RETURN_CODE
>> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
>> attribute id: 103, pec:9, (RADIUS_RETURN_CODE)
>> EXECUTE sofia/internal/1000 at 192.168.0.100set(execute_on_answer=sched_hangup + /> <action application=)
>> 2010-11-04 18:09:54.571999 [DEBUG] mod_dptools.c:816 sofia/internal/
>> 1000 at 192.168.0.100 SET [execute_on_answer]=[sched_hangup + />
>> <action application=]
>> EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO biling_model=)
>> 2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946 biling_model=
>> EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO credit_amount=)
>> 2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946 credit_amount=
>> EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO currency=)
>> 2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946 currency=
>> EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO preffered_lang=)
>> 2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946 preffered_lang=
>> EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO credit_time=)
>> 2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946 credit_time=
>>
>>
>> ------------------------------
>> Date: Thu, 4 Nov 2010 00:10:28 +0100
>>
>> From: tculjaga at gmail.com
>> To: freeswitch-users at lists.freeswitch.org
>> Subject: Re: [Freeswitch-users] Radius AAA
>>
>> hello,
>>
>> auth_function application returns a "OK" or "NOK" result in a channel
>> variable (in this example ANI_AUTH_RESULT). You need to evaluate the result
>> and act accordingly.
>>
>> here is some example (part of my IVR) that checks the user's ANI id if its
>> known to the billing just prompts for destination number if not, prompts for
>> PIN.
>>
>>
>> <extension name="ANIorPIN">
>> <condition field="destination_number" expression="^ANIorPIN$">
>> <action application="set" data="CALLINGNUMBER=${caller_id_number}"/>
>> <action application="auth_function" data="in ${DIALED_NUMBER}, in
>> ${caller_id_number}, in 1234, out ANI_AUTH_RESULT"/>
>> <action application="execute_extension" data="CheckANI XML NXIVR"/>
>> </condition>
>> </extension>
>>
>>
>> <extension name="CheckANI">
>> <condition field="destination_number" expression="^CheckANI$"/>
>> <condition field="${ANI_AUTH_RESULT}" expression="^NOK$">
>> <action application="log" data="INFO ################# UNKNOWN ANI,
>> go to ENTER PIN ################\n"/>
>> <action application="execute_extension" data="EnterPIN XML NXIVR"/>
>>
>> <action application="log" data="INFO ################# I KNOW WHO
>> YOU ARE go to get destination number ################\n"/>
>> <anti-action inline="true" application="export"
>> data="UNAME=${caller_id_number}"/>
>> <anti-action inline="true" application="export" data="PASSWD=1234"/>
>> <anti-action application="execute_extension" data="GetDstNum XML
>> NXIVR"/>
>> </condition>
>> </extension>
>>
>>
>> <extension name="EnterPIN">
>> <condition field="destination_number" expression="^EnterPIN$">
>> <action application="set" data="playback_delimiter=!"/>
>> <action application="set" data="playback_terminators=#*0123456789"/>
>> <action application="read" data="${PIN_MIN_DIG} ${PIN_MAX_DIG}
>> ${PIN_ERR_PR}!${CARD_NUMBER_PR} PIN ${PIN_TIMEOUT} *"/>
>> <action application="set"
>> data="credit_amount=h323-credit-amount=0"/>
>> <action inline="true" application="set"
>> data="PIN_RETRIES=${expr(${PIN_RETRIES}+1)}"/>
>> <action application="execute_extension" data="ParsePIN XML NXIVR"/>
>>
>> <action application="log" data="INFO PIN=${PIN}"/>
>> <action application="log" data="INFO UNAME=${UNAME}"/>
>> <action application="log" data="INFO PASSWD=${PASSWD}"/>
>>
>> <action inline="true" application="export" data="DIALED_NUMBER="""/>
>>
>> <action application="auth_function" data="in ${DIALED_NUMBER}, in
>> ${UNAME}, in ${PASSWD}, out AUTH_RESULT"/>
>> <action application="set" data="auto_hunt=true"/>
>> <action application="execute_extension" data="PARSE_RET_CODE XML
>> NXIVR"/>
>> <action application="execute_extension" data="CheckPIN XML NXIVR"/>
>> </condition>
>> </extension>
>>
>>
>> <extension name="GetDstNum">
>> <condition field="destination_number" expression="^GetDstNum$">
>> <action application="set" data="bind_meta_key=#"/>
>> <action application="bind_meta_app" data="0 a a transfer::LongDTMF
>> XML NXIVR"/>
>>
>> <action application="set" data="playback_delimiter=!"/>
>> <action application="set" data="playback_terminators=#*0123456789"/>
>> <action application="read" data="${DST_MIN_DIG} ${DST_MAX_DIG}
>> ${DST_ERR_PR}!${ENTER_DEST_PR} DN ${DST_TIMEOUT} *"/>
>> <action application="execute_extension" data="TranslateLocal XML
>> NXIVR"/>
>> <action inline="true" application="set"
>> data="DST_RETRIES=${expr(${DST_RETRIES}+1)}"/>
>> <action application="execute_extension" data="ParseDN XML NXIVR"/>
>> <action application="auth_function" data="in ${DIALED_NUMBER}, in
>> ${UNAME}, in ${PASSWD}, out AUTH_RESULT"/>
>> <action application="set" data="CALLINGNUMBER=${caller_id_number}"/>
>> <action application="execute_extension" data="PARSE_RET_CODE XML
>> NXIVR"/>
>> <action application="execute_extension" data="CheckDstNum XML
>> NXIVR"/>
>> </condition>
>> </extension>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________ FreeSWITCH-users mailing
>> list FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-usersUNSUBSCRIBE:
>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>> _______________________________________________
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>>
>> _______________________________________________ FreeSWITCH-users mailing
>> list FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-usersUNSUBSCRIBE:
>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>> _______________________________________________
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>>
>> _______________________________________________ FreeSWITCH-users mailing
>> list FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-usersUNSUBSCRIBE:
>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>> _______________________________________________
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20101108/12707ce9/attachment-0001.html
More information about the FreeSWITCH-users
mailing list