[Freeswitch-users] Radius AAA

Abid Saleem abid_freeswitch at live.com
Mon Nov 8 04:01:10 PST 2010


Hi Tihomir,
I am sorry, I did not understand what you mean. Can you please direct me exactly what you want me to do.
Regards-----------Abid Saleem

Date: Mon, 8 Nov 2010 11:29:01 +0100
From: tculjaga at gmail.com
To: freeswitch-users at lists.freeswitch.org
Subject: Re: [Freeswitch-users] Radius AAA

by looking at Access-Accept message you wil only need this:

    <param name="CREDIT_AMOUNT" id="101" value="credit_amount" pec="9" expr="0" direction="out"/>

    <param name="CREDIT_TIME" id="102" value="credit_time" pec="9" expr="0" direction="out"/>
    <param name="RADIUS_RETURN_CODE" id="103" value="return_code" pec="9" expr="0" direction="out"/>



than you will have 3 channel variables set:
credit_amountcredit_timereturn_code
you need to regexp it to extract values you need.


in your prev e-mail you can see in the logs that the mod_rad_auth is complaining about the missing attributes .. and they are actually not there... but you got mapped the attributes present (101, 102, 103) in Access-Accept message.


2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: BILING_MODEL


2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 109, pec:9, (BILING_MODEL)2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: CREDIT_AMOUNT



2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 101, pec:9, (CREDIT_AMOUNT)2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: CURRENCY2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 110, pec:9, (CURRENCY)



2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: PREFFERED_LANG2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 107, pec:9, (PREFFERED_LANG)



2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: CREDIT_TIME2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 102, pec:9, (CREDIT_TIME)2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: H323-IVR-IN:DIRATION



2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 1, pec:9, (H323-IVR-IN:DIRATION)2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: RADIUS_RETURN_CODE



2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 103, pec:9, (RADIUS_RETURN_CODE)


hope you will manage it ...



On Mon, Nov 8, 2010 at 11:15 AM, Tihomir Culjaga <tculjaga at gmail.com> wrote:

please paste your rad_auth.conf.xml





On Mon, Nov 8, 2010 at 10:41 AM, Abid Saleem <abid_freeswitch at live.com> wrote:






Hi,
Please find the ethereal capture attached. Please let me know should you need additional information. Thanks.
Regards------------Abid Saleem



Date: Mon, 8 Nov 2010 09:37:01 +0100
From: tculjaga at gmail.com
To: freeswitch-users at lists.freeswitch.org


Subject: Re: [Freeswitch-users] Radius AAA

can you provide a wireshark sniff ?

On Fri, Nov 5, 2010 at 5:57 AM, Abid Saleem <abid_freeswitch at live.com> wrote:








This is what I am saying that these variables do exist in returning radius messages. My Radius response is as below for reference
Sending Access-Accept of id 224 to 119.158.138.83 port 1027


        h323-credit-amount := "h323-credit-amount=5"        h323-return-code := "h323-return-code=0"        h323-credit-time := "h323-credit-time=120"Finished request 0.



Please help me with this. Thanks.
Regards------------Abid Saleem
Date: Thu, 4 Nov 2010 15:14:57 +0100
From: tculjaga at gmail.com



To: freeswitch-users at lists.freeswitch.org
Subject: Re: [Freeswitch-users] Radius AAA

as i said you need to evaluate the returning value from app_function and act accordingly...if the result is "OK" it measn authorizes if its "NOK" it means its failed. Im not going into your application and how you are doing it... you have an example on how to do it in my prev e-mail.





you cannot populate variables that doesn't exist in the returning radius messages:


No found out attribute id: 109, pec:9
No found out attribute id: 101, pec:9
No found out attribute id: 110, pec:9





and so on ... simply, Access Accept messages doesn't have these attributes that you are trying to map into channel variables.




On Thu, Nov 4, 2010 at 2:35 PM, Abid Saleem <abid_freeswitch at live.com> wrote:









Hi,
Thanks. This is good for Calling Card type IVR application but I am using it for my SIP UA for authorization only where authorization is required when I make a call from extension 1000. 1000 is a registered user in billing. Can you please provide a simple example with this ANI Authorization scenerio. Also I am getting the following in debug which means radius response values are not being populated in credit_amount, credit_time and return_code attributes. Please help me. 




2010-11-04 18:09:53.396212 [DEBUG] mod_rad_auth.c:491 sending radius packet ...2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:497 RADIUS Authentication OK2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: BILING_MODEL



2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 109, pec:9, (BILING_MODEL)2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: CREDIT_AMOUNT



2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 101, pec:9, (CREDIT_AMOUNT)2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: CURRENCY2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 110, pec:9, (CURRENCY)



2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: PREFFERED_LANG2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 107, pec:9, (PREFFERED_LANG)



2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: CREDIT_TIME2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 102, pec:9, (CREDIT_TIME)2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: H323-IVR-IN:DIRATION



2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 1, pec:9, (H323-IVR-IN:DIRATION)2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: RADIUS_RETURN_CODE



2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 103, pec:9, (RADIUS_RETURN_CODE)EXECUTE sofia/internal/1000 at 192.168.0.100 set(execute_on_answer=sched_hangup +  />           <action application=)



2010-11-04 18:09:54.571999 [DEBUG] mod_dptools.c:816 sofia/internal/1000 at 192.168.0.100 SET [execute_on_answer]=[sched_hangup +  />           <action application=]



EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO  biling_model=)2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946  biling_model=
EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO  credit_amount=)2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946  credit_amount=



EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO  currency=)2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946  currency=
EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO  preffered_lang=)2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946  preffered_lang=



EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO  credit_time=)2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946  credit_time=





Date: Thu, 4 Nov 2010 00:10:28 +0100
From: tculjaga at gmail.com
To: freeswitch-users at lists.freeswitch.org




Subject: Re: [Freeswitch-users] Radius AAA

hello, 

auth_function application returns a "OK" or "NOK" result in a channel variable (in this example ANI_AUTH_RESULT). You need to evaluate the result and act accordingly.





here is some example (part of my IVR) that checks the user's ANI id if its known to the billing just prompts for destination number if not, prompts for PIN.



  <extension name="ANIorPIN">
    <condition field="destination_number" expression="^ANIorPIN$">
      <action application="set" data="CALLINGNUMBER=${caller_id_number}"/>





      <action application="auth_function" data="in ${DIALED_NUMBER}, in ${caller_id_number}, in 1234, out ANI_AUTH_RESULT"/>
      <action application="execute_extension" data="CheckANI XML NXIVR"/>





    </condition>
  </extension>


  <extension name="CheckANI">
    <condition field="destination_number" expression="^CheckANI$"/>
    <condition field="${ANI_AUTH_RESULT}" expression="^NOK$">





      <action application="log" data="INFO ################# UNKNOWN ANI, go to ENTER PIN ################\n"/>
      <action application="execute_extension" data="EnterPIN XML NXIVR"/>






      <action application="log" data="INFO ################# I KNOW WHO YOU ARE go to get destination number ################\n"/>
      <anti-action inline="true" application="export" data="UNAME=${caller_id_number}"/>





      <anti-action inline="true" application="export" data="PASSWD=1234"/>
      <anti-action application="execute_extension" data="GetDstNum XML NXIVR"/>





    </condition>
  </extension>


 <extension name="EnterPIN">
    <condition field="destination_number" expression="^EnterPIN$">
      <action application="set" data="playback_delimiter=!"/>





      <action application="set" data="playback_terminators=#*0123456789"/>
      <action application="read" data="${PIN_MIN_DIG} ${PIN_MAX_DIG} ${PIN_ERR_PR}!${CARD_NUMBER_PR} PIN ${PIN_TIMEOUT} *"/>





      <action application="set" data="credit_amount=h323-credit-amount=0"/>
      <action inline="true" application="set" data="PIN_RETRIES=${expr(${PIN_RETRIES}+1)}"/>





      <action application="execute_extension" data="ParsePIN XML NXIVR"/>

      <action application="log" data="INFO  PIN=${PIN}"/>
      <action application="log" data="INFO  UNAME=${UNAME}"/>





      <action application="log" data="INFO  PASSWD=${PASSWD}"/>

      <action inline="true" application="export" data="DIALED_NUMBER="""/>






      <action application="auth_function" data="in ${DIALED_NUMBER}, in ${UNAME}, in ${PASSWD}, out AUTH_RESULT"/>
      <action application="set" data="auto_hunt=true"/>





      <action application="execute_extension" data="PARSE_RET_CODE XML NXIVR"/>
      <action application="execute_extension" data="CheckPIN XML NXIVR"/>
    </condition>





  </extension>


 <extension name="GetDstNum">
    <condition field="destination_number" expression="^GetDstNum$">
      <action application="set" data="bind_meta_key=#"/>





      <action application="bind_meta_app" data="0 a a transfer::LongDTMF XML NXIVR"/>

      <action application="set" data="playback_delimiter=!"/>
      <action application="set" data="playback_terminators=#*0123456789"/>





      <action application="read" data="${DST_MIN_DIG} ${DST_MAX_DIG} ${DST_ERR_PR}!${ENTER_DEST_PR} DN ${DST_TIMEOUT} *"/>
      <action application="execute_extension" data="TranslateLocal XML NXIVR"/>





      <action inline="true" application="set" data="DST_RETRIES=${expr(${DST_RETRIES}+1)}"/>
      <action application="execute_extension" data="ParseDN XML NXIVR"/>





      <action application="auth_function" data="in ${DIALED_NUMBER}, in ${UNAME}, in ${PASSWD}, out AUTH_RESULT"/>
      <action application="set" data="CALLINGNUMBER=${caller_id_number}"/>





      <action application="execute_extension" data="PARSE_RET_CODE XML NXIVR"/>
      <action application="execute_extension" data="CheckDstNum XML NXIVR"/>
    </condition>





  </extension>













_______________________________________________
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org 		 	   		  

_______________________________________________

FreeSWITCH-users mailing list

FreeSWITCH-users at lists.freeswitch.org

http://lists.freeswitch.org/mailman/listinfo/freeswitch-users

UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users

http://www.freeswitch.org





_______________________________________________
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org 		 	   		  

_______________________________________________

FreeSWITCH-users mailing list

FreeSWITCH-users at lists.freeswitch.org

http://lists.freeswitch.org/mailman/listinfo/freeswitch-users

UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users

http://www.freeswitch.org





_______________________________________________
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org 		 	   		  

_______________________________________________

FreeSWITCH-users mailing list

FreeSWITCH-users at lists.freeswitch.org

http://lists.freeswitch.org/mailman/listinfo/freeswitch-users

UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users

http://www.freeswitch.org







_______________________________________________
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20101108/ac1b1d45/attachment-0001.html 


More information about the FreeSWITCH-users mailing list