[Freeswitch-users] Mod_rad_auth issue for FS working with FreeRadius server

fieldpeak fieldpeak at gmail.com
Tue Aug 2 11:50:07 MSD 2011


Hi Tihomir,

Finally the answer coming, i see the hope, thanks for your reply, :)

As your advise, i only use one attribute(h323-conf-id) in my dialplan, and
only one attribute(h323-conf-id) in rad_auth.conf.xml, and using the
attached dictionary (from ciso) which contains this attribute, however, it
still prompt 'unknown attribute', so i suspected if it was reading
/usr/local/etc/radiusclient/dictionary, so i copy the same dictionary to
/usr/local/freeswitch/radius/, it did not any help at all... very strange...

Log:
2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set default_realm := .
2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set radius_timeout :=
3.
2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set radius_retries :=
2.
2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set radius_deadtime :=
0.
2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set bindaddr := *.
2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:371 ... radius: User-Name:
38516060333
2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:380 ... radius:
User-Password: 003282
2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:396 ... radius:
Called-station-Id: 16094191500
2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:413 Handle attribute:
h323-conf-id
2011-08-02 15:37:26.578217 [ERR] mod_rad_auth.c:428 Unknown attribute:
key:h323-conf-id, not found in dictionary
2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:538 abort sending radius
packet.
2011-08-02 15:37:26.578217 [ERR] mod_rad_auth.c:546 An error occured during
RADIUS Authentication(RC=-1)
2011-08-02 15:37:26.578217 [ERR] mod_rad_auth.c:702 An error occured during
radius authorization.
EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO  AUTH_RESULT=)



  <extension name="unitest_rad-ANI-auth">
    <condition field="destination_number" expression="^601$">
      <!-- <action application="log" data="INFO  Before Auth "/> -->

      <action inline="true" application="set" data="CALLID=h323-conf-id
=${uuid}"/>

      <action inline="true" application="set" data="USERNAME=1001"/>
      <action inline="true" application="set" data="PASSWD=1111"/>

      <action application="sleep" data="2000"/>
      <action application="auth_function" data="in ${DIALED_NUMBER}, in
${USERNAME}, in ${PASSWD}, out AUTH_RESULT"/>

    </condition>
  </extension>


<configuration name="rad_auth.conf" description="radius authentification
module">
  <settings>

  </settings>

  <client>
    <param name="authserver" value="127.0.0.1:1812:gateway"/>
    <param name="dictionary"
value="/usr/local/etc/radiusclient/dictionary"/>
    <param name="seqfile" value="/var/run/radius.seq"/>
    <param name="mapfile" value="/usr/local/etc/radiusclient/port-id-map"/>
    <param name="default_realm" value=""/>
    <param name="radius_timeout" value="3"/>
    <param name="radius_retries" value="2"/>
    <param name="radius_deadtime" value="0"/>
    <param name="bindaddr" value="*"/>
  </client>

  <vsas>

    <param name="h323-conf-id" id="24" value="CALLID" pec="9" expr="1"
direction="in"/>

  </vsas>
 </configuration>


2011/8/2 Tihomir Culjaga <tculjaga at gmail.com>

> hi,
>
> dictionary.all is just the name of a file containing all attributes i
> needed at that time.
>
> you can include other dictionaries by putting #INCLUDE <pathname> at the
> end of the dictionary file you reference in rad_auth.conf.xml.
> if the INCLUDE doesn't work, just append dictionary.cisco to your
> dictionary file... and make your own file.
>
>
> check inline comments down below...
>
>
> T.
>
>
> On Sun, Jul 31, 2011 at 10:46 AM, fieldpeak <fieldpeak at gmail.com> wrote:
>
>> Hello Gurus,
>>
>> i met a issue when using
>> mod_rad_auth(http://wiki.freeswitch.org/wiki/Mod_rad_auth) to works
>> with freeradius server+mysql for AAA, the details is below, Could
>> anyone give any hints, Thanks in advance.
>>
>> i setup a dial plan "unitest_rad-ANI-auth" as wiki above, however,
>> when i dialed 601 to trigger the dial plan, the console show errors,
>> it looks "h323-conf-id" is not in the directory, then i tried to add
>> this attribute to the dictionary, however, it does not help, in the
>> wiki, it mentioned the rad_auth.conf.xml contains <param
>> name="dictionary"
>> value="/usr/local/etc/radiusclient/dictionary.all"/>, however i did
>> not find the file "dictionary.all" at that directory, so i use
>> dictionary. BTW, the freeradius server + mysql works well.
>>
>
> i just appended the information needed into dictionary.all file... (vendor
> and attribute definition).
>
>
>
>>
>> console errors:
>>
>> EXECUTE sofia/internal/1001 at 124.193.106.104 auth_function(in , in
>> 38516060333, in 003282, out AUTH_RESULT)
>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:301 allocate initial
>> structure.
>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:313 initialzed
>> configuration.
>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set authserver
>> := 127.0.0.1:1812:gateway.
>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set dictionary
>> := /usr/local/etc/radiusclient/dictionary.
>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set seqfile :=
>> /var/run/radius.seq.
>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set mapfile :=
>> /usr/local/etc/radiusclient/port-id-map.
>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set default_realm :=
>> .
>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set radius_timeout
>> := 3.
>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set radius_retries
>> := 2.
>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set radius_deadtime
>> := 0.
>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set bindaddr := *.
>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:371 ... radius:
>> User-Name: 38516060333
>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:380 ... radius:
>> User-Password: 003282
>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:391 ... radius:
>> Called-station-Id is empty, ignoring...
>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:413 Handle
>> attribute: h323-conf-id
>> 2011-07-31 16:23:24.737004 [ERR] mod_rad_auth.c:428 Unknown attribute:
>> key:h323-conf-id, not found in dictionary
>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:538 abort sending
>> radius packet.
>> 2011-07-31 16:23:24.737004 [ERR] mod_rad_auth.c:546 An error occured
>> during RADIUS Authentication(RC=-1)
>> 2011-07-31 16:23:24.737004 [ERR] mod_rad_auth.c:702 An error occured
>> during radius authorization.
>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO  AUTH_RESULT=)
>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202  AUTH_RESULT=
>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO  billing_model=)
>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202  billing_model=
>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO  credit_amount=)
>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202  credit_amount=
>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO  currency=)
>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202  currency=
>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO  preffered_lang=)
>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202  preffered_lang=
>>
>> added below in the dictionary(/usr/local/etc/radiusclient/dictionary):
>>
>> ATTRIBUTE       h323-conf-id            1008    string
>>
>
> you need the vendor definition as well
>
>
>>
>>
>> dial plan:
>> <extension name="unitest_rad-ANI-auth">
>>    <condition field="destination_number" expression="^601$">
>>      <action application="log" data="INFO  Before Auth "/>
>>
>>      <action inline="true" application="set"
>> data="CALLID=h323-conf-id=${uuid}"/>
>>      <action inline="true" application="set"
>> data="SERVICENUM=h323-prompt-id=${destination_number}"/>
>>      <action inline="true" application="set"
>> data="TRANSACTIONID=h323-ivr-out=transactionID:1234"/>
>>  <!--      <action inline="true" application="set"
>> data="CALLINGNUMBER=${caller_id_number}"/> -->
>>      <action inline="true" application="set"
>> data="CALLINGNUMBER=38516060333"/>
>>      <action inline="true" application="set" data="USERNAME=38516060333"/>
>>  <!--      <action inline="true" application="set"
>> data="USERNAME=209354"/> -->
>>      <action inline="true" application="set" data="PASSWD=003282"/>
>>  <!--      <action inline="true" application="set"
>> data="DIALED_NUMBER=16094191500"/>  -->
>>
>>      <action application="sleep" data="2000"/>
>>      <action application="auth_function" data="in ${DIALED_NUMBER},
>> in ${USERNAME}, in ${PASSWD}, out AUTH_RESULT"/>
>>
>>
>>      <action application="log" data="INFO  AUTH_RESULT=${AUTH_RESULT}"/>
>>      <action application="log" data="INFO
>>  billing_model=${billing_model}"/>
>>      <action application="log" data="INFO
>>  credit_amount=${credit_amount}"/>
>>      <action application="log" data="INFO  currency=${currency}"/>
>>      <action application="log" data="INFO
>>  preffered_lang=${preffered_lang}"/>
>>      <action application="log" data="INFO  credit_time=${credit_time}"/>
>>      <action application="log" data="INFO
>> h323_ivr_duration=${h323_ivr_duration}"/>
>>      <action application="log" data="INFO  return_code=${return_code}"/>
>>      <!-- <action application="execute_extension" data="AUTH XML
>> default"/> -->
>>    </condition>
>>  </extension>
>>
>>  radius_cdr.conf.xml:
>>  <configuration name="radius_cdr.conf" description="RADIUS CDR
>> Configuration">
>>
>>        <settings>
>>
>>                <!-- location of the radius dictionary files -->
>>
>>                <param name="dictionary"
>> value="/usr/local/freeswitch/conf/radius/dictionary"/>
>>
>>
> your dictionary file need to contain all the attributes you are trying to
> use or to include other dictionaries (In this case dictionary.cisco) from
> the dictionary file you are referencing here.
>
>
>>                <!-- number of retries for each server -->
>>
>>                <param name="radius_retries" value="3"/>
>>
>>                <!-- number of seconds to wait between retries -->
>>
>>                <param name="radius_timeout" value="5"/>
>>
>>                <!-- accounting servers, up to 8 allowed -->
>>
>>                <!-- value is "host:port:secret", port is optional -->
>>
>>                <!-- use IP ADDRESSES, not hostnames -->
>>
>>                <param name="acct_server" value="127.0.0.1:1813
>> :testing123"/>
>>
>>
>>        </settings>
>>
>> </configuration>
>>
>>  the FS version:
>>  FreeSWITCH Version 1.0.head (git-492bc6b 2011-07-23 12-53-04 -0400)
>>
>>  Regards,
>>  Charles
>>
>> _______________________________________________
>> Join us at ClueCon 2011, Aug 9-11, Chicago
>> http://www.cluecon.com 877-7-4ACLUE
>>
>> FreeSWITCH-users mailing list
>>
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
> _______________________________________________
> Join us at ClueCon 2011, Aug 9-11, Chicago
> http://www.cluecon.com 877-7-4ACLUE
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20110802/cb809979/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dictionary
Type: application/octet-stream
Size: 5564 bytes
Desc: not available
Url : http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20110802/cb809979/attachment-0001.obj 


More information about the FreeSWITCH-users mailing list