[Freeswitch-users] Mod_rad_auth issue for FS working with FreeRadius server

fieldpeak fieldpeak at gmail.com
Tue Aug 2 12:08:51 MSD 2011


i tried change to 'h323-conf-id' to 'h323-call-origin' in
02_unitest_rad-ANI-auth.xml, rad_auth.conf.xml, however, it still prompt
'[ERR] mod_rad_auth.c:428 Unknown attribute: key:h323-conf-id, not found in
dictionary', so where the mod_rad_auth read out the 'h323-conf-id'? very
very strange, which dictionary it was using...

Regards,
Charles

2011/8/2 fieldpeak <fieldpeak at gmail.com>

> Hi Tihomir,
>
> Finally the answer coming, i see the hope, thanks for your reply, :)
>
> As your advise, i only use one attribute(h323-conf-id) in my dialplan, and
> only one attribute(h323-conf-id) in rad_auth.conf.xml, and using the
> attached dictionary (from ciso) which contains this attribute, however, it
> still prompt 'unknown attribute', so i suspected if it was reading
> /usr/local/etc/radiusclient/dictionary, so i copy the same dictionary to
> /usr/local/freeswitch/radius/, it did not any help at all... very strange...
>
> Log:
> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set default_realm :=
> .
> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set radius_timeout :=
> 3.
> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set radius_retries :=
> 2.
> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set radius_deadtime
> := 0.
> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set bindaddr := *.
> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:371 ... radius:
> User-Name: 38516060333
> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:380 ... radius:
> User-Password: 003282
> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:396 ... radius:
> Called-station-Id: 16094191500
> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:413 Handle attribute:
> h323-conf-id
> 2011-08-02 15:37:26.578217 [ERR] mod_rad_auth.c:428 Unknown attribute:
> key:h323-conf-id, not found in dictionary
> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:538 abort sending radius
> packet.
> 2011-08-02 15:37:26.578217 [ERR] mod_rad_auth.c:546 An error occured during
> RADIUS Authentication(RC=-1)
> 2011-08-02 15:37:26.578217 [ERR] mod_rad_auth.c:702 An error occured during
> radius authorization.
>
> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO  AUTH_RESULT=)
>
>
>
>   <extension name="unitest_rad-ANI-auth">
>     <condition field="destination_number" expression="^601$">
>       <!-- <action application="log" data="INFO  Before Auth "/> -->
>
>       <action inline="true" application="set" data="CALLID=h323-conf-id
> =${uuid}"/>
>
>       <action inline="true" application="set" data="USERNAME=1001"/>
>       <action inline="true" application="set" data="PASSWD=1111"/>
>
>
>       <action application="sleep" data="2000"/>
>       <action application="auth_function" data="in ${DIALED_NUMBER}, in
> ${USERNAME}, in ${PASSWD}, out AUTH_RESULT"/>
>
>     </condition>
>   </extension>
>
>
>
> <configuration name="rad_auth.conf" description="radius authentification
> module">
>   <settings>
>
>   </settings>
>
>   <client>
>     <param name="authserver" value="127.0.0.1:1812:gateway"/>
>     <param name="dictionary"
> value="/usr/local/etc/radiusclient/dictionary"/>
>     <param name="seqfile" value="/var/run/radius.seq"/>
>     <param name="mapfile" value="/usr/local/etc/radiusclient/port-id-map"/>
>     <param name="default_realm" value=""/>
>     <param name="radius_timeout" value="3"/>
>     <param name="radius_retries" value="2"/>
>     <param name="radius_deadtime" value="0"/>
>     <param name="bindaddr" value="*"/>
>   </client>
>
>   <vsas>
>
>
>     <param name="h323-conf-id" id="24" value="CALLID" pec="9" expr="1"
> direction="in"/>
>
>   </vsas>
>  </configuration>
>
>
>
> 2011/8/2 Tihomir Culjaga <tculjaga at gmail.com>
>
>> hi,
>>
>> dictionary.all is just the name of a file containing all attributes i
>> needed at that time.
>>
>> you can include other dictionaries by putting #INCLUDE <pathname> at the
>> end of the dictionary file you reference in rad_auth.conf.xml.
>> if the INCLUDE doesn't work, just append dictionary.cisco to your
>> dictionary file... and make your own file.
>>
>>
>> check inline comments down below...
>>
>>
>> T.
>>
>>
>> On Sun, Jul 31, 2011 at 10:46 AM, fieldpeak <fieldpeak at gmail.com> wrote:
>>
>>> Hello Gurus,
>>>
>>> i met a issue when using
>>> mod_rad_auth(http://wiki.freeswitch.org/wiki/Mod_rad_auth) to works
>>> with freeradius server+mysql for AAA, the details is below, Could
>>> anyone give any hints, Thanks in advance.
>>>
>>> i setup a dial plan "unitest_rad-ANI-auth" as wiki above, however,
>>> when i dialed 601 to trigger the dial plan, the console show errors,
>>> it looks "h323-conf-id" is not in the directory, then i tried to add
>>> this attribute to the dictionary, however, it does not help, in the
>>> wiki, it mentioned the rad_auth.conf.xml contains <param
>>> name="dictionary"
>>> value="/usr/local/etc/radiusclient/dictionary.all"/>, however i did
>>> not find the file "dictionary.all" at that directory, so i use
>>> dictionary. BTW, the freeradius server + mysql works well.
>>>
>>
>> i just appended the information needed into dictionary.all file... (vendor
>> and attribute definition).
>>
>>
>>
>>>
>>> console errors:
>>>
>>> EXECUTE sofia/internal/1001 at 124.193.106.104 auth_function(in , in
>>> 38516060333, in 003282, out AUTH_RESULT)
>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:301 allocate initial
>>> structure.
>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:313 initialzed
>>> configuration.
>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set authserver
>>> := 127.0.0.1:1812:gateway.
>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set dictionary
>>> := /usr/local/etc/radiusclient/dictionary.
>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set seqfile :=
>>> /var/run/radius.seq.
>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set mapfile :=
>>> /usr/local/etc/radiusclient/port-id-map.
>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set default_realm
>>> := .
>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set radius_timeout
>>> := 3.
>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set radius_retries
>>> := 2.
>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set radius_deadtime
>>> := 0.
>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set bindaddr := *.
>>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:371 ... radius:
>>> User-Name: 38516060333
>>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:380 ... radius:
>>> User-Password: 003282
>>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:391 ... radius:
>>> Called-station-Id is empty, ignoring...
>>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:413 Handle
>>> attribute: h323-conf-id
>>> 2011-07-31 16:23:24.737004 [ERR] mod_rad_auth.c:428 Unknown attribute:
>>> key:h323-conf-id, not found in dictionary
>>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:538 abort sending
>>> radius packet.
>>> 2011-07-31 16:23:24.737004 [ERR] mod_rad_auth.c:546 An error occured
>>> during RADIUS Authentication(RC=-1)
>>> 2011-07-31 16:23:24.737004 [ERR] mod_rad_auth.c:702 An error occured
>>> during radius authorization.
>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO  AUTH_RESULT=)
>>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202  AUTH_RESULT=
>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO  billing_model=)
>>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202  billing_model=
>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO  credit_amount=)
>>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202  credit_amount=
>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO  currency=)
>>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202  currency=
>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO  preffered_lang=)
>>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202  preffered_lang=
>>>
>>> added below in the dictionary(/usr/local/etc/radiusclient/dictionary):
>>>
>>> ATTRIBUTE       h323-conf-id            1008    string
>>>
>>
>> you need the vendor definition as well
>>
>>
>>>
>>>
>>> dial plan:
>>> <extension name="unitest_rad-ANI-auth">
>>>    <condition field="destination_number" expression="^601$">
>>>      <action application="log" data="INFO  Before Auth "/>
>>>
>>>      <action inline="true" application="set"
>>> data="CALLID=h323-conf-id=${uuid}"/>
>>>      <action inline="true" application="set"
>>> data="SERVICENUM=h323-prompt-id=${destination_number}"/>
>>>      <action inline="true" application="set"
>>> data="TRANSACTIONID=h323-ivr-out=transactionID:1234"/>
>>>  <!--      <action inline="true" application="set"
>>> data="CALLINGNUMBER=${caller_id_number}"/> -->
>>>      <action inline="true" application="set"
>>> data="CALLINGNUMBER=38516060333"/>
>>>      <action inline="true" application="set"
>>> data="USERNAME=38516060333"/>
>>>  <!--      <action inline="true" application="set"
>>> data="USERNAME=209354"/> -->
>>>      <action inline="true" application="set" data="PASSWD=003282"/>
>>>  <!--      <action inline="true" application="set"
>>> data="DIALED_NUMBER=16094191500"/>  -->
>>>
>>>      <action application="sleep" data="2000"/>
>>>      <action application="auth_function" data="in ${DIALED_NUMBER},
>>> in ${USERNAME}, in ${PASSWD}, out AUTH_RESULT"/>
>>>
>>>
>>>      <action application="log" data="INFO  AUTH_RESULT=${AUTH_RESULT}"/>
>>>      <action application="log" data="INFO
>>>  billing_model=${billing_model}"/>
>>>      <action application="log" data="INFO
>>>  credit_amount=${credit_amount}"/>
>>>      <action application="log" data="INFO  currency=${currency}"/>
>>>      <action application="log" data="INFO
>>>  preffered_lang=${preffered_lang}"/>
>>>      <action application="log" data="INFO  credit_time=${credit_time}"/>
>>>      <action application="log" data="INFO
>>> h323_ivr_duration=${h323_ivr_duration}"/>
>>>      <action application="log" data="INFO  return_code=${return_code}"/>
>>>      <!-- <action application="execute_extension" data="AUTH XML
>>> default"/> -->
>>>    </condition>
>>>  </extension>
>>>
>>>  radius_cdr.conf.xml:
>>>  <configuration name="radius_cdr.conf" description="RADIUS CDR
>>> Configuration">
>>>
>>>        <settings>
>>>
>>>                <!-- location of the radius dictionary files -->
>>>
>>>                <param name="dictionary"
>>> value="/usr/local/freeswitch/conf/radius/dictionary"/>
>>>
>>>
>> your dictionary file need to contain all the attributes you are trying to
>> use or to include other dictionaries (In this case dictionary.cisco) from
>> the dictionary file you are referencing here.
>>
>>
>>>                <!-- number of retries for each server -->
>>>
>>>                <param name="radius_retries" value="3"/>
>>>
>>>                <!-- number of seconds to wait between retries -->
>>>
>>>                <param name="radius_timeout" value="5"/>
>>>
>>>                <!-- accounting servers, up to 8 allowed -->
>>>
>>>                <!-- value is "host:port:secret", port is optional -->
>>>
>>>                <!-- use IP ADDRESSES, not hostnames -->
>>>
>>>                <param name="acct_server" value="127.0.0.1:1813
>>> :testing123"/>
>>>
>>>
>>>        </settings>
>>>
>>> </configuration>
>>>
>>>  the FS version:
>>>  FreeSWITCH Version 1.0.head (git-492bc6b 2011-07-23 12-53-04 -0400)
>>>
>>>  Regards,
>>>  Charles
>>>
>>> _______________________________________________
>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>> http://www.cluecon.com 877-7-4ACLUE
>>>
>>> FreeSWITCH-users mailing list
>>>
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>> _______________________________________________
>> Join us at ClueCon 2011, Aug 9-11, Chicago
>> http://www.cluecon.com 877-7-4ACLUE
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20110802/2dffd6e7/attachment-0001.html 


More information about the FreeSWITCH-users mailing list