[Freeswitch-users] Mod_rad_auth issue for FS working with FreeRadius server
Tihomir Culjaga
tculjaga at gmail.com
Thu Aug 11 14:35:18 MSD 2011
hello,
the example down below is just an example. In the real application you will
be using channel variables instead of direct input.
anyhow everything depends of what is your application intended for and how
you would like to behave.
Right now, you cannot authorize registrations as there is no event handler
built into the module. Its on the roadmap but not gonna happen in next few
weeks.
what you can do is to authorize calls (INVITEs) by triggering the
application within the dialplan. Also, FS extensions have their own ANI and
you can authorize by ANI. If this is not enough, you can try to fetch the
calling user password from the database and populate a session variable....
than use this variable to trigger radius authorization.
Anyhow, i think this is quite easy to do ... if you don't manage to do it on
your own, drop me an e-mail and i can help ya.
Cheers,
Thiomir.
On Tue, Aug 9, 2011 at 2:58 PM, fieldpeak <fieldpeak at gmail.com> wrote:
> Hi Tihomir,
>
> As my understanding, when using mod_rad_auth, we have to send both username
> and password to FreeRadius, like the example in wiki below (marked in
> yellow), the example is for a fixed password, however in real world, we have
> to dynamically inject the password as per user on-the-fly, e.g. user 1001 's
> password is 1234, user 1002's password is 2345 etc. in other word, we have
> to dynamically get the specific user's password and inject to the dial plan.
> Can you please advise how we should write the dial plan for the real case?
> Thanks in avdvance.
>
> P.S. What I'm concerning are both REGISTERATON and INVITE...how can we do
> the auth by Freeradius...
>
> <extension name="unitest_rad-ANI-balance">
> <condition field="destination_number" expression="^602$">
> <action application="log" data="INFO PRIJE RAD_AUTH "/>
>
> <action inline="true" application="set" data="CALLID=h323-conf-id=${uuid}"/>
> <action inline="true" application="set" data="SERVICENUM=h323-prompt-id=${destination_number}"/>
> <action inline="true" application="set" data="TRANSACTIONID=h323-ivr-out=transactionID:1234"/>
> <!-- <action inline="true" application="set" data="CALLINGNUMBER=${caller_id_number}"/> -->
> <action inline="true" application="set" data="CALLINGNUMBER=38516060333"/>
> <action inline="true" application="set" data="USERNAME=38516060333"/>
> <!-- <action inline="true" application="set" data="USERNAME=209354"/> -->
> <action inline="true" application="set" data="PASSWD=003282"/>
> <action inline="true" application="set" data="DIALED_NUMBER=16094191500"/>
>
>
>
> Regards,
> Charles
>
>
> 2011/8/9 Tihomir Culjaga <tculjaga at gmail.com>
>
>> im glad it works :=)
>>
>> T.
>>
>>
>> On Mon, Aug 8, 2011 at 8:18 AM, fieldpeak <fieldpeak at gmail.com> wrote:
>>
>>> Hi Tihomir,
>>>
>>> The issue has been resolved by correcting the client secrect, appreciated
>>> very much for your kindly help!
>>>
>>> Regards,
>>> Charles
>>>
>>> 2011/8/7 Tihomir Culjaga <tculjaga at gmail.com>
>>>
>>>> are u sure you are using the correct secret on both client and server ?
>>>>
>>>>
>>>> On Fri, Aug 5, 2011 at 10:12 AM, fieldpeak <fieldpeak at gmail.com> wrote:
>>>>
>>>>> Hi Tihomir,
>>>>>
>>>>> Thanks for your advise, i've added below to rad_auth.conf.xml (vsas
>>>>> section), as well as tried auth-type to 0(local) and 1(system), however, the
>>>>> issue still exist.
>>>>>
>>>>>
>>>>> <param name="NAS-Port-Type" id="61" value="0" pec="0" expr="0"
>>>>> direction="in"/>
>>>>> <param name="Login-User" id="6" value="1" pec="0" expr="0"
>>>>> direction="in"/>
>>>>> <param name="Auth-Type" id="1000" value="0" pec="0" expr="0"
>>>>> direction="in"/>
>>>>>
>>>>> FreeRadius output:
>>>>>
>>>>> Found Auth-Type = PAP
>>>>> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
>>>>> +- entering group PAP {...}
>>>>> [pap] login attempt with password "Q?²Êà ëê¢p?¤F?+Õa"
>>>>> [pap] Using clear text password "1111"
>>>>> [pap] Passwords don't match
>>>>> ++[pap] returns reject
>>>>> Failed to authenticate the user.
>>>>> WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
>>>>>
>>>>> Using Post-Auth-Type Reject
>>>>> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
>>>>> +- entering group REJECT {...}
>>>>> [attr_filter.access_reject] expand: %{User-Name} -> 1001
>>>>> attr_filter: Matched entry DEFAULT at line 11
>>>>> ++[attr_filter.access_reject] returns updated
>>>>> Delaying reject of request 38 for 1 seconds
>>>>>
>>>>> Regards,
>>>>> Charles
>>>>>
>>>>>
>>>>> 2011/8/5 Tihomir Culjaga <tculjaga at gmail.com>
>>>>>
>>>>>> add to rad_auth.conf.xml
>>>>>>
>>>>>> <param name="NAS-Port-Type" id="61" value="0" pec="0" expr="0"
>>>>>> direction="in"/>
>>>>>> <param name="Login-User" id="6" value="1" pec="0" expr="0"
>>>>>> direction="in"/>
>>>>>>
>>>>>>
>>>>>>
>>>>>> as for Auth Type im not sure if you need it ... this is up to your
>>>>>> server.
>>>>>> According to dictionary file you need to set it as follows:
>>>>>>
>>>>>> <param name="Auth-Type" id="1000" value="?" pec="0" expr="0"
>>>>>> direction="in"/>
>>>>>>
>>>>>> the value (set as ?) is one of the folowing. Again, not sure what is
>>>>>> required by your server.
>>>>>>
>>>>>> VALUE Auth-Type Local 0
>>>>>> VALUE Auth-Type System 1
>>>>>> VALUE Auth-Type SecurID 2
>>>>>> VALUE Auth-Type Crypt-Local 3
>>>>>> VALUE Auth-Type Reject 4
>>>>>>
>>>>>> #
>>>>>> # Cistron extensions
>>>>>> #
>>>>>> VALUE Auth-Type Pam 253
>>>>>> VALUE Auth-Type Accept 254
>>>>>>
>>>>>>
>>>>>>
>>>>>> regards,
>>>>>> Tihomir.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Aug 3, 2011 at 6:32 AM, fieldpeak <fieldpeak at gmail.com>wrote:
>>>>>>
>>>>>>> Hi Tihomir,
>>>>>>>
>>>>>>> Sorry, i missed your mail in gmail before, just now saw it, and after
>>>>>>> using your dictionary.all, the dictionary issue was resolved, very
>>>>>>> appreciated for your kindly help! however, it did not fully functional yet,
>>>>>>>
>>>>>>> Attached are configuration files that i used, when i dial 601 to
>>>>>>> trigger to auth, the freeradius server shows log below, the supecious log is
>>>>>>> the value User-Password, it should be '1111' that i've set in the mysql db
>>>>>>> of freeradisu server for the user 1001 .
>>>>>>>
>>>>>>> i searched in google, for "known good" password issue, i suggest
>>>>>>> change user-password to cleartext-password, however, i did not find where it
>>>>>>> is.
>>>>>>> and also the Auth-Type, where to configure it...
>>>>>>>
>>>>>>> Freeradius server log:
>>>>>>>
>>>>>>> rad_recv: Access-Request packet from host 127.0.0.1 port 52684,
>>>>>>> id=49, length=111
>>>>>>> User-Name = "1001"
>>>>>>> User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002"
>>>>>>> Called-Station-Id = "888"
>>>>>>> h323-conf-id = "749d2b5a-16ad-48e4-af58-24011949d1b5"
>>>>>>> Calling-Station-Id = "1001"
>>>>>>> NAS-Port = 0
>>>>>>> NAS-IP-Address = 127.0.0.1
>>>>>>> # Executing section authorize from file
>>>>>>> /usr/local/etc/raddb/sites-enabled/default
>>>>>>> +- entering group authorize {...}
>>>>>>> ++[preprocess] returns ok
>>>>>>> [auth_log] expand:
>>>>>>> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
>>>>>>> /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803
>>>>>>> [auth_log]
>>>>>>> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
>>>>>>> expands to /usr/local/var/log/radius/radacct/
>>>>>>> 127.0.0.1/auth-detail-20110803
>>>>>>> [auth_log] expand: %t -> Wed Aug 3 12:06:33 2011
>>>>>>> ++[auth_log] returns ok
>>>>>>> ++[chap] returns noop
>>>>>>> ++[mschap] returns noop
>>>>>>> ++[digest] returns noop
>>>>>>> [suffix] No '@' in User-Name = "1001", looking up realm NULL
>>>>>>> [suffix] No such realm "NULL"
>>>>>>> ++[suffix] returns noop
>>>>>>> [eap] No EAP-Message, not doing EAP
>>>>>>> ++[eap] returns noop
>>>>>>> ++[unix] returns notfound
>>>>>>> ++[files] returns noop
>>>>>>> [sql] expand: %{User-Name} -> 1001
>>>>>>> [sql] sql_set_user escaped user --> '1001'
>>>>>>> rlm_sql (sql): Reserving sql socket id: 4
>>>>>>> [sql] expand: SELECT id, username, attribute, value, op
>>>>>>> FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER
>>>>>>> BY id -> SELECT id, username, attribute, value, op FROM
>>>>>>> radcheck WHERE username = '1001' ORDER BY id
>>>>>>> [sql] expand: SELECT groupname FROM
>>>>>>> radusergroup WHERE username = '%{SQL-User-Name}' ORDER
>>>>>>> BY priority -> SELECT groupname FROM radusergroup WHERE
>>>>>>> username = '1001' ORDER BY priority
>>>>>>> rlm_sql (sql): Released sql socket id: 4
>>>>>>> [sql] User 1001 not found
>>>>>>> ++[sql] returns notfound
>>>>>>> ++[expiration] returns noop
>>>>>>> ++[logintime] returns noop
>>>>>>> [pap] WARNING! No "known good" password found for the user.
>>>>>>> Authentication may fail because of this.
>>>>>>> ++[pap] returns noop
>>>>>>> ERROR: No authenticate method (Auth-Type) found for the request:
>>>>>>> Rejecting the user
>>>>>>> Failed to authenticate the user.
>>>>>>> WARNING: Unprintable characters in the password.
>>>>>>> Double-check the shared secret on the server and the NAS!
>>>>>>> Using Post-Auth-Type Reject
>>>>>>> # Executing group from file
>>>>>>> /usr/local/etc/raddb/sites-enabled/default
>>>>>>> +- entering group REJECT {...}
>>>>>>> [attr_filter.access_reject] expand: %{User-Name} -> 1001
>>>>>>> attr_filter: Matched entry DEFAULT at line 11
>>>>>>> ++[attr_filter.access_reject] returns updated
>>>>>>> Delaying reject of request 8 for 1 seconds
>>>>>>> Going to the next request
>>>>>>> Waking up in 0.9 seconds.
>>>>>>> Sending delayed reject for request 8
>>>>>>> Sending Access-Reject of id 49 to 127.0.0.1 port 52684
>>>>>>> Waking up in 4.9 seconds.
>>>>>>> Cleaning up request 8 ID 49 with timestamp +7674
>>>>>>> Ready to process requests.
>>>>>>> WARNING! No "known good" password found for the user
>>>>>>>
>>>>>>> Regards,
>>>>>>> Charles
>>>>>>>
>>>>>>>
>>>>>>> 2011/8/3 Tihomir Culjaga <tculjaga at gmail.com>
>>>>>>>
>>>>>>>> did u use the dictionary i have attached ?
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Aug 2, 2011 at 10:08 AM, fieldpeak <fieldpeak at gmail.com>wrote:
>>>>>>>>
>>>>>>>>> i tried change to 'h323-conf-id' to 'h323-call-origin' in
>>>>>>>>> 02_unitest_rad-ANI-auth.xml, rad_auth.conf.xml, however, it still prompt
>>>>>>>>> '[ERR] mod_rad_auth.c:428 Unknown attribute: key:h323-conf-id, not
>>>>>>>>> found in dictionary', so where the mod_rad_auth read out the 'h323-conf-id'?
>>>>>>>>> very very strange, which dictionary it was using...
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Charles
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 2011/8/2 fieldpeak <fieldpeak at gmail.com>
>>>>>>>>>
>>>>>>>>>> Hi Tihomir,
>>>>>>>>>>
>>>>>>>>>> Finally the answer coming, i see the hope, thanks for your reply,
>>>>>>>>>> :)
>>>>>>>>>>
>>>>>>>>>> As your advise, i only use one attribute(h323-conf-id) in my
>>>>>>>>>> dialplan, and only one attribute(h323-conf-id) in rad_auth.conf.xml, and
>>>>>>>>>> using the attached dictionary (from ciso) which contains this attribute,
>>>>>>>>>> however, it still prompt 'unknown attribute', so i suspected if it was
>>>>>>>>>> reading /usr/local/etc/radiusclient/dictionary, so i copy the same
>>>>>>>>>> dictionary to /usr/local/freeswitch/radius/, it did not any help at all...
>>>>>>>>>> very strange...
>>>>>>>>>>
>>>>>>>>>> Log:
>>>>>>>>>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>> default_realm := .
>>>>>>>>>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>> radius_timeout := 3.
>>>>>>>>>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>> radius_retries := 2.
>>>>>>>>>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>> radius_deadtime := 0.
>>>>>>>>>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set bindaddr
>>>>>>>>>> := *.
>>>>>>>>>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:371 ... radius:
>>>>>>>>>> User-Name: 38516060333
>>>>>>>>>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:380 ... radius:
>>>>>>>>>> User-Password: 003282
>>>>>>>>>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:396 ... radius:
>>>>>>>>>> Called-station-Id: 16094191500
>>>>>>>>>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:413 Handle
>>>>>>>>>> attribute: h323-conf-id
>>>>>>>>>> 2011-08-02 15:37:26.578217 [ERR] mod_rad_auth.c:428 Unknown
>>>>>>>>>> attribute: key:h323-conf-id, not found in dictionary
>>>>>>>>>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:538 abort
>>>>>>>>>> sending radius packet.
>>>>>>>>>> 2011-08-02 15:37:26.578217 [ERR] mod_rad_auth.c:546 An error
>>>>>>>>>> occured during RADIUS Authentication(RC=-1)
>>>>>>>>>> 2011-08-02 15:37:26.578217 [ERR] mod_rad_auth.c:702 An error
>>>>>>>>>> occured during radius authorization.
>>>>>>>>>>
>>>>>>>>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO
>>>>>>>>>> AUTH_RESULT=)
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> <extension name="unitest_rad-ANI-auth">
>>>>>>>>>> <condition field="destination_number" expression="^601$">
>>>>>>>>>> <!-- <action application="log" data="INFO Before Auth "/>
>>>>>>>>>> -->
>>>>>>>>>>
>>>>>>>>>> <action inline="true" application="set" data="CALLID=
>>>>>>>>>> h323-conf-id=${uuid}"/>
>>>>>>>>>>
>>>>>>>>>> <action inline="true" application="set"
>>>>>>>>>> data="USERNAME=1001"/>
>>>>>>>>>> <action inline="true" application="set" data="PASSWD=1111"/>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> <action application="sleep" data="2000"/>
>>>>>>>>>> <action application="auth_function" data="in
>>>>>>>>>> ${DIALED_NUMBER}, in ${USERNAME}, in ${PASSWD}, out AUTH_RESULT"/>
>>>>>>>>>>
>>>>>>>>>> </condition>
>>>>>>>>>> </extension>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> <configuration name="rad_auth.conf" description="radius
>>>>>>>>>> authentification module">
>>>>>>>>>> <settings>
>>>>>>>>>>
>>>>>>>>>> </settings>
>>>>>>>>>>
>>>>>>>>>> <client>
>>>>>>>>>> <param name="authserver" value="127.0.0.1:1812:gateway"/>
>>>>>>>>>> <param name="dictionary"
>>>>>>>>>> value="/usr/local/etc/radiusclient/dictionary"/>
>>>>>>>>>> <param name="seqfile" value="/var/run/radius.seq"/>
>>>>>>>>>> <param name="mapfile"
>>>>>>>>>> value="/usr/local/etc/radiusclient/port-id-map"/>
>>>>>>>>>> <param name="default_realm" value=""/>
>>>>>>>>>> <param name="radius_timeout" value="3"/>
>>>>>>>>>> <param name="radius_retries" value="2"/>
>>>>>>>>>> <param name="radius_deadtime" value="0"/>
>>>>>>>>>> <param name="bindaddr" value="*"/>
>>>>>>>>>> </client>
>>>>>>>>>>
>>>>>>>>>> <vsas>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> <param name="h323-conf-id" id="24" value="CALLID" pec="9"
>>>>>>>>>> expr="1" direction="in"/>
>>>>>>>>>>
>>>>>>>>>> </vsas>
>>>>>>>>>> </configuration>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 2011/8/2 Tihomir Culjaga <tculjaga at gmail.com>
>>>>>>>>>>
>>>>>>>>>>> hi,
>>>>>>>>>>>
>>>>>>>>>>> dictionary.all is just the name of a file containing all
>>>>>>>>>>> attributes i needed at that time.
>>>>>>>>>>>
>>>>>>>>>>> you can include other dictionaries by putting #INCLUDE <pathname>
>>>>>>>>>>> at the end of the dictionary file you reference in rad_auth.conf.xml.
>>>>>>>>>>> if the INCLUDE doesn't work, just append dictionary.cisco to your
>>>>>>>>>>> dictionary file... and make your own file.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> check inline comments down below...
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> T.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Sun, Jul 31, 2011 at 10:46 AM, fieldpeak <fieldpeak at gmail.com
>>>>>>>>>>> > wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hello Gurus,
>>>>>>>>>>>>
>>>>>>>>>>>> i met a issue when using
>>>>>>>>>>>> mod_rad_auth(http://wiki.freeswitch.org/wiki/Mod_rad_auth) to
>>>>>>>>>>>> works
>>>>>>>>>>>> with freeradius server+mysql for AAA, the details is below,
>>>>>>>>>>>> Could
>>>>>>>>>>>> anyone give any hints, Thanks in advance.
>>>>>>>>>>>>
>>>>>>>>>>>> i setup a dial plan "unitest_rad-ANI-auth" as wiki above,
>>>>>>>>>>>> however,
>>>>>>>>>>>> when i dialed 601 to trigger the dial plan, the console show
>>>>>>>>>>>> errors,
>>>>>>>>>>>> it looks "h323-conf-id" is not in the directory, then i tried to
>>>>>>>>>>>> add
>>>>>>>>>>>> this attribute to the dictionary, however, it does not help, in
>>>>>>>>>>>> the
>>>>>>>>>>>> wiki, it mentioned the rad_auth.conf.xml contains <param
>>>>>>>>>>>> name="dictionary"
>>>>>>>>>>>> value="/usr/local/etc/radiusclient/dictionary.all"/>, however i
>>>>>>>>>>>> did
>>>>>>>>>>>> not find the file "dictionary.all" at that directory, so i use
>>>>>>>>>>>> dictionary. BTW, the freeradius server + mysql works well.
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> i just appended the information needed into dictionary.all
>>>>>>>>>>> file... (vendor and attribute definition).
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> console errors:
>>>>>>>>>>>>
>>>>>>>>>>>> EXECUTE sofia/internal/1001 at 124.193.106.104 auth_function(in ,
>>>>>>>>>>>> in
>>>>>>>>>>>> 38516060333, in 003282, out AUTH_RESULT)
>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:301 allocate
>>>>>>>>>>>> initial
>>>>>>>>>>>> structure.
>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:313 initialzed
>>>>>>>>>>>> configuration.
>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>>> authserver
>>>>>>>>>>>> := 127.0.0.1:1812:gateway.
>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>>> dictionary
>>>>>>>>>>>> := /usr/local/etc/radiusclient/dictionary.
>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>>> seqfile :=
>>>>>>>>>>>> /var/run/radius.seq.
>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>>> mapfile :=
>>>>>>>>>>>> /usr/local/etc/radiusclient/port-id-map.
>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>>> default_realm := .
>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>>> radius_timeout := 3.
>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>>> radius_retries := 2.
>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>>> radius_deadtime := 0.
>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>>> bindaddr := *.
>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:371 ...
>>>>>>>>>>>> radius:
>>>>>>>>>>>> User-Name: 38516060333
>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:380 ...
>>>>>>>>>>>> radius:
>>>>>>>>>>>> User-Password: 003282
>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:391 ...
>>>>>>>>>>>> radius:
>>>>>>>>>>>> Called-station-Id is empty, ignoring...
>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:413 Handle
>>>>>>>>>>>> attribute: h323-conf-id
>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [ERR] mod_rad_auth.c:428 Unknown
>>>>>>>>>>>> attribute:
>>>>>>>>>>>> key:h323-conf-id, not found in dictionary
>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:538 abort
>>>>>>>>>>>> sending
>>>>>>>>>>>> radius packet.
>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [ERR] mod_rad_auth.c:546 An error
>>>>>>>>>>>> occured
>>>>>>>>>>>> during RADIUS Authentication(RC=-1)
>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [ERR] mod_rad_auth.c:702 An error
>>>>>>>>>>>> occured
>>>>>>>>>>>> during radius authorization.
>>>>>>>>>>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO
>>>>>>>>>>>> AUTH_RESULT=)
>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202
>>>>>>>>>>>> AUTH_RESULT=
>>>>>>>>>>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO
>>>>>>>>>>>> billing_model=)
>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202
>>>>>>>>>>>> billing_model=
>>>>>>>>>>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO
>>>>>>>>>>>> credit_amount=)
>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202
>>>>>>>>>>>> credit_amount=
>>>>>>>>>>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO
>>>>>>>>>>>> currency=)
>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202 currency=
>>>>>>>>>>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO
>>>>>>>>>>>> preffered_lang=)
>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202
>>>>>>>>>>>> preffered_lang=
>>>>>>>>>>>>
>>>>>>>>>>>> added below in the
>>>>>>>>>>>> dictionary(/usr/local/etc/radiusclient/dictionary):
>>>>>>>>>>>>
>>>>>>>>>>>> ATTRIBUTE h323-conf-id 1008 string
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> you need the vendor definition as well
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> dial plan:
>>>>>>>>>>>> <extension name="unitest_rad-ANI-auth">
>>>>>>>>>>>> <condition field="destination_number" expression="^601$">
>>>>>>>>>>>> <action application="log" data="INFO Before Auth "/>
>>>>>>>>>>>>
>>>>>>>>>>>> <action inline="true" application="set"
>>>>>>>>>>>> data="CALLID=h323-conf-id=${uuid}"/>
>>>>>>>>>>>> <action inline="true" application="set"
>>>>>>>>>>>> data="SERVICENUM=h323-prompt-id=${destination_number}"/>
>>>>>>>>>>>> <action inline="true" application="set"
>>>>>>>>>>>> data="TRANSACTIONID=h323-ivr-out=transactionID:1234"/>
>>>>>>>>>>>> <!-- <action inline="true" application="set"
>>>>>>>>>>>> data="CALLINGNUMBER=${caller_id_number}"/> -->
>>>>>>>>>>>> <action inline="true" application="set"
>>>>>>>>>>>> data="CALLINGNUMBER=38516060333"/>
>>>>>>>>>>>> <action inline="true" application="set"
>>>>>>>>>>>> data="USERNAME=38516060333"/>
>>>>>>>>>>>> <!-- <action inline="true" application="set"
>>>>>>>>>>>> data="USERNAME=209354"/> -->
>>>>>>>>>>>> <action inline="true" application="set"
>>>>>>>>>>>> data="PASSWD=003282"/>
>>>>>>>>>>>> <!-- <action inline="true" application="set"
>>>>>>>>>>>> data="DIALED_NUMBER=16094191500"/> -->
>>>>>>>>>>>>
>>>>>>>>>>>> <action application="sleep" data="2000"/>
>>>>>>>>>>>> <action application="auth_function" data="in
>>>>>>>>>>>> ${DIALED_NUMBER},
>>>>>>>>>>>> in ${USERNAME}, in ${PASSWD}, out AUTH_RESULT"/>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> <action application="log" data="INFO
>>>>>>>>>>>> AUTH_RESULT=${AUTH_RESULT}"/>
>>>>>>>>>>>> <action application="log" data="INFO
>>>>>>>>>>>> billing_model=${billing_model}"/>
>>>>>>>>>>>> <action application="log" data="INFO
>>>>>>>>>>>> credit_amount=${credit_amount}"/>
>>>>>>>>>>>> <action application="log" data="INFO
>>>>>>>>>>>> currency=${currency}"/>
>>>>>>>>>>>> <action application="log" data="INFO
>>>>>>>>>>>> preffered_lang=${preffered_lang}"/>
>>>>>>>>>>>> <action application="log" data="INFO
>>>>>>>>>>>> credit_time=${credit_time}"/>
>>>>>>>>>>>> <action application="log" data="INFO
>>>>>>>>>>>> h323_ivr_duration=${h323_ivr_duration}"/>
>>>>>>>>>>>> <action application="log" data="INFO
>>>>>>>>>>>> return_code=${return_code}"/>
>>>>>>>>>>>> <!-- <action application="execute_extension" data="AUTH XML
>>>>>>>>>>>> default"/> -->
>>>>>>>>>>>> </condition>
>>>>>>>>>>>> </extension>
>>>>>>>>>>>>
>>>>>>>>>>>> radius_cdr.conf.xml:
>>>>>>>>>>>> <configuration name="radius_cdr.conf" description="RADIUS CDR
>>>>>>>>>>>> Configuration">
>>>>>>>>>>>>
>>>>>>>>>>>> <settings>
>>>>>>>>>>>>
>>>>>>>>>>>> <!-- location of the radius dictionary files -->
>>>>>>>>>>>>
>>>>>>>>>>>> <param name="dictionary"
>>>>>>>>>>>> value="/usr/local/freeswitch/conf/radius/dictionary"/>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>> your dictionary file need to contain all the attributes you are
>>>>>>>>>>> trying to use or to include other dictionaries (In this case
>>>>>>>>>>> dictionary.cisco) from the dictionary file you are referencing here.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> <!-- number of retries for each server -->
>>>>>>>>>>>>
>>>>>>>>>>>> <param name="radius_retries" value="3"/>
>>>>>>>>>>>>
>>>>>>>>>>>> <!-- number of seconds to wait between retries
>>>>>>>>>>>> -->
>>>>>>>>>>>>
>>>>>>>>>>>> <param name="radius_timeout" value="5"/>
>>>>>>>>>>>>
>>>>>>>>>>>> <!-- accounting servers, up to 8 allowed -->
>>>>>>>>>>>>
>>>>>>>>>>>> <!-- value is "host:port:secret", port is
>>>>>>>>>>>> optional -->
>>>>>>>>>>>>
>>>>>>>>>>>> <!-- use IP ADDRESSES, not hostnames -->
>>>>>>>>>>>>
>>>>>>>>>>>> <param name="acct_server" value="127.0.0.1:1813
>>>>>>>>>>>> :testing123"/>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> </settings>
>>>>>>>>>>>>
>>>>>>>>>>>> </configuration>
>>>>>>>>>>>>
>>>>>>>>>>>> the FS version:
>>>>>>>>>>>> FreeSWITCH Version 1.0.head (git-492bc6b 2011-07-23 12-53-04
>>>>>>>>>>>> -0400)
>>>>>>>>>>>>
>>>>>>>>>>>> Regards,
>>>>>>>>>>>> Charles
>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>>>>>>>>>>> http://www.cluecon.com 877-7-4ACLUE
>>>>>>>>>>>>
>>>>>>>>>>>> FreeSWITCH-users mailing list
>>>>>>>>>>>>
>>>>>>>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>>>>>>> UNSUBSCRIBE:
>>>>>>>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>>>>>>> http://www.freeswitch.org
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>>>>>>>>>> http://www.cluecon.com 877-7-4ACLUE
>>>>>>>>>>>
>>>>>>>>>>> FreeSWITCH-users mailing list
>>>>>>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>>>>>> UNSUBSCRIBE:
>>>>>>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>>>>>> http://www.freeswitch.org
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>>>>>>>> http://www.cluecon.com 877-7-4ACLUE
>>>>>>>>>
>>>>>>>>> FreeSWITCH-users mailing list
>>>>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>>>> UNSUBSCRIBE:
>>>>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>>>> http://www.freeswitch.org
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>>>>>>> http://www.cluecon.com 877-7-4ACLUE
>>>>>>>>
>>>>>>>> FreeSWITCH-users mailing list
>>>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>>> UNSUBSCRIBE:
>>>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>>> http://www.freeswitch.org
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>>>>>> http://www.cluecon.com 877-7-4ACLUE
>>>>>>>
>>>>>>> FreeSWITCH-users mailing list
>>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>> UNSUBSCRIBE:
>>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>> http://www.freeswitch.org
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>>>>> http://www.cluecon.com 877-7-4ACLUE
>>>>>>
>>>>>> FreeSWITCH-users mailing list
>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>> UNSUBSCRIBE:
>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>> http://www.freeswitch.org
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>>>> http://www.cluecon.com 877-7-4ACLUE
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:
>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>>> http://www.cluecon.com 877-7-4ACLUE
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>> http://www.cluecon.com 877-7-4ACLUE
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>> _______________________________________________
>> Join us at ClueCon 2011, Aug 9-11, Chicago
>> http://www.cluecon.com 877-7-4ACLUE
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
> _______________________________________________
> Join us at ClueCon 2011, Aug 9-11, Chicago
> http://www.cluecon.com 877-7-4ACLUE
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20110811/f93f4b04/attachment-0001.html
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list