[Freeswitch-users] Freeswitch and Freeradius integration

Борисов, Дмитрий / Dmitriy Borisov bordmi at rarus.ru
Fri Apr 3 18:38:31 MSD 2015


Usage: radtest [OPTIONS] user passwd radius-server[:port] nas-port-number
secret [ppphint] [nasname]
        -d RADIUS_DIR       Set radius directory
        -t <type>           Set authentication method
                            type can be pap, chap, mschap, or eap-md5
        -x                  Enable debug output
        -4                  Use IPv4 for the NAS address (default)
        -6                  Use IPv6 for the NAS address


2015-04-03 17:31 GMT+03:00 Gustavo Silva <silvagustavo at yandex.ru>:

> I know only the radtest test. Is there something else to test?  Radtest
> show me connection accept.
>
>
>
>
>
> Sent from my BlackBerry 10 smartphone.
>   *From: *Борисов, Дмитрий / Dmitriy Borisov
> *Sent: *пятница, 3 апреля 2015 г., 17:19
> *To: *FreeSWITCH Users Help
> *Reply To: *FreeSWITCH Users Help
> *Subject: *Re: [Freeswitch-users] Freeswitch and Freeradius integration
>
> Check correction of all configuration for freeradius. Test connection to
> your RADIUS server with radtest command
>
> 2015-04-03 16:40 GMT+03:00 Gustavo Silva <silvagustavo at yandex.ru>:
>
>> What should I check there? The authserver and acctserver are set as
>> localhost.
>>
>> Sent from my BlackBerry 10 smartphone.
>>   *From: *Борисов, Дмитрий / Dmitriy Borisov
>> *Sent: *пятница, 3 апреля 2015 г., 16:29
>> *To: *FreeSWITCH Users Help
>> *Reply To: *FreeSWITCH Users Help
>> *Subject: *Re: [Freeswitch-users] Freeswitch and Freeradius integration
>>
>> Check correction of the radiusclient.conf file
>>
>> 2015-04-03 16:12 GMT+03:00 Gustavo Silva <silvagustavo at yandex.ru>:
>>
>>> Yes, I did!
>>>
>>> Sent from my BlackBerry 10 smartphone.
>>>   *From: *Борисов, Дмитрий / Dmitriy Borisov
>>> *Sent: *пятница, 3 апреля 2015 г., 16:11
>>> *To: *FreeSWITCH Users Help
>>> *Reply To: *FreeSWITCH Users Help
>>> *Subject: *Re: [Freeswitch-users] Freeswitch and Freeradius integration
>>>
>>> Do you have installed freeradius-client on the same machine which
>>> freeswitch is installed on?
>>>
>>> 2015-04-03 15:46 GMT+03:00 Gustavo Silva <silvagustavo at yandex.ru>:
>>>
>>>> I have freeradius server and freeradius client. I don't know what
>>>> freeradius-ng is about.
>>>>
>>>> I forgot to mention, the OS is debian 7
>>>>
>>>> Sent from my BlackBerry 10 smartphone.
>>>>   *From: *Борисов, Дмитрий / Dmitriy Borisov
>>>> *Sent: *пятница, 3 апреля 2015 г., 15:40
>>>> *To: *FreeSWITCH Users Help
>>>> *Reply To: *FreeSWITCH Users Help
>>>> *Subject: *Re: [Freeswitch-users] Freeswitch and Freeradius integration
>>>>
>>>> Do you have freeraius-ng installed in your system?
>>>>
>>>> 2015-04-03 13:30 GMT+03:00 Густаво Силва <gfs at etherway.ru>:
>>>>
>>>>> Hi folks!
>>>>>
>>>>> Im getting some errors trying to enable AAA on my freeswitch with
>>>>> freeradius.
>>>>> I am getting the following errors:
>>>>>
>>>>> - When I start freeswitch:
>>>>> [ERR] mod_xml_radius.c:678 Failed to load radius handle for
>>>>> registration authentication
>>>>>
>>>>> - When I make a call:
>>>>> 2015-04-03 13:22:55.840618 [ERR] mod_xml_radius.c:566 Failed to load
>>>>> radius handle for digest invite authentication
>>>>> 2015-04-03 13:22:55.840618 [ERR] mod_xml_radius.c:879 Failed to create
>>>>> new accounting_start handle for call: 64b32ec2-d9eb-11e4-9c8c-85505819ce7f
>>>>>
>>>>> I can I solve this problem?
>>>>>
>>>>> My xml_radius.conf bellow:
>>>>>
>>>>> <configuration name="xml_radius.conf" description="Radius XML Gateway">
>>>>>   <!--
>>>>>      auth_invite is only called when a directory lookup is done on an
>>>>> inbound invite. Usually that means a digest auth challenge on the invite.
>>>>>
>>>>>      auth_reg is only called on the actual registration.
>>>>>
>>>>>      auth_app is used when an invite is in the dialplan. If your
>>>>> profile requires digest auth then this isn't needed.
>>>>>               but if your profile is doing only ip authentication this
>>>>> allows you to authenticate the call without the need for digest auth.
>>>>>
>>>>>      acct_start happens when the call goes into the state 'routing'
>>>>> which means it is starting the dialplan
>>>>>   -->
>>>>>   <auth_invite>
>>>>>     <connection name="testing">
>>>>>       <param name="authserver" value="192.168.56.103:1812
>>>>> :testing123"/>
>>>>>       <param name="radius_timeout" value="10"/>
>>>>>       <param name="radius_retries" value="2"/>
>>>>>       <param name="radius_deadtime" value="0"/>
>>>>>       <param name="dictionary"
>>>>> value="/usr/src/freeswitch-1.2.23/src/mod/xml_int/mod_xml_radius/dictionaries/dictionary"/>
>>>>>       <param name="seqfile" value="/var/run/radius.seq"/>
>>>>>     </connection>
>>>>>     <fields>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair" variable="ip"
>>>>> format="src-gw-ip=%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair"
>>>>> variable="sip_from_user" format="src-gw-name=%s"/>
>>>>>       <param vendor="Cisco" name="h323-conf-id" variable="Core-UUID"
>>>>> format="%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair" variable="ip"
>>>>> format="request-type=number"/>
>>>>>       <param name="Called-Station-Id" variable="sip_to_user"
>>>>> format="%s"/>
>>>>>       <param name="Calling-Station-Id" variable="sip_from_user"
>>>>> format="%s"/>
>>>>>       <param name="User-Name" variable="sip_from_user" format="%s"/>
>>>>>       <param name="Digest-Response" variable="sip_auth_response"
>>>>> format="%s"/>
>>>>>       <param name="Digest-Realm" variable="sip_auth_realm"
>>>>> format="%s"/>
>>>>>       <param name="Digest-Nonce" variable="sip_auth_nonce"
>>>>> format="%s"/>
>>>>>       <param name="Digest-Username" variable="sip_auth_username"
>>>>> format="%s"/>
>>>>>       <param name="Digest-URI" variable="sip_auth_uri" format="%s"/>
>>>>>       <param name="Digest-Method" variable="sip_auth_method"
>>>>> format="%s"/>
>>>>>       <param name="Digest-Algorithm" variable="sip_auth_method"
>>>>> format="MD5"/>
>>>>>       <param name="Digest-Qop" variable="sip_auth_qop" format="%s"/>
>>>>>       <param name="Digest-CNonce" variable="sip_auth_cnonce"
>>>>> format="%s"/>
>>>>>       <param name="Digest-Nonce-Count" variable="sip_auth_nc"
>>>>> format="%s"/>
>>>>>     </fields>
>>>>>   </auth_invite>
>>>>>   <auth_reg>
>>>>>     <connection name="testing">
>>>>>       <param name="authserver" value="192.168.56.103:1812
>>>>> :testing123"/>
>>>>>       <param name="radius_timeout" value="10"/>
>>>>>       <param name="radius_retries" value="2"/>
>>>>>       <param name="radius_deadtime" value="0"/>
>>>>>       <param name="dictionary"
>>>>> value="/usr/src/freeswitch-1.2.23/src/mod/xml_int/mod_xml_radius/dictionaries/dictionary"/>
>>>>>       <param name="seqfile" value="/var/run/radius.seq"/>
>>>>>     </connection>
>>>>>     <fields>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair" variable="ip"
>>>>> format="request-type=user"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair" variable="ip"
>>>>> format="src-gw-ip=%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair"
>>>>> variable="sip_from_user" format="src-gw-name=%s"/>
>>>>>       <param name="User-Name" variable="sip_from_user" format="%s"/>
>>>>>       <param name="Digest-Response" variable="sip_auth_response"
>>>>> format="%s"/>
>>>>>       <param name="Digest-Realm" variable="sip_auth_realm"
>>>>> format="%s"/>
>>>>>       <param name="Digest-Nonce" variable="sip_auth_nonce"
>>>>> format="%s"/>
>>>>>       <param name="Digest-Username" variable="sip_auth_username"
>>>>> format="%s"/>
>>>>>       <param name="Digest-URI" variable="sip_auth_uri" format="%s"/>
>>>>>       <param name="Digest-Method" variable="sip_auth_method"
>>>>> format="%s"/>
>>>>>       <param name="Digest-Algorithm" variable="sip_auth_method"
>>>>> format="MD5"/>
>>>>>       <param name="Digest-Qop" variable="sip_auth_qop" format="%s"/>
>>>>>       <param name="Digest-CNonce" variable="sip_auth_cnonce"
>>>>> format="%s"/>
>>>>>       <param name="Digest-Nonce-Count" variable="sip_auth_nc"
>>>>> format="%s"/>
>>>>>     </fields>
>>>>>   </auth_reg>
>>>>>   <auth_app>
>>>>>     <connection name="testing">
>>>>>       <param name="authserver" value="192.168.56.103:1812
>>>>> :testing123"/>
>>>>>       <param name="radius_timeout" value="10"/>
>>>>>       <param name="radius_retries" value="2"/>
>>>>>       <param name="radius_deadtime" value="0"/>
>>>>>       <param name="dictionary"
>>>>> value="/usr/src/freeswitch-1.2.23/src/mod/xml_int/mod_xml_radius/dictionaries/dictionary"/>
>>>>>       <param name="seqfile" value="/var/run/radius.seq"/>
>>>>>     </connection>
>>>>>     <fields>
>>>>>       <param vendor="Cisco" name="h323-conf-id"
>>>>> variable_secondary="uuid" variable="originating_leg_uuid" format="%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair" variable="uuid"
>>>>> format="h323-call-id=%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair"
>>>>> variable="sip_network_ip" format="src-gw-ip=%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair"
>>>>> variable="sip_from_user" format="src-gw-name=%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair"
>>>>> variable="sip_from_user" format="src-number-in=%s" />
>>>>>       <param vendor="Cisco" name="Cisco-AVPair" variable="sip_to_user"
>>>>> format="dst-number-in=%s" />
>>>>>       <param name="Called-Station-Id" variable="sip_to_user"
>>>>> format="%s"/>
>>>>>       <param name="Calling-Station-Id" variable="sip_from_user"
>>>>> format="%s"/>
>>>>>     </fields>
>>>>>   </auth_app>
>>>>>   <auth_reg>
>>>>>     <connection name="testing">
>>>>>       <param name="authserver" value="192.168.56.103:1812
>>>>> :testing123"/>
>>>>>       <param name="radius_timeout" value="10"/>
>>>>>       <param name="radius_retries" value="2"/>
>>>>>       <param name="radius_deadtime" value="0"/>
>>>>>       <param name="dictionary"
>>>>> value="/usr/share/freeradius/dictionary.cisco"/>
>>>>>       <param name="seqfile" value="/var/run/radius.seq"/>
>>>>>     </connection>
>>>>>     <fields>
>>>>>     </fields>
>>>>>   </auth_reg>
>>>>>   <acct_start>
>>>>>     <connection name="testing">
>>>>>       <param name="acctserver" value="192.168.56.103:1813
>>>>> :testing123"/>
>>>>>       <param name="radius_timeout" value="10"/>
>>>>>       <param name="radius_retries" value="0"/>
>>>>>       <param name="radius_deadtime" value="0"/>
>>>>>       <param name="dictionary"
>>>>> value="/usr/src/freeswitch-1.2.23/src/mod/xml_int/mod_xml_radius/dictionaries/dictionary"/>
>>>>>       <param name="seqfile" value="/var/run/radius.seq"/>
>>>>>     </connection>
>>>>>     <fields>
>>>>>       <param vendor="Cisco" name="h323-call-origin"
>>>>> variable="h323-call-origin" default="answer" format="%s"/>
>>>>>       <param vendor="Cisco" name="h323-conf-id"
>>>>> variable_secondary="uuid" variable="originating_leg_uuid" format="%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair" variable="uuid"
>>>>> format="h323-call-id=%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair"
>>>>> variable="sip_contact_host" format="src-gw-ip=%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair"
>>>>> variable="sip_from_user" variable_secondary="ani" format="src-gw-name=%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair"
>>>>> variable="sip_from_user" variable_secondary="ani" format="src-number-in=%s"
>>>>> />
>>>>>       <param vendor="Cisco" name="Cisco-AVPair"
>>>>> variable="sip_from_user" variable_secondary="ani"
>>>>> format="src-number-out=%s" />
>>>>>       <param name="Calling-Station-Id" variable="sip_from_user"
>>>>> variable_secondary="ani" format="%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair" variable="sip_to_host"
>>>>> format="dst-gw-ip=%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair"
>>>>> variable="destination_number" format="dst-gw-name=%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair"
>>>>> variable="destination_number" format="dst-number-in=%s" />
>>>>>       <param vendor="Cisco" name="Cisco-AVPair"
>>>>> variable="destination_number" format="dst-number-out=%s" />
>>>>>       <param name="Called-Station-Id" variable="destination_number"
>>>>> format="%s"/>
>>>>>       <param vendor="Cisco" name="h323-setup-time"/>
>>>>>     </fields>
>>>>> </acct_start>
>>>>> <acct_end>
>>>>>     <connection name="testing">
>>>>>       <param name="acctserver" value="192.168.56.103:1813
>>>>> :testing123"/>
>>>>>       <param name="radius_timeout" value="10"/>
>>>>>       <param name="radius_retries" value="0"/>
>>>>>       <param name="radius_deadtime" value="0"/>
>>>>>       <param name="dictionary"
>>>>> value="/usr/src/freeswitch-1.2.23/src/mod/xml_int/mod_xml_radius/dictionaries/dictionary"/>
>>>>>       <param name="seqfile" value="/var/run/radius.seq"/>
>>>>>     </connection>
>>>>>     <fields>
>>>>>       <param vendor="Cisco" name="h323-call-origin"
>>>>> variable="h323-call-origin" default="answer" format="%s"/>
>>>>>       <param vendor="Cisco" name="h323-conf-id"
>>>>> variable_secondary="uuid" variable="originating_leg_uuid" format="%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair" variable="uuid"
>>>>> format="h323-call-id=%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair"
>>>>> variable="sip_contact_host" format="src-gw-ip=%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair"
>>>>> variable="sip_from_user" variable_secondary="ani" format="src-gw-name=%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair"
>>>>> variable="sip_from_user" variable_secondary="ani" format="src-number-in=%s"
>>>>> />
>>>>>       <param vendor="Cisco" name="Cisco-AVPair"
>>>>> variable="sip_from_user" variable_secondary="ani"
>>>>> format="src-number-out=%s" />
>>>>>       <param name="Calling-Station-Id" variable="sip_from_user"
>>>>> variable_secondary="ani" format="%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair" variable="sip_to_host"
>>>>> format="dst-gw-ip=%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair" variable="sip_to_user"
>>>>> variable_secondary="dialed_extension" format="dst-gw-name=%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair" variable="sip_to_user"
>>>>> variable_secondary="dialed_extension" format="dst-number-in=%s" />
>>>>>       <param name="Called-Station-Id" variable="destination_number"
>>>>> format="%s"/>
>>>>>       <param vendor="Cisco" name="h323-setup-time"/>
>>>>>       <param vendor="Cisco" name="h323-connect-time"/>
>>>>>       <param vendor="Cisco" name="h323-disconnect-time"/>
>>>>>       <param vendor="Cisco" name="h323-disconnect-cause"/>
>>>>>       <param name="Acct-Session-Time" variable="billsec" format="%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair"
>>>>> variable_secondary="progressmsec" variable="progress_mediamsec"
>>>>> format="pdd-time=%s"/>
>>>>>       <param vendor="Cisco" name="Cisco-AVPair"
>>>>> variable="destination_number" format="dst-number-out=%s"/>
>>>>>     </fields>
>>>>>   </acct_end>
>>>>> </configuration>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://confluence.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:
>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> with best regards,
>>>> Dmitriy Borisov
>>>>
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>
>>>
>>>
>>> --
>>> with best regards,
>>> Dmitriy Borisov
>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>>
>> --
>> with best regards,
>> Dmitriy Borisov
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
> --
> with best regards,
> Dmitriy Borisov
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 
with best regards,
Dmitriy Borisov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150403/7fba5d8b/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list