[Freeswitch-users] Dialplan authentication

Sergey Safarov s.safarov at gmail.com
Tue Apr 14 22:10:45 MSD 2015


This can help you

[root at fs1 autoload_configs]# cat rad_auth.conf.xml
<configuration name="rad_auth.conf" description="radius authentification
module">
 <settings>
    <!-- backward compatibility to allow radiusclient config file instead
of an embedded config -->
    <!--  <param name="radius_config"
value="/usr/local/etc/radiusclient/radiusclient.conf"/>   -->
 </settings>

 <client>
   <param name="authserver" value="10.40.0.5:1814:x7h6t4g"/>
   <param name="dictionary" value="/etc/radiusclient/dictionary.all"/>
   <param name="seqfile" value="/var/run/radius.seq"/>
   <param name="mapfile" value="/etc/radiusclient/port-id-map"/>
   <param name="default_realm" value=""/>
   <param name="radius_timeout" value="1"/>
   <param name="radius_retries" value="0"/>
   <param name="radius_deadtime" value="0"/>
   <param name="bindaddr" value="*"/>
 </client>

 <vsas>
   <!--
        name:       just a description
        value:      direct input or variable
        pec:        vendor ID (0 for default, 9 for cisco...)
        expr:       0 - direct input (string), 1 - channel variable
        direction:  in for radius-request, out for radius-response
   -->

   <!-- mappings for radius request message; input attributes -->
   <param name="h323-conf-id" id="24" value="CALLID" pec="9" expr="1"
direction="in"/>
   <param name="h323-gw-id" id="33" value="GWID" pec="9" expr="1"
direction="in"/>
   <param name="Cisco-AVPair" id="1" value="TRANSACTIONID" pec="9" expr="1"
direction="in"/>
   <param name="Called-Station-Id" id="30" value="CALLEDNUMBER" pec="0"
expr="1" direction="in"/>
   <param name="Calling-Station-Id" id="31" value="CALLINGNUMBER" pec="0"
expr="1" direction="in"/>-->
   <param name="NAS-Port-Type" id="61" value="0" pec="0" expr="0"
direction="in"/>
   <param name="Login-User" id="1" value="1" pec="0" expr="0"
direction="in"/> -->

   <!-- mappings for radius-response message; output values from returning
outributes -->
   <param name="CREDIT_AMOUNT" id="101" value="credit_amount" pec="9"
expr="0" direction="out"/>
   <param name="CURRENCY" id="110" value="currency" pec="9" expr="0"
direction="out"/>
   <param name="CREDIT_TIME" id="102" value="h323-credit_time" pec="9"
expr="0" direction="out"/>
   <param name="PER_MINUTE_PRICE" id="251" value="Cisco-Servicce-Info"
pec="9" expr="0" direction="out"/>
   <param name="PREFFERED_LANG" id="107" value="preffered_lang" pec="9"
expr="0" direction="out"/>
   <param name="H323-IVR-IN:DIRATION" id="1" value="h323_ivr_duration"
pec="9" expr="0" direction="out"/> -->
   <param name="RADIUS_RETURN_CODE" id="103" value="return_code" pec="9"
expr="0" direction="out"/>
   <!-- expr param is to be ignored here-->
 </vsas>
</configuration>
[root at fs1 autoload_configs]#

Dialplan fragment
      <extension name="operator-rad-auth" continue="true">
         <condition regex="any">
            <regex field="${accountcode}" expression="^8$"/>
         </condition>
         <condition field="${destination_number}" expression="^\+(\d+)$">
            <action application="export"
data="h323-gw-id=${accountcode_bleg}"/>
            <action application="unset" data="disable_radius_start"/>
            <action application="unset" data="disable_radius_stop"/>
            <action inline="true" application="set"
data="CALLID=h323-conf-id=${uuid}"/>
            <action inline="true" application="set"
data="GWID=${accountcode_bleg}"/>
            <action inline="true" application="set" data="USERNAME=
login at operator.ru"/>
            <action inline="true" application="set" data="PASSWD=xxxxxxxx"/>
            <action inline="true" application="set"
data="DIALED_NUMBER=$1"/>
            <action application="auth_function" data="in ${DIALED_NUMBER},
in ${USERNAME}, in ${PASSWD}, out AUTH_RESULT"/>
         </condition>
      </extension>

Log fragment
Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru parsing
[mr24.gateways.rcsnet.ru->operator-rad-auth] continue=true
Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru Regex (PASS)
[operator-rad-auth] ${accountcode}(8) =~ /^8$/ match=any
Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru Regex (PASS)
[operator-rad-auth] ${destination_number}(+749593377xx) =~ /^\+(\d+)$/
break=on-false
Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru Action
export(h323-gw-id=${accountcode_bleg})
Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru Action
unset(disable_radius_start)
Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru Action
unset(disable_radius_stop)
Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru Action
set(CALLID=h323-conf-id=${uuid}) INLINE
EXECUTE sofia/mr24/0000079639652834 at gateways.rcsnet.ru
set(CALLID=h323-conf-id=bd091212-e2b0-11e4-98e2-d102deb9a97d)
2015-04-14 14:15:43.446357 [DEBUG] mod_dptools.c:1435 sofia/mr24/
00000796396528xx at gateways.operator.ru SET
[CALLID]=[h323-conf-id=bd091212-e2b0-11e4-98e2-d102deb9a97d]
Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru Action
set(GWID=${accountcode_bleg}) INLINE
EXECUTE sofia/mr24/0000079639652834 at gateways.rcsnet.ru set(GWID=1460)
2015-04-14 14:15:43.446357 [DEBUG] mod_dptools.c:1435 sofia/mr24/
00000796396528xx at gateways.rcsnet.ru SET [GWID]=[1460]
Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru Action
set(USERNAME=login at operator.ru) INLINE
EXECUTE sofia/mr24/0000079639652834 at gateways.rcsnet.ru set(USERNAME=
login at operator.ru)
2015-04-14 14:15:43.446357 [DEBUG] mod_dptools.c:1435 sofia/mr24/
0000079639652834 at gateways.rcsnet.ru SET [USERNAME]=[login at operator.ru]
Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru Action
set(PASSWD=xxxxxxxx) INLINE
EXECUTE sofia/mr24/0000079639652834 at gateways.rcsnet.ru set(PASSWD=xxxxxxxx)
2015-04-14 14:15:43.446357 [DEBUG] mod_dptools.c:1435 sofia/mr24/
00000796396528xx at gateways.operator.ru SET [PASSWD]=[xxxxxxxxxxx]
Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru Action
set(DIALED_NUMBER=749593377xx) INLINE
EXECUTE sofia/mr24/0000079639652834 at gateways.rcsnet.ru
set(DIALED_NUMBER=749593377xx)
2015-04-14 14:15:43.446357 [DEBUG] mod_dptools.c:1435 sofia/mr24/
00000796396528xx at gateways.rcsnet.ru SET [DIALED_NUMBER]=[749593377xx]
sofia/mr24/0000079639652834 at gateways.rcsnet.ru Action auth_function(in
${DIALED_NUMBER}, in ${USERNAME}, in ${PASSWD}, out AUTH_RESULT)
..........

bd091212-e2b0-11e4-98e2-d102deb9a97d EXECUTE sofia/mr24/
00000796396528xx at gateways.operator.ru auth_function(in 74959337786, in
login at operator.ru, in xxxxxxxxxxxx, out AUTH_RESULT)
[DEBUG] mod_rad_auth.c:301 allocate initial structure.
[DEBUG] mod_rad_auth.c:313 initialzed configuration.
[DEBUG] mod_rad_auth.c:318 set authserver := 10.40.0.5:1814:xxxxxxxx.
[DEBUG] mod_rad_auth.c:318 set dictionary :=
/etc/radiusclient/dictionary.all.
[DEBUG] mod_rad_auth.c:318 set seqfile := /var/run/radius.seq.
[DEBUG] mod_rad_auth.c:318 set mapfile := /etc/radiusclient/port-id-map.
[DEBUG] mod_rad_auth.c:318 set default_realm := .
[DEBUG] mod_rad_auth.c:318 set radius_timeout := 1.
[DEBUG] mod_rad_auth.c:318 set radius_retries := 0.
[DEBUG] mod_rad_auth.c:318 set radius_deadtime := 0.
[DEBUG] mod_rad_auth.c:318 set bindaddr := *.
[DEBUG] mod_rad_auth.c:371 ... radius: User-Name: login at operator.ru
[DEBUG] mod_rad_auth.c:380 ... radius: User-Password: xxxxxxxxxxxxxxxxxx
DEBUG] mod_rad_auth.c:396 ... radius: Called-station-Id: 74959337786
[DEBUG] mod_rad_auth.c:413 Handle attribute: h323-conf-id
[DEBUG] mod_rad_auth.c:439 ... dictionary data: id:24, vendor id:9, attr
type:0, attr name:h323-conf-id (589848)
[DEBUG] mod_rad_auth.c:444 ... radius: key:h323-conf-id, value:CALLID
(h323-conf-id=bd091212-e2b0-11e4-98e2-d102deb9a97d) as string
[DEBUG] mod_rad_auth.c:413 Handle attribute: h323-gw-id
[DEBUG] mod_rad_auth.c:439 ... dictionary data: id:33, vendor id:9, attr
type:0, attr name:h323-gw-id (589857)
[DEBUG] mod_rad_auth.c:444 ... radius: key:h323-gw-id, value:GWID (1460) as
string
[DEBUG] mod_rad_auth.c:413 Handle attribute: NAS-Port-Type
[DEBUG] mod_rad_auth.c:439 ... dictionary data: id:61, vendor id:0, attr
type:1, attr name:NAS-Port-Type (61)
[DEBUG] mod_rad_auth.c:456 ... radius: key:NAS-Port-Type, value:0 (0) as
integer
[DEBUG] mod_rad_auth.c:491 sending radius packet ...
[DEBUG] mod_rad_auth.c:497 RADIUS Authentication OK
[DEBUG] mod_rad_auth.c:519 Handle attribute: CREDIT_AMOUNT
[DEBUG] mod_rad_auth.c:522   attribute (CREDIT_AMOUNT) found in radius
packet
[DEBUG] mod_rad_auth.c:523   set variable credit_amount :=
h323-credit-amount=-600913.47
[DEBUG] mod_rad_auth.c:519 Handle attribute: CURRENCY
[DEBUG] mod_rad_auth.c:522   attribute (CURRENCY) found in radius packet
[DEBUG] mod_rad_auth.c:523   set variable currency := h323-currency=RUR
[DEBUG] mod_rad_auth.c:519 Handle attribute: CREDIT_TIME
[DEBUG] mod_rad_auth.c:522   attribute (CREDIT_TIME) found in radius packet
[DEBUG] mod_rad_auth.c:523   set variable h323-credit_time :=
h323-credit-time=86400
[DEBUG] mod_rad_auth.c:519 Handle attribute: PER_MINUTE_PRICE
[DEBUG] mod_rad_auth.c:522   attribute (PER_MINUTE_PRICE) found in radius
packet
[DEBUG] mod_rad_auth.c:523   set variable Cisco-Servicce-Info := 0.000000
[DEBUG] mod_rad_auth.c:519 Handle attribute: RADIUS_RETURN_CODE
[DEBUG] mod_rad_auth.c:522   attribute (RADIUS_RETURN_CODE) found in radius
packet
[DEBUG] mod_rad_auth.c:523   set variable return_code := h323-return-code=0





On Tue, Apr 14, 2015 at 5:28 PM, Gustavo Silva <silvagustavo at yandex.ru>
wrote:

>
> First it says that the the login is OK and after it says that the login is
> incorrect.
>
> Tue Apr 14 17:24:11 2015 : Auth: Login OK: [1008/<via Auth-Type =
> DIGEST>] (from client localhost port 0 cli 1008)
> Tue Apr 14 17:24:11 2015 : Info: rlm_radutmp: Login entry for NAS
> localhost port 0 duplicate
> Tue Apr 14 17:24:11 2015 : Auth: Login incorrect: [<no User-Name
> attribute>/<no User-Password attribute>] (from client localhost port 0
> cli 1008)
> Tue Apr 14 17:24:14 2015 : Error: rlm_radutmp: Logout for NAS localhost
> port 0, but no Login record
>
>
>
>  Sent from my BlackBerry 10 smartphone.
>    Original Message
>   *From: *Борисов, Дмитрий / Dmitriy Borisov
> *Sent: *вторник, 14 апреля 2015 г., 17:22
> *To: *FreeSWITCH Users Help
> *Reply To: *FreeSWITCH Users Help
> *Subject: *Re: [Freeswitch-users] Dialplan authentication
>
> Hi!
>
> Configuration looks good there, and what in radius.log on RADIUS server?
>
> 2015-04-14 14:01 GMT+03:00 Густаво Силва <gfs at etherway.ru>:
>
>> I have set up the following in my dialplan:
>>
>> <extension name="auth" continue="true">
>>   <condition field="${radius_auth_result}" expression="^0$">
>>   <action application="radius_auth" inline="true"/>
>>   </condition>
>> </extension>
>>
>> I am facing the following error:
>>
>> Dialplan: sofia/internal/1008 at ipaddress Regex (PASS) [auth]
>> ${radius_auth_result}(0) =~ /^0$/ break=on-false
>> Dialplan: sofia/internal/1008 at ipaddress Action radius_auth() INLINE
>> EXECUTE sofia/internal/1008 at ipaddress radius_auth()
>> 2015-04-14 13:53:42.734956 [ERR] mod_xml_radius.c:1090 mod_xml_radius:
>> Failed to authenticate
>>
>> What should I do to the call authentication work?
>>
>> Regards,
>> Gustavo
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
> --
> with best regards,
> Dmitriy Borisov
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150414/5b06f97b/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list