[Freeswitch-users] Dialplan authentication
Густаво Силва
gfs at etherway.ru
Wed Apr 15 12:26:29 MSD 2015
Sergey, do you know why I am getting these variables undefined?
[ERR] mod_rad_auth.c:178 Undefined channel variable: GWID.
[ERR] mod_rad_auth.c:178 Undefined channel variable: TRANSACTIONID.
[ERR] mod_rad_auth.c:178 Undefined channel variable: CALLEDNUMBER.
[ERR] mod_rad_auth.c:178 Undefined channel variable: CALLINGNUMBER.
On 14.04.2015 22:34, Sergey Safarov wrote:
> In provided example password stored in directory.
> Directory can be in mod_xml_radius
> (https://freeswitch.org/confluence/display/FREESWITCH/mod_xml_radius)
> or other dynamically generated directory.
>
>
> On Tue, Apr 14, 2015 at 9:56 PM, Gustavo Silva <silvagustavo at yandex.ru
> <mailto:silvagustavo at yandex.ru>> wrote:
>
> Hi Sergey,
>
> Tks for the help but there is a catch in this solution. I will be
> still having the password and user name in freeswitch server.
>
> I would like that the radius server handles it.
>
> Is there a way with the rad_auth module where I wouldn't need to
> set up password in diaplan file? All the authentication should be
> done with the radius server.
>
> I say that because, for example: I have 200 users, with diferentes
> passwords configured in the radius server. So, by this solution
> with rad_auth module, I should also have 200 different password in
> the diaplan configuration, right?
>
> Regards,
> Gustavo
>
> Sent from my BlackBerry 10 smartphone.
> *From: *Sergey Safarov
> *Sent: *вторник, 14 апреля 2015 г., 21:16
> *To: *FreeSWITCH Users Help
> *Reply To: *FreeSWITCH Users Help
> *Subject: *Re: [Freeswitch-users] Dialplan authentication
>
>
> This can help you
>
> [root at fs1 autoload_configs]# cat rad_auth.conf.xml
> <configuration name="rad_auth.conf" description="radius
> authentification module">
> <settings>
> <!-- backward compatibility to allow radiusclient config file
> instead of an embedded config -->
> <!-- <param name="radius_config"
> value="/usr/local/etc/radiusclient/radiusclient.conf"/> -->
> </settings>
>
> <client>
> <param name="authserver" value="10.40.0.5:1814:x7h6t4g"/>
> <param name="dictionary" value="/etc/radiusclient/dictionary.all"/>
> <param name="seqfile" value="/var/run/radius.seq"/>
> <param name="mapfile" value="/etc/radiusclient/port-id-map"/>
> <param name="default_realm" value=""/>
> <param name="radius_timeout" value="1"/>
> <param name="radius_retries" value="0"/>
> <param name="radius_deadtime" value="0"/>
> <param name="bindaddr" value="*"/>
> </client>
>
> <vsas>
> <!--
> name: just a description
> value: direct input or variable
> pec: vendor ID (0 for default, 9 for cisco...)
> expr: 0 - direct input (string), 1 - channel variable
> direction: in for radius-request, out for radius-response
> -->
>
> <!-- mappings for radius request message; input attributes -->
> <param name="h323-conf-id" id="24" value="CALLID" pec="9"
> expr="1" direction="in"/>
> <param name="h323-gw-id" id="33" value="GWID" pec="9" expr="1"
> direction="in"/>
> <param name="Cisco-AVPair" id="1" value="TRANSACTIONID" pec="9"
> expr="1" direction="in"/>
> <param name="Called-Station-Id" id="30" value="CALLEDNUMBER"
> pec="0" expr="1" direction="in"/>
> <param name="Calling-Station-Id" id="31" value="CALLINGNUMBER"
> pec="0" expr="1" direction="in"/>-->
> <param name="NAS-Port-Type" id="61" value="0" pec="0" expr="0"
> direction="in"/>
> <param name="Login-User" id="1" value="1" pec="0" expr="0"
> direction="in"/> -->
>
> <!-- mappings for radius-response message; output values from
> returning outributes -->
> <param name="CREDIT_AMOUNT" id="101" value="credit_amount"
> pec="9" expr="0" direction="out"/>
> <param name="CURRENCY" id="110" value="currency" pec="9"
> expr="0" direction="out"/>
> <param name="CREDIT_TIME" id="102" value="h323-credit_time"
> pec="9" expr="0" direction="out"/>
> <param name="PER_MINUTE_PRICE" id="251"
> value="Cisco-Servicce-Info" pec="9" expr="0" direction="out"/>
> <param name="PREFFERED_LANG" id="107" value="preffered_lang"
> pec="9" expr="0" direction="out"/>
> <param name="H323-IVR-IN:DIRATION" id="1"
> value="h323_ivr_duration" pec="9" expr="0" direction="out"/> -->
> <param name="RADIUS_RETURN_CODE" id="103" value="return_code"
> pec="9" expr="0" direction="out"/>
> <!-- expr param is to be ignored here-->
> </vsas>
> </configuration>
> [root at fs1 autoload_configs]#
>
> Dialplan fragment
> <extension name="operator-rad-auth" continue="true">
> <condition regex="any">
> <regex field="${accountcode}" expression="^8$"/>
> </condition>
> <condition field="${destination_number}"
> expression="^\+(\d+)$">
> <action application="export"
> data="h323-gw-id=${accountcode_bleg}"/>
> <action application="unset" data="disable_radius_start"/>
> <action application="unset" data="disable_radius_stop"/>
> <action inline="true" application="set"
> data="CALLID=h323-conf-id=${uuid}"/>
> <action inline="true" application="set"
> data="GWID=${accountcode_bleg}"/>
> <action inline="true" application="set"
> data="USERNAME=login at operator.ru <mailto:login at operator.ru>"/>
> <action inline="true" application="set"
> data="PASSWD=xxxxxxxx"/>
> <action inline="true" application="set"
> data="DIALED_NUMBER=$1"/>
> <action application="auth_function" data="in
> ${DIALED_NUMBER}, in ${USERNAME}, in ${PASSWD}, out AUTH_RESULT"/>
> </condition>
> </extension>
>
> Log fragment
> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru
> <mailto:0000079639652834 at gateways.rcsnet.ru> parsing
> [mr24.gateways.rcsnet.ru->operator-rad-auth] continue=true
> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru
> <mailto:0000079639652834 at gateways.rcsnet.ru> Regex (PASS)
> [operator-rad-auth] ${accountcode}(8) =~ /^8$/ match=any
> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru
> <mailto:0000079639652834 at gateways.rcsnet.ru> Regex (PASS)
> [operator-rad-auth] ${destination_number}(+749593377xx) =~
> /^\+(\d+)$/ break=on-false
> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru
> <mailto:0000079639652834 at gateways.rcsnet.ru> Action
> export(h323-gw-id=${accountcode_bleg})
> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru
> <mailto:0000079639652834 at gateways.rcsnet.ru> Action
> unset(disable_radius_start)
> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru
> <mailto:0000079639652834 at gateways.rcsnet.ru> Action
> unset(disable_radius_stop)
> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru
> <mailto:0000079639652834 at gateways.rcsnet.ru> Action
> set(CALLID=h323-conf-id=${uuid}) INLINE
> EXECUTE sofia/mr24/0000079639652834 at gateways.rcsnet.ru
> <mailto:0000079639652834 at gateways.rcsnet.ru>
> set(CALLID=h323-conf-id=bd091212-e2b0-11e4-98e2-d102deb9a97d)
> 2015-04-14 14:15:43.446357 [DEBUG] mod_dptools.c:1435
> sofia/mr24/00000796396528xx at gateways.operator.ru
> <mailto:00000796396528xx at gateways.operator.ru> SET
> [CALLID]=[h323-conf-id=bd091212-e2b0-11e4-98e2-d102deb9a97d]
> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru
> <mailto:0000079639652834 at gateways.rcsnet.ru> Action
> set(GWID=${accountcode_bleg}) INLINE
> EXECUTE sofia/mr24/0000079639652834 at gateways.rcsnet.ru
> <mailto:0000079639652834 at gateways.rcsnet.ru> set(GWID=1460)
> 2015-04-14 14:15:43.446357 [DEBUG] mod_dptools.c:1435
> sofia/mr24/00000796396528xx at gateways.rcsnet.ru
> <mailto:00000796396528xx at gateways.rcsnet.ru> SET [GWID]=[1460]
> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru
> <mailto:0000079639652834 at gateways.rcsnet.ru> Action
> set(USERNAME=login at operator.ru <mailto:login at operator.ru>) INLINE
> EXECUTE sofia/mr24/0000079639652834 at gateways.rcsnet.ru
> <mailto:0000079639652834 at gateways.rcsnet.ru>
> set(USERNAME=login at operator.ru <mailto:login at operator.ru>)
> 2015-04-14 14:15:43.446357 [DEBUG] mod_dptools.c:1435
> sofia/mr24/0000079639652834 at gateways.rcsnet.ru
> <mailto:0000079639652834 at gateways.rcsnet.ru> SET
> [USERNAME]=[login at operator.ru <mailto:login at operator.ru>]
> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru
> <mailto:0000079639652834 at gateways.rcsnet.ru> Action
> set(PASSWD=xxxxxxxx) INLINE
> EXECUTE sofia/mr24/0000079639652834 at gateways.rcsnet.ru
> <mailto:0000079639652834 at gateways.rcsnet.ru> set(PASSWD=xxxxxxxx)
> 2015-04-14 14:15:43.446357 [DEBUG] mod_dptools.c:1435
> sofia/mr24/00000796396528xx at gateways.operator.ru
> <mailto:00000796396528xx at gateways.operator.ru> SET
> [PASSWD]=[xxxxxxxxxxx]
> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru
> <mailto:0000079639652834 at gateways.rcsnet.ru> Action
> set(DIALED_NUMBER=749593377xx) INLINE
> EXECUTE sofia/mr24/0000079639652834 at gateways.rcsnet.ru
> <mailto:0000079639652834 at gateways.rcsnet.ru>
> set(DIALED_NUMBER=749593377xx)
> 2015-04-14 14:15:43.446357 [DEBUG] mod_dptools.c:1435
> sofia/mr24/00000796396528xx at gateways.rcsnet.ru
> <mailto:00000796396528xx at gateways.rcsnet.ru> SET
> [DIALED_NUMBER]=[749593377xx]
> sofia/mr24/0000079639652834 at gateways.rcsnet.ru
> <mailto:0000079639652834 at gateways.rcsnet.ru> Action
> auth_function(in ${DIALED_NUMBER}, in ${USERNAME}, in ${PASSWD},
> out AUTH_RESULT)
> ..........
>
> bd091212-e2b0-11e4-98e2-d102deb9a97d EXECUTE
> sofia/mr24/00000796396528xx at gateways.operator.ru
> <mailto:00000796396528xx at gateways.operator.ru> auth_function(in
> 74959337786, in login at operator.ru <mailto:login at operator.ru>, in
> xxxxxxxxxxxx, out AUTH_RESULT)
> [DEBUG] mod_rad_auth.c:301 allocate initial structure.
> [DEBUG] mod_rad_auth.c:313 initialzed configuration.
> [DEBUG] mod_rad_auth.c:318 set authserver := 10.40.0.5:1814:xxxxxxxx.
> [DEBUG] mod_rad_auth.c:318 set dictionary :=
> /etc/radiusclient/dictionary.all.
> [DEBUG] mod_rad_auth.c:318 set seqfile := /var/run/radius.seq.
> [DEBUG] mod_rad_auth.c:318 set mapfile :=
> /etc/radiusclient/port-id-map.
> [DEBUG] mod_rad_auth.c:318 set default_realm := .
> [DEBUG] mod_rad_auth.c:318 set radius_timeout := 1.
> [DEBUG] mod_rad_auth.c:318 set radius_retries := 0.
> [DEBUG] mod_rad_auth.c:318 set radius_deadtime := 0.
> [DEBUG] mod_rad_auth.c:318 set bindaddr := *.
> [DEBUG] mod_rad_auth.c:371 ... radius: User-Name:
> login at operator.ru <mailto:login at operator.ru>
> [DEBUG] mod_rad_auth.c:380 ... radius: User-Password:
> xxxxxxxxxxxxxxxxxx
> DEBUG] mod_rad_auth.c:396 ... radius: Called-station-Id: 74959337786
> [DEBUG] mod_rad_auth.c:413 Handle attribute: h323-conf-id
> [DEBUG] mod_rad_auth.c:439 ... dictionary data: id:24, vendor
> id:9, attr type:0, attr name:h323-conf-id (589848)
> [DEBUG] mod_rad_auth.c:444 ... radius: key:h323-conf-id,
> value:CALLID (h323-conf-id=bd091212-e2b0-11e4-98e2-d102deb9a97d)
> as string
> [DEBUG] mod_rad_auth.c:413 Handle attribute: h323-gw-id
> [DEBUG] mod_rad_auth.c:439 ... dictionary data: id:33, vendor
> id:9, attr type:0, attr name:h323-gw-id (589857)
> [DEBUG] mod_rad_auth.c:444 ... radius: key:h323-gw-id, value:GWID
> (1460) as string
> [DEBUG] mod_rad_auth.c:413 Handle attribute: NAS-Port-Type
> [DEBUG] mod_rad_auth.c:439 ... dictionary data: id:61, vendor
> id:0, attr type:1, attr name:NAS-Port-Type (61)
> [DEBUG] mod_rad_auth.c:456 ... radius: key:NAS-Port-Type, value:0
> (0) as integer
> [DEBUG] mod_rad_auth.c:491 sending radius packet ...
> [DEBUG] mod_rad_auth.c:497 RADIUS Authentication OK
> [DEBUG] mod_rad_auth.c:519 Handle attribute: CREDIT_AMOUNT
> [DEBUG] mod_rad_auth.c:522 attribute (CREDIT_AMOUNT) found in
> radius packet
> [DEBUG] mod_rad_auth.c:523 set variable credit_amount :=
> h323-credit-amount=-600913.47
> [DEBUG] mod_rad_auth.c:519 Handle attribute: CURRENCY
> [DEBUG] mod_rad_auth.c:522 attribute (CURRENCY) found in radius
> packet
> [DEBUG] mod_rad_auth.c:523 set variable currency :=
> h323-currency=RUR
> [DEBUG] mod_rad_auth.c:519 Handle attribute: CREDIT_TIME
> [DEBUG] mod_rad_auth.c:522 attribute (CREDIT_TIME) found in
> radius packet
> [DEBUG] mod_rad_auth.c:523 set variable h323-credit_time :=
> h323-credit-time=86400
> [DEBUG] mod_rad_auth.c:519 Handle attribute: PER_MINUTE_PRICE
> [DEBUG] mod_rad_auth.c:522 attribute (PER_MINUTE_PRICE) found in
> radius packet
> [DEBUG] mod_rad_auth.c:523 set variable Cisco-Servicce-Info :=
> 0.000000
> [DEBUG] mod_rad_auth.c:519 Handle attribute: RADIUS_RETURN_CODE
> [DEBUG] mod_rad_auth.c:522 attribute (RADIUS_RETURN_CODE) found
> in radius packet
> [DEBUG] mod_rad_auth.c:523 set variable return_code :=
> h323-return-code=0
>
>
>
>
>
> On Tue, Apr 14, 2015 at 5:28 PM, Gustavo Silva
> <silvagustavo at yandex.ru <mailto:silvagustavo at yandex.ru>> wrote:
>
>
> First it says that the the login is OK and after it says that
> the login is incorrect.
>
> Tue Apr 14 17:24:11 2015 : Auth: Login OK: [1008/<via Auth-Type =
> DIGEST>] (from client localhost port 0 cli 1008)
> Tue Apr 14 17:24:11 2015 : Info: rlm_radutmp: Login entry for NAS
> localhost port 0 duplicate
> Tue Apr 14 17:24:11 2015 : Auth: Login incorrect: [<no User-Name
> attribute>/<no User-Password attribute>] (from client
> localhost port 0
> cli 1008)
> Tue Apr 14 17:24:14 2015 : Error: rlm_radutmp: Logout for NAS
> localhost
> port 0, but no Login record
>
>
>
> Sent from my BlackBerry 10 smartphone.
>
> Original Message
>
> *From: *Борисов, Дмитрий / Dmitriy Borisov
> *Sent: *вторник, 14 апреля 2015 г., 17:22
> *To: *FreeSWITCH Users Help
> *Reply To: *FreeSWITCH Users Help
> *Subject: *Re: [Freeswitch-users] Dialplan authentication
>
>
> Hi!
>
> Configuration looks good there, and what in radius.log on
> RADIUS server?
>
> 2015-04-14 14:01 GMT+03:00 Густаво Силва <gfs at etherway.ru
> <mailto:gfs at etherway.ru>>:
>
> I have set up the following in my dialplan:
>
> <extension name="auth" continue="true">
> <condition field="${radius_auth_result}" expression="^0$">
> <action application="radius_auth" inline="true"/>
> </condition>
> </extension>
>
> I am facing the following error:
>
> Dialplan: sofia/internal/1008 at ipaddress Regex (PASS) [auth]
> ${radius_auth_result}(0) =~ /^0$/ break=on-false
> Dialplan: sofia/internal/1008 at ipaddress Action
> radius_auth() INLINE
> EXECUTE sofia/internal/1008 at ipaddress radius_auth()
> 2015-04-14 13:53:42.734956 [ERR] mod_xml_radius.c:1090
> mod_xml_radius:
> Failed to authenticate
>
> What should I do to the call authentication work?
>
> Regards,
> Gustavo
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> --
> with best regards,
> Dmitriy Borisov
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150415/16c17982/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list