[Freeswitch-users] Dialplan authentication
Борисов, Дмитрий / Dmitriy Borisov
bordmi at rarus.ru
Wed Apr 15 15:45:26 MSD 2015
Hi!
If you use rad_auth dialplan command, then after using it you will have
Freeswitch-AVPair channel variable with value vm_pass=1234
If you use auth_invite or auth_reg, than mod_xml_radius will create user
param with name Freeswitch-AVPair and value vm_pass=1234 in result
directory
2015-04-15 13:56 GMT+03:00 Густаво Силва <gfs at etherway.ru>:
> It works.
>
> Man, just more one question, how can I get the value of this variable in
> my diaplan? I am using mod_xml_radius.
>
> Freeswitch-AVPair = "vm_pass=1234"
>
>
>
>
>
>
> On 15.04.2015 12:08, Sergey Safarov wrote:
>
> Add strings to dialplan like
> <action inline="true" application="set" data="GWID=${h323-gw-id}"/>
> <action inline="true" application="set"
> data="TRANSACTIONID=h323-ivr-out=transactionID:1234"/>
> <action inline="true" application="set"
> data="CALLEDNUMBER=${destination_number}"/>
> <action inline="true" application="set"
> data="CALLINGNUMBER=${caller_id_number}"/>
>
> You can try comment this attributs in rad_auth.conf.xml
>
>
>
> On Wed, Apr 15, 2015 at 11:26 AM, Густаво Силва <gfs at etherway.ru> wrote:
>
>> Sergey, do you know why I am getting these variables undefined?
>>
>> [ERR] mod_rad_auth.c:178 Undefined channel variable: GWID.
>> [ERR] mod_rad_auth.c:178 Undefined channel variable: TRANSACTIONID.
>> [ERR] mod_rad_auth.c:178 Undefined channel variable: CALLEDNUMBER.
>> [ERR] mod_rad_auth.c:178 Undefined channel variable: CALLINGNUMBER.
>>
>>
>>
>>
>> On 14.04.2015 22:34, Sergey Safarov wrote:
>>
>> In provided example password stored in directory.
>> Directory can be in mod_xml_radius (
>> https://freeswitch.org/confluence/display/FREESWITCH/mod_xml_radius) or
>> other dynamically generated directory.
>>
>>
>> On Tue, Apr 14, 2015 at 9:56 PM, Gustavo Silva <silvagustavo at yandex.ru>
>> wrote:
>>
>>> Hi Sergey,
>>>
>>> Tks for the help but there is a catch in this solution. I will be
>>> still having the password and user name in freeswitch server.
>>>
>>> I would like that the radius server handles it.
>>>
>>> Is there a way with the rad_auth module where I wouldn't need to set
>>> up password in diaplan file? All the authentication should be done with the
>>> radius server.
>>>
>>> I say that because, for example: I have 200 users, with diferentes
>>> passwords configured in the radius server. So, by this solution with
>>> rad_auth module, I should also have 200 different password in the diaplan
>>> configuration, right?
>>>
>>> Regards,
>>> Gustavo
>>>
>>> Sent from my BlackBerry 10 smartphone.
>>> *From: *Sergey Safarov
>>> *Sent: *вторник, 14 апреля 2015 г., 21:16
>>> *To: *FreeSWITCH Users Help
>>> *Reply To: *FreeSWITCH Users Help
>>> *Subject: *Re: [Freeswitch-users] Dialplan authentication
>>>
>>> This can help you
>>>
>>> [root at fs1 autoload_configs]# cat rad_auth.conf.xml
>>> <configuration name="rad_auth.conf" description="radius authentification
>>> module">
>>> <settings>
>>> <!-- backward compatibility to allow radiusclient config file
>>> instead of an embedded config -->
>>> <!-- <param name="radius_config"
>>> value="/usr/local/etc/radiusclient/radiusclient.conf"/> -->
>>> </settings>
>>>
>>> <client>
>>> <param name="authserver" value="10.40.0.5:1814:x7h6t4g"/>
>>> <param name="dictionary" value="/etc/radiusclient/dictionary.all"/>
>>> <param name="seqfile" value="/var/run/radius.seq"/>
>>> <param name="mapfile" value="/etc/radiusclient/port-id-map"/>
>>> <param name="default_realm" value=""/>
>>> <param name="radius_timeout" value="1"/>
>>> <param name="radius_retries" value="0"/>
>>> <param name="radius_deadtime" value="0"/>
>>> <param name="bindaddr" value="*"/>
>>> </client>
>>>
>>> <vsas>
>>> <!--
>>> name: just a description
>>> value: direct input or variable
>>> pec: vendor ID (0 for default, 9 for cisco...)
>>> expr: 0 - direct input (string), 1 - channel variable
>>> direction: in for radius-request, out for radius-response
>>> -->
>>>
>>> <!-- mappings for radius request message; input attributes -->
>>> <param name="h323-conf-id" id="24" value="CALLID" pec="9" expr="1"
>>> direction="in"/>
>>> <param name="h323-gw-id" id="33" value="GWID" pec="9" expr="1"
>>> direction="in"/>
>>> <param name="Cisco-AVPair" id="1" value="TRANSACTIONID" pec="9"
>>> expr="1" direction="in"/>
>>> <param name="Called-Station-Id" id="30" value="CALLEDNUMBER"
>>> pec="0" expr="1" direction="in"/>
>>> <param name="Calling-Station-Id" id="31" value="CALLINGNUMBER"
>>> pec="0" expr="1" direction="in"/>-->
>>> <param name="NAS-Port-Type" id="61" value="0" pec="0" expr="0"
>>> direction="in"/>
>>> <param name="Login-User" id="1" value="1" pec="0" expr="0"
>>> direction="in"/> -->
>>>
>>> <!-- mappings for radius-response message; output values from
>>> returning outributes -->
>>> <param name="CREDIT_AMOUNT" id="101" value="credit_amount" pec="9"
>>> expr="0" direction="out"/>
>>> <param name="CURRENCY" id="110" value="currency" pec="9" expr="0"
>>> direction="out"/>
>>> <param name="CREDIT_TIME" id="102" value="h323-credit_time" pec="9"
>>> expr="0" direction="out"/>
>>> <param name="PER_MINUTE_PRICE" id="251" value="Cisco-Servicce-Info"
>>> pec="9" expr="0" direction="out"/>
>>> <param name="PREFFERED_LANG" id="107" value="preffered_lang" pec="9"
>>> expr="0" direction="out"/>
>>> <param name="H323-IVR-IN:DIRATION" id="1" value="h323_ivr_duration"
>>> pec="9" expr="0" direction="out"/> -->
>>> <param name="RADIUS_RETURN_CODE" id="103" value="return_code" pec="9"
>>> expr="0" direction="out"/>
>>> <!-- expr param is to be ignored here-->
>>> </vsas>
>>> </configuration>
>>> [root at fs1 autoload_configs]#
>>>
>>> Dialplan fragment
>>> <extension name="operator-rad-auth" continue="true">
>>> <condition regex="any">
>>> <regex field="${accountcode}" expression="^8$"/>
>>> </condition>
>>> <condition field="${destination_number}" expression="^\+(\d+)$">
>>> <action application="export"
>>> data="h323-gw-id=${accountcode_bleg}"/>
>>> <action application="unset" data="disable_radius_start"/>
>>> <action application="unset" data="disable_radius_stop"/>
>>> <action inline="true" application="set"
>>> data="CALLID=h323-conf-id=${uuid}"/>
>>> <action inline="true" application="set"
>>> data="GWID=${accountcode_bleg}"/>
>>> <action inline="true" application="set" data="USERNAME=
>>> login at operator.ru"/>
>>> <action inline="true" application="set"
>>> data="PASSWD=xxxxxxxx"/>
>>> <action inline="true" application="set"
>>> data="DIALED_NUMBER=$1"/>
>>> <action application="auth_function" data="in
>>> ${DIALED_NUMBER}, in ${USERNAME}, in ${PASSWD}, out AUTH_RESULT"/>
>>> </condition>
>>> </extension>
>>>
>>> Log fragment
>>> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru parsing
>>> [mr24.gateways.rcsnet.ru->operator-rad-auth] continue=true
>>> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru Regex (PASS)
>>> [operator-rad-auth] ${accountcode}(8) =~ /^8$/ match=any
>>> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru Regex (PASS)
>>> [operator-rad-auth] ${destination_number}(+749593377xx) =~ /^\+(\d+)$/
>>> break=on-false
>>> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru Action
>>> export(h323-gw-id=${accountcode_bleg})
>>> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru Action
>>> unset(disable_radius_start)
>>> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru Action
>>> unset(disable_radius_stop)
>>> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru Action
>>> set(CALLID=h323-conf-id=${uuid}) INLINE
>>> EXECUTE sofia/mr24/0000079639652834 at gateways.rcsnet.ru
>>> set(CALLID=h323-conf-id=bd091212-e2b0-11e4-98e2-d102deb9a97d)
>>> 2015-04-14 14:15:43.446357 [DEBUG] mod_dptools.c:1435 sofia/mr24/
>>> 00000796396528xx at gateways.operator.ru SET
>>> [CALLID]=[h323-conf-id=bd091212-e2b0-11e4-98e2-d102deb9a97d]
>>> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru Action
>>> set(GWID=${accountcode_bleg}) INLINE
>>> EXECUTE sofia/mr24/0000079639652834 at gateways.rcsnet.ru set(GWID=1460)
>>> 2015-04-14 14:15:43.446357 [DEBUG] mod_dptools.c:1435 sofia/mr24/
>>> 00000796396528xx at gateways.rcsnet.ru SET [GWID]=[1460]
>>> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru Action
>>> set(USERNAME=login at operator.ru) INLINE
>>> EXECUTE sofia/mr24/0000079639652834 at gateways.rcsnet.ru set(USERNAME=
>>> login at operator.ru)
>>> 2015-04-14 14:15:43.446357 [DEBUG] mod_dptools.c:1435 sofia/mr24/
>>> 0000079639652834 at gateways.rcsnet.ru SET [USERNAME]=[login at operator.ru]
>>> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru Action
>>> set(PASSWD=xxxxxxxx) INLINE
>>> EXECUTE sofia/mr24/0000079639652834 at gateways.rcsnet.ru
>>> set(PASSWD=xxxxxxxx)
>>> 2015-04-14 14:15:43.446357 [DEBUG] mod_dptools.c:1435 sofia/mr24/
>>> 00000796396528xx at gateways.operator.ru SET [PASSWD]=[xxxxxxxxxxx]
>>> Dialplan: sofia/mr24/0000079639652834 at gateways.rcsnet.ru Action
>>> set(DIALED_NUMBER=749593377xx) INLINE
>>> EXECUTE sofia/mr24/0000079639652834 at gateways.rcsnet.ru
>>> set(DIALED_NUMBER=749593377xx)
>>> 2015-04-14 14:15:43.446357 [DEBUG] mod_dptools.c:1435 sofia/mr24/
>>> 00000796396528xx at gateways.rcsnet.ru SET [DIALED_NUMBER]=[749593377xx]
>>> sofia/mr24/0000079639652834 at gateways.rcsnet.ru Action auth_function(in
>>> ${DIALED_NUMBER}, in ${USERNAME}, in ${PASSWD}, out AUTH_RESULT)
>>> ..........
>>>
>>> bd091212-e2b0-11e4-98e2-d102deb9a97d EXECUTE sofia/mr24/
>>> 00000796396528xx at gateways.operator.ru auth_function(in 74959337786, in
>>> login at operator.ru, in xxxxxxxxxxxx, out AUTH_RESULT)
>>> [DEBUG] mod_rad_auth.c:301 allocate initial structure.
>>> [DEBUG] mod_rad_auth.c:313 initialzed configuration.
>>> [DEBUG] mod_rad_auth.c:318 set authserver := 10.40.0.5:1814:xxxxxxxx.
>>> [DEBUG] mod_rad_auth.c:318 set dictionary :=
>>> /etc/radiusclient/dictionary.all.
>>> [DEBUG] mod_rad_auth.c:318 set seqfile := /var/run/radius.seq.
>>> [DEBUG] mod_rad_auth.c:318 set mapfile := /etc/radiusclient/port-id-map.
>>> [DEBUG] mod_rad_auth.c:318 set default_realm := .
>>> [DEBUG] mod_rad_auth.c:318 set radius_timeout := 1.
>>> [DEBUG] mod_rad_auth.c:318 set radius_retries := 0.
>>> [DEBUG] mod_rad_auth.c:318 set radius_deadtime := 0.
>>> [DEBUG] mod_rad_auth.c:318 set bindaddr := *.
>>> [DEBUG] mod_rad_auth.c:371 ... radius: User-Name: login at operator.ru
>>> [DEBUG] mod_rad_auth.c:380 ... radius: User-Password: xxxxxxxxxxxxxxxxxx
>>> DEBUG] mod_rad_auth.c:396 ... radius: Called-station-Id: 74959337786
>>> [DEBUG] mod_rad_auth.c:413 Handle attribute: h323-conf-id
>>> [DEBUG] mod_rad_auth.c:439 ... dictionary data: id:24, vendor id:9, attr
>>> type:0, attr name:h323-conf-id (589848)
>>> [DEBUG] mod_rad_auth.c:444 ... radius: key:h323-conf-id, value:CALLID
>>> (h323-conf-id=bd091212-e2b0-11e4-98e2-d102deb9a97d) as string
>>> [DEBUG] mod_rad_auth.c:413 Handle attribute: h323-gw-id
>>> [DEBUG] mod_rad_auth.c:439 ... dictionary data: id:33, vendor id:9, attr
>>> type:0, attr name:h323-gw-id (589857)
>>> [DEBUG] mod_rad_auth.c:444 ... radius: key:h323-gw-id, value:GWID (1460)
>>> as string
>>> [DEBUG] mod_rad_auth.c:413 Handle attribute: NAS-Port-Type
>>> [DEBUG] mod_rad_auth.c:439 ... dictionary data: id:61, vendor id:0, attr
>>> type:1, attr name:NAS-Port-Type (61)
>>> [DEBUG] mod_rad_auth.c:456 ... radius: key:NAS-Port-Type, value:0 (0) as
>>> integer
>>> [DEBUG] mod_rad_auth.c:491 sending radius packet ...
>>> [DEBUG] mod_rad_auth.c:497 RADIUS Authentication OK
>>> [DEBUG] mod_rad_auth.c:519 Handle attribute: CREDIT_AMOUNT
>>> [DEBUG] mod_rad_auth.c:522 attribute (CREDIT_AMOUNT) found in radius
>>> packet
>>> [DEBUG] mod_rad_auth.c:523 set variable credit_amount :=
>>> h323-credit-amount=-600913.47
>>> [DEBUG] mod_rad_auth.c:519 Handle attribute: CURRENCY
>>> [DEBUG] mod_rad_auth.c:522 attribute (CURRENCY) found in radius packet
>>> [DEBUG] mod_rad_auth.c:523 set variable currency := h323-currency=RUR
>>> [DEBUG] mod_rad_auth.c:519 Handle attribute: CREDIT_TIME
>>> [DEBUG] mod_rad_auth.c:522 attribute (CREDIT_TIME) found in radius
>>> packet
>>> [DEBUG] mod_rad_auth.c:523 set variable h323-credit_time :=
>>> h323-credit-time=86400
>>> [DEBUG] mod_rad_auth.c:519 Handle attribute: PER_MINUTE_PRICE
>>> [DEBUG] mod_rad_auth.c:522 attribute (PER_MINUTE_PRICE) found in
>>> radius packet
>>> [DEBUG] mod_rad_auth.c:523 set variable Cisco-Servicce-Info := 0.000000
>>> [DEBUG] mod_rad_auth.c:519 Handle attribute: RADIUS_RETURN_CODE
>>> [DEBUG] mod_rad_auth.c:522 attribute (RADIUS_RETURN_CODE) found in
>>> radius packet
>>> [DEBUG] mod_rad_auth.c:523 set variable return_code :=
>>> h323-return-code=0
>>>
>>>
>>>
>>>
>>>
>>> On Tue, Apr 14, 2015 at 5:28 PM, Gustavo Silva <silvagustavo at yandex.ru>
>>> wrote:
>>>
>>>>
>>>> First it says that the the login is OK and after it says that the
>>>> login is incorrect.
>>>>
>>>> Tue Apr 14 17:24:11 2015 : Auth: Login OK: [1008/<via Auth-Type =
>>>> DIGEST>] (from client localhost port 0 cli 1008)
>>>> Tue Apr 14 17:24:11 2015 : Info: rlm_radutmp: Login entry for NAS
>>>> localhost port 0 duplicate
>>>> Tue Apr 14 17:24:11 2015 : Auth: Login incorrect: [<no User-Name
>>>> attribute>/<no User-Password attribute>] (from client localhost port 0
>>>> cli 1008)
>>>> Tue Apr 14 17:24:14 2015 : Error: rlm_radutmp: Logout for NAS localhost
>>>> port 0, but no Login record
>>>>
>>>>
>>>>
>>>> Sent from my BlackBerry 10 smartphone.
>>>>
>>>> Original Message
>>>> *From: *Борисов, Дмитрий / Dmitriy Borisov
>>>> *Sent: *вторник, 14 апреля 2015 г., 17:22
>>>> *To: *FreeSWITCH Users Help
>>>> *Reply To: *FreeSWITCH Users Help
>>>> *Subject: *Re: [Freeswitch-users] Dialplan authentication
>>>>
>>>> Hi!
>>>>
>>>> Configuration looks good there, and what in radius.log on RADIUS
>>>> server?
>>>>
>>>> 2015-04-14 14:01 GMT+03:00 Густаво Силва <gfs at etherway.ru>:
>>>>
>>>>> I have set up the following in my dialplan:
>>>>>
>>>>> <extension name="auth" continue="true">
>>>>> <condition field="${radius_auth_result}" expression="^0$">
>>>>> <action application="radius_auth" inline="true"/>
>>>>> </condition>
>>>>> </extension>
>>>>>
>>>>> I am facing the following error:
>>>>>
>>>>> Dialplan: sofia/internal/1008 at ipaddress Regex (PASS) [auth]
>>>>> ${radius_auth_result}(0) =~ /^0$/ break=on-false
>>>>> Dialplan: sofia/internal/1008 at ipaddress Action radius_auth() INLINE
>>>>> EXECUTE sofia/internal/1008 at ipaddress radius_auth()
>>>>> 2015-04-14 13:53:42.734956 [ERR] mod_xml_radius.c:1090 mod_xml_radius:
>>>>> Failed to authenticate
>>>>>
>>>>> What should I do to the call authentication work?
>>>>>
>>>>> Regards,
>>>>> Gustavo
>>>>>
>>>>>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://confluence.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:
>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> with best regards,
>>>> Dmitriy Borisov
>>>>
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>
>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services: consulting at freeswitch.orghttp://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Siteshttp://www.freeswitch.orghttp://confluence.freeswitch.orghttp://www.cluecon.com
>>
>> FreeSWITCH-users mailing listFreeSWITCH-users at lists.freeswitch.orghttp://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-usershttp://www.freeswitch.org
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services: consulting at freeswitch.orghttp://www.freeswitchsolutions.com
>
> Official FreeSWITCH Siteshttp://www.freeswitch.orghttp://confluence.freeswitch.orghttp://www.cluecon.com
>
> FreeSWITCH-users mailing listFreeSWITCH-users at lists.freeswitch.orghttp://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-usershttp://www.freeswitch.org
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
--
with best regards,
Dmitriy Borisov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150415/e2a24c3b/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list