<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'>
Hi Tihomir,<div><br></div><div>Can you please let me understand what is meant by these two lines you have written in the dialplan.</div><div><br></div><div>&lt;condition field="destination_number" expression="^RADIUS_ANI_AUTH$"&gt;</div><div>&lt;action application="execute_extension" data="CHECK_IF_AUTORIZED XML default"/&gt;</div><div><br></div><div>Thanks.</div><div><br></div><div>Regards</div><div>---------------</div><div>Abid Saleem<br><br><hr id="stopSpelling">Date: Thu, 11 Nov 2010 12:58:13 +0100<br>From: tculjaga@gmail.com<br>To: freeswitch-users@lists.freeswitch.org<br>Subject: Re: [Freeswitch-users] Radius AAA<br><br><br><br><div class="ecxgmail_quote">On Thu, Nov 11, 2010 at 8:27 AM, Abid Saleem <span dir="ltr">&lt;<a href="mailto:abid_freeswitch@live.com">abid_freeswitch@live.com</a>&gt;</span> wrote:<br><blockquote class="ecxgmail_quote" style="padding-left:1ex">




<div>
Dear Tihomir,<div><br></div><div>Good day. I am still waiting for your answer on the below subject. Could you please guide me further so I can fix this issue with mod_rad_auth. I hope you understand what is my problem.</div>
<div><br></div><br></div></blockquote></div><br><br>Abid, i cannot write the dialplan for you. This part you should do by yourself. I have explained how this module is supposed to work... and it really does.<br><br>you need to evaluate the response from auth_function and act accordingly (bridge or not bridge the call according to auth result)<br>
<br><br>again, here is an example:<br><br>module config:<br><br>&lt;configuration name="rad_auth.conf" description="radius authentification module"&gt;<br>&nbsp; &lt;settings&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp; &lt;!-- backward compatibility to allow radiusclient config file instead of an embedded config --&gt;<br>
&nbsp;&nbsp;&nbsp;&nbsp; &lt;param name="radius_config" value="/usr/local/etc/radiusclient/radiusclient.conf"/&gt;&nbsp; <br>&nbsp; &lt;/settings&gt;<br><br>&nbsp; &lt;client&gt;<br>&nbsp;&nbsp;&nbsp; &lt;param name="authserver" value="x.x.x.x:1812:gateway"/&gt; <br>
&nbsp;&nbsp;&nbsp; &lt;param name="authserver" value="x.x.x.x:1812:gateway"/&gt;<br>&nbsp;&nbsp;&nbsp; &lt;param name="dictionary" value="/usr/local/etc/radiusclient/dictionary.all"/&gt;<br>&nbsp;&nbsp;&nbsp; &lt;param name="seqfile" value="/var/run/radius.seq"/&gt;<br>
&nbsp;&nbsp;&nbsp; &lt;param name="mapfile" value="/usr/local/etc/radiusclient/port-id-map"/&gt;<br>&nbsp;&nbsp;&nbsp; &lt;param name="default_realm" value=""/&gt;<br>&nbsp;&nbsp;&nbsp; &lt;param name="radius_timeout" value="2"/&gt;<br>
&nbsp;&nbsp;&nbsp; &lt;param name="radius_retries" value="1"/&gt;<br>&nbsp;&nbsp;&nbsp; &lt;param name="radius_deadtime" value="60"/&gt;<br>&nbsp;&nbsp;&nbsp; &lt;param name="bindaddr" value="*"/&gt; <br>&nbsp; &lt;/client&gt;<br>
<br>&nbsp; &lt;vsas&gt;<br>&nbsp;&nbsp;&nbsp; &lt;!-- <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; name:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; just a description<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; value:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; direct input or variable <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pec:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; vendor ID (0 for default, 9 for cisco...)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; expr:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 for channel variable, 2 for direct input<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; direction:&nbsp; in for radius-request, out for radius-response<br>&nbsp;&nbsp;&nbsp; --&gt;<br><br>&nbsp;&nbsp;&nbsp; &lt;!-- mappings for radius request message; input attributes --&gt;<br>&nbsp;&nbsp;&nbsp; &lt;param name="h323-conf-id" id="24" value="CALLID" pec="9" expr="1" direction="in"/&gt;<br>
&nbsp;&nbsp;&nbsp; &lt;param name="Calling-Station-Id" id="31" value="CALLINGNUMBER" pec="0" expr="1" direction="in"/&gt; <br>&nbsp;&nbsp;&nbsp; &lt;param name="NAS-Port-Type" id="61" value="0" pec="0" expr="0" direction="in"/&gt;<br>
&nbsp;&nbsp;&nbsp; &lt;param name="NAS-Port-Id" id="87" value="ISDN 3/0:D:14" pec="0" expr="0" direction="in"/&gt;<br>&nbsp;&nbsp;&nbsp; &lt;param name="Login-User" id="1" value="1" pec="0" expr="0" direction="in"/&gt;<br>
<br>&nbsp;&nbsp;&nbsp; &lt;!-- mappings for radius-response message; output values from returning outributes --&gt;<br>&nbsp;&nbsp;&nbsp; &lt;param name="CREDIT_AMOUNT" id="101" value="credit_amount" pec="9" expr="0" direction="out"/&gt;<br>
&nbsp;&nbsp;&nbsp; &lt;param name="CREDIT_TIME" id="102" value="credit_time" pec="9" expr="0" direction="out"/&gt;<br>&nbsp;&nbsp;&nbsp; &lt;param name="RADIUS_RETURN_CODE" id="103" value="return_code" pec="9" expr="0" direction="out"/&gt;<br>
&nbsp;&nbsp;&nbsp; &lt;!-- expr param is to be ignored here--&gt;<br>&nbsp; &lt;/vsas&gt;<br>&lt;/configuration&gt;<br><br><br><br><br>&nbsp; &lt;extension name="RADIUS_ANI_AUTH"&gt;<br>&nbsp;&nbsp;&nbsp; &lt;condition field="destination_number" expression="^RADIUS_ANI_AUTH$"&gt;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="log" data="INFO&nbsp; Before Auth "/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="auth_function" data="in ${DIALED_NUMBER}, in ${USERNAME}, in ${PASSWD}, out AUTH_RESULT"/&gt;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="execute_extension" data="CHECK_IF_AUTORIZED XML default"/&gt;<br>&nbsp;&nbsp;&nbsp; &lt;/condition&gt;<br>&nbsp; &lt;/extension&gt;<br><br><br><br>&nbsp; &lt;extension name="CHECK_IF_AUTORIZED"&gt;<br>
&nbsp;&nbsp;&nbsp; &lt;condition field="destination_number" expression="^CHECK_IF_AUTORIZED$"/&gt;<br>&nbsp;&nbsp;&nbsp; &lt;condition field="${ANI_AUTH_RESULT}" expression="^NOK$"&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="log" data="INFO ################# Unauthorized - reject call ################\n"/&gt;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="playback" data="/path/to/file/your_call_is_not_authorized.wav"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="playback" data="/path/to/file/your_call_will_disconnect.wav"/&gt;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="hangup" data="CALL_REJECTED"/&gt;<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;anti-action application="log" data="INFO ################# Authorized - let it go! ################\n"/&gt;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;anti-action application="log" data="INFO ################# Radius returned attributes - start ################\n"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;anti-action application="log" data="INFO&nbsp; AUTH_RESULT=${AUTH_RESULT}"/&gt;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;anti-action application="log" data="INFO&nbsp; billing_model=${billing_model}"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;anti-action application="log" data="INFO&nbsp; credit_amount=${credit_amount}"/&gt;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;anti-action application="log" data="INFO&nbsp; currency=${currency}"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;anti-action application="log" data="INFO&nbsp; preffered_lang=${preffered_lang}"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;anti-action application="log" data="INFO&nbsp; credit_time=${credit_time}"/&gt;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;anti-action application="log" data="INFO&nbsp; h323_ivr_duration=${h323_ivr_duration}"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;anti-action application="log" data="INFO&nbsp; return_code=${return_code}"/&gt;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;anti-action application="log" data="INFO ################# Radius returned attributes - end ################\n"/&gt;<br>&nbsp;&nbsp;&nbsp; &lt;/condition&gt;<br>&nbsp; &lt;/extension&gt;<br><br><br><br><br>&nbsp; <br>
&nbsp; &lt;extension name="Local_Extension"&gt;<br>&nbsp;&nbsp;&nbsp; &lt;condition field="destination_number" expression="^(10[01][0-9])$"&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="set" data="dialed_extension=$1"/&gt;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="export" data="dialed_extension=$1"/&gt;<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action inline="true" application="set" data="CALLID=h323-conf-id=${uuid}"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action inline="true" application="set" data="CALLINGNUMBER=${caller_id_number}"/&gt;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action inline="true" application="set" data="USERNAME=${caller_id_number}"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action inline="true" application="set" data="PASSWD=1234"/&gt;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action inline="true" application="set" data="DIALED_NUMBER=${dialed_extension}"/&gt; <br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="execute_extension" data="RADIUS_ANI_AUTH XML default"/&gt;<br>
<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;!-- bind_meta_app can have these args &lt;key&gt; [a|b|ab] [a|b|o|s] &lt;app&gt; --&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="bind_meta_app" data="1 b s execute_extension::dx XML features"/&gt;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="bind_meta_app" data="2 b s record_session::$${recordings_dir}/${caller_id_number}.${strftime(%Y-%m-%d-%H-%M-%S)}.wav"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="bind_meta_app" data="3 b s execute_extension::cf XML features"/&gt;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="set" data="ringback=${us-ring}"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="set" data="transfer_ringback=$${hold_music}"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="set" data="call_timeout=30"/&gt;<br>
<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;!-- &lt;action application="set" data="sip_exclude_contact=${network_addr}"/&gt; --&gt;<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="set" data="hangup_after_bridge=true"/&gt;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;!--&lt;action application="set" data="continue_on_fail=NORMAL_TEMPORARY_FAILURE,USER_BUSY,NO_ANSWER,TIMEOUT,NO_ROUTE_DESTINATION"/&gt; --&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="set" data="continue_on_fail=true"/&gt;<br>
<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="hash" data="insert/${domain_name}-call_return/${dialed_extension}/${caller_id_number}"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="hash" data="insert/${domain_name}-last_dial_ext/${dialed_extension}/${uuid}"/&gt;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="set" data="called_party_callgroup=${user_data(${dialed_extension}@${domain_name} var callgroup)}"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;!--&lt;action application="export" data="nolocal:sip_secure_media=${user_data(${dialed_extension}@${domain_name} var sip_secure_media)}"/&gt;--&gt;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="hash" data="insert/${domain_name}-last_dial/${called_party_callgroup}/${uuid}"/&gt;<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="bridge" data="user/${dialed_extension}@${domain_name}"/&gt;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="answer"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="sleep" data="1000"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="voicemail" data="default ${domain_name} ${dialed_extension}"/&gt;<br>
&nbsp;&nbsp;&nbsp; &lt;/condition&gt;<br>&nbsp; &lt;/extension&gt;<br><br><br><br><br><br>If you still have issues, contact me off the list and provide access to the server... i don't know what to say to you anymore on this topic.<br><br>
its more than clear.<br><br><br>
<br>_______________________________________________
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org</div>                                               </body>
</html>