[Freeswitch-users] Radius AAA
Tihomir Culjaga
tculjaga at gmail.com
Thu Nov 4 07:14:57 PDT 2010
as i said you need to evaluate the returning value from app_function and act
accordingly...if the result is "OK" it measn authorizes if its "NOK" it
means its failed. Im not going into your application and how you are doing
it... you have an example on how to do it in my prev e-mail.
you cannot populate variables that doesn't exist in the returning radius
messages:
No found out attribute id: 109, pec:9
No found out attribute id: 101, pec:9
No found out attribute id: 110, pec:9
and so on ... simply, Access Accept messages doesn't have these attributes
that you are trying to map into channel variables.
On Thu, Nov 4, 2010 at 2:35 PM, Abid Saleem <abid_freeswitch at live.com>wrote:
> Hi,
>
> Thanks. This is good for Calling Card type IVR application but I am using
> it for my SIP UA for authorization only where authorization is required when
> I make a call from extension 1000. 1000 is a registered user in billing. Can
> you please provide a simple example with this ANI Authorization scenerio.
> Also I am getting the following in debug which means radius response values
> are not being populated in credit_amount, credit_time and return_code
> attributes. Please help me.
>
> 2010-11-04 18:09:53.396212 [DEBUG] mod_rad_auth.c:491 sending radius packet
> ...
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:497 RADIUS Authentication
> OK
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
> BILING_MODEL
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
> attribute id: 109, pec:9, (BILING_MODEL)
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
> CREDIT_AMOUNT
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
> attribute id: 101, pec:9, (CREDIT_AMOUNT)
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
> CURRENCY
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
> attribute id: 110, pec:9, (CURRENCY)
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
> PREFFERED_LANG
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
> attribute id: 107, pec:9, (PREFFERED_LANG)
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
> CREDIT_TIME
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
> attribute id: 102, pec:9, (CREDIT_TIME)
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
> H323-IVR-IN:DIRATION
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
> attribute id: 1, pec:9, (H323-IVR-IN:DIRATION)
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
> RADIUS_RETURN_CODE
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out
> attribute id: 103, pec:9, (RADIUS_RETURN_CODE)
> EXECUTE sofia/internal/1000 at 192.168.0.100set(execute_on_answer=sched_hangup + /> <action application=)
> 2010-11-04 18:09:54.571999 [DEBUG] mod_dptools.c:816 sofia/internal/
> 1000 at 192.168.0.100 SET [execute_on_answer]=[sched_hangup + />
> <action application=]
> EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO biling_model=)
> 2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946 biling_model=
> EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO credit_amount=)
> 2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946 credit_amount=
> EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO currency=)
> 2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946 currency=
> EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO preffered_lang=)
> 2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946 preffered_lang=
> EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO credit_time=)
> 2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946 credit_time=
>
>
> ------------------------------
> Date: Thu, 4 Nov 2010 00:10:28 +0100
>
> From: tculjaga at gmail.com
> To: freeswitch-users at lists.freeswitch.org
> Subject: Re: [Freeswitch-users] Radius AAA
>
> hello,
>
> auth_function application returns a "OK" or "NOK" result in a channel
> variable (in this example ANI_AUTH_RESULT). You need to evaluate the result
> and act accordingly.
>
> here is some example (part of my IVR) that checks the user's ANI id if its
> known to the billing just prompts for destination number if not, prompts for
> PIN.
>
>
> <extension name="ANIorPIN">
> <condition field="destination_number" expression="^ANIorPIN$">
> <action application="set" data="CALLINGNUMBER=${caller_id_number}"/>
> <action application="auth_function" data="in ${DIALED_NUMBER}, in
> ${caller_id_number}, in 1234, out ANI_AUTH_RESULT"/>
> <action application="execute_extension" data="CheckANI XML NXIVR"/>
> </condition>
> </extension>
>
>
> <extension name="CheckANI">
> <condition field="destination_number" expression="^CheckANI$"/>
> <condition field="${ANI_AUTH_RESULT}" expression="^NOK$">
> <action application="log" data="INFO ################# UNKNOWN ANI,
> go to ENTER PIN ################\n"/>
> <action application="execute_extension" data="EnterPIN XML NXIVR"/>
>
> <action application="log" data="INFO ################# I KNOW WHO YOU
> ARE go to get destination number ################\n"/>
> <anti-action inline="true" application="export"
> data="UNAME=${caller_id_number}"/>
> <anti-action inline="true" application="export" data="PASSWD=1234"/>
> <anti-action application="execute_extension" data="GetDstNum XML
> NXIVR"/>
> </condition>
> </extension>
>
>
> <extension name="EnterPIN">
> <condition field="destination_number" expression="^EnterPIN$">
> <action application="set" data="playback_delimiter=!"/>
> <action application="set" data="playback_terminators=#*0123456789"/>
> <action application="read" data="${PIN_MIN_DIG} ${PIN_MAX_DIG}
> ${PIN_ERR_PR}!${CARD_NUMBER_PR} PIN ${PIN_TIMEOUT} *"/>
> <action application="set" data="credit_amount=h323-credit-amount=0"/>
> <action inline="true" application="set"
> data="PIN_RETRIES=${expr(${PIN_RETRIES}+1)}"/>
> <action application="execute_extension" data="ParsePIN XML NXIVR"/>
>
> <action application="log" data="INFO PIN=${PIN}"/>
> <action application="log" data="INFO UNAME=${UNAME}"/>
> <action application="log" data="INFO PASSWD=${PASSWD}"/>
>
> <action inline="true" application="export" data="DIALED_NUMBER="""/>
>
> <action application="auth_function" data="in ${DIALED_NUMBER}, in
> ${UNAME}, in ${PASSWD}, out AUTH_RESULT"/>
> <action application="set" data="auto_hunt=true"/>
> <action application="execute_extension" data="PARSE_RET_CODE XML
> NXIVR"/>
> <action application="execute_extension" data="CheckPIN XML NXIVR"/>
> </condition>
> </extension>
>
>
> <extension name="GetDstNum">
> <condition field="destination_number" expression="^GetDstNum$">
> <action application="set" data="bind_meta_key=#"/>
> <action application="bind_meta_app" data="0 a a transfer::LongDTMF
> XML NXIVR"/>
>
> <action application="set" data="playback_delimiter=!"/>
> <action application="set" data="playback_terminators=#*0123456789"/>
> <action application="read" data="${DST_MIN_DIG} ${DST_MAX_DIG}
> ${DST_ERR_PR}!${ENTER_DEST_PR} DN ${DST_TIMEOUT} *"/>
> <action application="execute_extension" data="TranslateLocal XML
> NXIVR"/>
> <action inline="true" application="set"
> data="DST_RETRIES=${expr(${DST_RETRIES}+1)}"/>
> <action application="execute_extension" data="ParseDN XML NXIVR"/>
> <action application="auth_function" data="in ${DIALED_NUMBER}, in
> ${UNAME}, in ${PASSWD}, out AUTH_RESULT"/>
> <action application="set" data="CALLINGNUMBER=${caller_id_number}"/>
> <action application="execute_extension" data="PARSE_RET_CODE XML
> NXIVR"/>
> <action application="execute_extension" data="CheckDstNum XML
> NXIVR"/>
> </condition>
> </extension>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________ FreeSWITCH-users mailing
> list FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20101104/82622ec3/attachment.html
More information about the FreeSWITCH-users
mailing list