[Freeswitch-users] Radius AAA

Tihomir Culjaga tculjaga at gmail.com
Mon Nov 8 02:15:19 PST 2010 

please paste your rad_auth.conf.xml




On Mon, Nov 8, 2010 at 10:41 AM, Abid Saleem <abid_freeswitch at live.com>wrote:

>  Hi,
>
> Please find the ethereal capture attached. Please let me know should you
> need additional information. Thanks.
>
> Regards
> ------------
> Abid Saleem
>
> ------------------------------
> Date: Mon, 8 Nov 2010 09:37:01 +0100
>
> From: tculjaga at gmail.com
> To: freeswitch-users at lists.freeswitch.org
> Subject: Re: [Freeswitch-users] Radius AAA
>
> can you provide a wireshark sniff ?
>
> On Fri, Nov 5, 2010 at 5:57 AM, Abid Saleem <abid_freeswitch at live.com>wrote:
>
>  This is what I am saying that these variables do exist in returning radius
> messages. My Radius response is as below for reference
>
> Sending Access-Accept of id 224 to 119.158.138.83 port 1027
>         h323-credit-amount := "h323-credit-amount=5"
>         h323-return-code := "h323-return-code=0"
>         h323-credit-time := "h323-credit-time=120"
> Finished request 0.
>
> Please help me with this. Thanks.
>
> Regards
> ------------
> Abid Saleem
>
> ------------------------------
> Date: Thu, 4 Nov 2010 15:14:57 +0100
>
> From: tculjaga at gmail.com
> To: freeswitch-users at lists.freeswitch.org
> Subject: Re: [Freeswitch-users] Radius AAA
>
> as i said you need to evaluate the returning value from app_function and
> act accordingly...if the result is "OK" it measn authorizes if its "NOK" it
> means its failed. Im not going into your application and how you are doing
> it... you have an example on how to do it in my prev e-mail.
>
> you cannot populate variables that doesn't exist in the returning radius
> messages:
>
>
> No found out attribute id: 109, pec:9
> No found out attribute id: 101, pec:9
> No found out attribute id: 110, pec:9
>
> and so on ... simply, Access Accept messages doesn't have these attributes
> that you are trying to map into channel variables.
>
>
>
>
> On Thu, Nov 4, 2010 at 2:35 PM, Abid Saleem <abid_freeswitch at live.com>wrote:
>
>  Hi,
>
> Thanks. This is good for Calling Card type IVR application but I am using
> it for my SIP UA for authorization only where authorization is required when
> I make a call from extension 1000. 1000 is a registered user in billing. Can
> you please provide a simple example with this ANI Authorization scenerio.
> Also I am getting the following in debug which means radius response values
> are not being populated in credit_amount, credit_time and return_code
> attributes. Please help me.
>
> 2010-11-04 18:09:53.396212 [DEBUG] mod_rad_auth.c:491 sending radius packet
> ...
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:497 RADIUS Authentication
> OK
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
> BILING_MODEL
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out
> attribute id: 109, pec:9, (BILING_MODEL)
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
> CREDIT_AMOUNT
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out
> attribute id: 101, pec:9, (CREDIT_AMOUNT)
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
> CURRENCY
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out
> attribute id: 110, pec:9, (CURRENCY)
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
> PREFFERED_LANG
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out
> attribute id: 107, pec:9, (PREFFERED_LANG)
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
> CREDIT_TIME
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out
> attribute id: 102, pec:9, (CREDIT_TIME)
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
> H323-IVR-IN:DIRATION
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out
> attribute id: 1, pec:9, (H323-IVR-IN:DIRATION)
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute:
> RADIUS_RETURN_CODE
> 2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out
> attribute id: 103, pec:9, (RADIUS_RETURN_CODE)
> EXECUTE sofia/internal/1000 at 192.168.0.100set(execute_on_answer=sched_hangup +  />           <action application=)
> 2010-11-04 18:09:54.571999 [DEBUG] mod_dptools.c:816 sofia/internal/
> 1000 at 192.168.0.100 SET [execute_on_answer]=[sched_hangup +  />
> <action application=]
> EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO  biling_model=)
> 2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946  biling_model=
> EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO  credit_amount=)
> 2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946  credit_amount=
> EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO  currency=)
> 2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946  currency=
> EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO  preffered_lang=)
> 2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946  preffered_lang=
>  EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO  credit_time=)
> 2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946  credit_time=
>
>
> ------------------------------
> Date: Thu, 4 Nov 2010 00:10:28 +0100
>
> From: tculjaga at gmail.com
> To: freeswitch-users at lists.freeswitch.org
> Subject: Re: [Freeswitch-users] Radius AAA
>
> hello,
>
> auth_function application returns a "OK" or "NOK" result in a channel
> variable (in this example ANI_AUTH_RESULT). You need to evaluate the result
> and act accordingly.
>
> here is some example (part of my IVR) that checks the user's ANI id if its
> known to the billing just prompts for destination number if not, prompts for
> PIN.
>
>
>   <extension name="ANIorPIN">
>     <condition field="destination_number" expression="^ANIorPIN$">
>       <action application="set" data="CALLINGNUMBER=${caller_id_number}"/>
>       <action application="auth_function" data="in ${DIALED_NUMBER}, in
> ${caller_id_number}, in 1234, out ANI_AUTH_RESULT"/>
>       <action application="execute_extension" data="CheckANI XML NXIVR"/>
>     </condition>
>   </extension>
>
>
>   <extension name="CheckANI">
>     <condition field="destination_number" expression="^CheckANI$"/>
>     <condition field="${ANI_AUTH_RESULT}" expression="^NOK$">
>       <action application="log" data="INFO ################# UNKNOWN ANI,
> go to ENTER PIN ################\n"/>
>       <action application="execute_extension" data="EnterPIN XML NXIVR"/>
>
>       <action application="log" data="INFO ################# I KNOW WHO YOU
> ARE go to get destination number ################\n"/>
>       <anti-action inline="true" application="export"
> data="UNAME=${caller_id_number}"/>
>       <anti-action inline="true" application="export" data="PASSWD=1234"/>
>       <anti-action application="execute_extension" data="GetDstNum XML
> NXIVR"/>
>     </condition>
>   </extension>
>
>
>  <extension name="EnterPIN">
>     <condition field="destination_number" expression="^EnterPIN$">
>       <action application="set" data="playback_delimiter=!"/>
>       <action application="set" data="playback_terminators=#*0123456789"/>
>       <action application="read" data="${PIN_MIN_DIG} ${PIN_MAX_DIG}
> ${PIN_ERR_PR}!${CARD_NUMBER_PR} PIN ${PIN_TIMEOUT} *"/>
>       <action application="set" data="credit_amount=h323-credit-amount=0"/>
>       <action inline="true" application="set"
> data="PIN_RETRIES=${expr(${PIN_RETRIES}+1)}"/>
>       <action application="execute_extension" data="ParsePIN XML NXIVR"/>
>
>       <action application="log" data="INFO  PIN=${PIN}"/>
>       <action application="log" data="INFO  UNAME=${UNAME}"/>
>       <action application="log" data="INFO  PASSWD=${PASSWD}"/>
>
>       <action inline="true" application="export" data="DIALED_NUMBER="""/>
>
>       <action application="auth_function" data="in ${DIALED_NUMBER}, in
> ${UNAME}, in ${PASSWD}, out AUTH_RESULT"/>
>       <action application="set" data="auto_hunt=true"/>
>       <action application="execute_extension" data="PARSE_RET_CODE XML
> NXIVR"/>
>       <action application="execute_extension" data="CheckPIN XML NXIVR"/>
>     </condition>
>   </extension>
>
>
>  <extension name="GetDstNum">
>     <condition field="destination_number" expression="^GetDstNum$">
>       <action application="set" data="bind_meta_key=#"/>
>       <action application="bind_meta_app" data="0 a a transfer::LongDTMF
> XML NXIVR"/>
>
>       <action application="set" data="playback_delimiter=!"/>
>       <action application="set" data="playback_terminators=#*0123456789"/>
>       <action application="read" data="${DST_MIN_DIG} ${DST_MAX_DIG}
> ${DST_ERR_PR}!${ENTER_DEST_PR} DN ${DST_TIMEOUT} *"/>
>       <action application="execute_extension" data="TranslateLocal XML
> NXIVR"/>
>       <action inline="true" application="set"
> data="DST_RETRIES=${expr(${DST_RETRIES}+1)}"/>
>       <action application="execute_extension" data="ParseDN XML NXIVR"/>
>       <action application="auth_function" data="in ${DIALED_NUMBER}, in
> ${UNAME}, in ${PASSWD}, out AUTH_RESULT"/>
>       <action application="set" data="CALLINGNUMBER=${caller_id_number}"/>
>       <action application="execute_extension" data="PARSE_RET_CODE XML
> NXIVR"/>
>       <action application="execute_extension" data="CheckDstNum XML
> NXIVR"/>
>     </condition>
>   </extension>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________ FreeSWITCH-users mailing
> list FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> _______________________________________________ FreeSWITCH-users mailing
> list FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> _______________________________________________ FreeSWITCH-users mailing
> list FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20101108/5f5a5d11/attachment-0001.html

More information about the FreeSWITCH-users mailing list