[Freeswitch-users] Radius AAA

Abid Saleem abid_freeswitch at live.com
Mon Nov 8 03:41:51 PST 2010 

Hi,
This is part of my mod_rad_auth.conf.xml.
<!--          name:       just a description         value:      direct input or variable          pec:        vendor ID (0 for default, 9 for cisco...)         expr:       0 - direct input (string), 1 - channel variable         direction:  in for radius-request, out for radius-response    -->
    <!-- mappings for radius request message; input attributes -->    <param name="h323-conf-id" id="24" value="CALLID" pec="0" expr="1" direction="in"/>    <!--param name="h323-prompt-id" id="104" value="SERVICENUM" pec="9" expr="1" direction="in"/-->    <!--param name="Cisco-AVPair" id="1" value="TRANSACTIONID" pec="9" expr="1" direction="in"/-->    <param name="Calling-Station-Id" id="31" value="CALLINGNUMBER" pec="0" expr="1" direction="in"/>    <!--param name="Called-Station-Id" id="31" value="${destination_number}" pec="0" expr="1" direction="in"/>-->    <param name="NAS-Port-Type" id="61" value="0" pec="0" expr="0" direction="in"/>    <!--param name="NAS-Port-Id" id="87" value="ISDN 3/0:D:14" pec="0" expr="0" direction="in"/-->    <!--param name="Login-User" id="1" value="1000" pec="0" expr="0" direction="in"/-->
    <!-- mappings for radius-response message; output values from returning outributes -->    <param name="BILING_MODEL" id="109" value="biling_model" pec="9" expr="0" direction="out"/>    <param name="CREDIT_AMOUNT" id="101" value="credit_amount" pec="9" expr="0" direction="out"/>    <param name="CURRENCY" id="110" value="currency" pec="9" expr="0" direction="out"/>    <param name="PREFFERED_LANG" id="107" value="preffered_lang" pec="9" expr="0" direction="out"/>    <param name="CREDIT_TIME" id="102" value="credit_time" pec="9" expr="0" direction="out"/>    <param name="H323-IVR-IN:DIRATION" id="1" value="h323_ivr_duration" pec="9" expr="0" direction="out"/>    <param name="RADIUS_RETURN_CODE" id="103" value="return_code" pec="9" expr="0" direction="out"/>    <!-- expr param is to be ignored here-->
  </vsas> </configuration>
Date: Mon, 8 Nov 2010 11:15:19 +0100
From: tculjaga at gmail.com
To: freeswitch-users at lists.freeswitch.org
Subject: Re: [Freeswitch-users] Radius AAA

please paste your rad_auth.conf.xml




On Mon, Nov 8, 2010 at 10:41 AM, Abid Saleem <abid_freeswitch at live.com> wrote:






Hi,
Please find the ethereal capture attached. Please let me know should you need additional information. Thanks.
Regards------------Abid Saleem


Date: Mon, 8 Nov 2010 09:37:01 +0100
From: tculjaga at gmail.com
To: freeswitch-users at lists.freeswitch.org

Subject: Re: [Freeswitch-users] Radius AAA

can you provide a wireshark sniff ?

On Fri, Nov 5, 2010 at 5:57 AM, Abid Saleem <abid_freeswitch at live.com> wrote:







This is what I am saying that these variables do exist in returning radius messages. My Radius response is as below for reference
Sending Access-Accept of id 224 to 119.158.138.83 port 1027

        h323-credit-amount := "h323-credit-amount=5"        h323-return-code := "h323-return-code=0"        h323-credit-time := "h323-credit-time=120"Finished request 0.


Please help me with this. Thanks.
Regards------------Abid Saleem
Date: Thu, 4 Nov 2010 15:14:57 +0100
From: tculjaga at gmail.com


To: freeswitch-users at lists.freeswitch.org
Subject: Re: [Freeswitch-users] Radius AAA

as i said you need to evaluate the returning value from app_function and act accordingly...if the result is "OK" it measn authorizes if its "NOK" it means its failed. Im not going into your application and how you are doing it... you have an example on how to do it in my prev e-mail.




you cannot populate variables that doesn't exist in the returning radius messages:


No found out attribute id: 109, pec:9
No found out attribute id: 101, pec:9
No found out attribute id: 110, pec:9




and so on ... simply, Access Accept messages doesn't have these attributes that you are trying to map into channel variables.




On Thu, Nov 4, 2010 at 2:35 PM, Abid Saleem <abid_freeswitch at live.com> wrote:








Hi,
Thanks. This is good for Calling Card type IVR application but I am using it for my SIP UA for authorization only where authorization is required when I make a call from extension 1000. 1000 is a registered user in billing. Can you please provide a simple example with this ANI Authorization scenerio. Also I am getting the following in debug which means radius response values are not being populated in credit_amount, credit_time and return_code attributes. Please help me. 



2010-11-04 18:09:53.396212 [DEBUG] mod_rad_auth.c:491 sending radius packet ...2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:497 RADIUS Authentication OK2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: BILING_MODEL


2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 109, pec:9, (BILING_MODEL)2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: CREDIT_AMOUNT


2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 101, pec:9, (CREDIT_AMOUNT)2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: CURRENCY2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 110, pec:9, (CURRENCY)


2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: PREFFERED_LANG2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 107, pec:9, (PREFFERED_LANG)


2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: CREDIT_TIME2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 102, pec:9, (CREDIT_TIME)2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: H323-IVR-IN:DIRATION


2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 1, pec:9, (H323-IVR-IN:DIRATION)2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: RADIUS_RETURN_CODE


2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529   No found out attribute id: 103, pec:9, (RADIUS_RETURN_CODE)EXECUTE sofia/internal/1000 at 192.168.0.100 set(execute_on_answer=sched_hangup +  />           <action application=)


2010-11-04 18:09:54.571999 [DEBUG] mod_dptools.c:816 sofia/internal/1000 at 192.168.0.100 SET [execute_on_answer]=[sched_hangup +  />           <action application=]


EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO  biling_model=)2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946  biling_model=
EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO  credit_amount=)2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946  credit_amount=


EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO  currency=)2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946  currency=
EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO  preffered_lang=)2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946  preffered_lang=


EXECUTE sofia/internal/1000 at 192.168.0.100 log(INFO  credit_time=)2010-11-04 18:09:54.571999 [INFO] mod_dptools.c:946  credit_time=




Date: Thu, 4 Nov 2010 00:10:28 +0100
From: tculjaga at gmail.com
To: freeswitch-users at lists.freeswitch.org



Subject: Re: [Freeswitch-users] Radius AAA

hello, 

auth_function application returns a "OK" or "NOK" result in a channel variable (in this example ANI_AUTH_RESULT). You need to evaluate the result and act accordingly.




here is some example (part of my IVR) that checks the user's ANI id if its known to the billing just prompts for destination number if not, prompts for PIN.



  <extension name="ANIorPIN">
    <condition field="destination_number" expression="^ANIorPIN$">
      <action application="set" data="CALLINGNUMBER=${caller_id_number}"/>




      <action application="auth_function" data="in ${DIALED_NUMBER}, in ${caller_id_number}, in 1234, out ANI_AUTH_RESULT"/>
      <action application="execute_extension" data="CheckANI XML NXIVR"/>




    </condition>
  </extension>


  <extension name="CheckANI">
    <condition field="destination_number" expression="^CheckANI$"/>
    <condition field="${ANI_AUTH_RESULT}" expression="^NOK$">




      <action application="log" data="INFO ################# UNKNOWN ANI, go to ENTER PIN ################\n"/>
      <action application="execute_extension" data="EnterPIN XML NXIVR"/>





      <action application="log" data="INFO ################# I KNOW WHO YOU ARE go to get destination number ################\n"/>
      <anti-action inline="true" application="export" data="UNAME=${caller_id_number}"/>




      <anti-action inline="true" application="export" data="PASSWD=1234"/>
      <anti-action application="execute_extension" data="GetDstNum XML NXIVR"/>




    </condition>
  </extension>


 <extension name="EnterPIN">
    <condition field="destination_number" expression="^EnterPIN$">
      <action application="set" data="playback_delimiter=!"/>




      <action application="set" data="playback_terminators=#*0123456789"/>
      <action application="read" data="${PIN_MIN_DIG} ${PIN_MAX_DIG} ${PIN_ERR_PR}!${CARD_NUMBER_PR} PIN ${PIN_TIMEOUT} *"/>




      <action application="set" data="credit_amount=h323-credit-amount=0"/>
      <action inline="true" application="set" data="PIN_RETRIES=${expr(${PIN_RETRIES}+1)}"/>




      <action application="execute_extension" data="ParsePIN XML NXIVR"/>

      <action application="log" data="INFO  PIN=${PIN}"/>
      <action application="log" data="INFO  UNAME=${UNAME}"/>




      <action application="log" data="INFO  PASSWD=${PASSWD}"/>

      <action inline="true" application="export" data="DIALED_NUMBER="""/>





      <action application="auth_function" data="in ${DIALED_NUMBER}, in ${UNAME}, in ${PASSWD}, out AUTH_RESULT"/>
      <action application="set" data="auto_hunt=true"/>




      <action application="execute_extension" data="PARSE_RET_CODE XML NXIVR"/>
      <action application="execute_extension" data="CheckPIN XML NXIVR"/>
    </condition>




  </extension>


 <extension name="GetDstNum">
    <condition field="destination_number" expression="^GetDstNum$">
      <action application="set" data="bind_meta_key=#"/>




      <action application="bind_meta_app" data="0 a a transfer::LongDTMF XML NXIVR"/>

      <action application="set" data="playback_delimiter=!"/>
      <action application="set" data="playback_terminators=#*0123456789"/>




      <action application="read" data="${DST_MIN_DIG} ${DST_MAX_DIG} ${DST_ERR_PR}!${ENTER_DEST_PR} DN ${DST_TIMEOUT} *"/>
      <action application="execute_extension" data="TranslateLocal XML NXIVR"/>




      <action inline="true" application="set" data="DST_RETRIES=${expr(${DST_RETRIES}+1)}"/>
      <action application="execute_extension" data="ParseDN XML NXIVR"/>




      <action application="auth_function" data="in ${DIALED_NUMBER}, in ${UNAME}, in ${PASSWD}, out AUTH_RESULT"/>
      <action application="set" data="CALLINGNUMBER=${caller_id_number}"/>




      <action application="execute_extension" data="PARSE_RET_CODE XML NXIVR"/>
      <action application="execute_extension" data="CheckDstNum XML NXIVR"/>
    </condition>




  </extension>













_______________________________________________
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org 		 	   		  

_______________________________________________

FreeSWITCH-users mailing list

FreeSWITCH-users at lists.freeswitch.org

http://lists.freeswitch.org/mailman/listinfo/freeswitch-users

UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users

http://www.freeswitch.org





_______________________________________________
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org 		 	   		  

_______________________________________________

FreeSWITCH-users mailing list

FreeSWITCH-users at lists.freeswitch.org

http://lists.freeswitch.org/mailman/listinfo/freeswitch-users

UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users

http://www.freeswitch.org





_______________________________________________
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org 		 	   		  

_______________________________________________

FreeSWITCH-users mailing list

FreeSWITCH-users at lists.freeswitch.org

http://lists.freeswitch.org/mailman/listinfo/freeswitch-users

UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users

http://www.freeswitch.org





_______________________________________________
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20101108/f76717d3/attachment-0001.html

More information about the FreeSWITCH-users mailing list