[Freeswitch-users] Radius AAA

Thu Nov 11 03:58:13 PST 2010

On Thu, Nov 11, 2010 at 8:27 AM, Abid Saleem <abid_freeswitch at live.com>wrote:

>  Dear Tihomir,
>
> Good day. I am still waiting for your answer on the below subject. Could
> you please guide me further so I can fix this issue with mod_rad_auth. I
> hope you understand what is my problem.
>
>
>

Abid, i cannot write the dialplan for you. This part you should do by
yourself. I have explained how this module is supposed to work... and it
really does.

you need to evaluate the response from auth_function and act accordingly
(bridge or not bridge the call according to auth result)

again, here is an example:

module config:

<configuration name="rad_auth.conf" description="radius authentification
module">
  <settings>
     <!-- backward compatibility to allow radiusclient config file instead
of an embedded config -->
     <param name="radius_config"
value="/usr/local/etc/radiusclient/radiusclient.conf"/>
  </settings>

  <client>
    <param name="authserver" value="x.x.x.x:1812:gateway"/>
    <param name="authserver" value="x.x.x.x:1812:gateway"/>
    <param name="dictionary"
value="/usr/local/etc/radiusclient/dictionary.all"/>
    <param name="seqfile" value="/var/run/radius.seq"/>
    <param name="mapfile" value="/usr/local/etc/radiusclient/port-id-map"/>
    <param name="default_realm" value=""/>
    <param name="radius_timeout" value="2"/>
    <param name="radius_retries" value="1"/>
    <param name="radius_deadtime" value="60"/>
    <param name="bindaddr" value="*"/>
  </client>

  <vsas>
    <!--
         name:       just a description
         value:      direct input or variable
         pec:        vendor ID (0 for default, 9 for cisco...)
         expr:       1 for channel variable, 2 for direct input
         direction:  in for radius-request, out for radius-response
    -->

    <!-- mappings for radius request message; input attributes -->
    <param name="h323-conf-id" id="24" value="CALLID" pec="9" expr="1"
direction="in"/>
    <param name="Calling-Station-Id" id="31" value="CALLINGNUMBER" pec="0"
expr="1" direction="in"/>
    <param name="NAS-Port-Type" id="61" value="0" pec="0" expr="0"
direction="in"/>
    <param name="NAS-Port-Id" id="87" value="ISDN 3/0:D:14" pec="0" expr="0"
direction="in"/>
    <param name="Login-User" id="1" value="1" pec="0" expr="0"
direction="in"/>

    <!-- mappings for radius-response message; output values from returning
outributes -->
    <param name="CREDIT_AMOUNT" id="101" value="credit_amount" pec="9"
expr="0" direction="out"/>
    <param name="CREDIT_TIME" id="102" value="credit_time" pec="9" expr="0"
direction="out"/>
    <param name="RADIUS_RETURN_CODE" id="103" value="return_code" pec="9"
expr="0" direction="out"/>
    <!-- expr param is to be ignored here-->
  </vsas>
</configuration>

  <extension name="RADIUS_ANI_AUTH">
    <condition field="destination_number" expression="^RADIUS_ANI_AUTH$">
      <action application="log" data="INFO  Before Auth "/>
      <action application="auth_function" data="in ${DIALED_NUMBER}, in
${USERNAME}, in ${PASSWD}, out AUTH_RESULT"/>
      <action application="execute_extension" data="CHECK_IF_AUTORIZED XML
default"/>
    </condition>
  </extension>

  <extension name="CHECK_IF_AUTORIZED">
    <condition field="destination_number"
expression="^CHECK_IF_AUTORIZED$"/>
    <condition field="${ANI_AUTH_RESULT}" expression="^NOK$">
      <action application="log" data="INFO ################# Unauthorized -
reject call ################\n"/>
      <action application="playback"
data="/path/to/file/your_call_is_not_authorized.wav"/>
      <action application="playback"
data="/path/to/file/your_call_will_disconnect.wav"/>
      <action application="hangup" data="CALL_REJECTED"/>

      <anti-action application="log" data="INFO ################# Authorized
- let it go! ################\n"/>
      <anti-action application="log" data="INFO ################# Radius
returned attributes - start ################\n"/>
      <anti-action application="log" data="INFO
AUTH_RESULT=${AUTH_RESULT}"/>
      <anti-action application="log" data="INFO
billing_model=${billing_model}"/>
      <anti-action application="log" data="INFO
credit_amount=${credit_amount}"/>
      <anti-action application="log" data="INFO  currency=${currency}"/>
      <anti-action application="log" data="INFO
preffered_lang=${preffered_lang}"/>
      <anti-action application="log" data="INFO
credit_time=${credit_time}"/>
      <anti-action application="log" data="INFO
h323_ivr_duration=${h323_ivr_duration}"/>
      <anti-action application="log" data="INFO
return_code=${return_code}"/>
      <anti-action application="log" data="INFO ################# Radius
returned attributes - end ################\n"/>
    </condition>
  </extension>

  <extension name="Local_Extension">
    <condition field="destination_number" expression="^(10[01][0-9])$">
      <action application="set" data="dialed_extension=$1"/>
      <action application="export" data="dialed_extension=$1"/>

      <action inline="true" application="set"
data="CALLID=h323-conf-id=${uuid}"/>
      <action inline="true" application="set"
data="CALLINGNUMBER=${caller_id_number}"/>
      <action inline="true" application="set"
data="USERNAME=${caller_id_number}"/>
      <action inline="true" application="set" data="PASSWD=1234"/>
      <action inline="true" application="set"
data="DIALED_NUMBER=${dialed_extension}"/>

      <action application="execute_extension" data="RADIUS_ANI_AUTH XML
default"/>

       <!-- bind_meta_app can have these args <key> [a|b|ab] [a|b|o|s] <app>
-->
       <action application="bind_meta_app" data="1 b s execute_extension::dx
XML features"/>
       <action application="bind_meta_app" data="2 b s
record_session::$${recordings_dir}/${caller_id_number}.${strftime(%Y-%m-%d-%H-%M-%S)}.wav"/>
       <action application="bind_meta_app" data="3 b s execute_extension::cf
XML features"/>
       <action application="set" data="ringback=${us-ring}"/>
       <action application="set" data="transfer_ringback=$${hold_music}"/>
       <action application="set" data="call_timeout=30"/>

       <!-- <action application="set"
data="sip_exclude_contact=${network_addr}"/> -->

       <action application="set" data="hangup_after_bridge=true"/>
       <!--<action application="set"
data="continue_on_fail=NORMAL_TEMPORARY_FAILURE,USER_BUSY,NO_ANSWER,TIMEOUT,NO_ROUTE_DESTINATION"/>
-->
       <action application="set" data="continue_on_fail=true"/>

       <action application="hash"
data="insert/${domain_name}-call_return/${dialed_extension}/${caller_id_number}"/>
       <action application="hash"
data="insert/${domain_name}-last_dial_ext/${dialed_extension}/${uuid}"/>
       <action application="set"
data="called_party_callgroup=${user_data(${dialed_extension}@${domain_name}
var callgroup)}"/>
       <!--<action application="export"
data="nolocal:sip_secure_media=${user_data(${dialed_extension}@${domain_name}
var sip_secure_media)}"/>-->
       <action application="hash"
data="insert/${domain_name}-last_dial/${called_party_callgroup}/${uuid}"/>

       <action application="bridge" data="user/${dialed_extension}@
${domain_name}"/>
       <action application="answer"/>
       <action application="sleep" data="1000"/>
       <action application="voicemail" data="default ${domain_name}
${dialed_extension}"/>
    </condition>
  </extension>

If you still have issues, contact me off the list and provide access to the
server... i don't know what to say to you anymore on this topic.

its more than clear.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20101111/b4db45e6/attachment-0001.html 