[Freeswitch-users] Radius AAA
Abid Saleem
abid_freeswitch at live.com
Sun Nov 14 02:45:23 PST 2010
Dear Tihomir,
I pointed to these lines before in a previous message. Anyway we had already fixed the issue ourselves. It was due to dictionary not having proper values for the attributes. We found the following problems with the information provided on the Wiki.
1- The default dictionary mentioned as dictionary.all is not present in the mentioned path so we had to change the config to point to exact name of dictionary.2- The default dictionary does not contain these Cisco attributes like "h323-credit-amount", "h323-credit-time" etc. So we had to add these attributes.3- Even after adding the attributes, it does not work because the radiusclient does not recognize the vendor from its vendor id = 9 but it checks another field like "vendor=Cisco". So for this module to work properly, the entries in the dictionary for Cisco should be like this.
VENDOR Cisco 9ATTRIBUTE h323-credit-amount 101 string vendor=CiscoATTRIBUTE h323-credit-time 102 string vendor=CiscoATTRIBUTE h323-return-code 103 string vendor=Cisco
I did not test the dictionary you have sent but it might be working because it has vendor name as Cxss. So may I update the Wiki?
Thank you for all the time I took from you and sorry for inconvenience.
Regards--------Abid Saleem
Date: Sat, 13 Nov 2010 22:38:31 +0100
From: tculjaga at gmail.com
To: freeswitch-users at lists.freeswitch.org
Subject: Re: [Freeswitch-users] Radius AAA
On Sat, Nov 13, 2010 at 9:04 AM, Abid Saleem <abid_freeswitch at live.com> wrote:
Dear Tihomir,
I think you did not understand what my problem is. Let me explain.
I know that I can evaluate the response from auth_function and act accordingly (bridge or not bridge the call according to auth result). This part is ok and I can do it because I am getting OK or NOK in AUTH_RESULT. The issue is I need to disconnect the call after scheduled number of seconds returned by radius in h323-credit-time attribute whose value in this case is not being populated into credit_time parameter of FS.
well, you could have pointed the finger on this before :P
2010-11-04 18:09:53.396212 [DEBUG] mod_rad_auth.c:491 sending radius packet ...
2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:497 RADIUS Authentication OK2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: BILING_MODEL2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out attribute id: 109, pec:9, (BILING_MODEL)
2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:519 Handle attribute: CREDIT_AMOUNT2010-11-04 18:09:54.571999 [DEBUG] mod_rad_auth.c:529 No found out attribute id: 101, pec:9, (CREDIT_AMOUNT)
the attribute with id:109 and pec:9 is not found in the returning radius message. This can just mean 2 things:
1. really not present in the returning radius message
2. the module doesn't have an appropriate dictionary referencing pec 9 and id 102.
well, here its the dictionary im positive of that... so find attached the one im using. Put this on your server and its gonna work.
If you still do not understand, lets put it this way that even if I use the mod_rad_auth.conf.xml and dialplan configuration you sent, still the FS is not able to obtain the value of credit_amount and credit_time although radius response parameters are received by the server.
as i said before ... check your dictionary.
Also I have checked in mod_rad_auth.c file that all entries related to credit_amount, billing_model etc are commented and credit_time does not even exist in that file.
you are missing the point of this module ... the VSAs are configurable via config file.
_______________________________________________
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20101114/e5219651/attachment.html
More information about the FreeSWITCH-users
mailing list