[Freeswitch-users] Radius AAA
Abid Saleem
abid_freeswitch at live.com
Tue Nov 16 03:25:36 PST 2010
Hi Tihomir,
Can you please let me understand what is meant by these two lines you have written in the dialplan.
<condition field="destination_number" expression="^RADIUS_ANI_AUTH$"><action application="execute_extension" data="CHECK_IF_AUTORIZED XML default"/>
Thanks.
Regards---------------Abid Saleem
Date: Thu, 11 Nov 2010 12:58:13 +0100
From: tculjaga at gmail.com
To: freeswitch-users at lists.freeswitch.org
Subject: Re: [Freeswitch-users] Radius AAA
On Thu, Nov 11, 2010 at 8:27 AM, Abid Saleem <abid_freeswitch at live.com> wrote:
Dear Tihomir,
Good day. I am still waiting for your answer on the below subject. Could you please guide me further so I can fix this issue with mod_rad_auth. I hope you understand what is my problem.
Abid, i cannot write the dialplan for you. This part you should do by yourself. I have explained how this module is supposed to work... and it really does.
you need to evaluate the response from auth_function and act accordingly (bridge or not bridge the call according to auth result)
again, here is an example:
module config:
<configuration name="rad_auth.conf" description="radius authentification module">
<settings>
<!-- backward compatibility to allow radiusclient config file instead of an embedded config -->
<param name="radius_config" value="/usr/local/etc/radiusclient/radiusclient.conf"/>
</settings>
<client>
<param name="authserver" value="x.x.x.x:1812:gateway"/>
<param name="authserver" value="x.x.x.x:1812:gateway"/>
<param name="dictionary" value="/usr/local/etc/radiusclient/dictionary.all"/>
<param name="seqfile" value="/var/run/radius.seq"/>
<param name="mapfile" value="/usr/local/etc/radiusclient/port-id-map"/>
<param name="default_realm" value=""/>
<param name="radius_timeout" value="2"/>
<param name="radius_retries" value="1"/>
<param name="radius_deadtime" value="60"/>
<param name="bindaddr" value="*"/>
</client>
<vsas>
<!--
name: just a description
value: direct input or variable
pec: vendor ID (0 for default, 9 for cisco...)
expr: 1 for channel variable, 2 for direct input
direction: in for radius-request, out for radius-response
-->
<!-- mappings for radius request message; input attributes -->
<param name="h323-conf-id" id="24" value="CALLID" pec="9" expr="1" direction="in"/>
<param name="Calling-Station-Id" id="31" value="CALLINGNUMBER" pec="0" expr="1" direction="in"/>
<param name="NAS-Port-Type" id="61" value="0" pec="0" expr="0" direction="in"/>
<param name="NAS-Port-Id" id="87" value="ISDN 3/0:D:14" pec="0" expr="0" direction="in"/>
<param name="Login-User" id="1" value="1" pec="0" expr="0" direction="in"/>
<!-- mappings for radius-response message; output values from returning outributes -->
<param name="CREDIT_AMOUNT" id="101" value="credit_amount" pec="9" expr="0" direction="out"/>
<param name="CREDIT_TIME" id="102" value="credit_time" pec="9" expr="0" direction="out"/>
<param name="RADIUS_RETURN_CODE" id="103" value="return_code" pec="9" expr="0" direction="out"/>
<!-- expr param is to be ignored here-->
</vsas>
</configuration>
<extension name="RADIUS_ANI_AUTH">
<condition field="destination_number" expression="^RADIUS_ANI_AUTH$">
<action application="log" data="INFO Before Auth "/>
<action application="auth_function" data="in ${DIALED_NUMBER}, in ${USERNAME}, in ${PASSWD}, out AUTH_RESULT"/>
<action application="execute_extension" data="CHECK_IF_AUTORIZED XML default"/>
</condition>
</extension>
<extension name="CHECK_IF_AUTORIZED">
<condition field="destination_number" expression="^CHECK_IF_AUTORIZED$"/>
<condition field="${ANI_AUTH_RESULT}" expression="^NOK$">
<action application="log" data="INFO ################# Unauthorized - reject call ################\n"/>
<action application="playback" data="/path/to/file/your_call_is_not_authorized.wav"/>
<action application="playback" data="/path/to/file/your_call_will_disconnect.wav"/>
<action application="hangup" data="CALL_REJECTED"/>
<anti-action application="log" data="INFO ################# Authorized - let it go! ################\n"/>
<anti-action application="log" data="INFO ################# Radius returned attributes - start ################\n"/>
<anti-action application="log" data="INFO AUTH_RESULT=${AUTH_RESULT}"/>
<anti-action application="log" data="INFO billing_model=${billing_model}"/>
<anti-action application="log" data="INFO credit_amount=${credit_amount}"/>
<anti-action application="log" data="INFO currency=${currency}"/>
<anti-action application="log" data="INFO preffered_lang=${preffered_lang}"/>
<anti-action application="log" data="INFO credit_time=${credit_time}"/>
<anti-action application="log" data="INFO h323_ivr_duration=${h323_ivr_duration}"/>
<anti-action application="log" data="INFO return_code=${return_code}"/>
<anti-action application="log" data="INFO ################# Radius returned attributes - end ################\n"/>
</condition>
</extension>
<extension name="Local_Extension">
<condition field="destination_number" expression="^(10[01][0-9])$">
<action application="set" data="dialed_extension=$1"/>
<action application="export" data="dialed_extension=$1"/>
<action inline="true" application="set" data="CALLID=h323-conf-id=${uuid}"/>
<action inline="true" application="set" data="CALLINGNUMBER=${caller_id_number}"/>
<action inline="true" application="set" data="USERNAME=${caller_id_number}"/>
<action inline="true" application="set" data="PASSWD=1234"/>
<action inline="true" application="set" data="DIALED_NUMBER=${dialed_extension}"/>
<action application="execute_extension" data="RADIUS_ANI_AUTH XML default"/>
<!-- bind_meta_app can have these args <key> [a|b|ab] [a|b|o|s] <app> -->
<action application="bind_meta_app" data="1 b s execute_extension::dx XML features"/>
<action application="bind_meta_app" data="2 b s record_session::$${recordings_dir}/${caller_id_number}.${strftime(%Y-%m-%d-%H-%M-%S)}.wav"/>
<action application="bind_meta_app" data="3 b s execute_extension::cf XML features"/>
<action application="set" data="ringback=${us-ring}"/>
<action application="set" data="transfer_ringback=$${hold_music}"/>
<action application="set" data="call_timeout=30"/>
<!-- <action application="set" data="sip_exclude_contact=${network_addr}"/> -->
<action application="set" data="hangup_after_bridge=true"/>
<!--<action application="set" data="continue_on_fail=NORMAL_TEMPORARY_FAILURE,USER_BUSY,NO_ANSWER,TIMEOUT,NO_ROUTE_DESTINATION"/> -->
<action application="set" data="continue_on_fail=true"/>
<action application="hash" data="insert/${domain_name}-call_return/${dialed_extension}/${caller_id_number}"/>
<action application="hash" data="insert/${domain_name}-last_dial_ext/${dialed_extension}/${uuid}"/>
<action application="set" data="called_party_callgroup=${user_data(${dialed_extension}@${domain_name} var callgroup)}"/>
<!--<action application="export" data="nolocal:sip_secure_media=${user_data(${dialed_extension}@${domain_name} var sip_secure_media)}"/>-->
<action application="hash" data="insert/${domain_name}-last_dial/${called_party_callgroup}/${uuid}"/>
<action application="bridge" data="user/${dialed_extension}@${domain_name}"/>
<action application="answer"/>
<action application="sleep" data="1000"/>
<action application="voicemail" data="default ${domain_name} ${dialed_extension}"/>
</condition>
</extension>
If you still have issues, contact me off the list and provide access to the server... i don't know what to say to you anymore on this topic.
its more than clear.
_______________________________________________
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20101116/548f4f0e/attachment.html
More information about the FreeSWITCH-users
mailing list