[Freeswitch-users] Mod_rad_auth issue for FS working with FreeRadius server
fieldpeak
fieldpeak at gmail.com
Tue Aug 2 13:23:36 MSD 2011
Also I added a log in the source code of mod_rad_auth.c to log the attribute
id,
the FS console log show attrid:589850 as below, however, the id for
h323-conf-id is 24.
2011-08-02 17:16:23.670990 [DEBUG] mod_rad_auth.c:413 Handle attribute:
h323-conf-id
2011-08-02 17:16:23.670990 [ERR] mod_rad_auth.c:423 attrid:589850
2011-08-02 17:16:23.670990 [ERR] mod_rad_auth.c:430 Unknown attribute:
key:h323-conf-id, not found in dictionary
2011-08-02 17:16:23.670990 [DEBUG] mod_rad_auth.c:540 abort sending radius
packet.
2011-08-02 17:16:23.670990 [ERR] mod_rad_auth.c:548 An error occured during
RADIUS Authentication(RC=-1)
2011-08-02 17:16:23.670990 [ERR] mod_rad_auth.c:704 An error occured during
radius authorization.
mod_rad_auth.c
...
if (PCONFIGVSAS->pec != 0)
attrid = PCONFIGVSAS->id | (PCONFIGVSAS->pec << 16);
else
attrid = PCONFIGVSAS->id ;
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR,
"attrid:%d\n", attrid);
pda = rc_dict_getattr(rh, attrid);
if (pda == NULL)
{
result = ERROR_RC;
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR,
"Unknown attribute: key:%s, not found in dictionary\n", PCONFIGVSAS->name);
break;
}
Regards,
Charles
2011/8/2 fieldpeak <fieldpeak at gmail.com>
> i tried change to 'h323-conf-id' to 'h323-call-origin' in
> 02_unitest_rad-ANI-auth.xml, rad_auth.conf.xml, however, it still prompt
> '[ERR] mod_rad_auth.c:428 Unknown attribute: key:h323-conf-id, not found
> in dictionary', so where the mod_rad_auth read out the 'h323-conf-id'? very
> very strange, which dictionary it was using...
>
> Regards,
> Charles
>
>
> 2011/8/2 fieldpeak <fieldpeak at gmail.com>
>
>> Hi Tihomir,
>>
>> Finally the answer coming, i see the hope, thanks for your reply, :)
>>
>> As your advise, i only use one attribute(h323-conf-id) in my dialplan, and
>> only one attribute(h323-conf-id) in rad_auth.conf.xml, and using the
>> attached dictionary (from ciso) which contains this attribute, however, it
>> still prompt 'unknown attribute', so i suspected if it was reading
>> /usr/local/etc/radiusclient/dictionary, so i copy the same dictionary to
>> /usr/local/freeswitch/radius/, it did not any help at all... very strange...
>>
>> Log:
>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set default_realm :=
>> .
>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set radius_timeout
>> := 3.
>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set radius_retries
>> := 2.
>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set radius_deadtime
>> := 0.
>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set bindaddr := *.
>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:371 ... radius:
>> User-Name: 38516060333
>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:380 ... radius:
>> User-Password: 003282
>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:396 ... radius:
>> Called-station-Id: 16094191500
>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:413 Handle attribute:
>> h323-conf-id
>> 2011-08-02 15:37:26.578217 [ERR] mod_rad_auth.c:428 Unknown attribute:
>> key:h323-conf-id, not found in dictionary
>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:538 abort sending radius
>> packet.
>> 2011-08-02 15:37:26.578217 [ERR] mod_rad_auth.c:546 An error occured
>> during RADIUS Authentication(RC=-1)
>> 2011-08-02 15:37:26.578217 [ERR] mod_rad_auth.c:702 An error occured
>> during radius authorization.
>>
>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO AUTH_RESULT=)
>>
>>
>>
>> <extension name="unitest_rad-ANI-auth">
>> <condition field="destination_number" expression="^601$">
>> <!-- <action application="log" data="INFO Before Auth "/> -->
>>
>> <action inline="true" application="set" data="CALLID=h323-conf-id
>> =${uuid}"/>
>>
>> <action inline="true" application="set" data="USERNAME=1001"/>
>> <action inline="true" application="set" data="PASSWD=1111"/>
>>
>>
>> <action application="sleep" data="2000"/>
>> <action application="auth_function" data="in ${DIALED_NUMBER}, in
>> ${USERNAME}, in ${PASSWD}, out AUTH_RESULT"/>
>>
>> </condition>
>> </extension>
>>
>>
>>
>> <configuration name="rad_auth.conf" description="radius authentification
>> module">
>> <settings>
>>
>> </settings>
>>
>> <client>
>> <param name="authserver" value="127.0.0.1:1812:gateway"/>
>> <param name="dictionary"
>> value="/usr/local/etc/radiusclient/dictionary"/>
>> <param name="seqfile" value="/var/run/radius.seq"/>
>> <param name="mapfile"
>> value="/usr/local/etc/radiusclient/port-id-map"/>
>> <param name="default_realm" value=""/>
>> <param name="radius_timeout" value="3"/>
>> <param name="radius_retries" value="2"/>
>> <param name="radius_deadtime" value="0"/>
>> <param name="bindaddr" value="*"/>
>> </client>
>>
>> <vsas>
>>
>>
>> <param name="h323-conf-id" id="24" value="CALLID" pec="9" expr="1"
>> direction="in"/>
>>
>> </vsas>
>> </configuration>
>>
>>
>>
>> 2011/8/2 Tihomir Culjaga <tculjaga at gmail.com>
>>
>>> hi,
>>>
>>> dictionary.all is just the name of a file containing all attributes i
>>> needed at that time.
>>>
>>> you can include other dictionaries by putting #INCLUDE <pathname> at the
>>> end of the dictionary file you reference in rad_auth.conf.xml.
>>> if the INCLUDE doesn't work, just append dictionary.cisco to your
>>> dictionary file... and make your own file.
>>>
>>>
>>> check inline comments down below...
>>>
>>>
>>> T.
>>>
>>>
>>> On Sun, Jul 31, 2011 at 10:46 AM, fieldpeak <fieldpeak at gmail.com> wrote:
>>>
>>>> Hello Gurus,
>>>>
>>>> i met a issue when using
>>>> mod_rad_auth(http://wiki.freeswitch.org/wiki/Mod_rad_auth) to works
>>>> with freeradius server+mysql for AAA, the details is below, Could
>>>> anyone give any hints, Thanks in advance.
>>>>
>>>> i setup a dial plan "unitest_rad-ANI-auth" as wiki above, however,
>>>> when i dialed 601 to trigger the dial plan, the console show errors,
>>>> it looks "h323-conf-id" is not in the directory, then i tried to add
>>>> this attribute to the dictionary, however, it does not help, in the
>>>> wiki, it mentioned the rad_auth.conf.xml contains <param
>>>> name="dictionary"
>>>> value="/usr/local/etc/radiusclient/dictionary.all"/>, however i did
>>>> not find the file "dictionary.all" at that directory, so i use
>>>> dictionary. BTW, the freeradius server + mysql works well.
>>>>
>>>
>>> i just appended the information needed into dictionary.all file...
>>> (vendor and attribute definition).
>>>
>>>
>>>
>>>>
>>>> console errors:
>>>>
>>>> EXECUTE sofia/internal/1001 at 124.193.106.104 auth_function(in , in
>>>> 38516060333, in 003282, out AUTH_RESULT)
>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:301 allocate initial
>>>> structure.
>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:313 initialzed
>>>> configuration.
>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set authserver
>>>> := 127.0.0.1:1812:gateway.
>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set dictionary
>>>> := /usr/local/etc/radiusclient/dictionary.
>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set seqfile :=
>>>> /var/run/radius.seq.
>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set mapfile :=
>>>> /usr/local/etc/radiusclient/port-id-map.
>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set default_realm
>>>> := .
>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set radius_timeout
>>>> := 3.
>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set radius_retries
>>>> := 2.
>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set
>>>> radius_deadtime := 0.
>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set bindaddr := *.
>>>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:371 ... radius:
>>>> User-Name: 38516060333
>>>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:380 ... radius:
>>>> User-Password: 003282
>>>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:391 ... radius:
>>>> Called-station-Id is empty, ignoring...
>>>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:413 Handle
>>>> attribute: h323-conf-id
>>>> 2011-07-31 16:23:24.737004 [ERR] mod_rad_auth.c:428 Unknown attribute:
>>>> key:h323-conf-id, not found in dictionary
>>>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:538 abort sending
>>>> radius packet.
>>>> 2011-07-31 16:23:24.737004 [ERR] mod_rad_auth.c:546 An error occured
>>>> during RADIUS Authentication(RC=-1)
>>>> 2011-07-31 16:23:24.737004 [ERR] mod_rad_auth.c:702 An error occured
>>>> during radius authorization.
>>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO AUTH_RESULT=)
>>>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202 AUTH_RESULT=
>>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO billing_model=)
>>>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202 billing_model=
>>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO credit_amount=)
>>>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202 credit_amount=
>>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO currency=)
>>>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202 currency=
>>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO preffered_lang=)
>>>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202 preffered_lang=
>>>>
>>>> added below in the dictionary(/usr/local/etc/radiusclient/dictionary):
>>>>
>>>> ATTRIBUTE h323-conf-id 1008 string
>>>>
>>>
>>> you need the vendor definition as well
>>>
>>>
>>>>
>>>>
>>>> dial plan:
>>>> <extension name="unitest_rad-ANI-auth">
>>>> <condition field="destination_number" expression="^601$">
>>>> <action application="log" data="INFO Before Auth "/>
>>>>
>>>> <action inline="true" application="set"
>>>> data="CALLID=h323-conf-id=${uuid}"/>
>>>> <action inline="true" application="set"
>>>> data="SERVICENUM=h323-prompt-id=${destination_number}"/>
>>>> <action inline="true" application="set"
>>>> data="TRANSACTIONID=h323-ivr-out=transactionID:1234"/>
>>>> <!-- <action inline="true" application="set"
>>>> data="CALLINGNUMBER=${caller_id_number}"/> -->
>>>> <action inline="true" application="set"
>>>> data="CALLINGNUMBER=38516060333"/>
>>>> <action inline="true" application="set"
>>>> data="USERNAME=38516060333"/>
>>>> <!-- <action inline="true" application="set"
>>>> data="USERNAME=209354"/> -->
>>>> <action inline="true" application="set" data="PASSWD=003282"/>
>>>> <!-- <action inline="true" application="set"
>>>> data="DIALED_NUMBER=16094191500"/> -->
>>>>
>>>> <action application="sleep" data="2000"/>
>>>> <action application="auth_function" data="in ${DIALED_NUMBER},
>>>> in ${USERNAME}, in ${PASSWD}, out AUTH_RESULT"/>
>>>>
>>>>
>>>> <action application="log" data="INFO AUTH_RESULT=${AUTH_RESULT}"/>
>>>> <action application="log" data="INFO
>>>> billing_model=${billing_model}"/>
>>>> <action application="log" data="INFO
>>>> credit_amount=${credit_amount}"/>
>>>> <action application="log" data="INFO currency=${currency}"/>
>>>> <action application="log" data="INFO
>>>> preffered_lang=${preffered_lang}"/>
>>>> <action application="log" data="INFO credit_time=${credit_time}"/>
>>>> <action application="log" data="INFO
>>>> h323_ivr_duration=${h323_ivr_duration}"/>
>>>> <action application="log" data="INFO return_code=${return_code}"/>
>>>> <!-- <action application="execute_extension" data="AUTH XML
>>>> default"/> -->
>>>> </condition>
>>>> </extension>
>>>>
>>>> radius_cdr.conf.xml:
>>>> <configuration name="radius_cdr.conf" description="RADIUS CDR
>>>> Configuration">
>>>>
>>>> <settings>
>>>>
>>>> <!-- location of the radius dictionary files -->
>>>>
>>>> <param name="dictionary"
>>>> value="/usr/local/freeswitch/conf/radius/dictionary"/>
>>>>
>>>>
>>> your dictionary file need to contain all the attributes you are trying to
>>> use or to include other dictionaries (In this case dictionary.cisco) from
>>> the dictionary file you are referencing here.
>>>
>>>
>>>> <!-- number of retries for each server -->
>>>>
>>>> <param name="radius_retries" value="3"/>
>>>>
>>>> <!-- number of seconds to wait between retries -->
>>>>
>>>> <param name="radius_timeout" value="5"/>
>>>>
>>>> <!-- accounting servers, up to 8 allowed -->
>>>>
>>>> <!-- value is "host:port:secret", port is optional -->
>>>>
>>>> <!-- use IP ADDRESSES, not hostnames -->
>>>>
>>>> <param name="acct_server" value="127.0.0.1:1813
>>>> :testing123"/>
>>>>
>>>>
>>>> </settings>
>>>>
>>>> </configuration>
>>>>
>>>> the FS version:
>>>> FreeSWITCH Version 1.0.head (git-492bc6b 2011-07-23 12-53-04 -0400)
>>>>
>>>> Regards,
>>>> Charles
>>>>
>>>> _______________________________________________
>>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>>> http://www.cluecon.com 877-7-4ACLUE
>>>>
>>>> FreeSWITCH-users mailing list
>>>>
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>
>>>
>>> _______________________________________________
>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>> http://www.cluecon.com 877-7-4ACLUE
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20110802/8d314741/attachment-0001.html
More information about the FreeSWITCH-users
mailing list