[Freeswitch-users] Mod_rad_auth issue for FS working with FreeRadius server

fieldpeak fieldpeak at gmail.com
Sun Aug 14 14:18:32 MSD 2011


Hi Thiomir,

Thanks for your clarification, understood...

Cheers!
Charles

2011/8/11 Tihomir Culjaga <tculjaga at gmail.com>

> hello,
>
> the example down below is just an example. In the real application you will
> be using channel variables instead of direct input.
> anyhow everything depends of what is your application intended for and how
> you would like to behave.
>
> Right now, you cannot authorize registrations as there is no event handler
> built into the module. Its on the roadmap but not gonna happen in next few
> weeks.
>
> what you can do is to authorize calls (INVITEs) by triggering the
> application within the dialplan. Also, FS extensions have their own ANI and
> you can authorize by ANI. If this is not enough, you can try to fetch the
> calling user password from the database and populate a session variable....
> than use this variable to trigger radius authorization.
>
> Anyhow, i think this is quite easy to do ... if you don't manage to do it
> on your own, drop me an e-mail and i can help ya.
>
>
> Cheers,
> Thiomir.
>
>
>
>
> On Tue, Aug 9, 2011 at 2:58 PM, fieldpeak <fieldpeak at gmail.com> wrote:
>
>> Hi Tihomir,
>>
>> As my understanding, when using mod_rad_auth, we have to send both
>> username and password to FreeRadius, like the example in wiki below (marked
>> in yellow), the example is for a fixed password, however in real world, we
>> have to dynamically inject the password as per user on-the-fly, e.g. user
>> 1001 's password is 1234, user 1002's password is 2345 etc. in other word,
>> we have to dynamically get the specific user's password and inject to the
>> dial plan. Can you please advise how we should write the dial plan for the
>> real case? Thanks in avdvance.
>>
>> P.S. What I'm concerning are both REGISTERATON and INVITE...how can we do
>> the auth by Freeradius...
>>
>> <extension name="unitest_rad-ANI-balance">
>>     <condition field="destination_number" expression="^602$">
>>       <action application="log" data="INFO  PRIJE RAD_AUTH "/>
>>
>>       <action inline="true" application="set" data="CALLID=h323-conf-id=${uuid}"/>
>>       <action inline="true" application="set" data="SERVICENUM=h323-prompt-id=${destination_number}"/>
>>       <action inline="true" application="set" data="TRANSACTIONID=h323-ivr-out=transactionID:1234"/>
>>  <!--      <action inline="true" application="set" data="CALLINGNUMBER=${caller_id_number}"/> -->
>>       <action inline="true" application="set" data="CALLINGNUMBER=38516060333"/>
>>       <action inline="true" application="set" data="USERNAME=38516060333"/>
>>  <!--      <action inline="true" application="set" data="USERNAME=209354"/> -->
>>       <action inline="true" application="set" data="PASSWD=003282"/>
>>       <action inline="true" application="set" data="DIALED_NUMBER=16094191500"/>
>>
>>
>>
>> Regards,
>> Charles
>>
>>
>> 2011/8/9 Tihomir Culjaga <tculjaga at gmail.com>
>>
>>> im glad it works :=)
>>>
>>> T.
>>>
>>>
>>> On Mon, Aug 8, 2011 at 8:18 AM, fieldpeak <fieldpeak at gmail.com> wrote:
>>>
>>>> Hi Tihomir,
>>>>
>>>> The issue has been resolved by correcting the client secrect,
>>>> appreciated very much for your kindly help!
>>>>
>>>> Regards,
>>>> Charles
>>>>
>>>> 2011/8/7 Tihomir Culjaga <tculjaga at gmail.com>
>>>>
>>>>> are u sure you are using the correct secret on both client and server ?
>>>>>
>>>>>
>>>>> On Fri, Aug 5, 2011 at 10:12 AM, fieldpeak <fieldpeak at gmail.com>wrote:
>>>>>
>>>>>> Hi Tihomir,
>>>>>>
>>>>>> Thanks for your advise, i've added below to rad_auth.conf.xml (vsas
>>>>>> section), as well as tried auth-type to 0(local) and 1(system), however, the
>>>>>> issue still exist.
>>>>>>
>>>>>>
>>>>>> <param name="NAS-Port-Type" id="61" value="0" pec="0" expr="0"
>>>>>> direction="in"/>
>>>>>> <param name="Login-User" id="6" value="1" pec="0" expr="0"
>>>>>> direction="in"/>
>>>>>> <param name="Auth-Type" id="1000" value="0" pec="0" expr="0"
>>>>>> direction="in"/>
>>>>>>
>>>>>> FreeRadius output:
>>>>>>
>>>>>> Found Auth-Type = PAP
>>>>>> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
>>>>>>
>>>>>> +- entering group PAP {...}
>>>>>> [pap] login attempt with password "Q?²Êà ëê¢p?¤F?+Õa"
>>>>>> [pap] Using clear text password "1111"
>>>>>> [pap] Passwords don't match
>>>>>> ++[pap] returns reject
>>>>>> Failed to authenticate the user.
>>>>>>   WARNING: Unprintable characters in the password.        Double-check the shared secret on the server and the NAS!
>>>>>>
>>>>>> Using Post-Auth-Type Reject
>>>>>> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
>>>>>>
>>>>>> +- entering group REJECT {...}
>>>>>> [attr_filter.access_reject]     expand: %{User-Name} -> 1001
>>>>>>  attr_filter: Matched entry DEFAULT at line 11
>>>>>> ++[attr_filter.access_reject] returns updated
>>>>>> Delaying reject of request 38 for 1 seconds
>>>>>>
>>>>>> Regards,
>>>>>> Charles
>>>>>>
>>>>>>
>>>>>> 2011/8/5 Tihomir Culjaga <tculjaga at gmail.com>
>>>>>>
>>>>>>> add to rad_auth.conf.xml
>>>>>>>
>>>>>>> <param name="NAS-Port-Type" id="61" value="0" pec="0" expr="0"
>>>>>>> direction="in"/>
>>>>>>> <param name="Login-User" id="6" value="1" pec="0" expr="0"
>>>>>>> direction="in"/>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> as for Auth Type im not sure if you need it ... this is up to your
>>>>>>> server.
>>>>>>> According to dictionary file you need to set it as follows:
>>>>>>>
>>>>>>> <param name="Auth-Type" id="1000" value="?" pec="0" expr="0"
>>>>>>> direction="in"/>
>>>>>>>
>>>>>>> the value (set as ?) is one of the folowing. Again, not sure what is
>>>>>>> required by your server.
>>>>>>>
>>>>>>> VALUE           Auth-Type               Local                   0
>>>>>>> VALUE           Auth-Type               System                  1
>>>>>>> VALUE           Auth-Type               SecurID                 2
>>>>>>> VALUE           Auth-Type               Crypt-Local             3
>>>>>>> VALUE           Auth-Type               Reject                  4
>>>>>>>
>>>>>>> #
>>>>>>> #       Cistron extensions
>>>>>>> #
>>>>>>> VALUE           Auth-Type               Pam                     253
>>>>>>> VALUE           Auth-Type               Accept                  254
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> regards,
>>>>>>> Tihomir.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Aug 3, 2011 at 6:32 AM, fieldpeak <fieldpeak at gmail.com>wrote:
>>>>>>>
>>>>>>>> Hi Tihomir,
>>>>>>>>
>>>>>>>> Sorry, i missed your mail in gmail before, just now saw it, and
>>>>>>>> after using your dictionary.all, the dictionary issue was resolved, very
>>>>>>>> appreciated for your kindly help! however, it did not fully functional yet,
>>>>>>>>
>>>>>>>> Attached are configuration files that i used, when i dial 601 to
>>>>>>>> trigger to auth, the freeradius server shows log below, the supecious log is
>>>>>>>> the value User-Password, it should be '1111' that i've set in the mysql db
>>>>>>>> of freeradisu server for the user 1001 .
>>>>>>>>
>>>>>>>> i searched in google, for "known good" password issue, i suggest
>>>>>>>> change user-password to cleartext-password, however, i did not find where it
>>>>>>>> is.
>>>>>>>> and also the Auth-Type, where to configure it...
>>>>>>>>
>>>>>>>> Freeradius server log:
>>>>>>>>
>>>>>>>> rad_recv: Access-Request packet from host 127.0.0.1 port 52684,
>>>>>>>> id=49, length=111
>>>>>>>>         User-Name = "1001"
>>>>>>>>         User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002
>>>>>>>> "
>>>>>>>>         Called-Station-Id = "888"
>>>>>>>>         h323-conf-id = "749d2b5a-16ad-48e4-af58-24011949d1b5"
>>>>>>>>         Calling-Station-Id = "1001"
>>>>>>>>         NAS-Port = 0
>>>>>>>>         NAS-IP-Address = 127.0.0.1
>>>>>>>> # Executing section authorize from file
>>>>>>>> /usr/local/etc/raddb/sites-enabled/default
>>>>>>>> +- entering group authorize {...}
>>>>>>>> ++[preprocess] returns ok
>>>>>>>> [auth_log]      expand:
>>>>>>>> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
>>>>>>>> /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803
>>>>>>>> [auth_log]
>>>>>>>> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
>>>>>>>> expands to /usr/local/var/log/radius/radacct/
>>>>>>>> 127.0.0.1/auth-detail-20110803
>>>>>>>> [auth_log]      expand: %t -> Wed Aug  3 12:06:33 2011
>>>>>>>> ++[auth_log] returns ok
>>>>>>>> ++[chap] returns noop
>>>>>>>> ++[mschap] returns noop
>>>>>>>> ++[digest] returns noop
>>>>>>>> [suffix] No '@' in User-Name = "1001", looking up realm NULL
>>>>>>>> [suffix] No such realm "NULL"
>>>>>>>> ++[suffix] returns noop
>>>>>>>> [eap] No EAP-Message, not doing EAP
>>>>>>>> ++[eap] returns noop
>>>>>>>> ++[unix] returns notfound
>>>>>>>> ++[files] returns noop
>>>>>>>> [sql]   expand: %{User-Name} -> 1001
>>>>>>>> [sql] sql_set_user escaped user --> '1001'
>>>>>>>> rlm_sql (sql): Reserving sql socket id: 4
>>>>>>>> [sql]   expand: SELECT id, username, attribute, value, op
>>>>>>>> FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
>>>>>>>> BY id -> SELECT id, username, attribute, value, op           FROM
>>>>>>>> radcheck           WHERE username = '1001'           ORDER BY id
>>>>>>>> [sql]   expand: SELECT groupname           FROM
>>>>>>>> radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER
>>>>>>>> BY priority -> SELECT groupname           FROM radusergroup           WHERE
>>>>>>>> username = '1001'           ORDER BY priority
>>>>>>>> rlm_sql (sql): Released sql socket id: 4
>>>>>>>> [sql] User 1001 not found
>>>>>>>> ++[sql] returns notfound
>>>>>>>> ++[expiration] returns noop
>>>>>>>> ++[logintime] returns noop
>>>>>>>> [pap] WARNING! No "known good" password found for the user.
>>>>>>>> Authentication may fail because of this.
>>>>>>>> ++[pap] returns noop
>>>>>>>> ERROR: No authenticate method (Auth-Type) found for the request:
>>>>>>>> Rejecting the user
>>>>>>>> Failed to authenticate the user.
>>>>>>>>   WARNING: Unprintable characters in the password.
>>>>>>>> Double-check the shared secret on the server and the NAS!
>>>>>>>> Using Post-Auth-Type Reject
>>>>>>>> # Executing group from file
>>>>>>>> /usr/local/etc/raddb/sites-enabled/default
>>>>>>>> +- entering group REJECT {...}
>>>>>>>> [attr_filter.access_reject]     expand: %{User-Name} -> 1001
>>>>>>>>  attr_filter: Matched entry DEFAULT at line 11
>>>>>>>> ++[attr_filter.access_reject] returns updated
>>>>>>>> Delaying reject of request 8 for 1 seconds
>>>>>>>> Going to the next request
>>>>>>>> Waking up in 0.9 seconds.
>>>>>>>> Sending delayed reject for request 8
>>>>>>>> Sending Access-Reject of id 49 to 127.0.0.1 port 52684
>>>>>>>> Waking up in 4.9 seconds.
>>>>>>>> Cleaning up request 8 ID 49 with timestamp +7674
>>>>>>>> Ready to process requests.
>>>>>>>> WARNING! No "known good" password found for the user
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Charles
>>>>>>>>
>>>>>>>>
>>>>>>>> 2011/8/3 Tihomir Culjaga <tculjaga at gmail.com>
>>>>>>>>
>>>>>>>>> did u use the dictionary i have attached ?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Tue, Aug 2, 2011 at 10:08 AM, fieldpeak <fieldpeak at gmail.com>wrote:
>>>>>>>>>
>>>>>>>>>> i tried change to 'h323-conf-id' to 'h323-call-origin' in
>>>>>>>>>> 02_unitest_rad-ANI-auth.xml, rad_auth.conf.xml, however, it still prompt
>>>>>>>>>> '[ERR] mod_rad_auth.c:428 Unknown attribute: key:h323-conf-id,
>>>>>>>>>> not found in dictionary', so where the mod_rad_auth read out the
>>>>>>>>>> 'h323-conf-id'? very very strange, which dictionary it was using...
>>>>>>>>>>
>>>>>>>>>> Regards,
>>>>>>>>>> Charles
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 2011/8/2 fieldpeak <fieldpeak at gmail.com>
>>>>>>>>>>
>>>>>>>>>>> Hi Tihomir,
>>>>>>>>>>>
>>>>>>>>>>> Finally the answer coming, i see the hope, thanks for your reply,
>>>>>>>>>>> :)
>>>>>>>>>>>
>>>>>>>>>>> As your advise, i only use one attribute(h323-conf-id) in my
>>>>>>>>>>> dialplan, and only one attribute(h323-conf-id) in rad_auth.conf.xml, and
>>>>>>>>>>> using the attached dictionary (from ciso) which contains this attribute,
>>>>>>>>>>> however, it still prompt 'unknown attribute', so i suspected if it was
>>>>>>>>>>> reading /usr/local/etc/radiusclient/dictionary, so i copy the same
>>>>>>>>>>> dictionary to /usr/local/freeswitch/radius/, it did not any help at all...
>>>>>>>>>>> very strange...
>>>>>>>>>>>
>>>>>>>>>>> Log:
>>>>>>>>>>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>> default_realm := .
>>>>>>>>>>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>> radius_timeout := 3.
>>>>>>>>>>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>> radius_retries := 2.
>>>>>>>>>>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>> radius_deadtime := 0.
>>>>>>>>>>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>> bindaddr := *.
>>>>>>>>>>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:371 ... radius:
>>>>>>>>>>> User-Name: 38516060333
>>>>>>>>>>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:380 ... radius:
>>>>>>>>>>> User-Password: 003282
>>>>>>>>>>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:396 ... radius:
>>>>>>>>>>> Called-station-Id: 16094191500
>>>>>>>>>>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:413 Handle
>>>>>>>>>>> attribute: h323-conf-id
>>>>>>>>>>> 2011-08-02 15:37:26.578217 [ERR] mod_rad_auth.c:428 Unknown
>>>>>>>>>>> attribute: key:h323-conf-id, not found in dictionary
>>>>>>>>>>> 2011-08-02 15:37:26.578217 [DEBUG] mod_rad_auth.c:538 abort
>>>>>>>>>>> sending radius packet.
>>>>>>>>>>> 2011-08-02 15:37:26.578217 [ERR] mod_rad_auth.c:546 An error
>>>>>>>>>>> occured during RADIUS Authentication(RC=-1)
>>>>>>>>>>> 2011-08-02 15:37:26.578217 [ERR] mod_rad_auth.c:702 An error
>>>>>>>>>>> occured during radius authorization.
>>>>>>>>>>>
>>>>>>>>>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO
>>>>>>>>>>> AUTH_RESULT=)
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>   <extension name="unitest_rad-ANI-auth">
>>>>>>>>>>>     <condition field="destination_number" expression="^601$">
>>>>>>>>>>>       <!-- <action application="log" data="INFO  Before Auth "/>
>>>>>>>>>>> -->
>>>>>>>>>>>
>>>>>>>>>>>       <action inline="true" application="set" data="CALLID=
>>>>>>>>>>> h323-conf-id=${uuid}"/>
>>>>>>>>>>>
>>>>>>>>>>>       <action inline="true" application="set"
>>>>>>>>>>> data="USERNAME=1001"/>
>>>>>>>>>>>       <action inline="true" application="set"
>>>>>>>>>>> data="PASSWD=1111"/>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>       <action application="sleep" data="2000"/>
>>>>>>>>>>>       <action application="auth_function" data="in
>>>>>>>>>>> ${DIALED_NUMBER}, in ${USERNAME}, in ${PASSWD}, out AUTH_RESULT"/>
>>>>>>>>>>>
>>>>>>>>>>>     </condition>
>>>>>>>>>>>   </extension>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> <configuration name="rad_auth.conf" description="radius
>>>>>>>>>>> authentification module">
>>>>>>>>>>>   <settings>
>>>>>>>>>>>
>>>>>>>>>>>   </settings>
>>>>>>>>>>>
>>>>>>>>>>>   <client>
>>>>>>>>>>>     <param name="authserver" value="127.0.0.1:1812:gateway"/>
>>>>>>>>>>>     <param name="dictionary"
>>>>>>>>>>> value="/usr/local/etc/radiusclient/dictionary"/>
>>>>>>>>>>>     <param name="seqfile" value="/var/run/radius.seq"/>
>>>>>>>>>>>     <param name="mapfile"
>>>>>>>>>>> value="/usr/local/etc/radiusclient/port-id-map"/>
>>>>>>>>>>>     <param name="default_realm" value=""/>
>>>>>>>>>>>     <param name="radius_timeout" value="3"/>
>>>>>>>>>>>     <param name="radius_retries" value="2"/>
>>>>>>>>>>>     <param name="radius_deadtime" value="0"/>
>>>>>>>>>>>     <param name="bindaddr" value="*"/>
>>>>>>>>>>>   </client>
>>>>>>>>>>>
>>>>>>>>>>>   <vsas>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>     <param name="h323-conf-id" id="24" value="CALLID" pec="9"
>>>>>>>>>>> expr="1" direction="in"/>
>>>>>>>>>>>
>>>>>>>>>>>   </vsas>
>>>>>>>>>>>  </configuration>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> 2011/8/2 Tihomir Culjaga <tculjaga at gmail.com>
>>>>>>>>>>>
>>>>>>>>>>>> hi,
>>>>>>>>>>>>
>>>>>>>>>>>> dictionary.all is just the name of a file containing all
>>>>>>>>>>>> attributes i needed at that time.
>>>>>>>>>>>>
>>>>>>>>>>>> you can include other dictionaries by putting #INCLUDE
>>>>>>>>>>>> <pathname> at the end of the dictionary file you reference in
>>>>>>>>>>>> rad_auth.conf.xml.
>>>>>>>>>>>> if the INCLUDE doesn't work, just append dictionary.cisco to
>>>>>>>>>>>> your dictionary file... and make your own file.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> check inline comments down below...
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> T.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Sun, Jul 31, 2011 at 10:46 AM, fieldpeak <
>>>>>>>>>>>> fieldpeak at gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hello Gurus,
>>>>>>>>>>>>>
>>>>>>>>>>>>> i met a issue when using
>>>>>>>>>>>>> mod_rad_auth(http://wiki.freeswitch.org/wiki/Mod_rad_auth) to
>>>>>>>>>>>>> works
>>>>>>>>>>>>> with freeradius server+mysql for AAA, the details is below,
>>>>>>>>>>>>> Could
>>>>>>>>>>>>> anyone give any hints, Thanks in advance.
>>>>>>>>>>>>>
>>>>>>>>>>>>> i setup a dial plan "unitest_rad-ANI-auth" as wiki above,
>>>>>>>>>>>>> however,
>>>>>>>>>>>>> when i dialed 601 to trigger the dial plan, the console show
>>>>>>>>>>>>> errors,
>>>>>>>>>>>>> it looks "h323-conf-id" is not in the directory, then i tried
>>>>>>>>>>>>> to add
>>>>>>>>>>>>> this attribute to the dictionary, however, it does not help, in
>>>>>>>>>>>>> the
>>>>>>>>>>>>> wiki, it mentioned the rad_auth.conf.xml contains <param
>>>>>>>>>>>>> name="dictionary"
>>>>>>>>>>>>> value="/usr/local/etc/radiusclient/dictionary.all"/>, however i
>>>>>>>>>>>>> did
>>>>>>>>>>>>> not find the file "dictionary.all" at that directory, so i use
>>>>>>>>>>>>> dictionary. BTW, the freeradius server + mysql works well.
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> i just appended the information needed into dictionary.all
>>>>>>>>>>>> file... (vendor and attribute definition).
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> console errors:
>>>>>>>>>>>>>
>>>>>>>>>>>>> EXECUTE sofia/internal/1001 at 124.193.106.104 auth_function(in ,
>>>>>>>>>>>>> in
>>>>>>>>>>>>> 38516060333, in 003282, out AUTH_RESULT)
>>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:301 allocate
>>>>>>>>>>>>> initial
>>>>>>>>>>>>> structure.
>>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:313
>>>>>>>>>>>>> initialzed configuration.
>>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>>>> authserver
>>>>>>>>>>>>> := 127.0.0.1:1812:gateway.
>>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>>>> dictionary
>>>>>>>>>>>>> := /usr/local/etc/radiusclient/dictionary.
>>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>>>> seqfile :=
>>>>>>>>>>>>> /var/run/radius.seq.
>>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>>>> mapfile :=
>>>>>>>>>>>>> /usr/local/etc/radiusclient/port-id-map.
>>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>>>> default_realm := .
>>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>>>> radius_timeout := 3.
>>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>>>> radius_retries := 2.
>>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>>>> radius_deadtime := 0.
>>>>>>>>>>>>> 2011-07-31 16:23:24.717088 [DEBUG] mod_rad_auth.c:318 set
>>>>>>>>>>>>> bindaddr := *.
>>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:371 ...
>>>>>>>>>>>>> radius:
>>>>>>>>>>>>> User-Name: 38516060333
>>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:380 ...
>>>>>>>>>>>>> radius:
>>>>>>>>>>>>> User-Password: 003282
>>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:391 ...
>>>>>>>>>>>>> radius:
>>>>>>>>>>>>> Called-station-Id is empty, ignoring...
>>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:413 Handle
>>>>>>>>>>>>> attribute: h323-conf-id
>>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [ERR] mod_rad_auth.c:428 Unknown
>>>>>>>>>>>>> attribute:
>>>>>>>>>>>>> key:h323-conf-id, not found in dictionary
>>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [DEBUG] mod_rad_auth.c:538 abort
>>>>>>>>>>>>> sending
>>>>>>>>>>>>> radius packet.
>>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [ERR] mod_rad_auth.c:546 An error
>>>>>>>>>>>>> occured
>>>>>>>>>>>>> during RADIUS Authentication(RC=-1)
>>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [ERR] mod_rad_auth.c:702 An error
>>>>>>>>>>>>> occured
>>>>>>>>>>>>> during radius authorization.
>>>>>>>>>>>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO
>>>>>>>>>>>>>  AUTH_RESULT=)
>>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202
>>>>>>>>>>>>>  AUTH_RESULT=
>>>>>>>>>>>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO
>>>>>>>>>>>>>  billing_model=)
>>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202
>>>>>>>>>>>>>  billing_model=
>>>>>>>>>>>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO
>>>>>>>>>>>>>  credit_amount=)
>>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202
>>>>>>>>>>>>>  credit_amount=
>>>>>>>>>>>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO
>>>>>>>>>>>>>  currency=)
>>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202  currency=
>>>>>>>>>>>>> EXECUTE sofia/internal/1001 at 124.193.106.104 log(INFO
>>>>>>>>>>>>>  preffered_lang=)
>>>>>>>>>>>>> 2011-07-31 16:23:24.737004 [INFO] mod_dptools.c:1202
>>>>>>>>>>>>>  preffered_lang=
>>>>>>>>>>>>>
>>>>>>>>>>>>> added below in the
>>>>>>>>>>>>> dictionary(/usr/local/etc/radiusclient/dictionary):
>>>>>>>>>>>>>
>>>>>>>>>>>>> ATTRIBUTE       h323-conf-id            1008    string
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> you need the vendor definition as well
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> dial plan:
>>>>>>>>>>>>> <extension name="unitest_rad-ANI-auth">
>>>>>>>>>>>>>    <condition field="destination_number" expression="^601$">
>>>>>>>>>>>>>      <action application="log" data="INFO  Before Auth "/>
>>>>>>>>>>>>>
>>>>>>>>>>>>>      <action inline="true" application="set"
>>>>>>>>>>>>> data="CALLID=h323-conf-id=${uuid}"/>
>>>>>>>>>>>>>      <action inline="true" application="set"
>>>>>>>>>>>>> data="SERVICENUM=h323-prompt-id=${destination_number}"/>
>>>>>>>>>>>>>      <action inline="true" application="set"
>>>>>>>>>>>>> data="TRANSACTIONID=h323-ivr-out=transactionID:1234"/>
>>>>>>>>>>>>>  <!--      <action inline="true" application="set"
>>>>>>>>>>>>> data="CALLINGNUMBER=${caller_id_number}"/> -->
>>>>>>>>>>>>>      <action inline="true" application="set"
>>>>>>>>>>>>> data="CALLINGNUMBER=38516060333"/>
>>>>>>>>>>>>>      <action inline="true" application="set"
>>>>>>>>>>>>> data="USERNAME=38516060333"/>
>>>>>>>>>>>>>  <!--      <action inline="true" application="set"
>>>>>>>>>>>>> data="USERNAME=209354"/> -->
>>>>>>>>>>>>>      <action inline="true" application="set"
>>>>>>>>>>>>> data="PASSWD=003282"/>
>>>>>>>>>>>>>  <!--      <action inline="true" application="set"
>>>>>>>>>>>>> data="DIALED_NUMBER=16094191500"/>  -->
>>>>>>>>>>>>>
>>>>>>>>>>>>>      <action application="sleep" data="2000"/>
>>>>>>>>>>>>>      <action application="auth_function" data="in
>>>>>>>>>>>>> ${DIALED_NUMBER},
>>>>>>>>>>>>> in ${USERNAME}, in ${PASSWD}, out AUTH_RESULT"/>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>      <action application="log" data="INFO
>>>>>>>>>>>>>  AUTH_RESULT=${AUTH_RESULT}"/>
>>>>>>>>>>>>>      <action application="log" data="INFO
>>>>>>>>>>>>>  billing_model=${billing_model}"/>
>>>>>>>>>>>>>      <action application="log" data="INFO
>>>>>>>>>>>>>  credit_amount=${credit_amount}"/>
>>>>>>>>>>>>>      <action application="log" data="INFO
>>>>>>>>>>>>>  currency=${currency}"/>
>>>>>>>>>>>>>      <action application="log" data="INFO
>>>>>>>>>>>>>  preffered_lang=${preffered_lang}"/>
>>>>>>>>>>>>>      <action application="log" data="INFO
>>>>>>>>>>>>>  credit_time=${credit_time}"/>
>>>>>>>>>>>>>      <action application="log" data="INFO
>>>>>>>>>>>>> h323_ivr_duration=${h323_ivr_duration}"/>
>>>>>>>>>>>>>      <action application="log" data="INFO
>>>>>>>>>>>>>  return_code=${return_code}"/>
>>>>>>>>>>>>>      <!-- <action application="execute_extension" data="AUTH
>>>>>>>>>>>>> XML default"/> -->
>>>>>>>>>>>>>    </condition>
>>>>>>>>>>>>>  </extension>
>>>>>>>>>>>>>
>>>>>>>>>>>>>  radius_cdr.conf.xml:
>>>>>>>>>>>>>  <configuration name="radius_cdr.conf" description="RADIUS CDR
>>>>>>>>>>>>> Configuration">
>>>>>>>>>>>>>
>>>>>>>>>>>>>        <settings>
>>>>>>>>>>>>>
>>>>>>>>>>>>>                <!-- location of the radius dictionary files -->
>>>>>>>>>>>>>
>>>>>>>>>>>>>                <param name="dictionary"
>>>>>>>>>>>>> value="/usr/local/freeswitch/conf/radius/dictionary"/>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>> your dictionary file need to contain all the attributes you are
>>>>>>>>>>>> trying to use or to include other dictionaries (In this case
>>>>>>>>>>>> dictionary.cisco) from the dictionary file you are referencing here.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>>                <!-- number of retries for each server -->
>>>>>>>>>>>>>
>>>>>>>>>>>>>                <param name="radius_retries" value="3"/>
>>>>>>>>>>>>>
>>>>>>>>>>>>>                <!-- number of seconds to wait between retries
>>>>>>>>>>>>> -->
>>>>>>>>>>>>>
>>>>>>>>>>>>>                <param name="radius_timeout" value="5"/>
>>>>>>>>>>>>>
>>>>>>>>>>>>>                <!-- accounting servers, up to 8 allowed -->
>>>>>>>>>>>>>
>>>>>>>>>>>>>                <!-- value is "host:port:secret", port is
>>>>>>>>>>>>> optional -->
>>>>>>>>>>>>>
>>>>>>>>>>>>>                <!-- use IP ADDRESSES, not hostnames -->
>>>>>>>>>>>>>
>>>>>>>>>>>>>                <param name="acct_server" value="127.0.0.1:1813
>>>>>>>>>>>>> :testing123"/>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>        </settings>
>>>>>>>>>>>>>
>>>>>>>>>>>>> </configuration>
>>>>>>>>>>>>>
>>>>>>>>>>>>>  the FS version:
>>>>>>>>>>>>>  FreeSWITCH Version 1.0.head (git-492bc6b 2011-07-23 12-53-04
>>>>>>>>>>>>> -0400)
>>>>>>>>>>>>>
>>>>>>>>>>>>>  Regards,
>>>>>>>>>>>>>  Charles
>>>>>>>>>>>>>
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>>>>>>>>>>>> http://www.cluecon.com 877-7-4ACLUE
>>>>>>>>>>>>>
>>>>>>>>>>>>> FreeSWITCH-users mailing list
>>>>>>>>>>>>>
>>>>>>>>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>>>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>>>>>>>> UNSUBSCRIBE:
>>>>>>>>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>>>>>>>> http://www.freeswitch.org
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>>>>>>>>>>> http://www.cluecon.com 877-7-4ACLUE
>>>>>>>>>>>>
>>>>>>>>>>>> FreeSWITCH-users mailing list
>>>>>>>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>>>>>>> UNSUBSCRIBE:
>>>>>>>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>>>>>>> http://www.freeswitch.org
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>>>>>>>>> http://www.cluecon.com 877-7-4ACLUE
>>>>>>>>>>
>>>>>>>>>> FreeSWITCH-users mailing list
>>>>>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>>>>> UNSUBSCRIBE:
>>>>>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>>>>> http://www.freeswitch.org
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>>>>>>>> http://www.cluecon.com 877-7-4ACLUE
>>>>>>>>>
>>>>>>>>> FreeSWITCH-users mailing list
>>>>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>>>> UNSUBSCRIBE:
>>>>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>>>> http://www.freeswitch.org
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>>>>>>> http://www.cluecon.com 877-7-4ACLUE
>>>>>>>>
>>>>>>>> FreeSWITCH-users mailing list
>>>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>>> UNSUBSCRIBE:
>>>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>>> http://www.freeswitch.org
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>>>>>> http://www.cluecon.com 877-7-4ACLUE
>>>>>>>
>>>>>>> FreeSWITCH-users mailing list
>>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>> UNSUBSCRIBE:
>>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>> http://www.freeswitch.org
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>>>>> http://www.cluecon.com 877-7-4ACLUE
>>>>>>
>>>>>> FreeSWITCH-users mailing list
>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>> UNSUBSCRIBE:
>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>> http://www.freeswitch.org
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>>>> http://www.cluecon.com 877-7-4ACLUE
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:
>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>>> http://www.cluecon.com 877-7-4ACLUE
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Join us at ClueCon 2011, Aug 9-11, Chicago
>>> http://www.cluecon.com 877-7-4ACLUE
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>> _______________________________________________
>> Join us at ClueCon 2011, Aug 9-11, Chicago
>> http://www.cluecon.com 877-7-4ACLUE
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
> _______________________________________________
> Join us at ClueCon 2011, Aug 9-11, Chicago
> http://www.cluecon.com 877-7-4ACLUE
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>


-- 
Regards,
Charles
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20110814/770dd4b3/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list