Again for testing, I pointed Kamailio directly to my billing radius, bypassing Freeradius. The situation is the same, so the problem is definitely not with the Freeradius server.<br><br><div class="gmail_quote">2011/3/5 Kosilov Fedor <span dir="ltr"><<a href="mailto:dangerkoffe@gmail.com">dangerkoffe@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Hello, Daniel, thank you for your attention to my problem.<br><br>I actually don't need accounting support, I just want to implement an authorization using radius.<br>
But for testing purposes, I loaded the acc module and set "radius_extra" param. Nothing has changed.<br>
<br>Here is a part of my config:<br><br><br>...<br>modparam("acc", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")<br>modparam("acc", "radius_extra", "User-Name=$Au")<br>
...<br>modparam("auth_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")<br>modparam("auth_radius", "auth_extra", "NAS-Identifier=$var(ident)")<br>
...<br>route {<br> #Definitions<br> $var(ident) = "<a href="http://kamserv.example.com" target="_blank">kamserv.example.com</a>";<br>...<br>route(3); #Auth<br>...<br>}<br><br>...<br><br>route[3] {<br>
if (is_method("REGISTER"))<br>
{<br> if (is_from_local()) {<br> if (!radius_www_authorize("$td"))<br> {<br> www_challenge("$sel(to.uri.host)", "1"); <br>
exit;<br> } else {<br> avp_db_delete("$sel(to.uri)","$avp(s:ip)");<br> avp_db_delete("$sel(to.uri)","$avp(s:dpid)");<br>
avp_db_delete("$sel(to.uri)","$avp(s:fr_timer)");<br> avp_db_delete("$sel(to.uri)","$avp(s:calls_limit)");<br>
avp_db_store("$sel(to.uri)","$avp(s:ip)");<br> avp_db_store("$sel(to.uri)","$avp(s:dpid)");<br> avp_db_store("$sel(to.uri)","$avp(s:fr_timer)");<br>
avp_db_store("$sel(to.uri)","$avp(s:calls_limit)");<br><br> if ($au!=$sel(to.uri.user))||($au!=$sel(from.uri.user)) {<br> sl_send_reply("403","Forbidden auth ID");<br>
exit;<br> } else {<br> if ($avp(s:ip)!='any' && $sel(src.ip)!=$avp(s:ip)) {<br> sl_send_reply("403","Forbidden");<br>
exit;<br> }<br> }<br> }<br><br> } else {<br> sl_send_reply("403","Forbidden");<br>
exit;<br> }<br> } else {<br> if ($sel(src.ip)=="192.168.0.2") {<br> return;<br> } else if (is_from_local()) {<br>
if (!radius_proxy_authorize("$sel(from.uri.host)","$sel(from.uri.user)")) { <br> proxy_challenge("$sel(from.uri.host)", "1"); <br>
exit;<br> }<br> if ($avp(s:ip)!='any' && $sel(src.ip)!=$avp(s:ip)) {<br> sl_send_reply("403","Forbidden");<br>
exit;<br> }<br><br> if (is_method("PUBLISH"))<br> {<br> if ($au!=$sel(to.uri.user)) { <br>
sl_send_reply("403","Forbidden auth ID");<br> exit;<br> }<br> } else if ($au!=$sel(from.uri.user)) {<br>
sl_send_reply("403","Forbidden auth ID");<br> exit;<br> }<br> consume_credentials();<br> } else {<br>
sl_send_reply("403","Forbidden");<br> exit;<br> }<br> }<br>}<br>...<br><br>And again a part of the freeradius log:<br><br>rad_recv: Access-Request packet from host 127.0.0.1 port 58933, id=135, length=298<div class="im">
<br>
<b>User-Name = "<a href="mailto:2219001@example.com" target="_blank">2219001@example.com</a>"</b><br> Digest-Attributes = 0x0a0932323139303031<br> Digest-Attributes = 0x01106c696e6b2d726567696f6e2e7275<br>
</div> Digest-Attributes = 0x0222545848676630317833314f7076767759512b6b73674c63554d51784f6c347634<div class="im"><br>
Digest-Attributes = 0x04147369703a6c696e6b2d726567696f6e2e7275<br> Digest-Attributes = 0x030a5245474953544552<br> Digest-Attributes = 0x050661757468<br> Digest-Attributes = 0x090a3030303030303031<br></div> Digest-Attributes = 0x080c39636238383130616531<br>
Digest-Response = "efdcf92b58f694b97928856614057436"<div class="im"><br> Service-Type = Sip-Session<br> Sip-Uri-User = "2219001"<br></div> <b>User-Name = "call-id=zomdnicqsndxrnh@koffe-work"</b><div class="im">
<br> NAS-Identifier = "<a href="http://kamserv.example.com" target="_blank">kamserv.example.com</a>"<br>
NAS-Port = 5060<br> NAS-IP-Address = 127.0.0.1<br><br><br></div>Regards, <br>Fedor.<br><br><br><br><div class="gmail_quote">2011/3/5 Daniel-Constantin Mierla <span dir="ltr"><<a href="mailto:miconda@gmail.com" target="_blank">miconda@gmail.com</a>></span><div>
<div></div><div class="h5"><br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000">
Hello,<br>
<br>
what is the value of parameter radius_extra for acc module?<br>
<br>
Cheers,<br>
Daniel<div><div></div><div><br>
<br>
On 3/4/11 1:06 PM, Kosilov Fedor wrote:
</div></div><blockquote type="cite"><div><div></div><div>Hello List!<br>
<br>
I'm trying to set up authorization with our billing proprietary
radius server, using Freeradius as a proxy. Currently I'm
experiencing the following problem:<br>
<br>
The Access-Request packet, sent by Kamailio, contains two
User-Name attribute records<br>
Here is a log from the Freeradius server:<br>
<br>
rad_recv: Access-Request packet from host 127.0.0.1 port 59294,
id=112, length=298<br>
User-Name = "<a href="mailto:2219001@example.com" target="_blank">2219001@example.com</a>"<br>
Digest-Attributes = 0x0a0932323139303031<br>
Digest-Attributes = 0x01106c696e6b2d726567696f6e2e7275<br>
Digest-Attributes =
0x022254584452634531773045524b7368796f30684a70544f4f6a69424d386b32534a<br>
Digest-Attributes = 0x04147369703a6c696e6b2d726567696f6e2e7275<br>
Digest-Attributes = 0x030a5245474953544552<br>
Digest-Attributes = 0x050661757468<br>
Digest-Attributes = 0x090a3030303030303031<br>
Digest-Attributes = 0x080c32383034636535373032<br>
Digest-Response = "e79b47955c02401fe52d05f7956609aa"<br>
Service-Type = Sip-Session<br>
Sip-Uri-User = "2219001"<br>
<b> User-Name = "call-id=domcmqmnychbwlp@koffe-work"</b><br>
NAS-Identifier = "<a href="http://kamserv.example.com" target="_blank">kamserv.example.com</a>"<br>
NAS-Port = 5060<br>
NAS-IP-Address = 127.0.0.1<br>
# Executing section authorize from file
/etc/freeradius/sites-enabled/default<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
[digest] Checking for correctly formatted Digest-Attributes<br>
[digest] Digest-Attributes look OK. Converting them to something
more usful.<br>
Digest-User-Name = "2219001"<br>
Digest-Realm = "<a href="http://example.com" target="_blank">example.com</a>"<br>
Digest-Nonce = "TXDRcE1w0ERKshyo0hJpTOOjiBM8k2SJ"<br>
Digest-URI = "sip:<a href="http://example.com" target="_blank">example.com</a>"<br>
Digest-Method = "REGISTER"<br>
Digest-QOP = "auth"<br>
Digest-Nonce-Count = "00000001"<br>
Digest-CNonce = "2804ce5702"<br>
[digest] Adding Auth-Type = DIGEST<br>
++[digest] returns ok<br>
[suffix] Looking up realm "<a href="http://example.com" target="_blank">example.com</a>" for User-Name = "<a href="mailto:2219001@example.com" target="_blank">2219001@example.com</a>"<br>
[suffix] Found realm "<a href="http://example.com" target="_blank">example.com</a>"<br>
[suffix] Adding Realm = "<a href="http://example.com" target="_blank">example.com</a>"<br>
[suffix] Proxying request from user 2219001 to realm <a href="http://example.com" target="_blank">example.com</a><br>
[suffix] Preparing to proxy authentication request to realm "<a href="http://example.com" target="_blank">example.com</a>"
<br>
++[suffix] returns updated<br>
[eap] No EAP-Message, not doing EAP<br>
++[eap] returns noop<br>
++[files] returns noop<br>
++[expiration] returns noop<br>
++[logintime] returns noop<br>
++[pap] returns noop<br>
Sending Access-Request of id 250 to 127.0.0.1 port 1822<br>
User-Name = "<a href="mailto:2219001@example.com" target="_blank">2219001@example.com</a>"<br>
Digest-Attributes = 0x0a0932323139303031<br>
Digest-Attributes = 0x01106c696e6b2d726567696f6e2e7275<br>
Digest-Attributes =
0x022254584452634531773045524b7368796f30684a70544f4f6a69424d386b32534a<br>
Digest-Attributes = 0x04147369703a6c696e6b2d726567696f6e2e7275<br>
Digest-Attributes = 0x030a5245474953544552<br>
Digest-Attributes = 0x050661757468<br>
Digest-Attributes = 0x090a3030303030303031<br>
Digest-Attributes = 0x080c32383034636535373032<br>
Digest-Response = "e79b47955c02401fe52d05f7956609aa"<br>
Service-Type = Sip-Session<br>
Sip-Uri-User = "2219001"<br>
<b> User-Name = "call-id=domcmqmnychbwlp@koffe-work"</b><br>
NAS-Identifier = "<a href="http://kamserv.example.com" target="_blank">kamserv.example.com</a>"<br>
NAS-Port = 5060<br>
NAS-IP-Address = 127.0.0.1<br>
Proxy-State = 0x313132<br>
Proxying request 1 to home server 127.0.0.1 port 1822<br>
<br>
As I understand, this second User-Name attribute has to be a
call-id attribute.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
</div></div><pre><fieldset></fieldset><br>_______________________________________________<br>SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br><a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br></pre>
</blockquote>
<br>
<pre cols="72">-- <br>Daniel-Constantin Mierla<br><a href="http://www.asipto.com" target="_blank">http://www.asipto.com</a></pre>
</div>
</blockquote></div></div></div><br>
</blockquote></div><br>