<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Ok, I will paste critical configs in email.<br>
You need to setup radius as usual and copy dictionary files as usual.<br>
<br>
<b>/etc/openser.cfg:</b><br>
#<br>
# $Id$<br>
#<br>
# radius config script<br>
#<br>
# ----------- global configuration parameters ------------------------<br>
<br>
debug=0 # debug level (cmd line: -dddddddddd)<br>
fork=yes<br>
log_stderror=no # (cmd line: -E)<br>
check_via=no # (cmd. line: -v)<br>
dns=no # (cmd. line: -r)<br>
rev_dns=no # (cmd. line: -R)<br>
port=5060<br>
children=4<br>
listen=udp:yy.yy.yy.yy<br>
listen=udp:xx.xx.xx.xx<br>
alias=sfbay.sun.com<br>
avp_aliases="day=i:101;time=i:102"<br>
<br>
#fifo="/tmp/openser_fifo"<br>
<br>
# ------------------ module loading ----------------------------------<br>
#mpath="/usr/local/openser-1.0.1/lib/openser/modules"<br>
mpath="/usr/local/lib64/openser/modules"<br>
<br>
#loadmodule "mysql.so"<br>
loadmodule "sl.so"<br>
loadmodule "tm.so"<br>
loadmodule "rr.so"<br>
loadmodule "maxfwd.so"<br>
loadmodule "avpops.so"<br>
loadmodule "usrloc.so"<br>
loadmodule "registrar.so"<br>
loadmodule "textops.so"<br>
loadmodule "xlog.so"<br>
loadmodule "uri.so"<br>
loadmodule "acc.so"<br>
loadmodule "auth.so"<br>
loadmodule "auth_radius.so"<br>
loadmodule "group_radius.so"<br>
loadmodule "avp_radius.so"<br>
<br>
# ----------------- setting module-specific parameters ---------------<br>
<br>
# -- usrloc params --<br>
#modparam("usrloc","db_url","mysql://openser:openserrw@localhost/openser")<br>
<br>
# neeraj changed to 0 from 2<br>
modparam("usrloc", "db_mode", 0)<br>
<br>
# -- acc params --<br>
modparam("acc", "radius_flag", 1)<br>
modparam("acc", "radius_missed_flag", 2)<br>
modparam("acc", "log_flag", 1)<br>
modparam("acc", "log_missed_flag", 1)<br>
modparam("acc", "service_type", 15)<br>
modparam("acc", "radius_extra", "Sip-Src-IP=$si;Sip-Src-Port=$sp")<br>
modparam("acc|auth_radius|group_radius|avp_radius", "radius_config",
"/etc/radiusclient-ng/radiusclient.conf")<br>
<br>
# -- group_radius params --<br>
modparam("group_radius", "use_domain", 1)<br>
<br>
# -- rr params --<br>
# add value to ;lr param to make some broken UAs happy<br>
modparam("rr", "enable_full_lr", 1)<br>
<br>
# ------------------------- request routing logic -------------------<br>
<br>
# main routing logic<br>
<br>
route{<br>
<br>
# initial sanity checks -- messages with<br>
# max_forwards==0, or excessively long requests<br>
if (!mf_process_maxfwd_header("10")) {<br>
sl_send_reply("483","Too Many Hops");<br>
};<br>
<br>
if (msg:len >= 2048 ) {<br>
sl_send_reply("513", "Message too big");<br>
};<br>
<br>
# check if user is suspended<br>
###if(is_method("REGISTER|INVITE|MESSAGE|OPTIONS|SUBSCRIBE")) {<br>
### if (radius_is_user_in("From", "suspended")) {<br>
### sl_send_reply("403", "Forbidden - suspended");<br>
### exit;<br>
### };<br>
###};<br>
<br>
# we record-route all messages -- to make sure that<br>
# subsequent messages will go through our proxy; that's<br>
# particularly good if upstream and downstream entities<br>
# use different transport protocol<br>
if (!method=="REGISTER")<br>
record_route();<br>
<br>
# subsequent messages withing a dialog should take the<br>
# path determined by record-routing<br>
if (loose_route()) {<br>
# mark routing logic in request<br>
append_hf("P-hint: rr-enforced\r\n");<br>
if(is_method("BYE")) { # log it all the time<br>
acc_rad_request("200 ok");<br>
acc_log_request("200 ok");<br>
}<br>
route(1);<br>
};<br>
<br>
if(is_method("INVITE") && !has_totag())<br>
{ # set the acc flags<br>
setflag(1);<br>
setflag(2);<br>
};<br>
<br>
if (!uri==myself) {<br>
# check if user is allowed to do voip calls to other domains<br>
if(is_method("INVITE|MESSAGE")) {<br>
if (!radius_is_user_in("From", "voip")) {<br>
sl_send_reply("403", "Forbidden VoIP");<br>
exit;<br>
};<br>
};<br>
# mark routing logic in request<br>
append_hf("P-hint: outbound\r\n");<br>
route(1);<br>
};<br>
<br>
# if the request is for other domain use UsrLoc<br>
# (in case, it does not work, use the following command<br>
# with proper names and addresses in it)<br>
if (uri==myself) {<br>
# authenticate registers<br>
if (method=="REGISTER") {<br>
if (!radius_www_authorize("")) {<br>
www_challenge("", "1");<br>
exit;<br>
};<br>
<br>
# check the src ip address<br>
# no need to use this now. tested OK<br>
###if(!avp_check("$avp(i:2)", "eq/$src_ip/ig")) {<br>
### sl_send_reply("403", "Forbidden IP");<br>
### exit;<br>
###};<br>
<br>
save("location");<br>
exit;<br>
};<br>
<br>
# calls to pstn<br>
if(uri=~"sip:00[1-9][0-9]+@") {<br>
if(is_method("INVITE") && !has_totag()) {<br>
if (!radius_is_user_in("From", "pstn")) {<br>
sl_send_reply("403", "Forbidden PSTN");<br>
exit;<br>
};<br>
};<br>
# set gateway address<br>
rewritehostport("10.10.10.10:5090");<br>
route(1);<br>
};<br>
<br>
# native SIP destinations are handled using our USRLOC DB<br>
if (!lookup("location")) {<br>
# log to acc as missed call<br>
acc_rad_request("404 Not Found");<br>
acc_log_request("404 Not Found");<br>
sl_send_reply("404", "Not Found");<br>
exit;<br>
};<br>
append_hf("P-hint: usrloc applied\r\n");<br>
};<br>
<br>
route(1);<br>
}<br>
<br>
# generic forward<br>
route[1] {<br>
# send it out now; use stateful forwarding as it works reliably<br>
# even for UDP2TCP<br>
if (!t_relay()) {<br>
sl_reply_error();<br>
};<br>
exit;<br>
}<br>
<br>
<b>/etc/radiusclient-ng/servers:</b><br>
xx.xx.xx.xx test1234<br>
yy.yy.yy.yy test1234<br>
<br>
<br>
<b>/etc/radiusclient-ng/radiusclient.conf:</b><br>
<snip><br>
<blockquote># neeraj<br>
authserver xx.xx.xx.xx:1812<br>
# RADIUS server to use for accouting requests. All that I<br>
# said for authserver applies, too.<br>
#<br>
# neeraj<br>
#acctserver localhost<br>
acctserver xx.xx.xx.xx:1813<br>
</blockquote>
<snip><br>
<br>
<br>
<br>
Neeraj Gupta wrote:
<blockquote cite="mid469D3CA3.8070105@Sun.COM" type="cite">Yes. I have
this working.. all with latest pieces of software on Sun SPARC Solaris
10.
<br>
<br>
What exactly do you need ?
<br>
<br>
-Neeraj
<br>
<br>
OpenSER ML wrote:
<br>
<blockquote type="cite">Hi All,
<br>
<br>
Ok, I'm a bit mixed up here, the documents are simply not cutting it.
<br>
I'm wondering if any of you have a working OpenSER + FreeRadius
configuration
<br>
that I can look at and extrapulate my required settings?
<br>
<br>
I've gone over all the material I could find, but all of it reverts
back
<br>
to the outdated how-to on the FreeRadius website. <br>
Assistance would be highly appreciated.
<br>
<br>
Regards,
<br>
Z2L
<br>
<br>
_______________________________________________
<br>
Users mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Users@openser.org">Users@openser.org</a>
<br>
<a class="moz-txt-link-freetext" href="http://openser.org/cgi-bin/mailman/listinfo/users">http://openser.org/cgi-bin/mailman/listinfo/users</a>
<br>
</blockquote>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
-------------------------------------------------------------
o Neeraj Gupta email: <a class="moz-txt-link-abbreviated" href="mailto:neeraj.gupta@sun.com">neeraj.gupta@sun.com</a>
o Netra Systems & Networking phone: +1(408) 276-7214 x71214
o Sun Microsystems, Inc. fax : +1(408) 276-4552
o 4120 Network Circle, USCA12-216, Santa Clara, CA 95054, USA
-------------------------------------------------------------
</pre>
</body>
</html>