[Serusers] Re: [Serhelp] radius-server with sip attributes problem
Jan Janak
jan at iptel.org
Mon Jun 7 10:07:06 CEST 2004
Try to remove the comments (beginning with #) from the included file
(dictionary.ser). There was a bug in radiusclient library. Or upgrade
your radiusclient library to the latest release (it has been fixed some
time ago).
Jan.
On 02-06 21:40, varala ramakanth wrote:
> hello janak,
>
> this is my radius client dictionary file
>
> iam using
>
> #
> # Updated 97/06/13 to livingston-radius-2.01
> miquels at cistron.nl
> #
> # This file contains dictionary translations for
> parsing
> # requests and generating responses. All
> transactions are
> # composed of Attribute/Value Pairs. The value
> of each attribute
> # is specified as one of 4 data types. Valid
> data types are:
> #
> # string - 0-253 octets
> # ipaddr - 4 octets in network byte order
> # integer - 32 bit value in big endian order
> (high byte first)
> # date - 32 bit value in big endian order -
> seconds since
> # 00:00:00 GMT,
> Jan. 1, 1970
> #
> # Enumerated values are stored in the user file
> with dictionary
> # VALUE translations for easy administration.
> #
> # Example:
> #
> # ATTRIBUTE VALUE
> # --------------- -----
> # Framed-Protocol = PPP
> # 7 = 1 (integer encoding)
> #
>
> #
> # Following are the proper new names. Use these.
> #
> ATTRIBUTE User-Name 1 string
> ATTRIBUTE Password 2 string
> ATTRIBUTE CHAP-Password 3 string
> ATTRIBUTE NAS-IP-Address 4 ipaddr
> ATTRIBUTE NAS-Port-Id 5
> integer
> ATTRIBUTE Service-Type 6
> integer
> ATTRIBUTE Framed-Protocol 7
> integer
> ATTRIBUTE Framed-IP-Address 8 ipaddr
> ATTRIBUTE Framed-IP-Netmask 9 ipaddr
> ATTRIBUTE Framed-Routing 10
> integer
> ATTRIBUTE Filter-Id 11 string
> ATTRIBUTE Framed-MTU 12
> integer
> ATTRIBUTE Framed-Compression 13
> integer
> ATTRIBUTE Login-IP-Host 14 ipaddr
> ATTRIBUTE Login-Service 15
> integer
> ATTRIBUTE Login-TCP-Port 16
> integer
> ATTRIBUTE Reply-Message 18 string
> ATTRIBUTE Callback-Number 19 string
> ATTRIBUTE Callback-Id 20 string
> ATTRIBUTE Framed-Route 22 string
> ATTRIBUTE Framed-IPX-Network 23 ipaddr
> ATTRIBUTE State 24 string
> ATTRIBUTE Class 25 string
> ATTRIBUTE Vendor-Specific 26 string
> ATTRIBUTE Session-Timeout 27
> integer
> ATTRIBUTE Idle-Timeout 28
> integer
> ATTRIBUTE Termination-Action 29
> integer
> ATTRIBUTE Called-Station-Id 30 string
> ATTRIBUTE Calling-Station-Id 31 string
> ATTRIBUTE NAS-Identifier 32 string
> ATTRIBUTE Proxy-State 33 string
> ATTRIBUTE Login-LAT-Service 34 string
> ATTRIBUTE Login-LAT-Node 35 string
> ATTRIBUTE Login-LAT-Group 36 string
> ATTRIBUTE Framed-AppleTalk-Link 37
> integer
> ATTRIBUTE Framed-AppleTalk-Network 38
> integer
> ATTRIBUTE Framed-AppleTalk-Zone 39 string
> ATTRIBUTE Acct-Status-Type 40
> integer
> ATTRIBUTE Acct-Delay-Time 41
> integer
> ATTRIBUTE Acct-Input-Octets 42
> integer
> ATTRIBUTE Acct-Output-Octets 43
> integer
> ATTRIBUTE Acct-Session-Id 44 string
> ATTRIBUTE Acct-Authentic 45
> integer
> ATTRIBUTE Acct-Session-Time 46
> integer
> ATTRIBUTE Acct-Input-Packets 47
> integer
> ATTRIBUTE Acct-Output-Packets 48
> integer
> ATTRIBUTE Acct-Terminate-Cause 49
> integer
> ATTRIBUTE Acct-Multi-Session-Id 50 string
> ATTRIBUTE Acct-Link-Count 51
> integer
> ATTRIBUTE Event-Timestamp 55
> integer
> ATTRIBUTE CHAP-Challenge 60 string
> ATTRIBUTE NAS-Port-Type 61
> integer
> ATTRIBUTE Port-Limit 62
> integer
> ATTRIBUTE Login-LAT-Port 63
> integer
> ATTRIBUTE Connect-Info 77 string
>
> #
> # RFC3162 IPv6 attributes
> #
> ATTRIBUTE NAS-IPv6-Address 95 string
> ATTRIBUTE Framed-Interface-Id 96 string
> ATTRIBUTE Framed-IPv6-Prefix 97 string
> ATTRIBUTE Login-IPv6-Host 98 string
> ATTRIBUTE Framed-IPv6-Route 99 string
> ATTRIBUTE Framed-IPv6-Pool 100 string
>
> #
> # Experimental Non Protocol Attributes used by
> Cistron-Radiusd
> #
> ATTRIBUTE Huntgroup-Name 221 string
> ATTRIBUTE User-Category 1029 string
> ATTRIBUTE Group-Name 1030 string
> ATTRIBUTE Simultaneous-Use 1034
> integer
> ATTRIBUTE Strip-User-Name 1035
> integer
> ATTRIBUTE Fall-Through 1036
> integer
> ATTRIBUTE Add-Port-To-IP-Address 1037
> integer
> ATTRIBUTE Exec-Program 1038 string
> ATTRIBUTE Exec-Program-Wait 1039 string
> ATTRIBUTE Hint 1040 string
>
> #
> # Non-Protocol Attributes
> # These attributes are used internally by the
> server
> #
> ATTRIBUTE Expiration 21 date
> ATTRIBUTE Auth-Type 1000
> integer
> ATTRIBUTE Menu 1001 string
> ATTRIBUTE Termination-Menu 1002 string
> ATTRIBUTE Prefix 1003 string
> ATTRIBUTE Suffix 1004 string
> ATTRIBUTE Group 1005 string
> ATTRIBUTE Crypt-Password 1006 string
> ATTRIBUTE Connect-Rate 1007
> integer
>
> #
> # Integer Translations
> #
>
> # User Types
>
> VALUE Service-Type Login-User
> 1
> VALUE Service-Type Framed-User
> 2
> VALUE Service-Type
> Callback-Login-User 3
> VALUE Service-Type
> Callback-Framed-User 4
> VALUE Service-Type Outbound-User
> 5
> VALUE Service-Type
> Administrative-User 6
> VALUE Service-Type
> NAS-Prompt-User 7
>
> # Framed Protocols
>
> VALUE Framed-Protocol PPP
> 1
> VALUE Framed-Protocol SLIP
> 2
>
> # Framed Routing Values
>
> VALUE Framed-Routing None
> 0
> VALUE Framed-Routing Broadcast
> 1
> VALUE Framed-Routing Listen
> 2
> VALUE Framed-Routing
> Broadcast-Listen 3
>
> # Framed Compression Types
>
> VALUE Framed-Compression None
> 0
> VALUE Framed-Compression
> Van-Jacobson-TCP-IP 1
>
> # Login Services
>
> VALUE Login-Service Telnet
> 0
> VALUE Login-Service Rlogin
> 1
> VALUE Login-Service TCP-Clear
> 2
> VALUE Login-Service PortMaster
> 3
>
> # Status Types
>
> VALUE Acct-Status-Type Start
> 1
> VALUE Acct-Status-Type Stop
> 2
> VALUE Acct-Status-Type Alive
> 3
> VALUE Acct-Status-Type Accounting-On
> 7
> VALUE Acct-Status-Type Accounting-Off
> 8
>
> # Authentication Types
>
> VALUE Acct-Authentic RADIUS
> 1
> VALUE Acct-Authentic Local
> 2
> VALUE Acct-Authentic PowerLink128
> 100
>
> # Termination Options
>
> VALUE Termination-Action Default
> 0
> VALUE Termination-Action RADIUS-Request
> 1
>
> # NAS Port Types, available in 3.3.1 and later
>
> VALUE NAS-Port-Type Async
> 0
> VALUE NAS-Port-Type Sync
> 1
> VALUE NAS-Port-Type ISDN
> 2
> VALUE NAS-Port-Type ISDN-V120
> 3
> VALUE NAS-Port-Type ISDN-V110
> 4
>
> # Acct Terminate Causes, available in 3.3.2 and
> later
>
> VALUE Acct-Terminate-Cause User-Request
> 1
> VALUE Acct-Terminate-Cause Lost-Carrier
> 2
> VALUE Acct-Terminate-Cause Lost-Service
> 3
> VALUE Acct-Terminate-Cause Idle-Timeout
> 4
> VALUE Acct-Terminate-Cause
> Session-Timeout 5
> VALUE Acct-Terminate-Cause Admin-Reset
> 6
> VALUE Acct-Terminate-Cause Admin-Reboot
> 7
> VALUE Acct-Terminate-Cause Port-Error
> 8
> VALUE Acct-Terminate-Cause NAS-Error
> 9
> VALUE Acct-Terminate-Cause NAS-Request
> 10
> VALUE Acct-Terminate-Cause NAS-Reboot
> 11
> VALUE Acct-Terminate-Cause Port-Unneeded
> 12
> VALUE Acct-Terminate-Cause Port-Preempted
> 13
> VALUE Acct-Terminate-Cause Port-Suspended
> 14
> VALUE Acct-Terminate-Cause
> Service-Unavailable 15
> VALUE Acct-Terminate-Cause Callback
> 16
> VALUE Acct-Terminate-Cause User-Error
> 17
> VALUE Acct-Terminate-Cause Host-Request
> 18
>
> #
> # Non-Protocol Integer Translations
> #
>
> VALUE Auth-Type Local
> 0
> VALUE Auth-Type System
> 1
> VALUE Auth-Type SecurID
> 2
> VALUE Auth-Type Crypt-Local
> 3
> VALUE Auth-Type Reject
> 4
>
> #
> # Cistron extensions
> #
> VALUE Auth-Type Pam
> 253
> VALUE Auth-Type Accept
> 254
>
> #
> # Experimental Non-Protocol Integer Translations
> for Cistron-Radiusd
> #
> VALUE Fall-Through No
> 0
> VALUE Fall-Through Yes
> 1
> VALUE Add-Port-To-IP-Address No
> 0
> VALUE Add-Port-To-IP-Address Yes
> 1
>
> #
> # Configuration Values
> # uncomment these two lines to turn account
> expiration on
> #
>
> #VALUE Server-Config
> Password-Expiration 30
> #VALUE Server-Config
> Password-Warning 5
>
> #
> # $Id: dictionary.ser,v 1.2 2003/09/11 22:05:08 janakj
> Exp $
> #
> # SIP RADIUS attributes
> #
> # Schulzrinne indicates attributes according to
> # draft-schulzrinne-sipping-radius-accounting-00
> #
> # Sterman indicates attributes according to
> # draft-sterman-aaa-sip-00
> #
> # Standard indicates a standard RADIUS attribute
> # which is missing in radiusclient dictionary
> #
> # Digest indicates attributes according to
> #
> # Proprietary indicates an attribute that hasn't
> # been standardized
> #
>
> ### acc ###
> ATTRIBUTE Sip-Method 101 integer
> # Schulzrinne
> ATTRIBUTE Sip-Response-Code 102 integer
> # Schulzrinne
> ATTRIBUTE Sip-Cseq 103 string
> # Schulzrinne
> ATTRIBUTE Sip-To-Tag 104 string
> # Schulzrinne
> ATTRIBUTE Sip-From-Tag 105 string
> # Schulzrinne
> ATTRIBUTE Sip-Branch-Id 106 string
> # Schulzrinne
> ATTRIBUTE Sip-Translated-Req-ID 107 string
> # Schulzrinne
> ATTRIBUTE Sip-Source-Ip-Address 108 ipaddr
> # Schulzrinne
> ATTRIBUTE Sip-Source-Port 109 integer
> # Schulzrinne
> VALUE Service-Type Sip-Session 15
> # Schulzrinne
>
> ### auth_radius ###
> # Sip-Session service type is already defined in acc
> section
> VALUE Service-Type Call-Check 10
> # Standard
> VALUE Service-Type Emergency-Call 13
> # Proprietary
>
> ATTRIBUTE Digest-Response 206 string
> # Sterman
> ATTRIBUTE Digest-Attributes 207 string
> # Sterman
>
> ATTRIBUTE Sip-Uri-User 208 string
> # Proprietary
> ATTRIBUTE Sip-Rpid 213 string
> # Proprietary
>
> ATTRIBUTE Digest-Realm 1063 string
> # Sterman
> ATTRIBUTE Digest-Nonce 1064 string
> # Sterman
> ATTRIBUTE Digest-Method 1065 string
> # Sterman
> ATTRIBUTE Digest-Uri 1066 string
> # Sterman
> ATTRIBUTE Digest-Qop 1067 string
> # Sterman
> ATTRIBUTE Digest-Algorithm 1068 string
> # Sterman
> ATTRIBUTE Digest-Body-Digest 1069 string
> # Sterman
> ATTRIBUTE Digest-Cnonce 1070 string
> # Sterman
> ATTRIBUTE Digest-Nonce-Count 1071 string
> # Sterman
> ATTRIBUTE Digest-User-Name 1072 string
> # Sterman
>
> ### group_radius ###
> VALUE Service-Type Group-Check 12
> # Proprietary
>
> ATTRIBUTE Sip-Group 211 string
> # Proprietary
>
> ### uri_radius ###
> # Call-Check service type is already define in
> auth_radius
>
>
> --- Jan Janak <jan at iptel.org> wrote:
> > The dictionary the radiusclient library is using is
> > probably malformed,
> > please post the dictionary here, including changes
> > you have made
> > (radiuslient dictionary, not radius server if they
> > are different).
> >
> > Jan.
> >
> > On 30-05 22:56, varala ramakanth wrote:
> > > hello friends,
> > >
> > > i have installed free radius server-0.9.3 and
> > radius
> > > client-0.3.2
> > >
> > > and followed the ser howto
> > >
> > > radtest is success full
> > >
> > > and i updated dictionary of radius client with of
> > in
> > > web
> > > available dictionary.ser ( of sip related
> > attributies>
> > >
> > > and i included statement of INCLUDE <path of
> > > dicionary.ser>
> > >
> > > when i start radiusd -x its givens error as
> > >
> > > Errors reading dictionary: dict_init:
> > > /usr/local/etc/raddb/dictionary[23]: Couldn't open
> > > dictionary "
> > > /usr/local/etc/raddb/dictionary.ser": No such file
> > or
> > > directory
> > > Errors reading radiusd.conf
> > >
> > > so i gone to "/usr/local/share/freeradius/"
> > > path and appended whole dictionary.ser contets
> > into it
> > > and also kept link as INclude dictinary.ser
> > >
> > > even though if i create packet "digest"
> > >
> > > User-Name = "test", Digest-Response =
> > > "631d6d73147add2f9e437f59bbc3aeb7",
> > > Digest-Realm = "testrealm", Digest-Nonce =
> > "1234abcd"
> > > ,
> > > Digest-Method = "INVITE", Digest-URI =
> > > "sip:5555551212 at example.com",
> > > Digest-Algorithm = "MD5", Digest-User-Name =
> > "test"
> > >
> > > and run with
> > >
> > > root@/usr/local/src# radclient -f digest localhost
> > > auth <shared_secret>
> > >
> > > it s giveng error as
> > >
> > > radclient:No token read where we expected an
> > attribute
> > > name
> > >
> > >
> > > i checked both in client and server
> > > dictionary attributes are present for the all that
> > > which are included in the pakcet.
> > >
> > > if include only
> > > User-Name = "test",User-Password="test" in the
> > digest
> > > packet
> > >
> > > and check it s sucessfull so what may be the wrong
> > > sip method digest packet
> > >
> > >
> > > please help me
> > >
> > > with regards
> > > rama kanth
> > >
> > >
> > >
> > >
> > >
> > > __________________________________
> > > Do you Yahoo!?
> > > Friends. Fun. Try the all-new Yahoo! Messenger.
> > > http://messenger.yahoo.com/
> > >
> > > _______________________________________________
> > > Serhelp mailing list
> > > serhelp at lists.iptel.org
> > > http://lists.iptel.org/mailman/listinfo/serhelp
>
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Friends. Fun. Try the all-new Yahoo! Messenger.
> http://messenger.yahoo.com/
More information about the sr-users
mailing list