[Serusers] SER and IC-RADIUS

Lucas Aimaretto lucas at cyneric.com
Fri Nov 19 19:58:01 CET 2004 

> > Both of them have dictionary.sip and dictionary.ser 
> > (/etc/radiusclient/dictionary and my ICRadius dictionary). But, you 
> > know, ICRadius has its dictionary in a mysql database. Will it have 
> > something to do with everything ?? But, both dictionaries 
> are just the 
> > same.
> 
> bingo, you problably should re-import the directionaries
> to mysql

I already did that :(
I re-imported the dicitionaries into de mysql but got the same
behaviour.
 
> > By the way ... I mak a call but did not see the 
> called-station-Id nor 
> > the calling-station-Id, any ideas ?? But the call could just be 
> > placed, cause, 1st authentication takes place ... I mean, the User 
> > making the call exists and so I get an access-accept from 
> radius. Then 
> > ser places de call, but I do not see the 2nd authentication taking 
> > place ... Does this happen to you ??
> 
> I'm not sure if I understood what you're saying... try rephrasing, plz

What I tried to say, was (sorry for my english :( )

I use (actually) my IC-RADIUS with cisco and h323.
When ever a user wants to make a call, the following happens ...

CISCO		     IC-RADIUS
  |			   |
  |---(1st AUTH)---->|
  |<-----(OK!)-------|
  |---(2nd AUTH)---->|
  |<-----(OK!)-------|
  |---(ACCT-START)-->|
  |<---(response)----|
  |------------------|
  | <- Data Flow ->  |
  |------------------|
  |---(ACCT-STOP)--->|
  |<---(response)----|

- 1st Auth: Cisco sends the User name, and if user exists, then
Access-Accept. Otherwise, Access-Reject.
- 2nd Auth: Cisco sends Username, Calling-station-Id, Called-Station-Id
(and password if any). If Called-Station-Id exists in user's available
destinations, Access-Accept. Otherwise, Access-Reject.
- ACCT-Start: Cisco sends and Acct-Start message with
Calling-Station-Id, Called-Station-Id, Acct-Session-Id and
Acct-Start-Time attributes, among others.
- Communication Takes place.
- ACCT-Stop: Cisco sends and Acct-Start message with Calling-Station-Id,
Called-Station-Id, Acct-Session-Id and Acct-Stop-Time attributes, among
others.

So, now coming to SER. 
When I tried to make a call, only 1st auth took place between SER and
IC-RADIUS. 

 SER		     IC-RADIUS
  |			   |
  |---(1st AUTH)---->|
  |<-----(OK!)-------|
  |------------------|
  | <- Data Flow ->  |
  |------------------|


No 2nd auth, nor Acct-Messages were sent. The user trying to make the
called, existed on my RADIUS Database, and so RADIUS  sent back and
Access-Accept to SER, and ser automatically placed the call, yes ? Is
this a normal SER´s behaviour? How can I make SER send 2nd auth and
Acct-Messages ?

Hope this time is clear! ;-)

Thank you very much ...

> Cheers

Regards,

Lucas

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.786 / Virus Database: 532 - Release Date: 29/10/2004

More information about the sr-users mailing list