[Serusers] SER and IC-RADIUS

Lucas Aimaretto lucas at cyneric.com
Fri Nov 19 23:08:35 CET 2004


Hello Bruno,

> what you described doesn't seem to have anything
> to do with the dictionary anymore, so let's forget
> that for now (may be it is fixed and you didn't
> noticed because the following case)

Yes, you're rigth ... It is another subject ... Sorry
I'll finish with dictionaries later ...

> > So, now coming to SER.
> > When I tried to make a call, only 1st auth took place 
> > between SER and
> > IC-RADIUS. 
> > 
> >  SER            IC-RADIUS
> >   |                  |
> >   |---(1st AUTH)---->|
> >   |<-----(OK!)-------|
> >   |------------------|
> >   | <- Data Flow ->  |
> >   |------------------|
> > 
> > 
> > No 2nd auth, nor Acct-Messages were sent.
> 
> why would be a 2a auth for the same user? do you mean
> you desire a new auth per call?

Well, suppouse the following ...

User "A" exists in radius' database, and he is only allowed to call
users B,C,D and E. What about if user "A" wants to call user "F", how do
I control that ???

Well, I have (today) different "destination lists" wich I assign to any
new user I create. In those lists I have several possible destinations
for that particular user. So ... going back ...

 SER            IC-RADIUS
  |                  |
  |---(1st AUTH)---->|
  |<-----(OK!)-------|
  |---(2nd AUTH)---->|
  |<-----(OK!)-------|
  |------------------|
  | <- Data Flow ->  |
  |------------------|

In 1st auth, I send Username and check if he/she exists in database (in
this case user "A"). If so, then Access-Accept. Now, in 2nd auth I also
send Calling-station-Id and Called-Station-Id, being Called-Station-Id
the User who "A" wants to talk to, am I clear ? If Called-Station-Id
does not exist in User's "A" destination list, then RADIUS sends back an
Access-Reject.

Another option is, yes!, to send everything (username,
calling-station-id and called-station-id) in just one message, so as to
check destination too in only the 1st auth ... But I do not see SER
being sending the Called-Station-Id attribute in the auth process nor
the calling-station-id (which is NULL). I just see the Username
attribute. Look ...

radrecv: Access Request from host c0a801fd code=1, id=47, length=281
    User-Name = "1992005 at 192.168.1.253"
    Digest-Attributes = "\012\0111992005"
    Digest-Attributes = "\001\017192.168.1.253"
    Digest-Attributes = "\002*419e6d1044b039c6a5570602eb629a2b6b2cb881"
    Digest-Attributes = "\004\033sip:1992001 at 192.168.1.253"
    Digest-Attributes = "\003\010INVITE"
    Digest-Response = "5844c35bc08dfe74b5481c959c13d65e"
    Service-Type = Sip-Session
    Sip-Uri-User = "1992005"
    Cisco-AVPair =
"call-id=3CBA2689-8049-4D01-AB08-1DE8EE7B20BE at 192.168.1.178"
    NAS-IP-Address = 192.168.1.253
    NAS-Port-Id = 5060
SQL: Attempting to reserve socket
SQL: Reserved socket 0
Username is now 1992005
Calling station Id is now (null)
  CalledID==NULL
credit_amount (18.90)
Sending Access Ack of id 47 to c0a801fd (nas linux)
    Credit-Amount =
"V9:T102:L26:683332332d6372656469742d616d6f756e743d31382e3930"
SQL: Socket 0 used for 0.70 seconds
SQL: Released socket 0

Do you see ?

How can I (if possible) do that (to send also
[Called/Calling]-Station-Id)?

> Cheers

Thank you again ..

Lucas

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.786 / Virus Database: 532 - Release Date: 29/10/2004
 




More information about the sr-users mailing list