[Serusers] avp_radius - ser2.1 - Access Request Contents
Greger V. Teigre
greger at teigre.com
Thu Jun 7 10:52:57 CEST 2007
Please register as 2.0 issue on http://tracker.iptel.org/
g-)
samuel wrote:
> Hi all,
>
> Sorry for stepping so late in this post but I am facing exactly the
> same "issue" and would like to call for attention from other SER 2.0
> rc2 users/developers.
>
> Whenever you try to load from RADIUS user class attributes, for
> example with
> radius_load_attr("$tu","@to.uri")
> you get in radius only
> User-Name = "sip:sam at test.voip.com <mailto:sip:sam at test.voip.com>"
> SER-Service-Type=Get-User-Attrs.
>
> In case you want to load uri class attributes, for example with
> radius_load_attr("$tr","@to.uri")
> the Radius Request paquet has completely different contents, namely
> the URI splited into 3 parameters SER-URI-Scheme = "sip"
> User-Name = "sam"
> SER-DID = "test.voip.com <http://test.voip.com>"
>
> This double format complicates unnecessarily, at least for me, radius
> configuration or forces you to do some "dirty", at least for me,
> tricks in order to get in the User-Name paramenter the same value so
> you onlyhave ONE USER DEFINITION in radius config and not all the
> possible combinations it may appear...Remember you can call
> load_user_attr with different arguments (@ruri, at to,@
> to.uri, at to.uri,username,....) and it will end up being a complete mess.
>
> I would therefore like to standardize both methods so the same data is
> expected in radius or that someone explain why this different methods
> are required.
>
> Thanks to all!!!
>
> Samuel.
>
>
> P.D. I'm a radius newbie, using FreeRadius, and may be there are clean
> ways to configure RADIUS so both Access-Requests are handled in a
> ellegant way requiring you to have only one user definition.
>
>
> 2007/3/12, tzieleniewski <tzieleniewski at o2.pl
> <mailto:tzieleniewski at o2.pl>>:
>
> Hi
>
> Is this correct that when I send the Get-URI-Attrs request type to
> radius it has the following contents:
> SER-Uri-Scheme = "sip"
> User-Name = "hellboy"
> SER-DID = " voip.rd.touk.pl <http://voip.rd.touk.pl>"
> SER-Service-Type = Get-URI-Attrs
> NAS-Port = 0
> NAS-IP-Address = 127.0.0.1 <http://127.0.0.1>
> and when I send the Get-User_Attrs the contents are the following:
> User-Name = "sip:hellboy at voip.rd.touk.pl
> <mailto:sip:hellboy at voip.rd.touk.pl>"
> SER-Service-Type = Get-User-Attrs
> NAS-Port = 0
> NAS-IP-Address = 127.0.0.1 <http://127.0.0.1>
>
> shouldn't here be the same split into the User-Name and SER-DID?
> Such form implies to have double records in radius for sip:hellboy
> and hellboy.
>
> Bests
> Tomasz
>
>
> > >
> > > tzieleniewski wrote:
> > > > hi!
> > > >
> > > > When I invoke the radius_load_attrs() the message send to
> radius has the following shape:
> > > > Thu Mar 8 10:50:46 2007
> > > > Packet-Type = Access-Request
> > > > User-Name = "sip:hellboy at voip.rd.touk.pl
> <mailto:sip:hellboy at voip.rd.touk.pl>"
> > > > SER-Service-Type = Get-User-Attrs
> > > > NAS-Port = 0
> > > > NAS-IP-Address = 127.0.0.1 <http://127.0.0.1>
> > > >
> > > > the message doesn't contain any authentication data like
> password.
> > > > so do I understand right that radius in such case should be
> configured in such a way to accept any message of the
> SER-Service-Type = Get-User-Attrs?
> > > >
> > > That's correct.
> > > > Are still the avp loaded from radius prefixed or they are
> just put into the particular track and class?
> > > >
> > > No prefixes.
> > > > Could You please give me one example of the radius one avp
> record and the shape in which it will appear in ser after loading.
> > > >
> > > SER-Attr -> avp[:=]value
> > Hi,
> >
> > I did it and connection with radius works fine - I see the
> Access-Request from ser being analyzed and answered by radius but
> I can see an avp value to appear in ser.
> > I did such a check:
> >
> > dump_attrs();
> > radius_load_attrs("$tr","@ruri");
> > dump_attrs();
> >
> > the following message arived at radius:
> > SER-Uri-Scheme = "sip"
> > User-Name = "tomix"
> > SER-DID = "tezet.no-ip.org <http://tezet.no-ip.org>"
> > SER-Service-Type = Get-URI-Attrs
> > NAS-Port = 0
> > NAS-IP-Address = 127.0.0.1 <http://127.0.0.1>
> >
> > and following one was answered:
> > Sending Access-Accept of id 85 to 127.0.0.1 <http://127.0.0.1>
> port 32997
> > SER-To-DID = "domain.any"
> >
> > the ser debug output haven't show any change related to did avp
> in to track, why is that, what do I missed?
> >
> > debug output:
> > Mar 9 10:47:50 tomix ser[3721]: INFO: avp.c:540: class=GLOBAL
> > Mar 9 10:47:50 tomix ser[3721]: AVP["lang"]="en"
> > Mar 9 10:47:50 tomix ser[3721]: INFO: avp.c:550: track=FROM
> class=DOMAIN
> > Mar 9 10:47:50 tomix ser[3721]: AVP["did"]="tezet.no-ip.org
> <http://tezet.no-ip.org>"
> > Mar 9 10:47:50 tomix ser[3721]: AVP["digest_realm"]="
> tezet.no-ip.org <http://tezet.no-ip.org>"
> > Mar 9 10:47:50 tomix ser[3721]: INFO: avp.c:560: track=TO
> class=DOMAIN
> > Mar 9 10:47:50 tomix ser[3721]: AVP["did"]=" tezet.no-ip.org
> <http://tezet.no-ip.org>"
> > Mar 9 10:47:50 tomix ser[3721]:
> AVP["digest_realm"]="tezet.no-ip.org <http://tezet.no-ip.org>"
> > Mar 9 10:47:50 tomix ser[3721]: INFO: avp.c:570: track=FROM
> class=USER
> > Mar 9 10:47:50 tomix ser[3721]: INFO: No AVP present
> > Mar 9 10:47:50 tomix ser[3721]: INFO: avp.c:580: track=TO
> class=USER
> > Mar 9 10:47:50 tomix ser[3721]: AVP["uid"]="
> tomix at tezet.no-ip.org <mailto:tomix at tezet.no-ip.org>"
> > Mar 9 10:47:50 tomix ser[3721]: INFO: avp.c:590: track=FROM
> class=URI
> > Mar 9 10:47:50 tomix ser[3721]: INFO: No AVP present
> > Mar 9 10:47:50 tomix ser[3721]: INFO: avp.c :600: track=TO
> class=URI
> > Mar 9 10:47:50 tomix ser[3721]:
> AVP["fforward_failure"]="sip:misia at tezet.no-ip.org
> <mailto:sip:misia at tezet.no-ip.org>"
> > Mar 9 10:47:50 tomix ser[3721]: route[INBOUND]:
> radius_load_attrs($tr, at ruri) <ACK> < sip:tomix at tezet.no-ip.org
> <mailto:sip:tomix at tezet.no-ip.org>>
> > Mar 9 10:47:50 tomix ser[3721]: INFO: avp.c:540: class=GLOBAL
> > Mar 9 10:47:50 tomix ser[3721]: AVP["lang"]="en"
> > Mar 9 10:47:50 tomix ser[3721]: INFO: avp.c:550: track=FROM
> class=DOMAIN
> > Mar 9 10:47:50 tomix ser[3721]: AVP["did"]="tezet.no-ip.org
> <http://tezet.no-ip.org>"
> > Mar 9 10:47:50 tomix ser[3721]: AVP["digest_realm"]="
> tezet.no-ip.org <http://tezet.no-ip.org>"
> > Mar 9 10:47:50 tomix ser[3721]: INFO: avp.c:560: track=TO
> class=DOMAIN
> > Mar 9 10:47:50 tomix ser[3721]: AVP["did"]=" tezet.no-ip.org
> <http://tezet.no-ip.org>"
> > Mar 9 10:47:50 tomix ser[3721]:
> AVP["digest_realm"]="tezet.no-ip.org <http://tezet.no-ip.org>"
> > Mar 9 10:47:50 tomix ser[3721]: INFO: avp.c:570: track=FROM
> class=USER
> > Mar 9 10:47:50 tomix ser[3721]: INFO: No AVP present
> > Mar 9 10:47:50 tomix ser[3721]: INFO: avp.c:580: track=TO
> class=USER
> > Mar 9 10:47:50 tomix ser[3721]: AVP["uid"]="
> tomix at tezet.no-ip.org <mailto:tomix at tezet.no-ip.org>"
> > Mar 9 10:47:50 tomix ser[3721]: INFO: avp.c:590: track=FROM
> class=URI
> > Mar 9 10:47:50 tomix ser[3721]: INFO: No AVP present
> > Mar 9 10:47:50 tomix ser[3721]: INFO: avp.c :600: track=TO
> class=URI
> > Mar 9 10:47:50 tomix ser[3721]:
> AVP["fforward_failure"]="sip:misia at tezet.no-ip.org
> <mailto:sip:misia at tezet.no-ip.org>"
> >
> > Bests
> > Tomasz
> >
> >
> > >
> > > Integer values are automatically converted from string into
> integer avp.
> > > It is the responsibility of the RADIUS server to return the
> correct set
> > > of AVP dependent on SER-Service-Type (see etc/dictionary.ser).
> > > g-)
> > > > Thank you in advance
> > > > Best
> > > > Tomasz
> > > > _______________________________________________
> > > > Serusers mailing list
> > > > Serusers at lists.iptel.org <mailto:Serusers at lists.iptel.org>
> > > > http://lists.iptel.org/mailman/listinfo/serusers
> > > >
> > > >
> > > >
> >
> > _______________________________________________
> > Serusers mailing list
> > Serusers at lists.iptel.org <mailto:Serusers at lists.iptel.org>
> > http://lists.iptel.org/mailman/listinfo/serusers
>
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org <mailto:Serusers at lists.iptel.org>
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20070607/d285c2fb/attachment.htm>
More information about the sr-users
mailing list