[Serusers] avp_radius - ser2.1 - Access Request Contents

Thu Jun 7 10:52:57 CEST 2007

Please register as 2.0 issue on http://tracker.iptel.org/
g-)

samuel wrote:
> Hi all,
>
> Sorry for stepping so late in this post but I am facing exactly the 
> same "issue" and would like to call for attention from other SER 2.0 
> rc2 users/developers.
>
> Whenever you try to load from RADIUS user class attributes, for 
> example with
>                                  radius_load_attr("$tu","@to.uri")
> you get in radius only
> User-Name = "sip:sam at test.voip.com <mailto:sip:sam at test.voip.com>"
> SER-Service-Type=Get-User-Attrs.
>
> In case you want to load uri class attributes, for example with
>                                 radius_load_attr("$tr","@to.uri")
>  the Radius Request paquet has completely different contents, namely 
> the URI splited into 3 parameters SER-URI-Scheme = "sip"
> User-Name = "sam"
> SER-DID = "test.voip.com <http://test.voip.com>"
>
> This double format complicates unnecessarily, at least for me, radius 
> configuration or forces you to do some "dirty", at least for me, 
> tricks in order to get in the User-Name paramenter the same value so 
> you onlyhave ONE USER DEFINITION in radius config and not all the 
> possible combinations it may appear...Remember you can call 
> load_user_attr with different arguments (@ruri, at to,@ 
> to.uri, at to.uri,username,....) and it will end up being a complete mess.
>
> I would therefore like to standardize both methods so the same data is 
> expected in radius or that someone explain why this different methods 
> are required.
>
> Thanks to all!!!
>
> Samuel.
>
>
> P.D. I'm a radius newbie, using FreeRadius, and may be there are clean 
> ways to configure RADIUS so both Access-Requests are handled in a 
> ellegant way requiring you to have only one user definition.
>
>
> 2007/3/12, tzieleniewski <tzieleniewski at o2.pl 
> <mailto:tzieleniewski at o2.pl>>:
>
>     Hi
>
>     Is this correct that when I send the Get-URI-Attrs request type to
>     radius it has the following contents:
>             SER-Uri-Scheme = "sip"
>             User-Name = "hellboy"
>             SER-DID = " voip.rd.touk.pl <http://voip.rd.touk.pl>"
>             SER-Service-Type = Get-URI-Attrs
>             NAS-Port = 0
>             NAS-IP-Address = 127.0.0.1 <http://127.0.0.1>
>     and when I send the Get-User_Attrs the contents are the following:
>             User-Name = "sip:hellboy at voip.rd.touk.pl
>     <mailto:sip:hellboy at voip.rd.touk.pl>"
>             SER-Service-Type = Get-User-Attrs
>             NAS-Port = 0
>             NAS-IP-Address = 127.0.0.1 <http://127.0.0.1>
>
>     shouldn't here be the same split into the User-Name and SER-DID?
>     Such form implies to have double records in radius for sip:hellboy
>     and hellboy.
>
>     Bests
>     Tomasz
>
>
>     > >
>     > > tzieleniewski wrote:
>     > > > hi!
>     > > >
>     > > > When I invoke the radius_load_attrs() the message send to
>     radius has the following shape:
>     > > > Thu Mar  8 10:50:46 2007
>     > > >         Packet-Type = Access-Request
>     > > >         User-Name = "sip:hellboy at voip.rd.touk.pl
>     <mailto:sip:hellboy at voip.rd.touk.pl>"
>     > > >         SER-Service-Type = Get-User-Attrs
>     > > >         NAS-Port = 0
>     > > >         NAS-IP-Address = 127.0.0.1 <http://127.0.0.1>
>     > > >
>     > > > the message doesn't contain any authentication data like
>     password.
>     > > > so do I understand right that radius in such case should be
>     configured in such a way to accept any message of the
>     SER-Service-Type = Get-User-Attrs?
>     > > >
>     > > That's correct.
>     > > > Are still the avp loaded from radius prefixed or they are
>     just put into the particular track and class?
>     > > >
>     > > No prefixes.
>     > > > Could You please give me one example of the radius one avp
>     record and the shape in which it will appear in ser after loading.
>     > > >
>     > > SER-Attr -> avp[:=]value
>     > Hi,
>     >
>     > I did it and connection with radius works fine - I see the
>     Access-Request from ser being analyzed and answered by radius but
>     I can see an avp value to appear in ser.
>     > I did such a check:
>     >
>     > dump_attrs();
>     > radius_load_attrs("$tr","@ruri");
>     > dump_attrs();
>     >
>     > the following message arived at radius:
>     >         SER-Uri-Scheme = "sip"
>     >         User-Name = "tomix"
>     >         SER-DID = "tezet.no-ip.org <http://tezet.no-ip.org>"
>     >         SER-Service-Type = Get-URI-Attrs
>     >         NAS-Port = 0
>     >         NAS-IP-Address = 127.0.0.1 <http://127.0.0.1>
>     >
>     > and following one was answered:
>     > Sending Access-Accept of id 85 to 127.0.0.1 <http://127.0.0.1>
>     port 32997
>     >         SER-To-DID = "domain.any"
>     >
>     > the ser debug output haven't show any change related to did avp
>     in to track, why is that, what do I missed?
>     >
>     > debug output:
>     > Mar  9 10:47:50 tomix ser[3721]: INFO: avp.c:540: class=GLOBAL
>     > Mar  9 10:47:50 tomix ser[3721]: AVP["lang"]="en"
>     > Mar  9 10:47:50 tomix ser[3721]: INFO: avp.c:550: track=FROM
>     class=DOMAIN
>     > Mar  9 10:47:50 tomix ser[3721]: AVP["did"]="tezet.no-ip.org
>     <http://tezet.no-ip.org>"
>     > Mar  9 10:47:50 tomix ser[3721]: AVP["digest_realm"]="
>     tezet.no-ip.org <http://tezet.no-ip.org>"
>     > Mar  9 10:47:50 tomix ser[3721]: INFO: avp.c:560: track=TO
>     class=DOMAIN
>     > Mar  9 10:47:50 tomix ser[3721]: AVP["did"]=" tezet.no-ip.org
>     <http://tezet.no-ip.org>"
>     > Mar  9 10:47:50 tomix ser[3721]:
>     AVP["digest_realm"]="tezet.no-ip.org <http://tezet.no-ip.org>"
>     > Mar  9 10:47:50 tomix ser[3721]: INFO: avp.c:570: track=FROM
>     class=USER
>     > Mar  9 10:47:50 tomix ser[3721]: INFO: No AVP present
>     > Mar  9 10:47:50 tomix ser[3721]: INFO: avp.c:580: track=TO
>     class=USER
>     > Mar  9 10:47:50 tomix ser[3721]: AVP["uid"]="
>     tomix at tezet.no-ip.org <mailto:tomix at tezet.no-ip.org>"
>     > Mar  9 10:47:50 tomix ser[3721]: INFO: avp.c:590: track=FROM
>     class=URI
>     > Mar  9 10:47:50 tomix ser[3721]: INFO: No AVP present
>     > Mar  9 10:47:50 tomix ser[3721]: INFO: avp.c :600: track=TO
>     class=URI
>     > Mar  9 10:47:50 tomix ser[3721]:
>     AVP["fforward_failure"]="sip:misia at tezet.no-ip.org
>     <mailto:sip:misia at tezet.no-ip.org>"
>     > Mar  9 10:47:50 tomix ser[3721]:  route[INBOUND]:
>     radius_load_attrs($tr, at ruri) <ACK> < sip:tomix at tezet.no-ip.org
>     <mailto:sip:tomix at tezet.no-ip.org>>
>     > Mar  9 10:47:50 tomix ser[3721]: INFO: avp.c:540: class=GLOBAL
>     > Mar  9 10:47:50 tomix ser[3721]: AVP["lang"]="en"
>     > Mar  9 10:47:50 tomix ser[3721]: INFO: avp.c:550: track=FROM
>     class=DOMAIN
>     > Mar  9 10:47:50 tomix ser[3721]: AVP["did"]="tezet.no-ip.org
>     <http://tezet.no-ip.org>"
>     > Mar  9 10:47:50 tomix ser[3721]: AVP["digest_realm"]="
>     tezet.no-ip.org <http://tezet.no-ip.org>"
>     > Mar  9 10:47:50 tomix ser[3721]: INFO: avp.c:560: track=TO
>     class=DOMAIN
>     > Mar  9 10:47:50 tomix ser[3721]: AVP["did"]=" tezet.no-ip.org
>     <http://tezet.no-ip.org>"
>     > Mar  9 10:47:50 tomix ser[3721]:
>     AVP["digest_realm"]="tezet.no-ip.org <http://tezet.no-ip.org>"
>     > Mar  9 10:47:50 tomix ser[3721]: INFO: avp.c:570: track=FROM
>     class=USER
>     > Mar  9 10:47:50 tomix ser[3721]: INFO: No AVP present
>     > Mar  9 10:47:50 tomix ser[3721]: INFO: avp.c:580: track=TO
>     class=USER
>     > Mar  9 10:47:50 tomix ser[3721]: AVP["uid"]="
>     tomix at tezet.no-ip.org <mailto:tomix at tezet.no-ip.org>"
>     > Mar  9 10:47:50 tomix ser[3721]: INFO: avp.c:590: track=FROM
>     class=URI
>     > Mar  9 10:47:50 tomix ser[3721]: INFO: No AVP present
>     > Mar  9 10:47:50 tomix ser[3721]: INFO: avp.c :600: track=TO
>     class=URI
>     > Mar  9 10:47:50 tomix ser[3721]:
>     AVP["fforward_failure"]="sip:misia at tezet.no-ip.org
>     <mailto:sip:misia at tezet.no-ip.org>"
>     >
>     > Bests
>     > Tomasz
>     >
>     >
>     > >
>     > > Integer values are automatically converted from string into
>     integer avp.
>     > > It is the responsibility of the RADIUS server to return the
>     correct set
>     > > of AVP dependent on SER-Service-Type (see etc/dictionary.ser).
>     > > g-)
>     > > > Thank you in advance
>     > > > Best
>     > > > Tomasz
>     > > > _______________________________________________
>     > > > Serusers mailing list
>     > > > Serusers at lists.iptel.org <mailto:Serusers at lists.iptel.org>
>     > > > http://lists.iptel.org/mailman/listinfo/serusers
>     > > >
>     > > >
>     > > >
>     >
>     > _______________________________________________
>     > Serusers mailing list
>     > Serusers at lists.iptel.org <mailto:Serusers at lists.iptel.org>
>     > http://lists.iptel.org/mailman/listinfo/serusers
>
>     _______________________________________________
>     Serusers mailing list
>     Serusers at lists.iptel.org <mailto:Serusers at lists.iptel.org>
>     http://lists.iptel.org/mailman/listinfo/serusers
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20070607/d285c2fb/attachment.htm>