[SR-Users] Kamailio AVPs Radius
Daniel-Constantin Mierla
miconda at gmail.com
Tue Dec 16 00:11:38 CET 2014
On 15/12/14 13:31, Kalala Alexander wrote:
> Daniel,
>
> Possible to make changes to the module for the understanding of AVP from Radius?
As said, it will probably require a bit of C coding. I haven't dealt
with Radius for many years. What is the AVP id for Session-Timeout (as
defined in the radius dictionary)?
Daniel
>
> 11.12.2014, 18:11, "Daniel-Constantin Mierla" <miconda at gmail.com>:
>> Looking a bit deeper in the code, apparently only SIP_AVP (code 27) are
>> added as avps -- see generate_avps():
>>
>> modules/auth_radius/sterman.c
>>
>> For adding all radius avps, I guess some extra C code needs to be pushed
>> there.
>>
>> Cheers,
>> Daniel
>>
>> On 11/12/14 14:57, Kalala Alexander wrote:
>>> I have done avp_print (); Here's the output:
>>>
>>> 1(11832) INFO: avpops [avpops_impl.c:1488]: ops_print_avp(): name=<digest_challenge>
>>> 1(11832) INFO: avpops [avpops_impl.c:1496]: ops_print_avp(): val_str=<Proxy-Authenticate: Digest realm="sip.voip.by", nonce="VIgtSVSILB3mhgkw9TUSxb2W5cVvKr4S", qop="auth"
>>>
>>> Received no attributes in the AVP (For Example "Session-Timeout")...
>>> The answer comes from the Radius after proxy_challenge("$fd", "0");
>>>
>>> Access-Accept (2)
>>> AVP: l=6 t=Session-Timeout(27): 11234
>>>
>>> 11.12.2014, 16:06, "Daniel-Constantin Mierla" <miconda at gmail.com>:
>>>> Not using radius myself, but a quick look at the code reveals that some
>>>> avps are generated after authentication. You can print the list of the
>>>> avps with avp_print():
>>>>
>>>> http://kamailio.org/docs/modules/stable/modules/avpops.html#avpops.f.avp_print
>>>>
>>>> Then you can see what is getting back from radius.
>>>>
>>>> Cheers,
>>>> Daniel
>>>>
>>>> On 10/12/14 20:42, Kalala Alexander wrote:
>>>>> Radius server sends a response containing an attribute (Session-Timeout (27): 2342).
>>>>> How is the value saved in the AVPs using module auch_radius?
>>>>>
>>>>> Config:
>>>>>
>>>>> modparam("auth_radius", "radius_config","/etc/radiusclient-ng/radiusclient.conf")
>>>>> modparam("auth_radius", "service_type",15)
>>>>> modparam("auth_radius", "use_ruri_flag", 22)
>>>>> modparam("auth_radius", "auth_extra",
>>>>> "Calling-Station-Id=$fU;Called-Station-Id=$tU;Acct-Session-Id=$ci")
>>>>>
>>>>> if (is_method("REGISTER"))
>>>>> {
>>>>> # authenticate the REGISTER requests (uncomment to enable auth)
>>>>> if (!radius_www_authorize("$td")) {
>>>>> www_challenge("$td", "0");
>>>>> exit;
>>>>> }
>>>>>
>>>>> if ($au!=$tU)
>>>>> {
>>>>> sl_send_reply("403","Forbidden auth ID");
>>>>> exit;
>>>>> }
>>>>> }
>>>>>
>>>>> ...............................
>>>>>
>>>>> if (from_uri==myself)
>>>>> {
>>>>> if (!radius_proxy_authorize("$fd", "$fU")) {
>>>>> proxy_challenge("$fd", "0");
>>>>> exit;
>>>>>
>>>>> }
>>>> --
>>>> Daniel-Constantin Mierla
>>>> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>>>>
>>>> _______________________________________________
>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>> sr-users at lists.sip-router.org
>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>> --
>> Daniel-Constantin Mierla
>> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
More information about the sr-users
mailing list