(RADIATOR) cisco-h323 reply attributes

David Boyd dboyd at vscllc.com
Fri May 2 22:42:52 CDT 2003


Hello Richard, I believe that you need to return the full string back to
the Cisco device.  In example:

cisco-h323-credit-amount = "cisco-h323-credit-amount =
h323-credit-amount=XXXX"

and

cisco-h323-credit-time = "cisco-h323-credit-time =
h323-credit-time=XXXX"


This is of course if you are using any of the devices that are
controlled by tk/tcl scripting.  There is a bug in version 1.x of the
scripts that cause this problem.

Dave



-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
Behalf Of Hugh Irvine
Sent: Friday, May 02, 2003 7:52 PM
To: Richard Grantham
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) cisco-h323 reply attributes


Hello Richard -

Thanks for sending the debug information.

It looks to me like Radiator is doing the right thing, with the
cisco-avpair being returned correctly (as far as the debug is
concerned). You should probably use a packet sniffer and the Cisco
debug command to verify that the packet is correctly formatted on the
wire.

Like you my suspicion would be the Cisco, although it may simply be the
case that there is some other reply attribute(s) required in the access
accept - possibly the Service-Type attribute which Cisco's are very
picky about. Normally the access accept must contain the same
Service-Type as was received in the access request.

regards

Hugh



On Friday, May 2, 2003, at 20:44 Australia/Melbourne, Richard Grantham
wrote:

> Hi,
>
> We've just installed Radiator for calling card use.  I've been reading
> through all the previous forum posts on the subject but I am having
> problems with cisco-h323-credit-amount and cisco-h323-credit-time and
I
> want to narrow it down to if it's the Radiator configuration or
whether
> the issue lies with the IVR script or Cisco router.
>
> Basically, from what I understand from reading previous posts is that
> these reply attributes need to returned in the format
>
>       cisco-h323-credit-amount = "h323-credit-amount=XXXX"
>       cisco-h323-credit-time = "h323-credit-time=XXXX"
>
> where XXXX is a number.
>
> The problem I'm having is that the IVR script is not picking up these
> values.  We are storing calling card details in an Oracle database.
My
> (sanitised) handler for authentication and returning the credit amount
> looks like this:
>
> <Handler>
>     <AuthBy SQL>
>         DBSource        dbi:Oracle:host=host;sid=SID
>         DBUsername      user
>         DBAuth          pass
>         AuthSelect      select password, 'h323-credit-amount=' || \
>                         balance * 100 from subscribers \
>                         where username=%0 and balance > 0
>         AuthColumnDef   0,User-Password,check
>         AuthColumnDef   1,cisco-h323-credit-amount,reply
>     </AuthBy>
> </Handler>
>
> (the 'balance * 100' is because we work in dollars and IVR likes
> cisco-h323-credit-amount in cents)
>
> If the balance for a user is 10 then the reply column value would be
> h323-credit-amount=100.  The level 4 debug gives this:
>
> <SNIP>
> Fri May  2 09:19:41 2003: DEBUG: Handling request with Handler ''
> Fri May  2 09:19:41 2003: DEBUG:  Deleting session for 123456,
> 194.8.254.12,
> Fri May  2 09:19:41 2003: DEBUG: Handling with Radius::AuthSQL
> Fri May  2 09:19:41 2003: DEBUG: Handling with Radius::AuthSQL:
> Fri May  2 09:19:41 2003: DEBUG: Query is: 'select password,
> 'h323-credit-amount=' || balance * 100 from subscribers where
> username='123456' and balance > 0':
>
> Fri May  2 09:19:41 2003: DEBUG: Radius::AuthSQL looks for match with
> 123456
> Fri May  2 09:19:41 2003: DEBUG: Radius::AuthSQL ACCEPT:
> Fri May  2 09:19:41 2003: DEBUG: Access accepted for 123456
> Fri May  2 09:19:41 2003: DEBUG: Packet dump:
> *** Sending to 194.8.227.12 port 1645 ....
> Code:       Access-Accept
> Identifier: 220
> Authentic:  7<253>8T<215><151><178>v<145><30>-<255><173><246><248>5
> Attributes:
>         cisco-h323-credit-amount = "h323-credit-amount=1000"
> </SNIP>
>
> Cisco's documented method for reading these H323 values is
>
>       set num [getVariable aaa h323-credit-amount creditAmount]
>
> where num is the number of h323-credit-amount attributes in the reply
> and creditAmount is an array in which they are stored.  If num is
> bigger
> than zero then there are h323-credit-amount reply attributes.
>
> The value for num is always 0, therefore the script is not reading the
> h323-credit-amount.  I have verified this value is being returned
using
> the NTRadPing program.  Have I missed something vital wrt the
> Radiator configuration?  Or is this down to a Cisco product being a
> pain.
>
> Sorry this question has been asked before, I have read the previous
> threads but not come across any behaviour matching this, aside from
> when
> the attribute is formatted incorrectly and I'm pretty sure this is
not.
>
> TIA
>
> Richard
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message. 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2210 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030502/6c16ef38/attachment.bin>


More information about the radiator mailing list