(RADIATOR) AuthBy External clause problem

Hugh Irvine hugh at open.com.au
Wed Sep 3 06:54:47 CDT 2003 

Hello Ganbold -

It is possible that you may need to use "ResultInOutput" in this  
environment.

Have a look at the code in "Radius/AuthEXTERNAL.pm" and maybe add some  
print statements so you can see what is happening. And please let us  
know what you find.

regards

Hugh


On Wednesday, Sep 3, 2003, at 21:11 Australia/Melbourne, Ganbold wrote:

> Hi,
>
> I'm testing Radiator-3.6 in Windows 2000 advanced server.
> I'm using AuthBy External clause in handlers. But when external program
> returns 0 (Access-Accept) radiator understands it as a 3 and responds
> with Access-Challenge response. External program worked well in
> FreeBSD 5.1. It works in FreeBSD as it supposed to. However in Windows
> above problem occurs.
>
> How can I solve this problem? Is it OS issue? or there is something  
> else?
> I really appreciate if somebody give the right solution.
>
> thanks in advance,
>
> Ganbold
> Micom CO.,Ltd
>
>
> ----------------------------------------------------------------------- 
> ---------------
> Trace 4 debug:
> ----------------------------------------------------------------------- 
> ---------------
>
> Code:       Access-Request
> Identifier: 149
> Authentic:   
> <157><201><20>5u<249><179><11><8><255><240><236>W<195><253>x
> Attributes:
> 	User-Name = "44444444"
> 	User-Password =  
> "<159><192><246><10><228><184>Z<200>K<1><253><232><162>^Tv"
> 	cisco-h323-conf-id = "h323-conf-id=45135D12 DD3911D7 809F812C  
> 9428BE9D"
> 	cisco-avpair = "h323-ivr-out=transactionID:114"
> 	Calling-Station-Id = "11323224"
> 	Called-Station-Id = "0011112365"
> 	Service-Type = Login-User
> 	NAS-IP-Address = xxx.xxx.xxx.xxx
>
> Wed Sep  3 19:36:01 2003: DEBUG: Rewrote user name to 44444444
> Wed Sep  3 19:36:01 2003: DEBUG: Rewrote user name to 44444444
> Wed Sep  3 19:36:01 2003: DEBUG: Rewrote user name to 44444444
> Wed Sep  3 19:36:01 2003: DEBUG: Rewrote user name to 44444444
> Wed Sep  3 19:36:01 2003: DEBUG: Handling request with Handler  
> 'User-Name = /^([0-9])+$/, Called-Station-Id = /^([0-9])+$/'
> Wed Sep  3 19:36:01 2003: DEBUG: Rewrote user name to 44444444
> Wed Sep  3 19:36:01 2003: DEBUG: Running command:  
> d:\Radiator-3.6\hooks\CalcCreditTime
> Wed Sep  3 19:36:01 2003: DEBUG: Access challenged for 44444444:
> Wed Sep  3 19:36:01 2003: DEBUG: Packet dump:
> *** Sending to xxx.xxx.xxx.xxx port 21661 ....
> Code:       Access-Challenge
> Identifier: 149
> Authentic:   
> <157><201><20>5u<249><179><11><8><255><240><236>W<195><253>x
> Attributes:
> 	cisco-h323-return-code = "h323-return-code=0"
> 	cisco-h323-credit-time = "h323-credit-time=1276"
> 	Reply-Message = "first 5!"
>
>
>
> ----------------------------------------------------------------------- 
> ---------------
> Below is my config:
> ----------------------------------------------------------------------- 
> ---------------
>
> #radius.cfg
>
> Foreground
> Trace 4
>
> AuthPort	1645
> AcctPort	1646
>
> LogDir		d:\Radiator-3.6\log
> LogFile		%L/logfile.txt
>
> DictionaryFile  d:\Radiator-3.6\dictionary
>
> RewriteUsername s/^\s+//
> RewriteUsername s/\s+$//
> RewriteUsername s/\s+//g
> RewriteUsername	tr/[A-Z]/[a-z]/
>
>
> <Client xxx.xxx.xxx.xxx>
> 	Secret xxx
> 	NasType Cisco
> 	SNMPCommunity MN-2008
> 	StatusServerShowClientDetails
> </Client>
>
>
> <AuthBy SQL>
>         DBSource        dbi:mysql:voip_prepaid:localhost
>         DBUsername      xxx
>         DBAuth          xxx
>
>         Identifier VoipTerminate
>
>         AuthSelect
>
>         AccountingTable voip_termination
>         AccountingStopsOnly
>
>         AcctColumnDef   nasipaddress,NAS-IP-Address
>         AcctColumnDef   cisco_nas_port,Cisco-NAS-Port
>         AcctColumnDef   username,User-Name
>
>         AcctColumnDef   calledstationid,Called-Station-Id
>         AcctColumnDef   callingstationid,Calling-Station-Id
>
>         AcctColumnDef  
> h323_gw_id,cisco-h323-gw-id,literal,trim(substring('%{cisco-h323-gw- 
> id}',locate('=','%{cisco-h323-gw-id}')+1))
>         AcctColumnDef  
> h323_call_origin,cisco-h323-call- 
> origin,literal,trim(substring('%{cisco-h323-call- 
> origin}',locate('=','%{cisco-h323-call-origin}')+1))
>         AcctColumnDef  
> h323_call_type,cisco-h323-call-type,literal,trim(substring('%{cisco- 
> h323-call-type}',locate('=','%{cisco-h323-call-type}')+1))
>
>         AcctColumnDef  
> h323_setup_time,cisco-h323-setup-time,literal,trim(substring('%{cisco- 
> h323-setup-time}',locate('=','%{cisco-h323-setup-time}')+1))
>         AcctColumnDef  
> h323_connect_time,cisco-h323-connect- 
> time,literal,trim(substring('%{cisco-h323-connect- 
> time}',locate('=','%{cisco-h323-connect-time}')+1))
>         AcctColumnDef  
> h323_disconnect_time,cisco-h323-disconnect- 
> time,literal,trim(substring('%{cisco-h323-disconnect- 
> time}',locate('=','%{cisco-h323-disconnect-time}')+1))
>         AcctColumnDef  
> h323_disconnect_cause,cisco-h323-disconnect- 
> cause,literal,trim(substring('%{cisco-h323-disconnect- 
> cause}',locate('=','%{cisco-h323-disconnect-cause}')+1))
>         AcctColumnDef  
> h323_voice_quality,cisco-h323-voice- 
> quality,literal,trim(substring('%{cisco-h323-voice- 
> quality}',locate('=','%{cisco-h323-voice-quality}')+1))
>         AcctColumnDef  
> h323_remote_address,cisco-h323-remote- 
> address,literal,trim(substring('%{cisco-h323-remote- 
> address}',locate('=','%{cisco-h323-remote-address}')+1))
>
>         AcctColumnDef   acctstatustype,Acct-Status-Type
>         AcctColumnDef   acctdelaytime,Acct-Delay-Time,integer
>         AcctColumnDef   acctsessionid,Acct-Session-Id
>         AcctColumnDef   acctinputoctets,Acct-Input-Octets,integer
>         AcctColumnDef   acctoutputoctets,Acct-Output-Octets,integer
>
>         AcctColumnDef   acctsessiontime,Acct-Session-Time,integer
>         AcctColumnDef   time_stamp,Timestamp,integer
> </AuthBy>
>
> <AuthBy EXTERNAL>
> 	Identifier PSA
> 	DecryptPassword
> 	Command d:\Radiator-3.6\hooks\PSA
> </AuthBy>
> <AuthBy EXTERNAL>
> 	Identifier TransBalance
> 	DecryptPassword
> 	Command d:\Radiator-3.6\hooks\TransBalance
> </AuthBy>
> <AuthBy EXTERNAL>
> 	Identifier CalcCreditTime
> 	DecryptPassword
> 	StripFromReply	Reply-Message
> 	Command d:\Radiator-3.6\hooks\CalcCreditTime
> </AuthBy>
> <AuthBy EXTERNAL>
> 	Identifier CalcCreditAmount
> 	DecryptPassword
> 	StripFromReply	Reply-Message
> 	Command d:\Radiator-3.6\hooks\CalcCreditAmount
> </AuthBy>
>
> # 2 termination handler
> <Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop,  
> cisco-h323-call-origin = /originate$/, cisco-h323-call-type =  
> /Telephony$/>
> 	AuthBy VoipTerminate
> </Handler>
> <Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop,  
> cisco-h323-call-origin = /answer$/, cisco-h323-call-type = /VoIP$/>
> 	AuthBy VoipTerminate
> </Handler>
>
>
> <Handler Request-Type = Accounting-Request, Acct-Status-Type = Start>
> 	PostAuthHook file:"d:\Radiator-3.6\hooks\AcctResponse"
> </Handler>
>
> <Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop,  
> User-Name = /^([0-9])+$/>
> 	AuthBy CalcCreditAmount
> 	PostAuthHook file:"d:\Radiator-3.6\hooks\AcctResponse"
> </Handler>
>
> <Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop,  
> User-Name = /^([0-9])+%([0-9])+$/>
> 	PostAuthHook file:"d:\Radiator-3.6\hooks\AcctResponse"
> </Handler>
>
> <Handler User-Name = /^([0-9])+%([0-9])+$/>
> 	RewriteUsername s/^([^@]+).*/$1/
> 	RejectHasReason
> 	StripFromReply	Reply-Message
> 	AccountingHandled
> 	AuthBy TransBalance
> </Handler>
>
> <Handler User-Name = /^([0-9])+$/, Called-Station-Id = /^([0-9])+$/>
> 	RewriteUsername s/^([^@]+).*/$1/
> 	RejectHasReason
> #	StripFromReply	Reply-Message
> 	AccountingHandled
> 	AuthBy CalcCreditTime
> </Handler>
>
> # skip error
> <Handler User-Name = ERROR>
> </Handler>
> <Handler User-Name = error>
> </Handler>
>
> <Handler User-Name = /^([0-9])+$/>
> 	RewriteUsername s/^([^@]+).*/$1/
> 	RejectHasReason
> 	StripFromReply	Reply-Message
> 	AccountingHandled
> 	SessionDatabase SQL1
> 	AuthBy PSA
> </Handler>
>
>
> <SessionDatabase SQL>
> 	DBSource	dbi:mysql:voip_prepaid:localhost
> 	DBUsername	xxx
> 	DBAuth		xxx
>
> 	Identifier SQL1
>
> 	AddQuery
> 	DeleteQuery
> 	ClearNasQuery delete from voip_online where NASIDENTIFIER='%N'
> 	CountQuery
> </SessionDatabase>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.



NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list