(RADIATOR) accounting request Acct-Session-Id lost in conversion from diameter to radius

Hugh Irvine hugh at open.com.au
Tue Mar 20 23:02:06 CST 2007


Hello Blake -

Further to this, you could use the PreHandlerHook available in the  
ServerDIAMETER clause to do whatever you wish.

The PreHandlerHook is passed a pointer to the translated radius  
request as an arguement, and there is a reference in that radius  
request to the original Diameter request in $tp->{diameter_request}.

See the code in "Radius/ServerDIAMETER.pm" and the example hooks in  
"goodies/hooks.txt".

regards

Hugh


On 21 Mar 2007, at 10:57, Mike McCauley wrote:

> Hello Blake,
>
> Thanks for your thoughtful comments.
> The reason that copy_dia_to_radius_attrs works the way it does is  
> from our
> interpretation of the Diameter RFCs.
>
> I would expect to see accounting session IDs in the Diameter Acct- 
> Session-Id
> AVP (code 44), (which would be immediately converted to the RADIUS
> Acct-Session-Id attribute).
>
> Session-ID (code 263) is a Diamater-specific thing, and would not  
> normally be
> transferred to the Radius packet (as you have noted).
>
> Hope that helps.
>
> Cheers.
>
> On Wednesday 21 March 2007 08:52, Blake Ulmer wrote:
>> Hello again,
>>
>> Thanks for the quick reply to my first posting (undefined  
>> Authenticator
>> field converting from diameter to radius).  I have another potential
>> problem in the diameter to radius conversion, specifically for
>> accounting packets.
>>
>> Again, my environment is 3.16 on RHEL4.  I'm doing a diamter  
>> accounting
>> request (using diapwtst) to radiator, which converts it to radius,  
>> and
>> sends it off to my third party radius server.  The radius server  
>> is not
>> accepting the request, because Acct-Session-Id is not present.
>>
>> I specify -session_id <whatever> to diapwtst, and I can see the
>> originating diameter request containing the session-id (if I don't
>> specify anything, then I get a default session-id, but it's there).
>> However, the converted radius acct request does not contain it.
>>
>> I dove into ServerDIAMETER.pm, and found that the
>> copy_dia_to_radius_attrs method only converts a few specific  
>> attributes,
>> and then anything with an attribute number below 256.  The session-id
>> field (ACODE_SESSION_ID) has a value of 263, which is why it isn't  
>> being
>> converted.  That set of ifs also has no plain old, "else", which  
>> is why
>> there's no log message or anything about why it isn't converted,  
>> or that
>> it isn't being converted.
>>
>> I have a somewhat kludgey fix I'm using, which is to simply add  
>> another
>> if for the diameter ACODE_SESSION_ID, which copies $value into the
>> packet for Acct-Session-Id, and that seems to work.
>>
>> I know that Acct-Session-Id is required by the radius RFC, and so I
>> wonder why the attribute is only copied if the attribute number is  
>> less
>> than 256?  It seems either that number should be much larger, or a
>> specific case needs to be entered for ACODE_SESSION_ID.
>>
>> Thank you again,
>> Blake Ulmer
>>
>> Here's a snippet of the Acct-Session-Id not being translated (in an
>> accounting request), for kicks:
>>
>> **************************************************************
>> Tue Mar 20 18:37:05 2007: DEBUG: zulu.open.com.au <- testoriginhost
>> recv_v1msg:
>>   Code:           271 (Accounting)
>>   Version:        1
>>   Flags:          0x80 (R)
>>   Application ID: 1 (Nasreq)
>>   Hop-to-Hop ID:  2
>>   End-to-End ID:  554696706
>>   Attributes:
>>     Session-Id: 64, 5,
>>     Origin-Host: 64, testoriginhost,
>>     Origin-Realm: 64, testoriginrealm,
>>     User-Name: 64, bob at hal9002.com,
>>     Called-Station-Id: 64, 123456789,
>>     Calling-Station-Id: 64, 987654321,
>>     NAS-Port: 64, 1234,
>>     Accounting-Record-Type: 64, START_RECORD,
>>     Accounting-Record-Number: 64, 12345,
>> Tue Mar 20 18:37:05 2007: DEBUG: StateMachine::event R-Rcv-Message in
>> state R-Open. Calling Process
>> Tue Mar 20 18:37:05 2007: DEBUG: zulu.open.com.au Process
>> Tue Mar 20 18:37:05 2007: DEBUG: Packet dump:
>> *** Diameter request converted to Radius request ....
>> Code:       Accounting-Request
>> Identifier: UNDEF
>> Authentic:  1234567890123456
>> Attributes:
>>         NAS-Identifier = "testoriginhost"
>>         User-Name = "bob at hal9002.com"
>>         Called-Station-Id = "123456789"
>>         Calling-Station-Id = "987654321"
>>         NAS-Port = 1234
>>         Acct-Status-Type = 1
>>
>> Tue Mar 20 18:37:05 2007: DEBUG: Handling request with Handler
>> 'Realm=hal9002.com'
>> Tue Mar 20 18:37:05 2007: DEBUG: Handling with Radius::AuthRADIUS
>> Tue Mar 20 18:37:05 2007: DEBUG: Packet dump:
>> *** Sending to 192.168.3.248 port 1813 ....
>>
>> Packet length = 93
>> 04 01 00 5d e8 28 e8 a6 c7 39 60 1f 3f eb d6 1c
>> cf 9c ac 40 20 10 74 65 73 74 6f 72 69 67 69 6e
>> 68 6f 73 74 01 11 62 6f 62 40 68 61 6c 39 30 30
>> 32 2e 63 6f 6d 1e 0b 31 32 33 34 35 36 37 38 39
>> 1f 0b 39 38 37 36 35 34 33 32 31 05 06 00 00 04
>> d2 28 06 00 00 00 01 29 06 00 00 00 00
>> Code:       Accounting-Request
>> Identifier: 1
>> Authentic:  <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> Attributes:
>>         NAS-Identifier = "testoriginhost"
>>         User-Name = "bob at hal9002.com"
>>         Called-Station-Id = "123456789"
>>         Calling-Station-Id = "987654321"
>>         NAS-Port = 1234
>>         Acct-Status-Type = 1
>>         Acct-Delay-Time = 0
>> **************************************************************
>
> -- 
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++,  
> WWW
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia   http:// 
> www.open.com.au
> Phone +61 7 5598-7474                       Fax   +61 7 5598-7070
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,  
> TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list