(RADIATOR) Radius Proxy how to ignore unknown attributes
İlker Aktuna (Koç.net)
ilkera at koc.net
Wed Oct 3 09:52:21 CDT 2007
Hi Hugh,
I've changed the dictionary as you recommended. But I still get the same error.
In the request I see that the radius attribute NCX-Caller-ID-type is null. But in this case Radiator says " There is no value named for attribute NCX-Caller-ID-type"
What do you suggest ?
Here is the level 5 trace :
Wed Oct 3 14:51:51 2007: DEBUG: Packet dump:
*** Received from 192.168.247.81 port 1645 ....
Packet length = 157
01 99 00 9d 36 7b e7 72 23 28 20 66 7f d3 93 76
fd 02 ee 33 01 08 31 32 33 34 35 36 02 12 3c e0
31 5f c6 6a 0e ec 8a 0d 24 5a b8 fb fd 37 04 06
0a 64 f7 51 1e 0c 31 30 30 35 30 32 31 30 30 30
1f 0d 30 35 33 32 37 36 35 34 37 36 31 2c 3b 36
2e 32 35 30 2e 31 35 30 2e 35 38 2e 31 32 34 2e
32 35 2e 31 37 2e 32 31 36 2e 31 35 32 2e 32 33
35 2e 30 2e 31 37 36 2e 32 30 38 2e 31 30 31 2e
33 33 2e 31 36 38 30 30 1a 09 00 00 03 e7 01 03
00 1a 0c 00 00 03 e7 02 06 0a 64 f7 51
Code: Access-Request
Identifier: 153
Authentic: 6{<231>r#( f<127><211><147>v<253><2><238>3
Attributes:
User-Name = "123456"
User-Password = <<224>1_<198>j<14><236><138><13>$Z<184><251><253>7
NAS-IP-Address = 192.168.247.81
Called-Station-Id = "1005021000"
Calling-Station-Id = "05327654761"
Acct-Session-Id = "6.250.150.58.124.25.17.216.152.235.0.176.208.101.33.16800"
NCX-Caller-ID-type =
NCX-Originate-Address = 174389073
Wed Oct 3 14:51:51 2007: DEBUG: Handling request with Handler ''
Wed Oct 3 14:51:51 2007: DEBUG: Deleting session for 123456, 192.168.247.81,
Wed Oct 3 14:51:51 2007: DEBUG: Handling with Radius::AuthRADIUS
Wed Oct 3 14:51:51 2007: ERR: There is no value named for attribute NCX-Caller-ID-type. Using 0.
Wed Oct 3 14:51:51 2007: DEBUG: AuthBy RADIUS creates new local socket '0.0.0.0' for sending requests
Wed Oct 3 14:51:51 2007: DEBUG: Packet dump:
*** Sending to 192.168.99.13 port 1645 ....
Packet length = 160
01 01 00 a0 36 7b e7 72 23 28 20 66 7f d3 93 76
fd 02 ee 33 01 08 31 32 33 34 35 36 02 12 3c e0
31 5f c6 6a 0e ec 8a 0d 24 5a b8 fb fd 37 04 06
0a 64 f7 51 1e 0c 31 30 30 35 30 32 31 30 30 30
1f 0d 30 35 33 32 37 36 35 34 37 36 31 2c 3b 36
2e 32 35 30 2e 31 35 30 2e 35 38 2e 31 32 34 2e
32 35 2e 31 37 2e 32 31 36 2e 31 35 32 2e 32 33
35 2e 30 2e 31 37 36 2e 32 30 38 2e 31 30 31 2e
33 33 2e 31 36 38 30 30 1a 0c 00 00 03 e7 01 06
00 00 00 00 1a 0c 00 00 03 e7 02 06 0a 64 f7 51
Code: Access-Request
Identifier: 1
Authentic: 6{<231>r#( f<127><211><147>v<253><2><238>3
Attributes:
User-Name = "123456"
User-Password = <<224>1_<198>j<14><236><138><13>$Z<184><251><253>7
NAS-IP-Address = 192.168.247.81
Called-Station-Id = "1005021000"
Calling-Station-Id = "05327654761"
Acct-Session-Id = "6.250.150.58.124.25.17.216.152.235.0.176.208.101.33.16800"
NCX-Caller-ID-type =
NCX-Originate-Address = 174389073
Thanks,
ilker
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Wednesday, October 03, 2007 2:32 AM
To: İlker Aktuna (Koç.net)
Cc: Hadi Unal AKYOL; radiator at open.com.au
Subject: Re: (RADIATOR) Radius Proxy how to ignore unknown attributes
Hello Iiker -
This vendor is listed as (http://www.iana.org/assignments/enterprise-
numbers):
5826
MIND CTI Ltd.
Raanan Grinwald
graanan&mindcti.com
In general you should prefix the attribute names with a vendor tag to
avoid potetial conflicts elsewhere in the dictionary and so you know
what vendor the attributes refer to.
Ie:
VENDORATTR 5826 MINDCTI-Caller-ID-type 1 integer
......
You should have a look at a trace 5 debug from Radiator to see the
hex dumps of the requests to see exactly what is contained in the
attribute values.
The message you are seeing below indicates that the values contained
in the RADIUS request are not listed in the VALUES that you have
defined.
hope that helps
regards
Hugh
On 2 Oct 2007, at 21:21, İlker Aktuna (Koç.net) wrote:
> Hi Hugh,
>
> Thanks for your answer. I defined the attributes in the dictionary
> as seen below.
> But I get the following errors in the logfile.
>
> Fri Sep 28 09:34:14 2007: ERR: There is no value named for
> attribute Status. Using 0.
> Fri Sep 28 09:36:52 2007: ERR: There is no value named for
> attribute Billing-Model. Using 0.
> Fri Sep 28 09:36:52 2007: ERR: There is no value named for
> attribute Status. Using 0.
> Fri Sep 28 09:39:14 2007: ERR: There is no value named for
> attribute Caller-ID-type. Using 0.
>
> Added lines to dictionary:
>
> VENDORATTR 5826 Caller-ID-type 1 integer
> VENDORATTR 5826 Originate-Address 2 integer
> VENDORATTR 5826 Balance 3 string
> VENDORATTR 5826 Currency 4 string
> VENDORATTR 5826 Billing-Model 5 integer
> VENDORATTR 5826 Language 6 string
> VENDORATTR 5826 Status 7 integer
> VENDORATTR 5826 Call-Direction 8 string
> VENDORATTR 5826 Call-Info 9 string
> VENDORATTR 5826 Call-Parties 10 integer
> VENDORATTR 5826 Line 11 integer
> VENDORATTR 5826 Outbound-type 12 integer
> VENDORATTR 5826 Query-Request 13 integer
> VENDORATTR 5826 Start-Time 14 integer
> VENDORATTR 5826 Protocol-Number 15 integer
> VENDORATTR 5826 Max-Call-Duration 16 integer
> VENDORATTR 5826 CDR 17 string
> VENDORATTR 5826 TRUNKID 18 string
> VENDORATTR 5826 DNIS 19 string
> VENDORATTR 5826 ANI-info-digits 20 string
> VENDORATTR 5826 Accounting-start-type 21 integer
> VENDORATTR 5826 Remote-address 22 integer
> VENDORATTR 5826 Total-duration 23 integer
> VENDORATTR 5826 Action-type 24 integer
> VENDORATTR 5826 New-Password 25 string
> VENDORATTR 5826 Destination-User-Code 26 string
> VENDORATTR 5826 Destination-Password 27 string
> VENDORATTR 5826 Voucher-number 28 string
> VENDORATTR 5826 Voucher-password 29 string
> VENDORATTR 5826 Amount 30 string
> VENDORATTR 5826 ISO-Currency 31 string
> VENDORATTR 5826 Source-Balance 32 string
> VENDORATTR 5826 Extra-Info 33 string
> VENDORATTR 5826 DB-Query 34 string
> VENDORATTR 5826 Reservation-Expires 38 integer
> VALUE Caller-ID-type User-ID 0
> VALUE Caller-ID-type PIN-Code 1
> VALUE Caller-ID-type ANI-Code 2
> VALUE Caller-ID-type Domain 4
> VALUE Billing-Model CREDIT 0
> VALUE Billing-Model DEBIT 1
> VALUE Status OK 0
> VALUE Status FAIL 1
> VALUE Status INVAILD-ARGUMENT 2
> VALUE Status USER-NOT-FOUND 3
> VALUE Status ACCOUNT-IN-USE 4
> VALUE Status CARD-EXPIRED 5
> VALUE Status CREDIT-LIMIT 6
> VALUE Status USER-BLOCKED 7
> VALUE Status BAD-LINe-NUMBER 8
> VALUE Status INVALID-NUMBER 11
> VALUE Status RATE-FOR-CALL 12
> VALUE Status NOT-AUTHORIZED 13
> VALUE Status NOT-ENOUGH-MONEY 14
> VALUE Status ACCOUNT-NOT-ACTIVE 15
> VALUE Status WRONG-OLD-PASSWORD 16
> VALUE Status USER-DENIED 17
> VALUE Status INVALID-NEW-PASSWORD 18
> VALUE Status INVALID-DESTINATION-ACCOUNT 19
> VALUE Status TARIFF-NOT-FOUND 20
> VALUE Status IP-ALLOCATION-FAILED 21
> VALUE Status INVALID-PASSWORD 23
> VALUE Status ZERO-BALANCE 24
> VALUE Status NO-DATA-FOUND 25
> VALUE Status TOO-MANY-ROW-DATA 26
> VALUE Call-Parties Phone-To-Phone 1
> VALUE Call-Parties Desktop-To-Phone 2
> VALUE Call-Parties Phone-To-Desktop 3
> VALUE Call-Parties Phone-To-PBX 10
> VALUE Call-Parties Desktop-To-PBX 11
> VALUE Call-Parties Web-To-PBX 20
> VALUE Outbound-type PSTN 0
> VALUE Outbound-type PBX 1
> VALUE Query-Request Query 2
> VALUE Query-Request Query-Lock 1
> VALUE Protocol-Number DTMF 0
> VALUE Protocol-Number E164 1
> VALUE Accounting-start-type First-Auth 0
> VALUE Accounting-start-type Re-Auth 1
> VALUE Accounting-start-type Call-Start 2
> VALUE Action-type Regular 1
> VALUE Action-type Change-Pswd 2
> VALUE Action-type Transfer 3
> VALUE Action-type Recharge 4
> VALUE Action-type DBQuery 5
> VALUE Action-type Resolve 6
>
> What do you think about this ?
>
> Thanks,
> ilker
>
> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner-
> radiator at open.com.au] On Behalf Of Hugh Irvine
> Sent: Tuesday, October 02, 2007 1:48 AM
> To: Hadi Unal AKYOL
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Radius Proxy how to ignore unknown attributes
>
>
> Hello iiker -
>
> The only way you can do what you describe is to add the attributes to
> the dictionary.
>
> The RADIUS requests are decoded off the wire using the dictionary,
> processed internally by Radiator, then re-encoded using the
> dictionary to be re-sent.
>
> Therefore all attributes that you want forwarded must be defined in
> the dictionary.
>
> regards
>
> Hugh
>
>
> On 1 Oct 2007, at 16:43, Hadi Unal AKYOL wrote:
>
>> Hi,
>>
>>
>>
>> I am using Radiator as a radius proxy. So I just want it to forward
>> the radius packet without making any checks.
>>
>> Unfortunately I noticed that if an attribute is not known (not in
>> the dictionary) it removes the attribute from the request and then
>> forwards the request to the radius server.
>>
>> I know that this problem can be solved by adding the unknown
>> attributes to the dictionary. But if there is a simpler way of
>> ignoring unknown attributes and forwarding them, I would like to
>> use it.
>>
>> Is there any way of doing this ?
>>
>>
>>
>> Thanks,
>>
>> ilker
>>
>>
>> Connect to the next generation of MSN Messenger Get it now!
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
> ______________________________________________________________________
> ______________________________________________________________________
> _
> Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor
> olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa,
> icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari
> acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen
> geri gonderiniz ve tum kopyalarini mesaj kutunuzdan siliniz. Bu e-
> posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz,
> yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji
> viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak
> yollayici, bu e-posta mesajinin - virus koruma sistemleri ile
> kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve
> meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul
> etmez.
> This message is intended solely for the use of the individual or
> entity to whom it is addressed , and may contain confidential
> information. If you are not the intended recipient of this message
> or you receive this mail in error, you should refrain from making
> any use of the contents and from opening any attachment. In that
> case, please notify the sender immediately and return the message
> to the sender, then, delete and destroy all copies. This e-mail
> message, can not be copied, published or sold for any reason. This
> e-mail message has been swept by anti-virus systems for the
> presence of computer viruses. In doing so, however, sender cannot
> warrant that virus or other forms of data corruption may not be
> present and do not take any responsibility in any occurrence.
> ______________________________________________________________________
> ______________________________________________________________________
> _
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
_____________________________________________________________________________________________________________________________________________
Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa, icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen geri gonderiniz ve tum kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul etmez.
This message is intended solely for the use of the individual or entity to whom it is addressed , and may contain confidential information. If you are not the intended recipient of this message or you receive this mail in error, you should refrain from making any use of the contents and from opening any attachment. In that case, please notify the sender immediately and return the message to the sender, then, delete and destroy all copies. This e-mail message, can not be copied, published or sold for any reason. This e-mail message has been swept by anti-virus systems for the presence of computer viruses. In doing so, however, sender cannot warrant that virus or other forms of data corruption may not be present and do not take any responsibility in any occurrence.
_____________________________________________________________________________________________________________________________________________
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list