(RADIATOR) Radius Proxy how to ignore unknown attributes
Hugh Irvine
hugh at open.com.au
Wed Oct 3 20:37:04 CDT 2007
Hello Iiker -
Thanks for sending the trace 5 - it helps enormously.
The problem here is that type "integer" expects 4 octets of data, and
these attributes only contain a single octet value.
If you just want to pass the data through unchanged, I suggest you
define the attributes as "binary".
Ie. something like this:
VENDORATTR 5826 NCX-Caller-ID-type 1 binary
You can also remove the corresponding VALUE definitions.
hope that helps
regards
Hugh
On 4 Oct 2007, at 00:52, İlker Aktuna (Koç.net) wrote:
> Hi Hugh,
>
> I've changed the dictionary as you recommended. But I still get the
> same error.
> In the request I see that the radius attribute NCX-Caller-ID-type
> is null. But in this case Radiator says " There is no value named
> for attribute NCX-Caller-ID-type"
>
> What do you suggest ?
>
> Here is the level 5 trace :
>
> Wed Oct 3 14:51:51 2007: DEBUG: Packet dump:
> *** Received from 192.168.247.81 port 1645 ....
>
> Packet length = 157
> 01 99 00 9d 36 7b e7 72 23 28 20 66 7f d3 93 76
> fd 02 ee 33 01 08 31 32 33 34 35 36 02 12 3c e0
> 31 5f c6 6a 0e ec 8a 0d 24 5a b8 fb fd 37 04 06
> 0a 64 f7 51 1e 0c 31 30 30 35 30 32 31 30 30 30
> 1f 0d 30 35 33 32 37 36 35 34 37 36 31 2c 3b 36
> 2e 32 35 30 2e 31 35 30 2e 35 38 2e 31 32 34 2e
> 32 35 2e 31 37 2e 32 31 36 2e 31 35 32 2e 32 33
> 35 2e 30 2e 31 37 36 2e 32 30 38 2e 31 30 31 2e
> 33 33 2e 31 36 38 30 30 1a 09 00 00 03 e7 01 03
> 00 1a 0c 00 00 03 e7 02 06 0a 64 f7 51
> Code: Access-Request
> Identifier: 153
> Authentic: 6{<231>r#( f<127><211><147>v<253><2><238>3
> Attributes:
> User-Name = "123456"
> User-Password = <<224>1_<198>j<14><236><138><13>
> $Z<184><251><253>7
> NAS-IP-Address = 192.168.247.81
> Called-Station-Id = "1005021000"
> Calling-Station-Id = "05327654761"
> Acct-Session-Id =
> "6.250.150.58.124.25.17.216.152.235.0.176.208.101.33.16800"
> NCX-Caller-ID-type =
> NCX-Originate-Address = 174389073
>
> Wed Oct 3 14:51:51 2007: DEBUG: Handling request with Handler ''
> Wed Oct 3 14:51:51 2007: DEBUG: Deleting session for 123456,
> 192.168.247.81,
> Wed Oct 3 14:51:51 2007: DEBUG: Handling with Radius::AuthRADIUS
> Wed Oct 3 14:51:51 2007: ERR: There is no value named for
> attribute NCX-Caller-ID-type. Using 0.
> Wed Oct 3 14:51:51 2007: DEBUG: AuthBy RADIUS creates new local
> socket '0.0.0.0' for sending requests
> Wed Oct 3 14:51:51 2007: DEBUG: Packet dump:
> *** Sending to 192.168.99.13 port 1645 ....
>
> Packet length = 160
> 01 01 00 a0 36 7b e7 72 23 28 20 66 7f d3 93 76
> fd 02 ee 33 01 08 31 32 33 34 35 36 02 12 3c e0
> 31 5f c6 6a 0e ec 8a 0d 24 5a b8 fb fd 37 04 06
> 0a 64 f7 51 1e 0c 31 30 30 35 30 32 31 30 30 30
> 1f 0d 30 35 33 32 37 36 35 34 37 36 31 2c 3b 36
> 2e 32 35 30 2e 31 35 30 2e 35 38 2e 31 32 34 2e
> 32 35 2e 31 37 2e 32 31 36 2e 31 35 32 2e 32 33
> 35 2e 30 2e 31 37 36 2e 32 30 38 2e 31 30 31 2e
> 33 33 2e 31 36 38 30 30 1a 0c 00 00 03 e7 01 06
> 00 00 00 00 1a 0c 00 00 03 e7 02 06 0a 64 f7 51
> Code: Access-Request
> Identifier: 1
> Authentic: 6{<231>r#( f<127><211><147>v<253><2><238>3
> Attributes:
> User-Name = "123456"
> User-Password = <<224>1_<198>j<14><236><138><13>
> $Z<184><251><253>7
> NAS-IP-Address = 192.168.247.81
> Called-Station-Id = "1005021000"
> Calling-Station-Id = "05327654761"
> Acct-Session-Id =
> "6.250.150.58.124.25.17.216.152.235.0.176.208.101.33.16800"
> NCX-Caller-ID-type =
> NCX-Originate-Address = 174389073
>
>
> Thanks,
> ilker
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Wednesday, October 03, 2007 2:32 AM
> To: İlker Aktuna (Koç.net)
> Cc: Hadi Unal AKYOL; radiator at open.com.au
> Subject: Re: (RADIATOR) Radius Proxy how to ignore unknown attributes
>
>
> Hello Iiker -
>
> This vendor is listed as (http://www.iana.org/assignments/enterprise-
> numbers):
>
> 5826
> MIND CTI Ltd.
> Raanan Grinwald
> graanan&mindcti.com
>
> In general you should prefix the attribute names with a vendor tag to
> avoid potetial conflicts elsewhere in the dictionary and so you know
> what vendor the attributes refer to.
>
> Ie:
>
> VENDORATTR 5826 MINDCTI-Caller-ID-type 1 integer
> ......
>
> You should have a look at a trace 5 debug from Radiator to see the
> hex dumps of the requests to see exactly what is contained in the
> attribute values.
>
> The message you are seeing below indicates that the values contained
> in the RADIUS request are not listed in the VALUES that you have
> defined.
>
> hope that helps
>
> regards
>
> Hugh
>
>
> On 2 Oct 2007, at 21:21, İlker Aktuna (Koç.net) wrote:
>
>> Hi Hugh,
>>
>> Thanks for your answer. I defined the attributes in the dictionary
>> as seen below.
>> But I get the following errors in the logfile.
>>
>> Fri Sep 28 09:34:14 2007: ERR: There is no value named for
>> attribute Status. Using 0.
>> Fri Sep 28 09:36:52 2007: ERR: There is no value named for
>> attribute Billing-Model. Using 0.
>> Fri Sep 28 09:36:52 2007: ERR: There is no value named for
>> attribute Status. Using 0.
>> Fri Sep 28 09:39:14 2007: ERR: There is no value named for
>> attribute Caller-ID-type. Using 0.
>>
>> Added lines to dictionary:
>>
>> VENDORATTR 5826 Caller-ID-type 1 integer
>> VENDORATTR 5826 Originate-Address 2 integer
>> VENDORATTR 5826 Balance 3 string
>> VENDORATTR 5826 Currency 4 string
>> VENDORATTR 5826 Billing-Model 5 integer
>> VENDORATTR 5826 Language 6 string
>> VENDORATTR 5826 Status 7 integer
>> VENDORATTR 5826 Call-Direction 8 string
>> VENDORATTR 5826 Call-Info 9 string
>> VENDORATTR 5826 Call-Parties 10 integer
>> VENDORATTR 5826 Line 11 integer
>> VENDORATTR 5826 Outbound-type 12 integer
>> VENDORATTR 5826 Query-Request 13 integer
>> VENDORATTR 5826 Start-Time 14 integer
>> VENDORATTR 5826 Protocol-Number 15 integer
>> VENDORATTR 5826 Max-Call-Duration 16 integer
>> VENDORATTR 5826 CDR 17 string
>> VENDORATTR 5826 TRUNKID 18 string
>> VENDORATTR 5826 DNIS 19 string
>> VENDORATTR 5826 ANI-info-digits 20 string
>> VENDORATTR 5826 Accounting-start-type 21 integer
>> VENDORATTR 5826 Remote-address 22 integer
>> VENDORATTR 5826 Total-duration 23 integer
>> VENDORATTR 5826 Action-type 24 integer
>> VENDORATTR 5826 New-Password 25 string
>> VENDORATTR 5826 Destination-User-Code 26 string
>> VENDORATTR 5826 Destination-Password 27 string
>> VENDORATTR 5826 Voucher-number 28 string
>> VENDORATTR 5826 Voucher-password 29 string
>> VENDORATTR 5826 Amount 30 string
>> VENDORATTR 5826 ISO-Currency 31 string
>> VENDORATTR 5826 Source-Balance 32 string
>> VENDORATTR 5826 Extra-Info 33 string
>> VENDORATTR 5826 DB-Query 34 string
>> VENDORATTR 5826 Reservation-Expires 38 integer
>> VALUE Caller-ID-type User-ID 0
>> VALUE Caller-ID-type PIN-Code 1
>> VALUE Caller-ID-type ANI-Code 2
>> VALUE Caller-ID-type Domain 4
>> VALUE Billing-Model CREDIT 0
>> VALUE Billing-Model DEBIT 1
>> VALUE Status OK 0
>> VALUE Status FAIL 1
>> VALUE Status INVAILD-ARGUMENT 2
>> VALUE Status USER-NOT-FOUND 3
>> VALUE Status ACCOUNT-IN-USE 4
>> VALUE Status CARD-EXPIRED 5
>> VALUE Status CREDIT-LIMIT 6
>> VALUE Status USER-BLOCKED 7
>> VALUE Status BAD-LINe-NUMBER 8
>> VALUE Status INVALID-NUMBER 11
>> VALUE Status RATE-FOR-CALL 12
>> VALUE Status NOT-AUTHORIZED 13
>> VALUE Status NOT-ENOUGH-MONEY 14
>> VALUE Status ACCOUNT-NOT-ACTIVE 15
>> VALUE Status WRONG-OLD-PASSWORD 16
>> VALUE Status USER-DENIED 17
>> VALUE Status INVALID-NEW-PASSWORD 18
>> VALUE Status INVALID-DESTINATION-ACCOUNT 19
>> VALUE Status TARIFF-NOT-FOUND 20
>> VALUE Status IP-ALLOCATION-FAILED 21
>> VALUE Status INVALID-PASSWORD 23
>> VALUE Status ZERO-BALANCE 24
>> VALUE Status NO-DATA-FOUND 25
>> VALUE Status TOO-MANY-ROW-DATA 26
>> VALUE Call-Parties Phone-To-Phone 1
>> VALUE Call-Parties Desktop-To-Phone 2
>> VALUE Call-Parties Phone-To-Desktop 3
>> VALUE Call-Parties Phone-To-PBX 10
>> VALUE Call-Parties Desktop-To-PBX 11
>> VALUE Call-Parties Web-To-PBX 20
>> VALUE Outbound-type PSTN 0
>> VALUE Outbound-type PBX 1
>> VALUE Query-Request Query 2
>> VALUE Query-Request Query-Lock 1
>> VALUE Protocol-Number DTMF 0
>> VALUE Protocol-Number E164 1
>> VALUE Accounting-start-type First-Auth 0
>> VALUE Accounting-start-type Re-Auth 1
>> VALUE Accounting-start-type Call-Start 2
>> VALUE Action-type Regular 1
>> VALUE Action-type Change-Pswd 2
>> VALUE Action-type Transfer 3
>> VALUE Action-type Recharge 4
>> VALUE Action-type DBQuery 5
>> VALUE Action-type Resolve 6
>>
>> What do you think about this ?
>>
>> Thanks,
>> ilker
>>
>> -----Original Message-----
>> From: owner-radiator at open.com.au [mailto:owner-
>> radiator at open.com.au] On Behalf Of Hugh Irvine
>> Sent: Tuesday, October 02, 2007 1:48 AM
>> To: Hadi Unal AKYOL
>> Cc: radiator at open.com.au
>> Subject: Re: (RADIATOR) Radius Proxy how to ignore unknown attributes
>>
>>
>> Hello iiker -
>>
>> The only way you can do what you describe is to add the attributes to
>> the dictionary.
>>
>> The RADIUS requests are decoded off the wire using the dictionary,
>> processed internally by Radiator, then re-encoded using the
>> dictionary to be re-sent.
>>
>> Therefore all attributes that you want forwarded must be defined in
>> the dictionary.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 1 Oct 2007, at 16:43, Hadi Unal AKYOL wrote:
>>
>>> Hi,
>>>
>>>
>>>
>>> I am using Radiator as a radius proxy. So I just want it to forward
>>> the radius packet without making any checks.
>>>
>>> Unfortunately I noticed that if an attribute is not known (not in
>>> the dictionary) it removes the attribute from the request and then
>>> forwards the request to the radius server.
>>>
>>> I know that this problem can be solved by adding the unknown
>>> attributes to the dictionary. But if there is a simpler way of
>>> ignoring unknown attributes and forwarding them, I would like to
>>> use it.
>>>
>>> Is there any way of doing this ?
>>>
>>>
>>>
>>> Thanks,
>>>
>>> ilker
>>>
>>>
>>> Connect to the next generation of MSN Messenger Get it now!
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/
>> radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>> Have you checked the RadiusExpert wiki:
>> http://www.open.com.au/wiki/index.php/Main_Page
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec),
>> and DIAMETER translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>> _____________________________________________________________________
>> _
>> _____________________________________________________________________
>> _
>> _
>> Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor
>> olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa,
>> icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari
>> acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen
>> geri gonderiniz ve tum kopyalarini mesaj kutunuzdan siliniz. Bu e-
>> posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz,
>> yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji
>> viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak
>> yollayici, bu e-posta mesajinin - virus koruma sistemleri ile
>> kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve
>> meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul
>> etmez.
>> This message is intended solely for the use of the individual or
>> entity to whom it is addressed , and may contain confidential
>> information. If you are not the intended recipient of this message
>> or you receive this mail in error, you should refrain from making
>> any use of the contents and from opening any attachment. In that
>> case, please notify the sender immediately and return the message
>> to the sender, then, delete and destroy all copies. This e-mail
>> message, can not be copied, published or sold for any reason. This
>> e-mail message has been swept by anti-virus systems for the
>> presence of computer viruses. In doing so, however, sender cannot
>> warrant that virus or other forms of data corruption may not be
>> present and do not take any responsibility in any occurrence.
>> _____________________________________________________________________
>> _
>> _____________________________________________________________________
>> _
>> _
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
> ______________________________________________________________________
> ______________________________________________________________________
> _
> Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor
> olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa,
> icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari
> acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen
> geri gonderiniz ve tum kopyalarini mesaj kutunuzdan siliniz. Bu e-
> posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz,
> yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji
> viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak
> yollayici, bu e-posta mesajinin - virus koruma sistemleri ile
> kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve
> meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul
> etmez.
> This message is intended solely for the use of the individual or
> entity to whom it is addressed , and may contain confidential
> information. If you are not the intended recipient of this message
> or you receive this mail in error, you should refrain from making
> any use of the contents and from opening any attachment. In that
> case, please notify the sender immediately and return the message
> to the sender, then, delete and destroy all copies. This e-mail
> message, can not be copied, published or sold for any reason. This
> e-mail message has been swept by anti-virus systems for the
> presence of computer viruses. In doing so, however, sender cannot
> warrant that virus or other forms of data corruption may not be
> present and do not take any responsibility in any occurrence.
> ______________________________________________________________________
> ______________________________________________________________________
> _
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list