(RADIATOR) Radius Proxy how to ignore unknown attributes

İlker Aktuna (Koç.net) ilkera at koc.net
Thu Oct 4 01:59:32 CDT 2007


Hi Hugh,

Thanks for this helpful information.
What about parameters like "call-duration" ? Should I use binary or integer for them ?

Thanks,
ilker

-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: Thursday, October 04, 2007 4:37 AM
To: İlker Aktuna (Koç.net)
Cc: Hadi Unal AKYOL; radiator at open.com.au
Subject: Re: (RADIATOR) Radius Proxy how to ignore unknown attributes


Hello Iiker -

Thanks for sending the trace 5 - it helps enormously.

The problem here is that type "integer" expects 4 octets of data, and  
these attributes only contain a single octet value.

If you just want to pass the data through unchanged, I suggest you  
define the attributes as "binary".

Ie. something like this:

VENDORATTR  5826  NCX-Caller-ID-type    1   binary

You can also remove the corresponding VALUE definitions.

hope that helps

regards

Hugh


On 4 Oct 2007, at 00:52, İlker Aktuna (Koç.net) wrote:

> Hi Hugh,
>
> I've changed the dictionary as you recommended. But I still get the  
> same error.
> In the request I see that the radius attribute NCX-Caller-ID-type  
> is null. But in this case Radiator says " There is no value named   
> for attribute NCX-Caller-ID-type"
>
> What do you suggest ?
>
> Here is the level 5 trace :
>
> Wed Oct  3 14:51:51 2007: DEBUG: Packet dump:
> *** Received from 192.168.247.81 port 1645 ....
>
> Packet length = 157
> 01 99 00 9d 36 7b e7 72 23 28 20 66 7f d3 93 76
> fd 02 ee 33 01 08 31 32 33 34 35 36 02 12 3c e0
> 31 5f c6 6a 0e ec 8a 0d 24 5a b8 fb fd 37 04 06
> 0a 64 f7 51 1e 0c 31 30 30 35 30 32 31 30 30 30
> 1f 0d 30 35 33 32 37 36 35 34 37 36 31 2c 3b 36
> 2e 32 35 30 2e 31 35 30 2e 35 38 2e 31 32 34 2e
> 32 35 2e 31 37 2e 32 31 36 2e 31 35 32 2e 32 33
> 35 2e 30 2e 31 37 36 2e 32 30 38 2e 31 30 31 2e
> 33 33 2e 31 36 38 30 30 1a 09 00 00 03 e7 01 03
> 00 1a 0c 00 00 03 e7 02 06 0a 64 f7 51
> Code:       Access-Request
> Identifier: 153
> Authentic:  6{<231>r#( f<127><211><147>v<253><2><238>3
> Attributes:
>         User-Name = "123456"
>         User-Password = <<224>1_<198>j<14><236><138><13> 
> $Z<184><251><253>7
>         NAS-IP-Address = 192.168.247.81
>         Called-Station-Id = "1005021000"
>         Calling-Station-Id = "05327654761"
>         Acct-Session-Id =  
> "6.250.150.58.124.25.17.216.152.235.0.176.208.101.33.16800"
>         NCX-Caller-ID-type =
>         NCX-Originate-Address = 174389073
>
> Wed Oct  3 14:51:51 2007: DEBUG: Handling request with Handler ''
> Wed Oct  3 14:51:51 2007: DEBUG:  Deleting session for 123456,  
> 192.168.247.81,
> Wed Oct  3 14:51:51 2007: DEBUG: Handling with Radius::AuthRADIUS
> Wed Oct  3 14:51:51 2007: ERR: There is no value named  for  
> attribute NCX-Caller-ID-type. Using 0.
> Wed Oct  3 14:51:51 2007: DEBUG: AuthBy RADIUS creates new local  
> socket '0.0.0.0' for sending requests
> Wed Oct  3 14:51:51 2007: DEBUG: Packet dump:
> *** Sending to 192.168.99.13 port 1645 ....
>
> Packet length = 160
> 01 01 00 a0 36 7b e7 72 23 28 20 66 7f d3 93 76
> fd 02 ee 33 01 08 31 32 33 34 35 36 02 12 3c e0
> 31 5f c6 6a 0e ec 8a 0d 24 5a b8 fb fd 37 04 06
> 0a 64 f7 51 1e 0c 31 30 30 35 30 32 31 30 30 30
> 1f 0d 30 35 33 32 37 36 35 34 37 36 31 2c 3b 36
> 2e 32 35 30 2e 31 35 30 2e 35 38 2e 31 32 34 2e
> 32 35 2e 31 37 2e 32 31 36 2e 31 35 32 2e 32 33
> 35 2e 30 2e 31 37 36 2e 32 30 38 2e 31 30 31 2e
> 33 33 2e 31 36 38 30 30 1a 0c 00 00 03 e7 01 06
> 00 00 00 00 1a 0c 00 00 03 e7 02 06 0a 64 f7 51
> Code:       Access-Request
> Identifier: 1
> Authentic:  6{<231>r#( f<127><211><147>v<253><2><238>3
> Attributes:
>         User-Name = "123456"
>         User-Password = <<224>1_<198>j<14><236><138><13> 
> $Z<184><251><253>7
>         NAS-IP-Address = 192.168.247.81
>         Called-Station-Id = "1005021000"
>         Calling-Station-Id = "05327654761"
>         Acct-Session-Id =  
> "6.250.150.58.124.25.17.216.152.235.0.176.208.101.33.16800"
>         NCX-Caller-ID-type =
>         NCX-Originate-Address = 174389073
>
>
> Thanks,
> ilker
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Wednesday, October 03, 2007 2:32 AM
> To: İlker Aktuna (Koç.net)
> Cc: Hadi Unal AKYOL; radiator at open.com.au
> Subject: Re: (RADIATOR) Radius Proxy how to ignore unknown attributes
>
>
> Hello Iiker -
>
> This vendor is listed as (http://www.iana.org/assignments/enterprise-
> numbers):
>
> 5826
>    MIND CTI Ltd.
>      Raanan Grinwald
>        graanan&mindcti.com
>
> In general you should prefix the attribute names with a vendor tag to
> avoid potetial conflicts elsewhere in the dictionary and so you know
> what vendor the attributes refer to.
>
> Ie:
>
> VENDORATTR  5826  MINDCTI-Caller-ID-type    1   integer
> ......
>
> You should have a look at a trace 5 debug from Radiator to see the
> hex dumps of the requests to see exactly what is contained in the
> attribute values.
>
> The message you are seeing below indicates that the values contained
> in the RADIUS request are not listed in the VALUES that you have
> defined.
>
> hope that helps
>
> regards
>
> Hugh
>
>
> On 2 Oct 2007, at 21:21, İlker Aktuna (Koç.net) wrote:
>
>> Hi Hugh,
>>
>> Thanks for your answer. I defined the attributes in the dictionary
>> as seen below.
>> But I get the following errors in the logfile.
>>
>> Fri Sep 28 09:34:14 2007: ERR: There is no value named  for
>> attribute Status. Using 0.
>> Fri Sep 28 09:36:52 2007: ERR: There is no value named  for
>> attribute Billing-Model. Using 0.
>> Fri Sep 28 09:36:52 2007: ERR: There is no value named  for
>> attribute Status. Using 0.
>> Fri Sep 28 09:39:14 2007: ERR: There is no value named  for
>> attribute Caller-ID-type. Using 0.
>>
>> Added lines to dictionary:
>>
>> VENDORATTR  5826  Caller-ID-type    1   integer
>> VENDORATTR  5826  Originate-Address   2   integer
>> VENDORATTR  5826  Balance  3   string
>> VENDORATTR  5826  Currency 4   string
>> VENDORATTR  5826  Billing-Model 5   integer
>> VENDORATTR  5826  Language    6   string
>> VENDORATTR  5826  Status 7   integer
>> VENDORATTR  5826  Call-Direction  8   string
>> VENDORATTR  5826  Call-Info   9   string
>> VENDORATTR  5826  Call-Parties  10  integer
>> VENDORATTR  5826  Line  11      integer
>> VENDORATTR  5826  Outbound-type 12  integer
>> VENDORATTR  5826  Query-Request 13  integer
>> VENDORATTR  5826  Start-Time  14  integer
>> VENDORATTR  5826  Protocol-Number 15  integer
>> VENDORATTR  5826  Max-Call-Duration   16  integer
>> VENDORATTR  5826  CDR   17  string
>> VENDORATTR  5826  TRUNKID 18  string
>> VENDORATTR  5826  DNIS  19  string
>> VENDORATTR  5826  ANI-info-digits 20  string
>> VENDORATTR  5826  Accounting-start-type 21  integer
>> VENDORATTR  5826  Remote-address  22  integer
>> VENDORATTR  5826  Total-duration  23  integer
>> VENDORATTR  5826  Action-type   24  integer
>> VENDORATTR  5826  New-Password  25      string
>> VENDORATTR  5826  Destination-User-Code 26      string
>> VENDORATTR  5826  Destination-Password  27      string
>> VENDORATTR  5826  Voucher-number  28  string
>> VENDORATTR  5826  Voucher-password    29  string
>> VENDORATTR  5826  Amount  30  string
>> VENDORATTR  5826  ISO-Currency  31  string
>> VENDORATTR  5826  Source-Balance  32  string
>> VENDORATTR  5826  Extra-Info  33  string
>> VENDORATTR  5826  DB-Query    34  string
>> VENDORATTR  5826  Reservation-Expires   38  integer
>> VALUE Caller-ID-type            User-ID                 0
>> VALUE Caller-ID-type            PIN-Code                1
>> VALUE Caller-ID-type            ANI-Code                2
>> VALUE Caller-ID-type            Domain                  4
>> VALUE Billing-Model             CREDIT                  0
>> VALUE Billing-Model             DEBIT                   1
>> VALUE Status                    OK                      0
>> VALUE Status                    FAIL                    1
>> VALUE Status                    INVAILD-ARGUMENT        2
>> VALUE Status                    USER-NOT-FOUND          3
>> VALUE Status                    ACCOUNT-IN-USE          4
>> VALUE Status                    CARD-EXPIRED            5
>> VALUE Status                    CREDIT-LIMIT            6
>> VALUE Status                    USER-BLOCKED            7
>> VALUE Status                    BAD-LINe-NUMBER         8
>> VALUE Status                    INVALID-NUMBER          11
>> VALUE Status                    RATE-FOR-CALL           12
>> VALUE Status                    NOT-AUTHORIZED          13
>> VALUE Status                    NOT-ENOUGH-MONEY        14
>> VALUE Status                    ACCOUNT-NOT-ACTIVE      15
>> VALUE Status                    WRONG-OLD-PASSWORD      16
>> VALUE Status                    USER-DENIED             17
>> VALUE Status                    INVALID-NEW-PASSWORD    18
>> VALUE Status                    INVALID-DESTINATION-ACCOUNT     19
>> VALUE Status                    TARIFF-NOT-FOUND        20
>> VALUE Status                    IP-ALLOCATION-FAILED    21
>> VALUE Status                    INVALID-PASSWORD        23
>> VALUE Status                    ZERO-BALANCE            24
>> VALUE Status                    NO-DATA-FOUND           25
>> VALUE Status                    TOO-MANY-ROW-DATA       26
>> VALUE Call-Parties              Phone-To-Phone          1
>> VALUE Call-Parties              Desktop-To-Phone        2
>> VALUE Call-Parties              Phone-To-Desktop        3
>> VALUE Call-Parties              Phone-To-PBX            10
>> VALUE Call-Parties              Desktop-To-PBX          11
>> VALUE Call-Parties              Web-To-PBX              20
>> VALUE Outbound-type             PSTN                    0
>> VALUE Outbound-type             PBX                     1
>> VALUE Query-Request             Query                   2
>> VALUE Query-Request             Query-Lock              1
>> VALUE Protocol-Number           DTMF                    0
>> VALUE Protocol-Number           E164                    1
>> VALUE Accounting-start-type     First-Auth              0
>> VALUE Accounting-start-type     Re-Auth                 1
>> VALUE Accounting-start-type     Call-Start              2
>> VALUE Action-type               Regular                 1
>> VALUE Action-type               Change-Pswd             2
>> VALUE Action-type               Transfer                3
>> VALUE Action-type               Recharge                4
>> VALUE Action-type               DBQuery                 5
>> VALUE Action-type               Resolve                 6
>>
>> What do you think about this ?
>>
>> Thanks,
>> ilker
>>
>> -----Original Message-----
>> From: owner-radiator at open.com.au [mailto:owner-
>> radiator at open.com.au] On Behalf Of Hugh Irvine
>> Sent: Tuesday, October 02, 2007 1:48 AM
>> To: Hadi Unal AKYOL
>> Cc: radiator at open.com.au
>> Subject: Re: (RADIATOR) Radius Proxy how to ignore unknown attributes
>>
>>
>> Hello iiker -
>>
>> The only way you can do what you describe is to add the attributes to
>> the dictionary.
>>
>> The RADIUS requests are decoded off the wire using the dictionary,
>> processed internally by Radiator, then re-encoded using the
>> dictionary to be re-sent.
>>
>> Therefore all attributes that you want forwarded must be defined in
>> the dictionary.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 1 Oct 2007, at 16:43, Hadi Unal AKYOL wrote:
>>
>>> Hi,
>>>
>>>
>>>
>>> I am using Radiator as a radius proxy. So I just want it to forward
>>> the radius packet without making any checks.
>>>
>>> Unfortunately I noticed that if an attribute is not known (not in
>>> the dictionary) it removes the attribute from the request and then
>>> forwards the request to the radius server.
>>>
>>> I know that this problem can be solved by adding the unknown
>>> attributes to the dictionary. But if there is a simpler way of
>>> ignoring unknown attributes and forwarding them, I would like to
>>> use it.
>>>
>>> Is there any way of doing this ?
>>>
>>>
>>>
>>> Thanks,
>>>
>>> ilker
>>>
>>>
>>> Connect to the next generation of MSN Messenger  Get it now!
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/
>> radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>> Have you checked the RadiusExpert wiki:
>> http://www.open.com.au/wiki/index.php/Main_Page
>>
>> -- 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec),
>> and DIAMETER translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>> _____________________________________________________________________ 
>> _
>> _____________________________________________________________________ 
>> _
>> _
>> Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor
>> olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa,
>> icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari
>> acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen
>> geri gonderiniz  ve  tum kopyalarini mesaj kutunuzdan siliniz. Bu e-
>> posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz,
>> yayinlanamaz ve para karsiligi satilamaz.  Bu e-posta mesaji
>> viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak
>> yollayici, bu e-posta mesajinin - virus koruma sistemleri ile
>> kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve
>> meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul
>> etmez.
>> This message is intended solely for the use of the individual or
>> entity to whom it is addressed , and may contain confidential
>> information. If you are not the intended recipient of this message
>> or you receive this mail in error, you should refrain from making
>> any use of the contents and from opening any attachment. In that
>> case, please notify the sender immediately and return the message
>> to the sender, then, delete and destroy all copies. This e-mail
>> message, can not be copied, published or sold for any reason. This
>> e-mail message has been swept by anti-virus systems for the
>> presence of computer viruses. In doing so, however,  sender  cannot
>> warrant that virus or other forms of data corruption may not be
>> present and do not take any responsibility in any occurrence.
>> _____________________________________________________________________ 
>> _
>> _____________________________________________________________________ 
>> _
>> _
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
> ______________________________________________________________________ 
> ______________________________________________________________________ 
> _
> Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor  
> olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa,   
> icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari  
> acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen  
> geri gonderiniz  ve  tum kopyalarini mesaj kutunuzdan siliniz. Bu e- 
> posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz,  
> yayinlanamaz ve para karsiligi satilamaz.  Bu e-posta mesaji  
> viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak  
> yollayici, bu e-posta mesajinin - virus koruma sistemleri ile  
> kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve  
> meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul  
> etmez.
> This message is intended solely for the use of the individual or  
> entity to whom it is addressed , and may contain confidential   
> information. If you are not the intended recipient of this message  
> or you receive this mail in error, you should refrain from making  
> any use of the contents and from opening any attachment. In that  
> case, please notify the sender immediately and return the message  
> to the sender, then, delete and destroy all copies. This e-mail  
> message, can not be copied, published or sold for any reason. This  
> e-mail message has been swept by anti-virus systems for the  
> presence of computer viruses. In doing so, however,  sender  cannot  
> warrant that virus or other forms of data corruption may not be  
> present and do not take any responsibility in any occurrence.
> ______________________________________________________________________ 
> ______________________________________________________________________ 
> _



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
_____________________________________________________________________________________________________________________________________________
Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa,  icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen geri gonderiniz  ve  tum kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz.  Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul etmez. 
This message is intended solely for the use of the individual or entity to whom it is addressed , and may contain confidential  information. If you are not the intended recipient of this message or you receive this mail in error, you should refrain from making any use of the contents and from opening any attachment. In that case, please notify the sender immediately and return the message to the sender, then, delete and destroy all copies. This e-mail message, can not be copied, published or sold for any reason. This e-mail message has been swept by anti-virus systems for the presence of computer viruses. In doing so, however,  sender  cannot warrant that virus or other forms of data corruption may not be present and do not take any responsibility in any occurrence.
_____________________________________________________________________________________________________________________________________________

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list