(RADIATOR) Radius Proxy how to ignore unknown attributes
Hugh Irvine
hugh at open.com.au
Thu Oct 4 02:15:12 CDT 2007
Hello Iiker -
All of the attributes you want to pass through unchanged should be
defined as "binary".
As always you should do some experiments and check the trace 5 debug
to verify correct operation.
regards
Hugh
On 4 Oct 2007, at 16:59, İlker Aktuna (Koç.net) wrote:
> Hi Hugh,
>
> Thanks for this helpful information.
> What about parameters like "call-duration" ? Should I use binary or
> integer for them ?
>
> Thanks,
> ilker
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Thursday, October 04, 2007 4:37 AM
> To: İlker Aktuna (Koç.net)
> Cc: Hadi Unal AKYOL; radiator at open.com.au
> Subject: Re: (RADIATOR) Radius Proxy how to ignore unknown attributes
>
>
> Hello Iiker -
>
> Thanks for sending the trace 5 - it helps enormously.
>
> The problem here is that type "integer" expects 4 octets of data, and
> these attributes only contain a single octet value.
>
> If you just want to pass the data through unchanged, I suggest you
> define the attributes as "binary".
>
> Ie. something like this:
>
> VENDORATTR 5826 NCX-Caller-ID-type 1 binary
>
> You can also remove the corresponding VALUE definitions.
>
> hope that helps
>
> regards
>
> Hugh
>
>
> On 4 Oct 2007, at 00:52, İlker Aktuna (Koç.net) wrote:
>
>> Hi Hugh,
>>
>> I've changed the dictionary as you recommended. But I still get the
>> same error.
>> In the request I see that the radius attribute NCX-Caller-ID-type
>> is null. But in this case Radiator says " There is no value named
>> for attribute NCX-Caller-ID-type"
>>
>> What do you suggest ?
>>
>> Here is the level 5 trace :
>>
>> Wed Oct 3 14:51:51 2007: DEBUG: Packet dump:
>> *** Received from 192.168.247.81 port 1645 ....
>>
>> Packet length = 157
>> 01 99 00 9d 36 7b e7 72 23 28 20 66 7f d3 93 76
>> fd 02 ee 33 01 08 31 32 33 34 35 36 02 12 3c e0
>> 31 5f c6 6a 0e ec 8a 0d 24 5a b8 fb fd 37 04 06
>> 0a 64 f7 51 1e 0c 31 30 30 35 30 32 31 30 30 30
>> 1f 0d 30 35 33 32 37 36 35 34 37 36 31 2c 3b 36
>> 2e 32 35 30 2e 31 35 30 2e 35 38 2e 31 32 34 2e
>> 32 35 2e 31 37 2e 32 31 36 2e 31 35 32 2e 32 33
>> 35 2e 30 2e 31 37 36 2e 32 30 38 2e 31 30 31 2e
>> 33 33 2e 31 36 38 30 30 1a 09 00 00 03 e7 01 03
>> 00 1a 0c 00 00 03 e7 02 06 0a 64 f7 51
>> Code: Access-Request
>> Identifier: 153
>> Authentic: 6{<231>r#( f<127><211><147>v<253><2><238>3
>> Attributes:
>> User-Name = "123456"
>> User-Password = <<224>1_<198>j<14><236><138><13>
>> $Z<184><251><253>7
>> NAS-IP-Address = 192.168.247.81
>> Called-Station-Id = "1005021000"
>> Calling-Station-Id = "05327654761"
>> Acct-Session-Id =
>> "6.250.150.58.124.25.17.216.152.235.0.176.208.101.33.16800"
>> NCX-Caller-ID-type =
>> NCX-Originate-Address = 174389073
>>
>> Wed Oct 3 14:51:51 2007: DEBUG: Handling request with Handler ''
>> Wed Oct 3 14:51:51 2007: DEBUG: Deleting session for 123456,
>> 192.168.247.81,
>> Wed Oct 3 14:51:51 2007: DEBUG: Handling with Radius::AuthRADIUS
>> Wed Oct 3 14:51:51 2007: ERR: There is no value named for
>> attribute NCX-Caller-ID-type. Using 0.
>> Wed Oct 3 14:51:51 2007: DEBUG: AuthBy RADIUS creates new local
>> socket '0.0.0.0' for sending requests
>> Wed Oct 3 14:51:51 2007: DEBUG: Packet dump:
>> *** Sending to 192.168.99.13 port 1645 ....
>>
>> Packet length = 160
>> 01 01 00 a0 36 7b e7 72 23 28 20 66 7f d3 93 76
>> fd 02 ee 33 01 08 31 32 33 34 35 36 02 12 3c e0
>> 31 5f c6 6a 0e ec 8a 0d 24 5a b8 fb fd 37 04 06
>> 0a 64 f7 51 1e 0c 31 30 30 35 30 32 31 30 30 30
>> 1f 0d 30 35 33 32 37 36 35 34 37 36 31 2c 3b 36
>> 2e 32 35 30 2e 31 35 30 2e 35 38 2e 31 32 34 2e
>> 32 35 2e 31 37 2e 32 31 36 2e 31 35 32 2e 32 33
>> 35 2e 30 2e 31 37 36 2e 32 30 38 2e 31 30 31 2e
>> 33 33 2e 31 36 38 30 30 1a 0c 00 00 03 e7 01 06
>> 00 00 00 00 1a 0c 00 00 03 e7 02 06 0a 64 f7 51
>> Code: Access-Request
>> Identifier: 1
>> Authentic: 6{<231>r#( f<127><211><147>v<253><2><238>3
>> Attributes:
>> User-Name = "123456"
>> User-Password = <<224>1_<198>j<14><236><138><13>
>> $Z<184><251><253>7
>> NAS-IP-Address = 192.168.247.81
>> Called-Station-Id = "1005021000"
>> Calling-Station-Id = "05327654761"
>> Acct-Session-Id =
>> "6.250.150.58.124.25.17.216.152.235.0.176.208.101.33.16800"
>> NCX-Caller-ID-type =
>> NCX-Originate-Address = 174389073
>>
>>
>> Thanks,
>> ilker
>>
>> -----Original Message-----
>> From: Hugh Irvine [mailto:hugh at open.com.au]
>> Sent: Wednesday, October 03, 2007 2:32 AM
>> To: İlker Aktuna (Koç.net)
>> Cc: Hadi Unal AKYOL; radiator at open.com.au
>> Subject: Re: (RADIATOR) Radius Proxy how to ignore unknown attributes
>>
>>
>> Hello Iiker -
>>
>> This vendor is listed as (http://www.iana.org/assignments/enterprise-
>> numbers):
>>
>> 5826
>> MIND CTI Ltd.
>> Raanan Grinwald
>> graanan&mindcti.com
>>
>> In general you should prefix the attribute names with a vendor tag to
>> avoid potetial conflicts elsewhere in the dictionary and so you know
>> what vendor the attributes refer to.
>>
>> Ie:
>>
>> VENDORATTR 5826 MINDCTI-Caller-ID-type 1 integer
>> ......
>>
>> You should have a look at a trace 5 debug from Radiator to see the
>> hex dumps of the requests to see exactly what is contained in the
>> attribute values.
>>
>> The message you are seeing below indicates that the values contained
>> in the RADIUS request are not listed in the VALUES that you have
>> defined.
>>
>> hope that helps
>>
>> regards
>>
>> Hugh
>>
>>
>> On 2 Oct 2007, at 21:21, İlker Aktuna (Koç.net) wrote:
>>
>>> Hi Hugh,
>>>
>>> Thanks for your answer. I defined the attributes in the dictionary
>>> as seen below.
>>> But I get the following errors in the logfile.
>>>
>>> Fri Sep 28 09:34:14 2007: ERR: There is no value named for
>>> attribute Status. Using 0.
>>> Fri Sep 28 09:36:52 2007: ERR: There is no value named for
>>> attribute Billing-Model. Using 0.
>>> Fri Sep 28 09:36:52 2007: ERR: There is no value named for
>>> attribute Status. Using 0.
>>> Fri Sep 28 09:39:14 2007: ERR: There is no value named for
>>> attribute Caller-ID-type. Using 0.
>>>
>>> Added lines to dictionary:
>>>
>>> VENDORATTR 5826 Caller-ID-type 1 integer
>>> VENDORATTR 5826 Originate-Address 2 integer
>>> VENDORATTR 5826 Balance 3 string
>>> VENDORATTR 5826 Currency 4 string
>>> VENDORATTR 5826 Billing-Model 5 integer
>>> VENDORATTR 5826 Language 6 string
>>> VENDORATTR 5826 Status 7 integer
>>> VENDORATTR 5826 Call-Direction 8 string
>>> VENDORATTR 5826 Call-Info 9 string
>>> VENDORATTR 5826 Call-Parties 10 integer
>>> VENDORATTR 5826 Line 11 integer
>>> VENDORATTR 5826 Outbound-type 12 integer
>>> VENDORATTR 5826 Query-Request 13 integer
>>> VENDORATTR 5826 Start-Time 14 integer
>>> VENDORATTR 5826 Protocol-Number 15 integer
>>> VENDORATTR 5826 Max-Call-Duration 16 integer
>>> VENDORATTR 5826 CDR 17 string
>>> VENDORATTR 5826 TRUNKID 18 string
>>> VENDORATTR 5826 DNIS 19 string
>>> VENDORATTR 5826 ANI-info-digits 20 string
>>> VENDORATTR 5826 Accounting-start-type 21 integer
>>> VENDORATTR 5826 Remote-address 22 integer
>>> VENDORATTR 5826 Total-duration 23 integer
>>> VENDORATTR 5826 Action-type 24 integer
>>> VENDORATTR 5826 New-Password 25 string
>>> VENDORATTR 5826 Destination-User-Code 26 string
>>> VENDORATTR 5826 Destination-Password 27 string
>>> VENDORATTR 5826 Voucher-number 28 string
>>> VENDORATTR 5826 Voucher-password 29 string
>>> VENDORATTR 5826 Amount 30 string
>>> VENDORATTR 5826 ISO-Currency 31 string
>>> VENDORATTR 5826 Source-Balance 32 string
>>> VENDORATTR 5826 Extra-Info 33 string
>>> VENDORATTR 5826 DB-Query 34 string
>>> VENDORATTR 5826 Reservation-Expires 38 integer
>>> VALUE Caller-ID-type User-ID 0
>>> VALUE Caller-ID-type PIN-Code 1
>>> VALUE Caller-ID-type ANI-Code 2
>>> VALUE Caller-ID-type Domain 4
>>> VALUE Billing-Model CREDIT 0
>>> VALUE Billing-Model DEBIT 1
>>> VALUE Status OK 0
>>> VALUE Status FAIL 1
>>> VALUE Status INVAILD-ARGUMENT 2
>>> VALUE Status USER-NOT-FOUND 3
>>> VALUE Status ACCOUNT-IN-USE 4
>>> VALUE Status CARD-EXPIRED 5
>>> VALUE Status CREDIT-LIMIT 6
>>> VALUE Status USER-BLOCKED 7
>>> VALUE Status BAD-LINe-NUMBER 8
>>> VALUE Status INVALID-NUMBER 11
>>> VALUE Status RATE-FOR-CALL 12
>>> VALUE Status NOT-AUTHORIZED 13
>>> VALUE Status NOT-ENOUGH-MONEY 14
>>> VALUE Status ACCOUNT-NOT-ACTIVE 15
>>> VALUE Status WRONG-OLD-PASSWORD 16
>>> VALUE Status USER-DENIED 17
>>> VALUE Status INVALID-NEW-PASSWORD 18
>>> VALUE Status INVALID-DESTINATION-ACCOUNT 19
>>> VALUE Status TARIFF-NOT-FOUND 20
>>> VALUE Status IP-ALLOCATION-FAILED 21
>>> VALUE Status INVALID-PASSWORD 23
>>> VALUE Status ZERO-BALANCE 24
>>> VALUE Status NO-DATA-FOUND 25
>>> VALUE Status TOO-MANY-ROW-DATA 26
>>> VALUE Call-Parties Phone-To-Phone 1
>>> VALUE Call-Parties Desktop-To-Phone 2
>>> VALUE Call-Parties Phone-To-Desktop 3
>>> VALUE Call-Parties Phone-To-PBX 10
>>> VALUE Call-Parties Desktop-To-PBX 11
>>> VALUE Call-Parties Web-To-PBX 20
>>> VALUE Outbound-type PSTN 0
>>> VALUE Outbound-type PBX 1
>>> VALUE Query-Request Query 2
>>> VALUE Query-Request Query-Lock 1
>>> VALUE Protocol-Number DTMF 0
>>> VALUE Protocol-Number E164 1
>>> VALUE Accounting-start-type First-Auth 0
>>> VALUE Accounting-start-type Re-Auth 1
>>> VALUE Accounting-start-type Call-Start 2
>>> VALUE Action-type Regular 1
>>> VALUE Action-type Change-Pswd 2
>>> VALUE Action-type Transfer 3
>>> VALUE Action-type Recharge 4
>>> VALUE Action-type DBQuery 5
>>> VALUE Action-type Resolve 6
>>>
>>> What do you think about this ?
>>>
>>> Thanks,
>>> ilker
>>>
>>> -----Original Message-----
>>> From: owner-radiator at open.com.au [mailto:owner-
>>> radiator at open.com.au] On Behalf Of Hugh Irvine
>>> Sent: Tuesday, October 02, 2007 1:48 AM
>>> To: Hadi Unal AKYOL
>>> Cc: radiator at open.com.au
>>> Subject: Re: (RADIATOR) Radius Proxy how to ignore unknown
>>> attributes
>>>
>>>
>>> Hello iiker -
>>>
>>> The only way you can do what you describe is to add the
>>> attributes to
>>> the dictionary.
>>>
>>> The RADIUS requests are decoded off the wire using the dictionary,
>>> processed internally by Radiator, then re-encoded using the
>>> dictionary to be re-sent.
>>>
>>> Therefore all attributes that you want forwarded must be defined in
>>> the dictionary.
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On 1 Oct 2007, at 16:43, Hadi Unal AKYOL wrote:
>>>
>>>> Hi,
>>>>
>>>>
>>>>
>>>> I am using Radiator as a radius proxy. So I just want it to forward
>>>> the radius packet without making any checks.
>>>>
>>>> Unfortunately I noticed that if an attribute is not known (not in
>>>> the dictionary) it removes the attribute from the request and then
>>>> forwards the request to the radius server.
>>>>
>>>> I know that this problem can be solved by adding the unknown
>>>> attributes to the dictionary. But if there is a simpler way of
>>>> ignoring unknown attributes and forwarding them, I would like to
>>>> use it.
>>>>
>>>> Is there any way of doing this ?
>>>>
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> ilker
>>>>
>>>>
>>>> Connect to the next generation of MSN Messenger Get it now!
>>>
>>>
>>>
>>> NB:
>>>
>>> Have you read the reference manual ("doc/ref.html")?
>>> Have you searched the mailing list archive (www.open.com.au/
>>> archives/
>>> radiator)?
>>> Have you had a quick look on Google (www.google.com)?
>>> Have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>> Have you checked the RadiusExpert wiki:
>>> http://www.open.com.au/wiki/index.php/Main_Page
>>>
>>> --
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>> Includes support for reliable RADIUS transport (RadSec),
>>> and DIAMETER translation agent.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database
>>> independence.
>>> -
>>> CATool: Private Certificate Authority for Unix and Unix-like
>>> systems.
>>>
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>> ____________________________________________________________________
>>> _
>>> _
>>> ____________________________________________________________________
>>> _
>>> _
>>> _
>>> Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor
>>> olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa,
>>> icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari
>>> acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen
>>> geri gonderiniz ve tum kopyalarini mesaj kutunuzdan siliniz. Bu e-
>>> posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz,
>>> yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji
>>> viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak
>>> yollayici, bu e-posta mesajinin - virus koruma sistemleri ile
>>> kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve
>>> meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul
>>> etmez.
>>> This message is intended solely for the use of the individual or
>>> entity to whom it is addressed , and may contain confidential
>>> information. If you are not the intended recipient of this message
>>> or you receive this mail in error, you should refrain from making
>>> any use of the contents and from opening any attachment. In that
>>> case, please notify the sender immediately and return the message
>>> to the sender, then, delete and destroy all copies. This e-mail
>>> message, can not be copied, published or sold for any reason. This
>>> e-mail message has been swept by anti-virus systems for the
>>> presence of computer viruses. In doing so, however, sender cannot
>>> warrant that virus or other forms of data corruption may not be
>>> present and do not take any responsibility in any occurrence.
>>> ____________________________________________________________________
>>> _
>>> _
>>> ____________________________________________________________________
>>> _
>>> _
>>> _
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/
>> radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>> Have you checked the RadiusExpert wiki:
>> http://www.open.com.au/wiki/index.php/Main_Page
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec),
>> and DIAMETER translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>> _____________________________________________________________________
>> _
>> _____________________________________________________________________
>> _
>> _
>> Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor
>> olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa,
>> icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari
>> acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen
>> geri gonderiniz ve tum kopyalarini mesaj kutunuzdan siliniz. Bu e-
>> posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz,
>> yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji
>> viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak
>> yollayici, bu e-posta mesajinin - virus koruma sistemleri ile
>> kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve
>> meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul
>> etmez.
>> This message is intended solely for the use of the individual or
>> entity to whom it is addressed , and may contain confidential
>> information. If you are not the intended recipient of this message
>> or you receive this mail in error, you should refrain from making
>> any use of the contents and from opening any attachment. In that
>> case, please notify the sender immediately and return the message
>> to the sender, then, delete and destroy all copies. This e-mail
>> message, can not be copied, published or sold for any reason. This
>> e-mail message has been swept by anti-virus systems for the
>> presence of computer viruses. In doing so, however, sender cannot
>> warrant that virus or other forms of data corruption may not be
>> present and do not take any responsibility in any occurrence.
>> _____________________________________________________________________
>> _
>> _____________________________________________________________________
>> _
>> _
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
> ______________________________________________________________________
> ______________________________________________________________________
> _
> Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor
> olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa,
> icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari
> acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen
> geri gonderiniz ve tum kopyalarini mesaj kutunuzdan siliniz. Bu e-
> posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz,
> yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji
> viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak
> yollayici, bu e-posta mesajinin - virus koruma sistemleri ile
> kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve
> meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul
> etmez.
> This message is intended solely for the use of the individual or
> entity to whom it is addressed , and may contain confidential
> information. If you are not the intended recipient of this message
> or you receive this mail in error, you should refrain from making
> any use of the contents and from opening any attachment. In that
> case, please notify the sender immediately and return the message
> to the sender, then, delete and destroy all copies. This e-mail
> message, can not be copied, published or sold for any reason. This
> e-mail message has been swept by anti-virus systems for the
> presence of computer viruses. In doing so, however, sender cannot
> warrant that virus or other forms of data corruption may not be
> present and do not take any responsibility in any occurrence.
> ______________________________________________________________________
> ______________________________________________________________________
> _
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list