[RADIATOR] AddToReply with Diameter
Heikki Vatiainen
hvn at open.com.au
Wed Mar 21 16:35:18 CDT 2012
On 03/21/2012 10:02 AM, Arthur Konovalov wrote:
> Thanks, it works!
Good to hear.
> One question for clarification, though. Is there AVP numbers conversion
> Radiator-> Diameter should work? In Radius AVP numbers are <255 (is it
> correct?). But in my case I had to add Diameter values to the Radius
> dictionary file. Like this:
> VENDORATTR 13019 Location-Information 350 string
> VENDORATTR 13019 Line-Identifier 500 string
Good guestions. In Radius type is < 255, although with Vendor Specific
Attributes (VSAs) this is not a must. However, with VSAs types are
usually limited to one byte too.
If the request is completely processed, including Diameter <--> Radius
conversion, by the same instance, the type numbers can be larger than
255. Radiator does not limit the RADIUS type to 8 bits for its internal
processing.
> Is it OK, or some number conversion are still missed in the code?
>
> In the diameter_attr.dat file I have:
> VENDORATTR 13019 Location-Information 350 Grouped
> VENDORATTR 13019 Line-Identifier 500 OctetString
There is no number conversion done. The conversion from Radius to
Diameter is based on matching vendor and type numbers. Using the above
dictionaries as an example, the RADIUS dictionary lookup returns vendor
13019, type 350 for attribute Location-Information. 13109 and 350 and
then used to make a Diameter dictionary lookup returning the Diameter
information.
As an additional note, Line-Identifier is also IANA attribute 127. When
the above RADIUS dictionary is specified after the system dictionary
e.g. with DictionaryFile parameter, it will override the IANA
information. That is why lookup for Line-Identifier returns 13019,350
instead of 0,127, which it would normally return.
Thanks!
Heikki
> br,
> Arthur
>
>
> 20.03.2012 10:16, Heikki Vatiainen kirjutas:
>> On 03/19/2012 11:19 AM, Arthur Konovalov wrote:
>>
>> Hello Arthur,
>>
>>> I'm using Radiator as Diameter frontend and I'm wondering is there
>>> possible to use AddToReply clause with grouped attributes to the
>>> Diameter peer?
>> This is possible now if you download the latest patches for 4.9. The
>> patches add functionality for handling Diameter Grouped attributes when
>> converting from RADIUS reply.
>>
>>> For instance, I want send reply to the peer like this:
>>> Location-Information (AVP Code=350, Vendor=13019, Grouped) ->
>>> Line-Identifier (AVP Code=500, Vendor=13019,
>>> OctetString)="ADSL;privaccess-xxx"
>>>
>>> To the Radiator dictionary added:
>> You can continue using the dictionaries in this format. To test, I did
>> the following:
>>
>> Specified your additional RADIUS dictionary with system dictionary using
>> 'DictionaryFile'. Specified your additional Diameter dictionary with
>> 'DiameterDictionaryFile'.
>>
>> Used this file with AuthBy FILE (quotes required):
>> mikem User-Password=fred
>> Location-Information="Line-Identifier=\"ADSL;privaccess-xxx\""
>>
>> This is the output from reply diapwtst gets (-dictionary option needed
>> too):
>>
>> Code: 265 (AA)
>> Version: 1
>> Flags: 0x0 ()
>> Application ID: 1 (Nasreq)
>> Hop-to-Hop ID: 1
>> End-to-End ID: 2887778305
>> Attributes:
>> Session-Id: .M., testoriginhost;1234;1
>> Origin-Realm: .M., testoriginrealm
>> Auth-Application-Id: .M., NASREQ
>> Auth-Request-Type: .M., AUTHORIZE_AUTHENTICATE
>> Origin-Host: .M., zulu.open.com.au
>> Result-Code: .M., DIAMETER_SUCCESS
>> Location-Information: V..,
>> Line-Identifier: V.., ADSL;privaccess-xxx
>>
>>
>> There is no need to modify any of the .pm files after patching. The
>> above can be setup with dictionary files.
>>
>> Please let us know how it works.
>>
>> Thanks!
>> Heikki
>>
>>
>>
>>> VENDORATTR 13019 Location-Information 350 string
>>> VENDORATTR 13019 Line-Identifier 500
>>> string
>>>
>>> To the diameter_attrs.dat added:
>>> VENDORATTR 13019 Location-Information 350
>>> Grouped
>>> VENDORATTR 13019 Line-Identifier 500
>>> OctetString
>>>
>>>
>>> I tried to add the following, but this doesn't work:
>>> AddToReply Location-Information,
>>> Line-Identifier="ADSL;privaccess-xxx"
>>>
>>> If I tried to add only Line-Information AVP, then it replied, but
>>> without grouped AVP and peer doesn't accept it.
>>>
>>>
>>> br,
>>> Arthur
>>>
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>>
>
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list