VoIP DNIS authentication
Dear all, How do authenticate VoIP calls to AS5300 with DNIS, please provide detail. thanks much Raymond _ Send and receive Hotmail on your mobile device: http://mobile.msn.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DNIS authentication
At 09:03 PM 8/9/2001 +0200, Thomas Jalsovsky wrote: > > >Cisco (our Cisco AS5300) doesn't send Called-Station-ID attribute in the > > >access request RADIUS packet, therefore you can't use it for auth. > > > > Uhm, you certainly can. If your telco sends you DNIS info the NAS will > > send it to you. I'd confirm with you telco that they are sending DNIS > > info to you. > > > > I have >200 cisco's all happily sending Called-Station-ID, so it is > > definitely supported. :) > > > > -Chris >I think it depends on the environment. I use AS5300 for VoIP and our TCL >script is in Cisco clid_col_npw_3. It doesn't sends in auth request CLID. >If I rewrite the script I CAN do auth with CLID in the way of: User-Name = >CLID, Password = "" (or something what I want). Well, see, it *is* sent. It's just not a "regular" radius packet, as it's VOIP auth. >p.s.: I sent a couble weeks ago a cisco_vsa_hack patch. THis patch went to >/dev/null or there is in a processing queue. Thanks. It may have been lost in the shuffle. Please repost it here and it'll be reviewed. -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DNIS authentication
> >Cisco (our Cisco AS5300) doesn't send Called-Station-ID attribute in the > >access request RADIUS packet, therefore you can't use it for auth. > > Uhm, you certainly can. If your telco sends you DNIS info the NAS will > send it to you. I'd confirm with you telco that they are sending DNIS > info to you. > > I have >200 cisco's all happily sending Called-Station-ID, so it is > definitely supported. :) > > -Chris I think it depends on the environment. I use AS5300 for VoIP and our TCL script is in Cisco clid_col_npw_3. It doesn't sends in auth request CLID. If I rewrite the script I CAN do auth with CLID in the way of: User-Name = CLID, Password = "" (or something what I want). Sometimes we need to look into the system/scripts for solving some problems - it is true for Cisco 2 time :-) In Cisco does exist a feature called ISDN Preauth (aaa preauth) but it doesn't works with VoIP - this is not written in any documentation. Have a nice day, Thomas p.s.: I sent a couble weeks ago a cisco_vsa_hack patch. THis patch went to /dev/null or there is in a processing queue. Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DNIS authentication
At 07:58 AM 8/9/2001 +0200, Thomas Jalsovsky wrote: >On Wed, 8 Aug 2001, Chris Parker wrote: > > > At 09:48 AM 8/8/2001 -0500, Mark Nicholas wrote: > > >Hi, > > > > > > I am running freeradius-0.1. > > > > Upgrade to 0.2 ( or the latest CVS, actually ). Many fixes over 0.1. > > > > >Does anyone know how to have only one user > > >able to authenticate when calling an 800 number. We are setting up > personal > > >800 numbers for some dialin customers and don't want them to be able > to call > > >other people's 800 numbers. > > > > Add 'Called-Station-ID' as a check item in the 'users' file. Ala: > > > > user1Auth-Type := System, Called-Station-ID == "8001234567" > > Fall-Through = Yes > > > > DEFAULT Auth-Type := Reject, Called-Station-ID == "8001234567" > > > > -Chris > >Cisco (our Cisco AS5300) doesn't send Called-Station-ID attribute in the >access request RADIUS packet, therefore you can't use it for auth. Uhm, you certainly can. If your telco sends you DNIS info the NAS will send it to you. I'd confirm with you telco that they are sending DNIS info to you. I have >200 cisco's all happily sending Called-Station-ID, so it is definitely supported. :) -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DNIS authentication
Thanks Thomas. I am using a 3Com Total Control 1000 RAS. It does send Called-Station-Id in the Access-Request, so I should be able to get it all to work out with Chris' helpful info. Thanks Chris. Thanks, Mark Mark Nicholas,[EMAIL PROTECTED] CCNA 601.969.1434 Internet Doorway, Inc. http://www.netdoor.com/ - Original Message - From: "Thomas Jalsovsky" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, August 09, 2001 12:49 AM Subject: Re: DNIS authentication > > Hello, > > what kind of device do you use? If Cisco, probably I can help you. > I think do you want to have preauthentication (before the device pick up > the 0800 line) to secure your toll-free line. > I solved this problem about 2-3 days ago with Cisco > AS5300+TCL+RADIUS. > > Best regards, > Thomas > > --- > Thomas Jalsovsky,Project Manager at PosTel, Plc. > PosTel, a.s. Kvacalova 53,82108 Bratislava 2 > Tel.: +421-2-50203160, Fax.: +421-2-50203198 >http://www.postel.sk, http://www.globalphone.sk > GlobalPhone, As long as you want > > On Wed, 8 Aug 2001, Mark Nicholas wrote: > > > Hi, > > > > I am running freeradius-0.1. Does anyone know how to have only one user > > able to authenticate when calling an 800 number. We are setting up personal > > 800 numbers for some dialin customers and don't want them to be able to call > > other people's 800 numbers. > > > > Thanks, > > > > Mark > > > > Mark Nicholas,[EMAIL PROTECTED] > > CCNA 601.969.1434 > > Internet Doorway, Inc. http://www.netdoor.com/ > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DNIS authentication
On Wed, 8 Aug 2001, Chris Parker wrote: > At 09:48 AM 8/8/2001 -0500, Mark Nicholas wrote: > >Hi, > > > > I am running freeradius-0.1. > > Upgrade to 0.2 ( or the latest CVS, actually ). Many fixes over 0.1. > > >Does anyone know how to have only one user > >able to authenticate when calling an 800 number. We are setting up personal > >800 numbers for some dialin customers and don't want them to be able to call > >other people's 800 numbers. > > Add 'Called-Station-ID' as a check item in the 'users' file. Ala: > > user1Auth-Type := System, Called-Station-ID == "8001234567" > Fall-Through = Yes > > DEFAULT Auth-Type := Reject, Called-Station-ID == "8001234567" > > -Chris Cisco (our Cisco AS5300) doesn't send Called-Station-ID attribute in the access request RADIUS packet, therefore you can't use it for auth. A debug message from Cisco (debug radius): Aug 9 05:52:32.303: RADIUS: ustruct sharecount=2 Aug 9 05:52:32.303: Radius: radius_port_info() success=0 radius_nas_port=1 Aug 9 05:52:32.303: RADIUS: added cisco VSA 2 len 11 "ISDN 3:D:31" Aug 9 05:52:32.303: RADIUS: added cisco VSA 24 len 41 "h323-conf-id=8F495AF8 CEECFC30 0 6C575794" Aug 9 05:52:32.303: RADIUS: added cisco VSA 1 len 27 "in-portgrp-id=(For testing)" Aug 9 05:52:32.303: RADIUS: added cisco VSA 1 len 32 "h323-ivr-out=transactionID:19790" Aug 9 05:52:32.307: RADIUS: Initial Transmit ISDN 3:D:31 id 104 193.41.203.5:1812, Access-Request, len 198 Aug 9 05:52:32.307: Attribute 4 6 C129CB14 Aug 9 05:52:32.307: Attribute 26 19 0009020D4953 Aug 9 05:52:32.307: Attribute 61 6 Aug 9 05:52:32.307: Attribute 1 5 3136391A Aug 9 05:52:32.307: Attribute 26 49 0009182B6833 Aug 9 05:52:32.307: Attribute 2 18 87C491A1 Aug 9 05:52:32.307: Attribute 26 35 0009011D696E Aug 9 05:52:32.307: Attribute 26 40 000901226833 Aug 9 05:52:32.311: RADIUS: Received from id 104 193.41.203.5:1812, Access-Reject, len 20 Called-Station-ID has attribute 30, and as you see, attr. 30 didn't sent to the RADIUS server. If you have Cisco, we can talk about possible solutions.. Thomas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DNIS authentication
Hello, what kind of device do you use? If Cisco, probably I can help you. I think do you want to have preauthentication (before the device pick up the 0800 line) to secure your toll-free line. I solved this problem about 2-3 days ago with Cisco AS5300+TCL+RADIUS. Best regards, Thomas --- Thomas Jalsovsky,Project Manager at PosTel, Plc. PosTel, a.s. Kvacalova 53,82108 Bratislava 2 Tel.: +421-2-50203160, Fax.: +421-2-50203198 http://www.postel.sk, http://www.globalphone.sk GlobalPhone, As long as you want On Wed, 8 Aug 2001, Mark Nicholas wrote: > Hi, > > I am running freeradius-0.1. Does anyone know how to have only one user > able to authenticate when calling an 800 number. We are setting up personal > 800 numbers for some dialin customers and don't want them to be able to call > other people's 800 numbers. > > Thanks, > > Mark > > Mark Nicholas,[EMAIL PROTECTED] > CCNA 601.969.1434 > Internet Doorway, Inc. http://www.netdoor.com/ > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DNIS authentication
At 09:48 AM 8/8/2001 -0500, Mark Nicholas wrote: >Hi, > > I am running freeradius-0.1. Upgrade to 0.2 ( or the latest CVS, actually ). Many fixes over 0.1. >Does anyone know how to have only one user >able to authenticate when calling an 800 number. We are setting up personal >800 numbers for some dialin customers and don't want them to be able to call >other people's 800 numbers. Add 'Called-Station-ID' as a check item in the 'users' file. Ala: user1Auth-Type := System, Called-Station-ID == "8001234567" Fall-Through = Yes DEFAULT Auth-Type := Reject, Called-Station-ID == "8001234567" -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
DNIS authentication
Hi, I am running freeradius-0.1. Does anyone know how to have only one user able to authenticate when calling an 800 number. We are setting up personal 800 numbers for some dialin customers and don't want them to be able to call other people's 800 numbers. Thanks, Mark Mark Nicholas,[EMAIL PROTECTED] CCNA 601.969.1434 Internet Doorway, Inc. http://www.netdoor.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html