(RADIATOR) Radius feature
Hi All, Our marketing require to launch a package like these in future - Package A , an account of this package will use free ( no time deduction) when log on in specific time (e.g. 00:00-06:00) - Package Prepaid , we can decide what will be the number and the face value of cards. Customer can purchase it to log on our system . Depending on the time they spend on the Net and Usage table definition , the proper amount of money or time quota will be decuted from their credit each time the customer use the account. So Radiator and Radmin have a plan to develop these features in future or not? Regards, Chairath
Re: (RADIATOR) Access Rejected on AuthBy RADIUS
Hugh Thanks for repsonding. I know for sure that we only have one Handler clause. I have also tried putting it in the main radius.cfg without using include statements. This doesn't explain why the debug indicates that AuthSQL is being used for the Handler. Also, the debug also has a line stating Access rejected for stevek: Authentication disabled. So, if there is only one handler, why is AuthSQL using it and why is Authentication Disabled. This is a fresh install with no other changes. What can I do to overcome this, as the majority of our radius use is proxying? Thanks Matt On Wed, 2001-12-19 at 20:04, Hugh Irvine wrote: Hello Matt - The only thing I can think of is that you have another Handler Called-Station-Id = /1155$/ in one of your other included files which is overwriting the one you show below. And Radiator always maintains an internal session database which is why you see the Deleting session message. hth Hugh On Thu, 20 Dec 2001 10:18, Matt Scifo wrote: Hello I have a installation of Radiator 2.19 on a Debian box. My config only has an AuthBy RADUIS clause in a single Handler. Whenever I send a test auth, I get a Request Denied with no explaination. The server that I am proxying to is up and in production. I have successfully test authed to it from another box (not going through radiator first). When I check the trace 4 debug, I see the following ### *** Received from xxx.xxx.xxx.xxx port 1024 Code: Access-Request Identifier: 117 Authentic: 1234567890123456 Attributes: User-Name = stevek Service-Type = Framed-User NAS-IP-Address = xxx.xxx.xxx.xxx NAS-Port = 1234 Called-Station-Id = xx Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = 29M146Uq15170200T10201,m315172 Wed Dec 19 15:04:27 2001: DEBUG: Check if Handler Called-Station-Id = /1155$/ should be used to handle this request Wed Dec 19 15:04:27 2001: DEBUG: Handling request with Handler 'Called-Station-Id = /1155$/' Wed Dec 19 15:04:27 2001: DEBUG: Deleting session for stevek, xxx.xxx.xxx.xxx, 1234 Wed Dec 19 15:04:27 2001: DEBUG: Handling with Radius::AuthSQL Wed Dec 19 15:04:27 2001: INFO: Access rejected for stevek: Authentication disabled Wed Dec 19 15:04:27 2001: DEBUG: Packet dump: *** Sending to xxx.xxx.xxx.xxx port 1024 Code: Access-Reject Identifier: 117 Authentic: 1234567890123456 Attributes: Reply-Message = Request Denied ## Why does it say Deleting session for stevek and Handling with Radius::AuthSQL when I am only using AuthRADIUS? What is the reason for the reject? I have checked everything, the client list, the secrets, the user/pass. Below is my radius.cfg. Any ideas?? -Matt ## radius.cfg ## Foreground #LogStdout LogDir /var/log/radius LogFile /var/log/radius/%Y%m%d-radius.log AuthPort1812 AcctPort1813 # User a lower trace level in production systems: Trace 4 # You will probably want to add other Clients to suit your site, # one for each NAS you want to work with ClientListSQL DBSourcedbi:mysql:radius DBUsername root DBAuth x GetClientQuery select NASIDENTIFIER, SECRET from RADCLIENTLIST /ClientListSQL # Get configs from specified directory include /usr/local/radiator/configs/1155.cfg ## 1155.cfg Handler Called-Station-Id = /1155$/ #AuthByPolicy ContinueAlways AuthBy RADIUS #Synchronous #FailureBackoffTime #StripFromRequest #AddToRequest #NoForwardAuthentication #NoForwardAccounting #USERNAME = #PASSWORD = Host xxx.xxx.xxx.xxx Secret x AuthPort 11155 #AcctPort 11156 Retries 3 RetryTimeout 10 /Host /AuthBy /Handler ### === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical,
(RADIATOR) Logging in a database with a proxying realm
-- Forwarded Message --
Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Alex
Fritz [EMAIL PROTECTED]]
Date: Thu, 20 Dec 2001 10:48:19 -0600
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
From [EMAIL PROTECTED] Thu Dec 20 10:48:18 2001
Received: from ncninternet.com (ns1.ncninternet.com [63.252.251.123])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id fBKGmI309554
for [EMAIL PROTECTED]; Thu, 20 Dec 2001 10:48:18 -0600
Received: from cc529972a [65.81.72.44] by ncninternet.com
(SMTPD32-7.04) id AEEF73F0112; Thu, 20 Dec 2001 12:33:19 -0600
From: Alex Fritz [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Logging in a database with a proxying realm
Date: Thu, 20 Dec 2001 12:25:24 -0600
Message-ID: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain;
charset=iso-8859-1
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.
Importance: Normal
Hey guys,
Just need a little help here. We have some realms that are passing
through our radius server. The actual authentication takes place at their
server but we are the server the NAS looks to. We set it up to AuthBy
RADIUS and that works great. The problem is that we want to log the users
that authenticate or fail to that realm. We need to figure out how to
insert the packets into our database.
We tried using AuthLog SQL but were having difficulties getting it work
correctly. This is the piece of the config file we are having problems
with:
###
Realm always-onlineusa.com
AuthByPolicy ContinueWhileAccept
AuthBy RADIUS
Host 63.252.251.119
Secret ncn123456
AuthPort 1814
AcctPort 1815
/Host
/AuthBy
AuthLog SQL
DBSourcedbi:Oracle:ncnora
DBUsername radius_21globe
DBAuth 123456
LogSuccess 1
Table ACCOUNTING
DateFormat %a %b %e, %Y %I:%M %p
SuccessQuery insert into RADIUS_21GLOBE.ACCOUNTING \
(USERNAME, TIME_STAMP, LOGDATESTR, ACCTSTATUSTYPE,
ACCTDELAYTIME, \
ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID,
ACCTSESSIONTIME, \
ACCTTERMINATECAUSE, NASIDENTIFIER, NASPORT, FRAMEDIPADDRESS, \
CALLINGSTATIONID, CALLSTATIONID) \
values \
('%{User-Name}', %{Timestamp,integer}, \
'%{Timestamp,integer-date}', '%{Acct-Status-Type}', \
%{Acct-Delay-Time}, %{Acct-Input-Octets,integer}, \
%{Acct-Output-Octets,integer}, '%{Acct-Session-Id}', \
%{Acct-Session-Time,integer}, %{Acct-Terminate-Cause}, \
'%{NAS-Identifier}', %{NAS-Port,integer}, \
'%{NAS-IP-Address}', '%{Calling-Station-Id}', \
'%{Called-Station-Id}')
/AuthLog
# Log accounting to a detail file
AcctLogFileName ./logs/always-online.detail
/Realm
##
Problem is that some of the values that come from the Special string
formatting characters are coming back null (which needs to be fixed because
we need those values) and this causes the SQL statement to fail. Please
help, we need to have these logs in our database and not in text files on
the radius server. Thanks.
Alex Fritz
[EMAIL PROTECTED]
Kerdaino Enterprises, Inc.
Mobile, AL USA
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.307 / Virus Database: 168 - Release Date: 12/11/2001
---
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Access Rejected on AuthBy RADIUS
Hello Matt -
The only way that an AuthBy SQL clause would be called is if there is such a
clause in the configuration file. Are you sure you are starting Radiator with
the configuration file that you think you are? How are you starting radiusd?
And how are you sending the test request?
I notice the configuration file below is set for 1812 and 1813. Don't forget
the radpwtst program sends to 1645/1646 by default. Have you got another copy
of radiusd running on those ports with an AuthBy SQL in it?
regards
Hugh
On Fri, 21 Dec 2001 04:17, Matt Scifo wrote:
Hugh
Thanks for repsonding. I know for sure that we only have one Handler
clause. I have also tried putting it in the main radius.cfg without
using include statements. This doesn't explain why the debug indicates
that AuthSQL is being used for the Handler. Also, the debug also has a
line stating Access rejected for stevek: Authentication disabled. So,
if there is only one handler, why is AuthSQL using it and why is
Authentication Disabled. This is a fresh install with no other changes.
What can I do to overcome this, as the majority of our radius use is
proxying?
Thanks
Matt
On Wed, 2001-12-19 at 20:04, Hugh Irvine wrote:
Hello Matt -
The only thing I can think of is that you have another
Handler Called-Station-Id = /1155$/
in one of your other included files which is overwriting the one you show
below.
And Radiator always maintains an internal session database which is why
you see the Deleting session message.
hth
Hugh
On Thu, 20 Dec 2001 10:18, Matt Scifo wrote:
Hello
I have a installation of Radiator 2.19 on a Debian box. My config only
has an AuthBy RADUIS clause in a single Handler. Whenever I send a
test auth, I get a Request Denied with no explaination. The server
that I am proxying to is up and in production. I have successfully
test authed to it from another box (not going through radiator first).
When I check the trace 4 debug, I see the following
###
*** Received from xxx.xxx.xxx.xxx port 1024
Code: Access-Request
Identifier: 117
Authentic: 1234567890123456
Attributes:
User-Name = stevek
Service-Type = Framed-User
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Port = 1234
Called-Station-Id = xx
Calling-Station-Id = 987654321
NAS-Port-Type = Async
User-Password = 29M146Uq15170200T10201,m315172
Wed Dec 19 15:04:27 2001: DEBUG: Check if Handler Called-Station-Id =
/1155$/ should be used to handle this request
Wed Dec 19 15:04:27 2001: DEBUG: Handling request with Handler
'Called-Station-Id = /1155$/'
Wed Dec 19 15:04:27 2001: DEBUG: Deleting session for stevek,
xxx.xxx.xxx.xxx, 1234
Wed Dec 19 15:04:27 2001: DEBUG: Handling with Radius::AuthSQL
Wed Dec 19 15:04:27 2001: INFO: Access rejected for stevek:
Authentication disabled
Wed Dec 19 15:04:27 2001: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.xxx port 1024
Code: Access-Reject
Identifier: 117
Authentic: 1234567890123456
Attributes:
Reply-Message = Request Denied
##
Why does it say Deleting session for stevek and Handling with
Radius::AuthSQL when I am only using AuthRADIUS? What is the reason
for the reject? I have checked everything, the client list, the
secrets, the user/pass.
Below is my radius.cfg. Any ideas??
-Matt
## radius.cfg
## Foreground
#LogStdout
LogDir/var/log/radius
LogFile /var/log/radius/%Y%m%d-radius.log
AuthPort 1812
AcctPort 1813
# User a lower trace level in production systems:
Trace 4
# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
ClientListSQL
DBSourcedbi:mysql:radius
DBUsername root
DBAuth x
GetClientQuery select NASIDENTIFIER, SECRET from RADCLIENTLIST
/ClientListSQL
# Get configs from specified directory
include /usr/local/radiator/configs/1155.cfg
###
#
## 1155.cfg
Handler
Called-Station-Id = /1155$/
#AuthByPolicy ContinueAlways
AuthBy RADIUS
#Synchronous
#FailureBackoffTime
#StripFromRequest
#AddToRequest
#NoForwardAuthentication
#NoForwardAccounting
#USERNAME =
#PASSWORD =
Host xxx.xxx.xxx.xxx
Secret x
AuthPort 11155
Re: (RADIATOR) Radius feature
Hello Chairath - Both Radiator and Radmin can be easily configured for both of these services. The main question is how are you going to recognise the users who subscribe to the different packages? For package A you can use the Time ... check item. For Package Prepaid you can either use special usernames in the Radmin RADUSERS table, or you can add additional tables (something like RADCARDS and RADCARDUSAGE) expressly for this purpose. regards Hugh On Thu, 20 Dec 2001 21:29, Chairath K wrote: Hi All, Our marketing require to launch a package like these in future - Package A , an account of this package will use free ( no time deduction) when log on in specific time (e.g. 00:00-06:00) - Package Prepaid , we can decide what will be the number and the face value of cards. Customer can purchase it to log on our system . Depending on the time they spend on the Net and Usage table definition , the proper amount of money or time quota will be decuted from their credit each time the customer use the account. So Radiator and Radmin have a plan to develop these features in future or not? Regards, Chairath -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Logging in a database with a proxying realm
Hello Alex -
I suspect there may be some confusion in what you are trying to do.
An AuthLog SQL clause will only log authentication requests, not accounting
requests, and your configuration below looks like you want to record
accounting requests.
If you do want to log accounting records, here is how to do it.
###
Realm always-onlineusa.com
AuthByPolicy ContinueAlways
# configure AuthBy SQL clause for accounting only
# note empty AuthSelect to disable authentication
AuthBy SQL
DBSourcedbi:Oracle:ncnora
DBUsername radius_21globe
DBAuth 123456
AuthSelect
AccountingTable RADIUS_21GLOBE.ACCOUNTING
DateFormat %a %b %e, %Y %I:%M %p
AcctColumnDef USERNAME, '%{User-Name}'
AcctColumnDef TIME_STAMP, %{Timestamp}, integer
AcctColumnDef LOGDATESTR, '%{Timestamp}', integer-date
AcctColumnDef ACCTSTATUSTYPE, '%{Acct-Status-Type}'
AcctColumnDef ACCTDELAYTIME, %{Acct-Delay-Time}
AcctColumnDef ACCTINPUTOCTETS, %{Acct-Input-Octets}, integer
AcctColumnDef ACCTOUTPUTOCTETS, %{Acct-Output-Octets}, integer
AcctColumnDef ACCTSESSIONID, '%{Acct-Session-Id}'
AcctColumnDef ACCTSESSIONTIME, %{Acct-Session-Time}, integer
AcctColumnDef ACCTTERMINATECAUSE, %{Acct-Terminate-Cause}
AcctColumnDef NASIDENTIFIER, '%{NAS-Identifier}'
AcctColumnDef NASPORT, %{NAS-Port}, integer
AcctColumnDef FRAMEDIPADDRESS, '%{Framed-IP-Address}'
AcctColumnDef CALLINGSTATIONID, '%{Calling-Station-Id}'
AcctColumnDef CALLSTATIONID, '%{Called-Station-Id}'
/AuthBy
AuthBy RADIUS
Host 63.252.251.119
Secret ncn123456
AuthPort 1814
AcctPort 1815
/Host
/AuthBy
# Log accounting to a detail file
AcctLogFileName ./logs/always-online.detail
/Realm
##
hth
Hugh
Hey guys,
Just need a little help here. We have some realms that are passing
through our radius server. The actual authentication takes place at their
server but we are the server the NAS looks to. We set it up to AuthBy
RADIUS and that works great. The problem is that we want to log the users
that authenticate or fail to that realm. We need to figure out how to
insert the packets into our database.
We tried using AuthLog SQL but were having difficulties getting it work
correctly. This is the piece of the config file we are having problems
with:
###
Realm always-onlineusa.com
AuthByPolicy ContinueWhileAccept
AuthBy RADIUS
Host 63.252.251.119
Secret ncn123456
AuthPort 1814
AcctPort 1815
/Host
/AuthBy
AuthLog SQL
DBSourcedbi:Oracle:ncnora
DBUsername radius_21globe
DBAuth 123456
LogSuccess 1
Table ACCOUNTING
DateFormat %a %b %e, %Y %I:%M %p
SuccessQuery insert into RADIUS_21GLOBE.ACCOUNTING \
(USERNAME, TIME_STAMP, LOGDATESTR, ACCTSTATUSTYPE,
ACCTDELAYTIME, \
ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID,
ACCTSESSIONTIME, \
ACCTTERMINATECAUSE, NASIDENTIFIER, NASPORT, FRAMEDIPADDRESS, \
CALLINGSTATIONID, CALLSTATIONID) \
values \
('%{User-Name}', %{Timestamp,integer}, \
'%{Timestamp,integer-date}', '%{Acct-Status-Type}', \
%{Acct-Delay-Time}, %{Acct-Input-Octets,integer}, \
%{Acct-Output-Octets,integer}, '%{Acct-Session-Id}', \
%{Acct-Session-Time,integer}, %{Acct-Terminate-Cause}, \
'%{NAS-Identifier}', %{NAS-Port,integer}, \
'%{NAS-IP-Address}', '%{Calling-Station-Id}', \
'%{Called-Station-Id}')
/AuthLog
# Log accounting to a detail file
AcctLogFileName ./logs/always-online.detail
/Realm
##
Problem is that some of the values that come from the Special string
formatting characters are coming back null (which needs to be fixed because
we need those values) and this causes the SQL statement to fail. Please
help, we need to have these logs in our database and not in text files on
the radius server. Thanks.
Alex Fritz
[EMAIL PROTECTED]
Kerdaino Enterprises, Inc.
Mobile, AL USA
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.307 / Virus Database: 168 -
(RADIATOR) Cisco avpair
Hugh, Running radiator 2.2.18, and I need to return cisco-avpair attributes for IP address and netmask. I'm not to familiar with how to do this. Right now my config looks like this: Realm bnsi.net AuthByPolicyContinueWhileAccept ## ReWrite the username to take off everything after the '@' RewriteUsername s/^([^@]+).*/$1/ AuthBy SQL # Adjust DBSource, DBUsername, DBAuth to suit your DB DBSourcedbi:mysql:radius DBUsername radius DBAuth s3$5#G5b Timeout 30 FailureBackoffTime 300 RejectEmptyPassword AuthSelect select PASSWORD, ENCRYPTEDPASSWORD, \ IPADDRESS, IPNETMASK from DSLSUBSCRIBERS \ where USERNAME='%n' and STATUS='A' AuthColumnDef 0, User-Password, check AuthColumnDef 1, Encrypted-Password, check AuthColumnDef 2, Framed-IP-Address, reply AuthColumnDef 3, Framed-Netmask, reply # You may want to tailor these for your ACCOUNTING table # You can add your own columns to store whatever you like AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef CSID,Calling-Station-Id AcctColumnDef RXSPEED,Ascend-Data-Rate AcctColumnDef TXSPEED,Ascend-Xmit-Rate AcctColumnDef INOCTETS,Acct-Input-Octets AcctColumnDef OUTOCTETS,Acct-Output-Octets AcctColumnDef INPACKETS,Acct-Input-Packets AcctColumnDef OUTPACKETS,Acct-Output-Packets AcctColumnDef NASPORTTYPE,NAS-Port-Type AcctColumnDef PATTONACCTTERMINATE,Acct-Terminate-Cause AcctColumnDef ASCENDACCTTERMINATE,Ascend-Disconnect-Cause # You can arrange to log accounting to a file if the # SQL insert fails with AcctFailedLogFileName # That way you could recover from a broken SQL # server #AcctFailedLogFileName %D/missedaccounting /AuthBy AuthBy DYNADDRESS # Point to the address allocator Allocator DSLallocator /AuthBy SessionDatabase SDBDSL AuthLog AuthLogDSL /Realm The reply packet sends back Framed-IP-Address and Framed-IP-Netmask as the reply attributes, the Address allocator works fine if a static Ip is not assigned in the customer profile. I just need to return in cisco-avpair -- Kyle Hultman [EMAIL PROTECTED] Senior Network Engineer Broadband Networks (434) 817-7300 ext 305 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Cisco avpair
Hello Kyle - Do you want to return cisco-avpairs for the static addresses in the user records, or the dynamic addresses from the address allocator (or both)? thanks Hugh On Fri, 21 Dec 2001 10:13, Kyle wrote: Hugh, Running radiator 2.2.18, and I need to return cisco-avpair attributes for IP address and netmask. I'm not to familiar with how to do this. Right now my config looks like this: Realm bnsi.net AuthByPolicyContinueWhileAccept ## ReWrite the username to take off everything after the '@' RewriteUsername s/^([^@]+).*/$1/ AuthBy SQL # Adjust DBSource, DBUsername, DBAuth to suit your DB DBSourcedbi:mysql:radius DBUsername radius DBAuth s3$5#G5b Timeout 30 FailureBackoffTime 300 RejectEmptyPassword AuthSelect select PASSWORD, ENCRYPTEDPASSWORD, \ IPADDRESS, IPNETMASK from DSLSUBSCRIBERS \ where USERNAME='%n' and STATUS='A' AuthColumnDef 0, User-Password, check AuthColumnDef 1, Encrypted-Password, check AuthColumnDef 2, Framed-IP-Address, reply AuthColumnDef 3, Framed-Netmask, reply # You may want to tailor these for your ACCOUNTING table # You can add your own columns to store whatever you like AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef CSID,Calling-Station-Id AcctColumnDef RXSPEED,Ascend-Data-Rate AcctColumnDef TXSPEED,Ascend-Xmit-Rate AcctColumnDef INOCTETS,Acct-Input-Octets AcctColumnDef OUTOCTETS,Acct-Output-Octets AcctColumnDef INPACKETS,Acct-Input-Packets AcctColumnDef OUTPACKETS,Acct-Output-Packets AcctColumnDef NASPORTTYPE,NAS-Port-Type AcctColumnDef PATTONACCTTERMINATE,Acct-Terminate-Cause AcctColumnDef ASCENDACCTTERMINATE,Ascend-Disconnect-Cause # You can arrange to log accounting to a file if the # SQL insert fails with AcctFailedLogFileName # That way you could recover from a broken SQL # server #AcctFailedLogFileName %D/missedaccounting /AuthBy AuthBy DYNADDRESS # Point to the address allocator Allocator DSLallocator /AuthBy SessionDatabase SDBDSL AuthLog AuthLogDSL /Realm The reply packet sends back Framed-IP-Address and Framed-IP-Netmask as the reply attributes, the Address allocator works fine if a static Ip is not assigned in the customer profile. I just need to return in cisco-avpair -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) VoIP Block Time Woes
Hi, I've run into an interesting problem when setting up prepaid calling card services using VoIP, a Cisco AS5300, and RADIATOR running on FreeBSD. We are wanting to be able to sell prepaid calling cards, with the card number being the person's home phone number + 4-digit random number. We have the Cisco setup something along the lines of this: call application voice debit tftp://blah.blah/ivr/app_debit.tcl call application voice deibt language 1 en call application voice debit set-location en 0 tftp://blah/audio/en/ call application voice debit warning-time 30 call application voice debit uid-len 10 call application voice debit pin-len 4 We are using a hacked-up version of Block-Time-SQL to make all this work (basically Block-Time-SQL with modifications to use the Cisco attributes.) All of it works fine except for one problem. Whenever a caller hangs up, if they have called from their home phone, they end up being billed double (or triple) the time they used. I tracked it down to this problem: The access server sends a Stop record for the actual call they made out over the VoIP network. Radiator does the appropriate SQL query to deduct the number of seconds used from their account. This is what we want. The access server sends another Stop record for the call that they placed INTO our access server. The Acct-Session-Time for this one is the amount of time they were on the call PLUS the time it took them to enter their card #, etc. Radiator does the appropriate SQL query to deduct the number of seconds here from their account also. Not what we want. (Because now they've been deducted TWICE.) This happens because their USERNAME entry in the database is equal to their ANI, which is what the Cisco uses as User-Name on these records. If the caller placed a call that was local to the server (some of our callers are local to the server, but NOT local to places that the server CAN call local itself) then the server simply creates a VoIP connection to itself on loopback, and then places the call over the phone again. This will generate an additional Stop record for that, which gets deducted, and well, you see the picture. It would be nice if there was a way to filter accounting somehow so that only ONE time would be deducted. I tried doing this with a Handler statement, and it doesn't seem to work. Is there a better way to filter accounting requests other than Handlers? I'll have to look at this one some more in the morning, but I thought MAYBE someone out there had done this before and could give me some pointers to save me having to re-invent the wheel. :) Any ideas from anyone on how we could do this? I know, changing the card number to a totally-random 14 digit would probably fix it, but we'd also like to (at some point) be able to have people dial in with their home phone, and simply be prompted for the phone number to call. After collecting the digits, it would read back their credit time, and place the call. So, at that point, their ANI has to be tied to the card somehow... Any help/ideas would be appreciated. Thanks. :) === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) VoIP Block Time Woes
Hello Zebaulon - I think you are on the right track with the use of Handlers. I will need to see a trace 4 debug from Radiator showing the accounting packets received from the Cisco in all 3 of the cases you describe below. It would also be useful to have a copy of your configuration file (no secrets). regards Hugh On Fri, 21 Dec 2001 14:48, Zebaulon Kansal wrote: Hi, I've run into an interesting problem when setting up prepaid calling card services using VoIP, a Cisco AS5300, and RADIATOR running on FreeBSD. We are wanting to be able to sell prepaid calling cards, with the card number being the person's home phone number + 4-digit random number. We have the Cisco setup something along the lines of this: call application voice debit tftp://blah.blah/ivr/app_debit.tcl call application voice deibt language 1 en call application voice debit set-location en 0 tftp://blah/audio/en/ call application voice debit warning-time 30 call application voice debit uid-len 10 call application voice debit pin-len 4 We are using a hacked-up version of Block-Time-SQL to make all this work (basically Block-Time-SQL with modifications to use the Cisco attributes.) All of it works fine except for one problem. Whenever a caller hangs up, if they have called from their home phone, they end up being billed double (or triple) the time they used. I tracked it down to this problem: The access server sends a Stop record for the actual call they made out over the VoIP network. Radiator does the appropriate SQL query to deduct the number of seconds used from their account. This is what we want. The access server sends another Stop record for the call that they placed INTO our access server. The Acct-Session-Time for this one is the amount of time they were on the call PLUS the time it took them to enter their card #, etc. Radiator does the appropriate SQL query to deduct the number of seconds here from their account also. Not what we want. (Because now they've been deducted TWICE.) This happens because their USERNAME entry in the database is equal to their ANI, which is what the Cisco uses as User-Name on these records. If the caller placed a call that was local to the server (some of our callers are local to the server, but NOT local to places that the server CAN call local itself) then the server simply creates a VoIP connection to itself on loopback, and then places the call over the phone again. This will generate an additional Stop record for that, which gets deducted, and well, you see the picture. It would be nice if there was a way to filter accounting somehow so that only ONE time would be deducted. I tried doing this with a Handler statement, and it doesn't seem to work. Is there a better way to filter accounting requests other than Handlers? I'll have to look at this one some more in the morning, but I thought MAYBE someone out there had done this before and could give me some pointers to save me having to re-invent the wheel. :) Any ideas from anyone on how we could do this? I know, changing the card number to a totally-random 14 digit would probably fix it, but we'd also like to (at some point) be able to have people dial in with their home phone, and simply be prompted for the phone number to call. After collecting the digits, it would read back their credit time, and place the call. So, at that point, their ANI has to be tied to the card somehow... Any help/ideas would be appreciated. Thanks. :) === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
