Re: [RADIATOR] AddToReply with Diameter
On 03/21/2012 10:02 AM, Arthur Konovalov wrote: > Thanks, it works! Good to hear. > One question for clarification, though. Is there AVP numbers conversion > Radiator-> Diameter should work? In Radius AVP numbers are <255 (is it > correct?). But in my case I had to add Diameter values to the Radius > dictionary file. Like this: > VENDORATTR 13019 Location-Information 350 string > VENDORATTR 13019 Line-Identifier 500 string Good guestions. In Radius type is < 255, although with Vendor Specific Attributes (VSAs) this is not a must. However, with VSAs types are usually limited to one byte too. If the request is completely processed, including Diameter <--> Radius conversion, by the same instance, the type numbers can be larger than 255. Radiator does not limit the RADIUS type to 8 bits for its internal processing. > Is it OK, or some number conversion are still missed in the code? > > In the diameter_attr.dat file I have: > VENDORATTR 13019 Location-Information 350 Grouped > VENDORATTR 13019 Line-Identifier 500 OctetString There is no number conversion done. The conversion from Radius to Diameter is based on matching vendor and type numbers. Using the above dictionaries as an example, the RADIUS dictionary lookup returns vendor 13019, type 350 for attribute Location-Information. 13109 and 350 and then used to make a Diameter dictionary lookup returning the Diameter information. As an additional note, Line-Identifier is also IANA attribute 127. When the above RADIUS dictionary is specified after the system dictionary e.g. with DictionaryFile parameter, it will override the IANA information. That is why lookup for Line-Identifier returns 13019,350 instead of 0,127, which it would normally return. Thanks! Heikki > br, > Arthur > > > 20.03.2012 10:16, Heikki Vatiainen kirjutas: >> On 03/19/2012 11:19 AM, Arthur Konovalov wrote: >> >> Hello Arthur, >> >>> I'm using Radiator as Diameter frontend and I'm wondering is there >>> possible to use AddToReply clause with grouped attributes to the >>> Diameter peer? >> This is possible now if you download the latest patches for 4.9. The >> patches add functionality for handling Diameter Grouped attributes when >> converting from RADIUS reply. >> >>> For instance, I want send reply to the peer like this: >>> Location-Information (AVP Code=350, Vendor=13019, Grouped) -> >>> Line-Identifier (AVP Code=500, Vendor=13019, >>> OctetString)="ADSL;privaccess-xxx" >>> >>> To the Radiator dictionary added: >> You can continue using the dictionaries in this format. To test, I did >> the following: >> >> Specified your additional RADIUS dictionary with system dictionary using >> 'DictionaryFile'. Specified your additional Diameter dictionary with >> 'DiameterDictionaryFile'. >> >> Used this file with AuthBy FILE (quotes required): >> mikem User-Password=fred >> Location-Information="Line-Identifier=\"ADSL;privaccess-xxx\"" >> >> This is the output from reply diapwtst gets (-dictionary option needed >> too): >> >>Code: 265 (AA) >>Version:1 >>Flags: 0x0 () >>Application ID: 1 (Nasreq) >>Hop-to-Hop ID: 1 >>End-to-End ID: 2887778305 >>Attributes: >> Session-Id: .M., testoriginhost;1234;1 >> Origin-Realm: .M., testoriginrealm >> Auth-Application-Id: .M., NASREQ >> Auth-Request-Type: .M., AUTHORIZE_AUTHENTICATE >> Origin-Host: .M., zulu.open.com.au >> Result-Code: .M., DIAMETER_SUCCESS >> Location-Information: V.., >> Line-Identifier: V.., ADSL;privaccess-xxx >> >> >> There is no need to modify any of the .pm files after patching. The >> above can be setup with dictionary files. >> >> Please let us know how it works. >> >> Thanks! >> Heikki >> >> >> >>> VENDORATTR13019Location-Information350string >>> VENDORATTR13019Line-Identifier500 >>> string >>> >>> To the diameter_attrs.dat added: >>> VENDORATTR13019Location-Information350 >>> Grouped >>> VENDORATTR13019Line-Identifier500 >>> OctetString >>> >>> >>> I tried to add the following, but this doesn't work: >>>AddToReply Location-Information, >>> Line-Identifier="ADSL;privaccess-xxx" >>> >>> If I tried to add only Line-Information AVP, then it replied, but >>> without grouped AVP and peer doesn't accept it. >>> >>> >>> br, >>> Arthur >>> >>> ___ >>> radiator mailing list >>> radiator@open.com.au >>> http://www.open.com.au/mailman/listinfo/radiator >> > -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___
Re: [RADIATOR] AddToReply with Diameter
Hi! Thanks, it works! One question for clarification, though. Is there AVP numbers conversion Radiator-> Diameter should work? In Radius AVP numbers are <255 (is it correct?). But in my case I had to add Diameter values to the Radius dictionary file. Like this: VENDORATTR 13019 Location-Information 350 string VENDORATTR 13019 Line-Identifier 500 string Is it OK, or some number conversion are still missed in the code? In the diameter_attr.dat file I have: VENDORATTR 13019 Location-Information 350 Grouped VENDORATTR 13019 Line-Identifier 500 OctetString br, Arthur 20.03.2012 10:16, Heikki Vatiainen kirjutas: > On 03/19/2012 11:19 AM, Arthur Konovalov wrote: > > Hello Arthur, > >> I'm using Radiator as Diameter frontend and I'm wondering is there >> possible to use AddToReply clause with grouped attributes to the >> Diameter peer? > This is possible now if you download the latest patches for 4.9. The > patches add functionality for handling Diameter Grouped attributes when > converting from RADIUS reply. > >> For instance, I want send reply to the peer like this: >> Location-Information (AVP Code=350, Vendor=13019, Grouped) -> >> Line-Identifier (AVP Code=500, Vendor=13019, >> OctetString)="ADSL;privaccess-xxx" >> >> To the Radiator dictionary added: > You can continue using the dictionaries in this format. To test, I did > the following: > > Specified your additional RADIUS dictionary with system dictionary using > 'DictionaryFile'. Specified your additional Diameter dictionary with > 'DiameterDictionaryFile'. > > Used this file with AuthBy FILE (quotes required): > mikem User-Password=fred > Location-Information="Line-Identifier=\"ADSL;privaccess-xxx\"" > > This is the output from reply diapwtst gets (-dictionary option needed too): > >Code: 265 (AA) >Version:1 >Flags: 0x0 () >Application ID: 1 (Nasreq) >Hop-to-Hop ID: 1 >End-to-End ID: 2887778305 >Attributes: > Session-Id: .M., testoriginhost;1234;1 > Origin-Realm: .M., testoriginrealm > Auth-Application-Id: .M., NASREQ > Auth-Request-Type: .M., AUTHORIZE_AUTHENTICATE > Origin-Host: .M., zulu.open.com.au > Result-Code: .M., DIAMETER_SUCCESS > Location-Information: V.., > Line-Identifier: V.., ADSL;privaccess-xxx > > > There is no need to modify any of the .pm files after patching. The > above can be setup with dictionary files. > > Please let us know how it works. > > Thanks! > Heikki > > > >> VENDORATTR13019Location-Information350string >> VENDORATTR13019Line-Identifier500 >> string >> >> To the diameter_attrs.dat added: >> VENDORATTR13019Location-Information350Grouped >> VENDORATTR13019Line-Identifier500 >> OctetString >> >> >> I tried to add the following, but this doesn't work: >>AddToReply Location-Information, Line-Identifier="ADSL;privaccess-xxx" >> >> If I tried to add only Line-Information AVP, then it replied, but >> without grouped AVP and peer doesn't accept it. >> >> >> br, >> Arthur >> >> ___ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator > ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] AddToReply with Diameter
On 03/19/2012 11:19 AM, Arthur Konovalov wrote: Hello Arthur, > I'm using Radiator as Diameter frontend and I'm wondering is there > possible to use AddToReply clause with grouped attributes to the > Diameter peer? This is possible now if you download the latest patches for 4.9. The patches add functionality for handling Diameter Grouped attributes when converting from RADIUS reply. > For instance, I want send reply to the peer like this: > Location-Information (AVP Code=350, Vendor=13019, Grouped) -> > Line-Identifier (AVP Code=500, Vendor=13019, > OctetString)="ADSL;privaccess-xxx" > > To the Radiator dictionary added: You can continue using the dictionaries in this format. To test, I did the following: Specified your additional RADIUS dictionary with system dictionary using 'DictionaryFile'. Specified your additional Diameter dictionary with 'DiameterDictionaryFile'. Used this file with AuthBy FILE (quotes required): mikem User-Password=fred Location-Information="Line-Identifier=\"ADSL;privaccess-xxx\"" This is the output from reply diapwtst gets (-dictionary option needed too): Code: 265 (AA) Version:1 Flags: 0x0 () Application ID: 1 (Nasreq) Hop-to-Hop ID: 1 End-to-End ID: 2887778305 Attributes: Session-Id: .M., testoriginhost;1234;1 Origin-Realm: .M., testoriginrealm Auth-Application-Id: .M., NASREQ Auth-Request-Type: .M., AUTHORIZE_AUTHENTICATE Origin-Host: .M., zulu.open.com.au Result-Code: .M., DIAMETER_SUCCESS Location-Information: V.., Line-Identifier: V.., ADSL;privaccess-xxx There is no need to modify any of the .pm files after patching. The above can be setup with dictionary files. Please let us know how it works. Thanks! Heikki > VENDORATTR13019Location-Information350string > VENDORATTR13019Line-Identifier500 > string > > To the diameter_attrs.dat added: > VENDORATTR13019Location-Information350Grouped > VENDORATTR13019Line-Identifier500 > OctetString > > > I tried to add the following, but this doesn't work: > AddToReply Location-Information, Line-Identifier="ADSL;privaccess-xxx" > > If I tried to add only Line-Information AVP, then it replied, but > without grouped AVP and peer doesn't accept it. > > > br, > Arthur > > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] AddToReply with Diameter
Hi! I'm using Radiator as Diameter frontend and I'm wondering is there possible to use AddToReply clause with grouped attributes to the Diameter peer? For instance, I want send reply to the peer like this: Location-Information (AVP Code=350, Vendor=13019, Grouped) -> Line-Identifier (AVP Code=500, Vendor=13019, OctetString)="ADSL;privaccess-xxx" To the Radiator dictionary added: VENDORATTR13019Location-Information350string VENDORATTR13019Line-Identifier500 string To the diameter_attrs.dat added: VENDORATTR13019Location-Information350Grouped VENDORATTR13019Line-Identifier500 OctetString I tried to add the following, but this doesn't work: AddToReply Location-Information, Line-Identifier="ADSL;privaccess-xxx" If I tried to add only Line-Information AVP, then it replied, but without grouped AVP and peer doesn't accept it. br, Arthur ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator