Hi Danish,
sorry for replying to you so late, but I was out from the office today.
Here you go:
First of all, my bad, the returned value should be in the form:
return-code#0 if you want your value to be treated as an integer or
return-code:0 if 0 the AVP should be considered as string - has been a
while since I worked last time with those. By using a higher layer of
debug you should be able to see your avps converted inside when
received from radius.
The rest of your configuration looks good. Note that you can return
more AVP values with the same reply, so you can include the credit
amount as well:
SIP-AVP="return-code#0"
SIP-AVP="h323-credit-amount#4206"
Hope you will rock now.
Cheers,
DanB
On 8/30/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Hi Dan,
> To test the functionality of SIP-AVP, I am trying to get theses avp's in
> the registration block, shown below. Basically on sucessful registration
> the radius server returns the following attributes in acces-accpet
>
> Attributes:
> SIP-AVP = "return-code=0"
> cisco-h323-credit-amount = "h323-credit-amount=4206"
>
> so after registration I am trying to get the return code value. The
> registration block is shown below
>
> route[2] {
> # -----------------------------------------------------------------
> # REGISTER Message Handler
> # ----------------------------------------------------------------
> xlog("L_NOTICE","Danish: Entering route[2]\n");
> xlog("L_NOTICE","Danish: Register message IPsrcaddr [$si],
> RecvdIPaddr[$Ri]\n");
> if (!search("^Contact:[ ]*\*") && nat_uac_test("2")) {
> xlog("L_NOTICE","Danish: In route[2] Found Nated contact\n");
> setflag(6);
> setbflag(6);
> # if you want OPTIONS natpings uncomment next
> setbflag(7);
> fix_nated_register();
> force_rport();
> };
>
> sl_send_reply("100", "Trying");
> if (!radius_www_authorize("192.168.0.99")) {
> www_challenge("192.168.0.99", "1");
> };
> consume_credentials();
>
> #avp_print();
> xlog("L_NOTICE","Danish: Before is set check\n");
> if(is_avp_set("$avp(s:return-code)")){
> xlog("L_NOTICE","Danish: return code is set \n");
> };
> xlog("L_NOTICE","Danish: After is set check\n");
> if(avp_check("$avp(s:return-code)", "eq/i:0/g"))
> {
> xlog("L_NOTICE","Danish: return code 0 received \n");
> };
>
> if (!save("location")) {
> sl_reply_error();
> };
>
> }
>
> In my logs I see
>
> 058) DEBUG:auth_radius:generate_avps: getting SIP AVPs from avpair 225
> 4(11058) Danish: Before is set check
> 4(11058) Danish: After is set check
> 4(11058) DEBUG:avpops:ops_check_avp: no src avp found
>
> so both conditional avp checks fail and the last debug line is a bit worrying
> I traced the first debug line above to sterman.c->generate_avps()
> so just under this debug line I added this piece of code
>
> vp=rc_avpair_get(vp,attrs[A_SIP_AVP].v,0);
> if (vp != NULL)
> {
> DBG("DEBUG:auth_radius:generate_avps: strvalue %s\n",
> vp->strvalue);
> }
> else
> DBG("DEBUG:auth_radius:generate_avps: vp is null\n");
>
> and this is what I got
>
> 4(11058) DEBUG:auth_radius:generate_avps: getting SIP AVPs from avpair 225
> 4(11058) DEBUG:auth_radius:generate_avps: vp is null
>
> hence openser is not loading the SIP-avp in $avp(s:return-code). I think
> either I am missing something in the openser script or the way I am
> returning the attribute.
>
> all relevant definitions in the cfg are given below:
>
> loadmodule "/usr/local/lib/openser/modules/auth_radius.so"
> loadmodule "/usr/local/lib/openser/modules/uri_radius.so"
> loadmodule "/usr/local/lib/openser/modules/avp_radius.so"
> loadmodule "/usr/local/lib/openser/modules/avpops.so"
>
> modparam("auth_radius|uri_radius|avp_radius", "radius_config",
> "/usr/local/etc/radiusclient-ng/radiusclient.conf")
> modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
>
> modparam("uri_db|usrloc", "db_url",
> "mysql://openser:[EMAIL PROTECTED]/openser")
>
> modparam("nathelper", "natping_interval", 20)
> modparam("nathelper", "ping_nated_only", 1)
> modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock")
> modparam("nathelper", "received_avp", "$avp(i:42)")
> modparam("nathelper", "sipping_bflag", 7)
> modparam("nathelper", "sipping_from", "sip:[EMAIL PROTECTED]")
>
> modparam("registrar", "received_avp", "$avp(i:42)")
> modparam("usrloc", "db_mode", 2)
> modparam("usrloc", "nat_bflag", 6)
>
> Hope this explains everything and you would be in a better position to help.
>
> Regards,
> Danish
> ps: isnt there any sample script I can refer to for sip-avp radius
> configurations.
>
>
> > Hi Danish,
> >
> > can u post the full block where you are doing these checks?
> >
> > DanB
> >
> > On 8/29/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> > wrote:
> >> Hi Dan,
> >> Thanks for the explanation, things are more clear now. Now I am
> >> returning
> >> a SIP-AVP from radius (for authentication), this is what I see in the
> >> logs
> >>
> >> Attributes:
> >> SIP-AVP = "return-code=0"
> >> .......
> >>
> >> In my script I do
> >> avp_print();
> >> if(is_avp_set("$avp(s:return-code)")){
> >> xlog("L_NOTICE","return code is set \n");
> >> };
> >> if(avp_check("$avp(s:return-code)", "eq/0/g"))
> >> {
> >> xlog("L_NOTICE","return code 0 received \n");
> >> };
> >>
> >> none of the checks pass and nothing is printed from avp_print. In
> >> openser
> >> logs I see this line
> >>
> >> 1(32550) DEBUG:auth_radius:generate_avps: getting SIP AVPs from avpair
> >> 225
> >>
> >> am I missing some pre-requisites or what am I doing wrong.
> >>
> >> Regards,
> >> Danish
> >>
> >>
> >> > Hi Danish,
> >> >
> >> > for the moment you cannot process attributes other than SIP-AVP inside
> >> > openser script. This one is automatically converted into avp.
> >> > EG. A SIP-AVP attribute in the form of: "reason='No Credit'" should
> >> > automatically create an AVP named reason with value "No Credit".
> >> >
> >> > Hope that helps,
> >> > DanB
> >> >
> >> >
> >> > On 8/29/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> >> > wrote:
> >> >> Hi Dan,
> >> >>
> >> >> Thanks for your reply.
> >> >>
> >> >> Actually I am currently returning an integer status value in
> >> >> cisco-h323-return-code (a vendor specific attribute). So basically
> >> how
> >> >> can
> >> >> I extract the value returned in this attribute, compare it and then
> >> send
> >> >> and sl reply.
> >> >>
> >> >> Probably there is a way of loading this attr value in an avp and
> >> >> comparing
> >> >> it?
> >> >>
> >> >> Regards,
> >> >> Danish
> >> >>
> >> >> > Hello Danish,
> >> >> >
> >> >> > a solution would be returning a SIP-AVP, containing the reason for
> >> >> > failure, and then forward this to the client using sl.
> >> >> > Another one would be completely rewriting R-URI again from your
> >> >> > SIP-AVP and then send the request to an announcement server (eg:
> >> >> > ann:[EMAIL PROTECTED] - which should play Payment
> >> Required
> >> >> > annoucement).
> >> >> >
> >> >> > Cheers,
> >> >> > DanB
> >> >> >
> >> >> > On 8/29/07, [EMAIL PROTECTED]
> >> <[EMAIL PROTECTED]>
> >> >> > wrote:
> >> >> >> Hi,
> >> >> >>
> >> >> >> I have configured openser-1.2 with a (commercial) third party
> >> radius
> >> >> >> server and it is working great. Now I have a requirement where I
> >> need
> >> >> to
> >> >> >> check a radius return attribute in case an access reject is
> >> received
> >> >> in
> >> >> >> response to an authorization request. Is there some way I can do
> >> >> this
> >> >> >> in
> >> >> >> the openser script.
> >> >> >>
> >> >> >> Basically I want to send a 402 payment required message to a sip
> >> >> client
> >> >> >> in
> >> >> >> case the call is rejected due low balance. In such cases radius
> >> >> returns
> >> >> >> a
> >> >> >> status response code with access reject.
> >> >> >>
> >> >> >>
> >> >> >> Thanks,
> >> >> >> Danish
> >> >> >>
> >> >> >> _______________________________________________
> >> >> >> Users mailing list
> >> >> >> Users@openser.org
> >> >> >> http://openser.org/cgi-bin/mailman/listinfo/users
> >> >> >>
> >> >> >
> >> >>
> >> >>
> >> >
> >>
> >>
> >
>
>
_______________________________________________
Users mailing list
Users@openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
