Re: DNIS authentication

Thomas Jalsovsky Wed, 08 Aug 2001 22:47:46 -0700
On Wed, 8 Aug 2001, Chris Parker wrote:

> At 09:48 AM 8/8/2001 -0500, Mark Nicholas wrote:
> >Hi,
> >
> >     I am running freeradius-0.1.
>
> Upgrade to 0.2 ( or the latest CVS, actually ).  Many fixes over 0.1.
>
> >Does anyone know how to have only one user
> >able to authenticate when calling an 800 number.  We are setting up personal
> >800 numbers for some dialin customers and don't want them to be able to call
> >other people's 800 numbers.
>
> Add 'Called-Station-ID' as a check item in the 'users' file.  Ala:
>
> user1    Auth-Type := System, Called-Station-ID == "8001234567"
>          Fall-Through = Yes
>
> DEFAULT Auth-Type := Reject, Called-Station-ID == "8001234567"
>
> -Chris

Cisco (our Cisco AS5300) doesn't send Called-Station-ID attribute in the
access request RADIUS packet, therefore you can't use it for auth.
A debug message from Cisco (debug radius):

Aug  9 05:52:32.303: RADIUS: ustruct sharecount=2
Aug  9 05:52:32.303: Radius: radius_port_info() success=0
radius_nas_port=1
Aug  9 05:52:32.303: RADIUS: added cisco VSA 2 len 11 "ISDN 3:D:31"
Aug  9 05:52:32.303: RADIUS: added cisco VSA 24 len 41
"h323-conf-id=8F495AF8 CEECFC30 0 6C575794"
Aug  9 05:52:32.303: RADIUS: added cisco VSA 1 len 27 "in-portgrp-id=(For
testing)"
Aug  9 05:52:32.303: RADIUS: added cisco VSA 1 len 32
"h323-ivr-out=transactionID:19790"
Aug  9 05:52:32.307: RADIUS: Initial Transmit ISDN 3:D:31 id 104
193.41.203.5:1812, Access-Request, len 198
Aug  9 05:52:32.307:         Attribute 4 6 C129CB14
Aug  9 05:52:32.307:         Attribute 26 19 00000009020D4953
Aug  9 05:52:32.307:         Attribute 61 6 00000000
Aug  9 05:52:32.307:         Attribute 1 5 3136391A
Aug  9 05:52:32.307:         Attribute 26 49 00000009182B6833
Aug  9 05:52:32.307:         Attribute 2 18 87C491A1
Aug  9 05:52:32.307:         Attribute 26 35 00000009011D696E
Aug  9 05:52:32.307:         Attribute 26 40 0000000901226833
Aug  9 05:52:32.311: RADIUS: Received from id 104 193.41.203.5:1812,
Access-Reject, len 20

Called-Station-ID has attribute 30, and as you see, attr. 30 didn't sent
to the RADIUS server.

If you have Cisco, we can talk about possible solutions..

        Thomas


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DNIS authentication

Reply via email to
