�Hola!
> to HoraPe: Could you send me your test script and configuration?
/etc/raddb/users:
test Auth-Type := Local, Password == ""
Exec-Program-Wait = "/etc/raddb/auth.pl"
/etc/raddb/auth.pl:
#!/usr/bin/perl
print "h323-credit-amount = \"h323-credit-amount=25\",";
print "h323-return-code = \"h323-return-code=0\"\n";
exit 0;
TCL script (test.tcl):
proc act_Setup {} {
leg setupack leg_incoming
leg proceeding leg_incoming
leg connect leg_incoming
puts "Test"
aaa authorize "test" "" "" "" leg_incoming avs
}
proc act_Auth {} {
set status [infotag get evt_status]
puts "Auth $status"
if { [infotag get aaa_avpair_exists h323-return-code] } {
set cr [infotag get aaa_avpair h323-return-code]
puts "h323-return-code = $cr "
} else {
puts "No h323-return-code"
}
call close
}
set fsm(any_state,ev_disconnected) "act_Clean,same_state"
set fsm(IDLE,ev_setup_indication) "act_Setup,AUTH"
set fsm(AUTH,ev_authorize_done) "act_Auth,same_state"
fsm define fsm IDLE
radiusd -X output:
rad_recv: Access-Request packet from host 200.41.96.114:1645, id=152, length=168
NAS-IP-Address = 200.41.96.114
Cisco-NAS-Port = "ISDN 1:D:18"
NAS-Port-Type = Async
User-Name = "test"
h323-conf-id = "h323-conf-id=D8FE7386 FBC511D5 8058DB00 37F85AC5"
Password = "k\010B\333\274\337\3412(\032\000\232l\323\t\310"
Cisco-AVPair = "h323-ivr-out=transactionID:20"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched test at 208
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied Password matches local Password
radius_xlat: '/etc/raddb/auth.pl'
Exec-Program: /etc/raddb/auth.pl
Exec-Program-Wait: value-pairs: h323-credit-amount =
"h323-credit-amount=25",h323-return-code = "h323-return-code=0"
Exec-Program: returned: 0
Login OK: [test] (from nas 200.41.96.114 port 0)
Sending Access-Accept of id 152 to 200.41.96.114:1645
h323-credit-amount = "h323-credit-amount=25"
h323-return-code = "h323-return-code=0"
Finished request 0
Going to the next request
syslog output from as5300:
Dec 29 16:05:24 200.41.96.114 381: Test
Dec 29 16:05:24 200.41.96.114 382: 22:22:54:
Dec 29 16:05:24 200.41.96.114 383: 22:22:54: RADIUS: ustruct sharecount=2
Dec 29 16:05:24 200.41.96.114 384: 22:22:54: Radius: radius_port_info() success=0
radius_nas_port=1
Dec 29 16:05:25 200.41.96.114 385: 22:22:54: RADIUS: added cisco VSA 2 len 11 "ISDN
1:D:18"
Dec 29 16:05:25 200.41.96.114 386: 22:22:54: RADIUS: added cisco VSA 24 len 48
"h323-conf-id=D8FE7386 FBC511D5 8058DB00 37F85AC5"
Dec 29 16:05:25 200.41.96.114 387: 22:22:54: RADIUS: added cisco VSA 1 len 29
"h323-ivr-out=transactionID:20"
Dec 29 16:05:25 200.41.96.114 388: 22:22:54: RADIUS: Initial Transmit ISDN 1:D:18 id
152 200.69.64.230:1812, Access-Request, len 168
Dec 29 16:05:25 200.41.96.114 389: 22:22:54: Attribute 4 6 C8296072
Dec 29 16:05:25 200.41.96.114 390: 22:22:54: Attribute 26 19 00000009020D4953
Dec 29 16:05:25 200.41.96.114 391: 22:22:54: Attribute 61 6 00000000
Dec 29 16:05:25 200.41.96.114 392: 22:22:54: Attribute 1 6 74657374
Dec 29 16:05:25 200.41.96.114 393: 22:22:54: Attribute 26 56 0000000918326833
Dec 29 16:05:25 200.41.96.114 394: 22:22:54: Attribute 2 18 6B0842DB
Dec 29 16:05:25 200.41.96.114 395: 22:22:54: Attribute 26 37 00000009011F6833
Dec 29 16:05:25 200.41.96.114 396: 22:22:55: RADIUS: Received from id 152
200.69.64.230:1812, Access-Accept, len 75
Dec 29 16:05:26 200.41.96.114 397: 22:22:55: Attribute 26 29 0000000965176833
Dec 29 16:05:26 200.41.96.114 398: 22:22:55: Attribute 26 26 0000000967146833
Dec 29 16:05:26 200.41.96.114 399: 22:22:55: RADIUS: saved authorization data for user
61B49760 at 62247464Auth ao_000
Dec 29 16:05:26 200.41.96.114 400: 22:22:55: No h323-return-code
tcpdump capture:
16:05:23.544474 200.41.96.114.1645 > 200.69.64.230.1812: [udp sum ok] rad-access-req
168 [id 152] Attr[ NAS_ipaddr{200.41.96.114} Vendor_specific{......ISDN 1:D:18}
NAS_port_type{Sync} User{test} Vendor_specific{.....2h323-conf-id=D8FE7386 FBC511D5
8058DB00 37F85AC5} Pass Vendor_specific{......h323-ivr-out=transactionID:20} ] (ttl
244, id 6167, len 196)
4500 00c4 1817 0000 f411 7c4a c829 6072
c845 40e6 066d 0714 00b0 a221 0198 00a8
bca5 2f49 0296 10a3 3947 0b82 69a1 00ce
0406 c829 6072 1a13 0000 0009 020d 4953
444e 2031 3a44 3a31 383d 0600 0000 0001
0674 6573 741a 3800 0000 0918 3268 3332
332d 636f 6e66 2d69 643d 4438 4645 3733
3836 2046 4243 3531 3144 3520 3830 3538
4442 3030 2033 3746 3835 4143 3502 126b
0842 dbbc dfe1 3228 1a00 9a6c d309 c81a
2500 0000 0901 1f68 3332 332d 6976 722d
6f75 743d 7472 616e 7361 6374 696f 6e49
443a 3230
16:05:23.552233 200.69.64.230.1812 > 200.41.96.114.1645: [udp sum ok]
rad-access-accept 75 [id 152] Attr[ Vendor_specific{....e.h323-credit-amount=25}
Vendor_specific{....g.h323-return-code=0} ] (DF) (ttl 64, id 0, len 103)
4500 0067 0000 4000 4011 08bf c845 40e6
c829 6072 0714 066d 0053 8773 0298 004b
58a9 9562 6399 3b0b 9b08 991a 978d 7023
1a1d 0000 0009 6517 6833 3233 2d63 7265
6469 742d 616d 6f75 6e74 3d32 351a 1a00
0000 0967 1468 3332 332d 7265 7475 726e
2d63 6f64 653d 30
---
Have i missed anything important?
> What is important: using the dictionary.cisco file in your radius
> configuration.
/etc/raddb/dictionary says:
$INCLUDE dictionary.cisco
> What does your "debug radius" say in the Cisco equipment? When I
> developed my radius script, I used this debugging tool and it was very
> good for the troubleshooting.
Dec 29 16:05:25 200.41.96.114 396: 22:22:55: RADIUS: Received from id 152
200.69.64.230:1812, Access-Accept, len 75
Dec 29 16:05:26 200.41.96.114 397: 22:22:55: Attribute 26 29 0000000965176833
Dec 29 16:05:26 200.41.96.114 398: 22:22:55: Attribute 26 26 0000000967146833
Dec 29 16:05:26 200.41.96.114 399: 22:22:55: RADIUS: saved authorization data for user
61B49760 at 62247464Auth ao_000
> Thomas
Lots of thanks,
HoraPe
---
Horacio J. Pe�a
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
