Configuring for multiple vendors
Hi everyone.
I am trying to set up my FreeRadius server for use with multiple
vendors simultaneously, namely Cisco and Quintum. Currently we have
everything working fine with Quintum boxes and are trying to add
support for Cisco.
We are using FreeRadius to call a SQL Server back end. Here is the
stored procedure config for the group reply query in our mssql.conf
file:
authorize_group_reply_query = EXEC ${groupreply_sp}
'%{SQL-User-Name}', '%{Calling-Station-Id}', '%{Called-Station-Id}',
'%{Quintum-h323-conf-id}', '%{Quintum-AVPair}',
'%{Quintum-h323-gw-id}', '%{NAS-IP-Address}',
'%{Quintum-h323-call-origin}'
You can see the problem we are going having - if we introduce a Cisco
box then none of the vendor specific attributes are matched by the
radius server and so we just get a load of blanks passed in to the
stored procedure for these attributes.
We have tried various things such as including the Cisco dictionary.
However, Cisco attributes by default are in the format h323-x
rather than Quintum-h323-x so they again don't match the SQL
procedure config. If we try changing the Quintum dictionary so its
parameters are names similarly to Cisco's, then the radius won't even
start, complaining that duplicate attribute names are defined (as
indeed they are).
Surely it must be possible to run free radius with equipment from
multiple vendors... can anyone help?
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Configuring for multiple vendors
Well, if you have different vendor attributes for the same thing then
you should be able to do for example:
%{Quintum-h323-call-origin:-%{Cisco-h323-call-origin}}
That will use Quintum-h323-call-origin if it exists, otherwise
Cisco-h323-call-origin
See variables.txt in the doc directory for more details...
Cheers,
Mike
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Mike Chamberlain
Sent: Tuesday, 24 May 2005 5:08 PM
To: freeradius-users@lists.freeradius.org
Subject: Configuring for multiple vendors
Hi everyone.
I am trying to set up my FreeRadius server for use with
multiple vendors simultaneously, namely Cisco and Quintum.
Currently we have everything working fine with Quintum boxes
and are trying to add support for Cisco.
We are using FreeRadius to call a SQL Server back end. Here
is the stored procedure config for the group reply query in
our mssql.conf
file:
authorize_group_reply_query = EXEC ${groupreply_sp}
'%{SQL-User-Name}', '%{Calling-Station-Id}',
'%{Called-Station-Id}', '%{Quintum-h323-conf-id}',
'%{Quintum-AVPair}', '%{Quintum-h323-gw-id}',
'%{NAS-IP-Address}', '%{Quintum-h323-call-origin}'
You can see the problem we are going having - if we introduce
a Cisco box then none of the vendor specific attributes are
matched by the radius server and so we just get a load of
blanks passed in to the stored procedure for these attributes.
We have tried various things such as including the Cisco dictionary.
However, Cisco attributes by default are in the format
h323-x rather than Quintum-h323-x so they again don't
match the SQL procedure config. If we try changing the
Quintum dictionary so its parameters are names similarly to
Cisco's, then the radius won't even start, complaining that
duplicate attribute names are defined (as indeed they are).
Surely it must be possible to run free radius with equipment
from multiple vendors... can anyone help?
Mike
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuring for multiple vendors
Fantastic! That is exactly what I was looking for.
The only downside to this is that we will have to reconfigure the
system for each additional manufacturer we want to add. Is there a
more general way of doing it? Or is this just the nature of VSAs?
Thanks,
Mike
On 5/24/05, Mitchell, Michael J [EMAIL PROTECTED] wrote:
Well, if you have different vendor attributes for the same thing then
you should be able to do for example:
%{Quintum-h323-call-origin:-%{Cisco-h323-call-origin}}
That will use Quintum-h323-call-origin if it exists, otherwise
Cisco-h323-call-origin
See variables.txt in the doc directory for more details...
Cheers,
Mike
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Mike Chamberlain
Sent: Tuesday, 24 May 2005 5:08 PM
To: freeradius-users@lists.freeradius.org
Subject: Configuring for multiple vendors
Hi everyone.
I am trying to set up my FreeRadius server for use with
multiple vendors simultaneously, namely Cisco and Quintum.
Currently we have everything working fine with Quintum boxes
and are trying to add support for Cisco.
We are using FreeRadius to call a SQL Server back end. Here
is the stored procedure config for the group reply query in
our mssql.conf
file:
authorize_group_reply_query = EXEC ${groupreply_sp}
'%{SQL-User-Name}', '%{Calling-Station-Id}',
'%{Called-Station-Id}', '%{Quintum-h323-conf-id}',
'%{Quintum-AVPair}', '%{Quintum-h323-gw-id}',
'%{NAS-IP-Address}', '%{Quintum-h323-call-origin}'
You can see the problem we are going having - if we introduce
a Cisco box then none of the vendor specific attributes are
matched by the radius server and so we just get a load of
blanks passed in to the stored procedure for these attributes.
We have tried various things such as including the Cisco dictionary.
However, Cisco attributes by default are in the format
h323-x rather than Quintum-h323-x so they again don't
match the SQL procedure config. If we try changing the
Quintum dictionary so its parameters are names similarly to
Cisco's, then the radius won't even start, complaining that
duplicate attribute names are defined (as indeed they are).
Surely it must be possible to run free radius with equipment
from multiple vendors... can anyone help?
Mike
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Configuring for multiple vendors
Fantastic! That is exactly what I was looking for. The only downside to this is that we will have to reconfigure the system for each additional manufacturer we want to add. Is there a more general way of doing it? Or is this just the nature of VSAs? Hmm, can't think of one. But there are people on this list much smarter than me... ;-) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuring for multiple vendors
Mitchell, Michael J [EMAIL PROTECTED] wrote:
The only downside to this is that we will have to reconfigure
the system for each additional manufacturer we want to add.
The good news is that few vendors do the annoying AVPair stuff that
Cisco does.
Is there a more general way of doing it? Or is this just the
nature of VSAs?
Hmm, can't think of one. But there are people on this list much smarter
than me... ;-)
Code hacks. Create virtual attributes, and use those in the
configurion files. This leaves the mapping between real virtual
attributes all in one place.
e.g.
virtual {
My-Attribute-Foo = %{Vendor-Foo:-%{Vendor-Bar:-%{Vendor-Stuff}}}
}
...
DEFAULT My-Attribute-Foo == stuff... # compare against 1 of the 3 above
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
