Re: Call-Check
Ivo [EMAIL PROTECTED] wrote: Can someone tell me is it possible to get freeradius respond to Service-Type==Call-Check requests? I don't see why niot. I have read on cisco's web pages that it is not possible. Please post the URL. Namely, I would like to check for valid caller-id before answering the call and going on with username/password check. Sure. It's just data in RADIUS packets. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Call-Check
I wonder if it's this one? http://www.cisco.com/univercd/cc/td/doc/product/voice/sipproxy/radiusps/ radpreau.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, October 05, 2005 2:01 PM To: FreeRadius users mailing list Subject: Re: Call-Check Ivo [EMAIL PROTECTED] wrote: Can someone tell me is it possible to get freeradius respond to Service-Type==Call-Check requests? I don't see why niot. I have read on cisco's web pages that it is not possible. Please post the URL. Namely, I would like to check for valid caller-id before answering the call and going on with username/password check. Sure. It's just data in RADIUS packets. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Call-Check
From the site: RADIUS Debugging File FreeRADIUS server does not support preauthentication. There is no example for this case. -- Jonathan De Graeve Network/System Administrator Imelda vzw Informatica Dienst 015/50.52.98 [EMAIL PROTECTED] -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens King, Michael Verzonden: woensdag 5 oktober 2005 20:08 Aan: FreeRadius users mailing list Onderwerp: RE: Call-Check I wonder if it's this one? http://www.cisco.com/univercd/cc/td/doc/product/voice/sipproxy/radiusps/ radpreau.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, October 05, 2005 2:01 PM To: FreeRadius users mailing list Subject: Re: Call-Check Ivo [EMAIL PROTECTED] wrote: Can someone tell me is it possible to get freeradius respond to Service-Type==Call-Check requests? I don't see why niot. I have read on cisco's web pages that it is not possible. Please post the URL. Namely, I would like to check for valid caller-id before answering the call and going on with username/password check. Sure. It's just data in RADIUS packets. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Call-Check
Jonathan De Graeve [EMAIL PROTECTED] wrote: From the site: RADIUS Debugging File FreeRADIUS server does not support preauthentication. There is no example for this case. I'm not sure it's true. Please configure the pre-authentication as they describe, run FreeRADIUS in debugging mode, and try using preauthentication. Post the results to the list. Also, configure ACS (or a server that *does* support preauthenticat), run some requests, capture the output with tcpdump, and post the capture file on a web page. From what I can see of Table 10, they're not doing anything magic. There's no reason why you can't configure preauthentication using FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Call-Check
I'm using Cisco preauth feature on an AS5300 series acting as standard modem RAS against a FreeRADIUS. I use it to blacklist some ANIs that aren't allowed to put a call on my gear, and I need to do it before the call gets answered. It is working great in the sense that I get the blacklisted numbers rejected without sending an Answer signal on the PSTN line, due to that Cisco's preauth feature makes it to do an Access-Request before it answers the call, but FR treats it as a normal packet, with the only detail that it has lesser information (i.e, in the modem RAS case, you dont have the real UserName until you answer the call and modem negotiation ends up, so Cisco normally lets you put the DNIS or ANI or something in the UserName field and password). The only two details is this and the fact that from FR's point of view, the NAS will be doing Auth twice, one for the preauth fase on the cisco, and another for the real auth fase. So you will be seeing two Access-Request packets from NAS. Ing. Paolo Rotela Jefe Técnico Blue Telecom - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Wednesday, October 05, 2005 3:41 PM Subject: Re: Call-Check Jonathan De Graeve [EMAIL PROTECTED] wrote: From the site: RADIUS Debugging File FreeRADIUS server does not support preauthentication. There is no example for this case. I'm not sure it's true. Please configure the pre-authentication as they describe, run FreeRADIUS in debugging mode, and try using preauthentication. Post the results to the list. Also, configure ACS (or a server that *does* support preauthenticat), run some requests, capture the output with tcpdump, and post the capture file on a web page. From what I can see of Table 10, they're not doing anything magic. There's no reason why you can't configure preauthentication using FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Call-Check
On Sri, 2005-10-05 at 17:28 -0300, Paolo Rotela wrote: so Cisco normally lets you put the DNIS or ANI or something in the UserName field and password). The only two details is this and the fact that from FR's point of view, the NAS will be doing Auth twice, one for the preauth fase on the cisco, and another for the real auth fase. So you will be seeing two Access-Request packets from NAS. Since it looks like normal authentication request, FR (when using sql database) is looking into radcheck for username / password, but my NAS (PM3) sends only username and there is no User-Password attribute in request so FR denies access - I can see Auth: Login incorrect: [XXX/no User-Password attribute] in log file (where XXX is callerId, of course). So, how can I tell FR not to look for password and to accept call from some phone number if that number is in some sql table? TIA. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Call-Check
Ivo [EMAIL PROTECTED] wrote: So, how can I tell FR not to look for password and to accept call from some phone number if that number is in some sql table? Auth-Type := Accept Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html