FreeRadius with radiusclient-ng and Cisco h323 VoIP attributes

Dean Elwood dean.elwood at gmail.com
Wed Jan 7 10:28:23 CET 2009 

Hi Luciano,

Many thanks for the reply.

Yes, it was a client-side error (now fixed, see below).

I removed the empty lines between VENDOR and the first attributes and  
that didn't make any difference.

The Cisco attributes were added by me creating a dictionary.cisco file  
which I then included in the main dictionary with the $INCLUDE  
directive.

As for testing, I was just using the radiusclient-ng at command line  
and manually trying to enter an AUTH packet with the Cisco attributes.

But it's now working fine. If anyone else stumbles upon this thread  
after having problems with using a RADIUS based SIPPY B2BUA with  
FreeRadius, the fix is:-

1. After installing the radiusclient-ng client application, edit the  
radiusclient-ng.conf file and tell it to use the SIPPY dictionary  
(which is probably in /usr/src/sippy/). Don't use the radiusclient-ng  
library (that's why mine wasn't working at first).

2. Edit the SIPPY dictionary file and add the following entries, or  
alternatively put these in to a new file and include them in the main  
dictionary with the $INCLUDE directive:-

VENDOR		Cisco			9
ATTRIBUTE	Cisco-AVPair		1	string	Cisco
ATTRIBUTE	h323-remote-address	23	string	Cisco
ATTRIBUTE	h323-conf-id		24	string	Cisco
ATTRIBUTE	h323-setup-time		25	string	Cisco
ATTRIBUTE	h323-call-origin	26	string	Cisco
ATTRIBUTE	h323-call-type		27	string	Cisco
ATTRIBUTE	h323-connect-time	28	string	Cisco
ATTRIBUTE	h323-disconnect-time	29	string	Cisco
ATTRIBUTE	h323-disconnect-cause	30	string	Cisco
ATTRIBUTE	h323-voice-quality	31	string	Cisco
ATTRIBUTE	h323-ivr-out		32	string	Cisco
ATTRIBUTE	h323-credit-time	102	string	Cisco
ATTRIBUTE	h323-return-code	103	string	Cisco
ATTRIBUTE	h323-redirect-number	106	string	Cisco
ATTRIBUTE	h323-preferred-lang	107	string	Cisco
ATTRIBUTE	h323-billing-model	109	string	Cisco
ATTRIBUTE	h323-currency		110	string	Cisco


Dean



On 6 Jan 2009, at 13:17, Luciano Afranllie wrote:

> Dean,
>
> Do you see that error on client side, right?
>
> Some very stupid thing I can tell you is remove the empty line between
> VENDOR line and first attribute. I have the same config (without the
> empty line) and is working fine.
>
> How and where do you added cisco attributes? Just a tip, you can
> create a new dictionary file (dictionary.cisco for example) and use an
> include directive at the end of the default dictionary file of
> radiusclient-ng
>
> $INCLUDE dictionary.cisco
>
> How are you testing this attribute?
>
> Regards
> Luciano
>
> On Tue, Jan 6, 2009 at 8:58 AM, Dean Elwood <dean.elwood at gmail.com>  
> wrote:
>> Hi there,
>>
>> I'm having real trouble getting FreeRadius and radiusclient-ng to  
>> talk to
>> each other with Cisco h323 attributes.
>>
>> I believe I have set up FreeRadius correctly. I can connect using
>> radiusclient-ng and do standard AUTH commands and all works fine.
>>
>> As soon as I try to add an attribute like:-
>>
>> h323-conf-id = '78FF6EBC 2F74D29E 4F400B22 8B4AA1C1'
>>
>> I get this parse error from radiusclient-ng:-
>>
>> : can't parse AV pair
>>
>> I assumed that this meant that radiusclient-ng didn't recognise the
>> h323-conf-id attribute, so I included in the radiusclient-ng *client*
>> dictionary the following:-
>>
>> VENDOR          Cisco                                   9
>>
>> ATTRIBUTE       Cisco-AVPair                            1        
>> string
>> Cisco
>> ATTRIBUTE       h323-call-origin                        26       
>> string
>> Cisco
>> ATTRIBUTE       h323-remote-address                     23       
>> string
>> Cisco
>> ATTRIBUTE       h323-conf-id                            24       
>> string
>> Cisco
>> ATTRIBUTE       h323-setup-time                         25       
>> string
>> Cisco
>> ATTRIBUTE       h323-call-origin                        26       
>> string
>> Cisco
>> ATTRIBUTE       h323-call-type                          27       
>> string
>> Cisco
>> ATTRIBUTE       h323-connect-time                       28       
>> string
>> Cisco
>> ATTRIBUTE       h323-disconnect-time                    29       
>> string
>> Cisco
>> ATTRIBUTE       h323-disconnect-cause                   30       
>> string
>> Cisco
>> ATTRIBUTE       h323-voice-quality                      31       
>> string
>> Cisco
>> ATTRIBUTE       h323-gw-id                              33       
>> string
>> Cisco
>> ATTRIBUTE       h323-incoming-conf-id                   35       
>> string
>> Cisco
>>
>> The client appears to be happy with this dictionary file (at least  
>> the
>> client runs and still does standard AUTH's ok), but I still get the  
>> parse
>> error on the h323 vars.
>>
>> The fact that the parse error states an error parsing "AV pair"  
>> makes me
>> think that these attributes need to be formatted in a particular  
>> way. Could
>> that be it?
>>
>> Any assistance or pointers in the right direction would be much
>> appreciated....
>>
>> Thanks,
>>
>> Dean
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list