hi : I am not sure that anyone have done this before :: We have a customer using Steelbelt radius that forward accounting information to the freeradius server. We can receive the accounting packet and stored it successfully. But the problem is we have another application that will do a mapping from IP address to MSISDN. In order to do the mapping from IP to MSISDN , the application need to talk?? to a radius server that have the information (that means freeradius that receive the accounting packet). The flow is below :: handset --> authenticated successfully --> Steelbelt radius forward accounting packet to Freeradius and the application will the a lookup for MSISDN that match the IP address before allow the handset to use the services. Is this possible ?? The application managed to authenticate itself successfully with Freeradius but I just cannot send the matching MSISDN back to the application. I have tried to use the variable such as %{Calling-Station-Id} in the access-repky message but no values assign. Any helps ? Thanks
TK Lew <tklew99@gmail.com> wrote:
handset --> authenticated successfully --> Steelbelt radius forward accounting packet to Freeradius and the application will the a lookup for MSISDN that match the IP address before allow the handset to use the services.
Is this possible ??
Yes, You can execute any program you want from FreeRADIUS, and that program can return add any RADIUS attribute to the reply.
I have tried to use the variable such as %{Calling-Station-Id} in the access-repky message but no values assign.
See the debug log for why. Also, it might help if you posted the configuration. Saying "I did stuff and it didn't do what I expect" means that it's impossible for anyone to help you. Alan DeKok.
Yes, You can execute any program you want from FreeRADIUS, and that program can return add any RADIUS attribute to the reply.
Stealing someone else's thread... OK! I've looked through the docs and don't see how to do this. I can really use this capability. Very cool! Can you point me to a /doc or URL where this is explained? --- Tim Winders Associate Dean of Information Technology South Plains College Levelland, TX 79336 Problem replying to my email? Click the "Sign" button in the OE toolbar or, better yet, get your own FREE Personal E-Mail Digital ID: http://www.thawte.com/email/index.html
hi Alan :: Thank for the reply. I am bit lost about this whole radius things. I will try to post as much info as I can. 1. First below are the request coming from our application to the FreeRadius for Access-Request with the following parameters. And the Freeradius received the accounting data forwarded from another radius server. a. User-Name,User-Password,Framed-IP-Address,NAS-IP-Address I have setup the authentication to "System" and managed to authenticate the users but I cannot get the "Calling-Station-Id". But I have a big question in my head , how do I expect Freeradius to pass you the Calling-Station-Id if you only passed in the parameters above ? Of course the Calling-Station-Id is empty ! So I very very confused on this whole things. How can an application search or map the Framed-IP-Address to a MSISDN and return the MSISDN in the Access-Reply back to the NAS without do a request to the accounting data forwarded from other radius? Or do I need to write my own script to do the above things ? But how ???? Logs from "radiusd -X" :: ====================================================== rad_recv: Access-Request packet from host 192.168.4.31:35135, id=20, length=56 User-Name = "ecds" User-Password = "eCDs1234" Framed-IP-Address = 10.129.255.151 NAS-IP-Address = 192.168.4.31 rad_rmspace_pair: User-Password now 'eCDs1234' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "ecds", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry ecds at line 59 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 modcall[authenticate]: module "unix" returns ok for request 0 modcall: group authenticate returns ok for request 0 radius_xlat: '/radius/sbin/echo.sh' Exec-Program: /radius/sbin/echo.sh Exec-Program output: Reply-Message += "Hello, %u", Calling-Station-Id = "" Exec-Program-Wait: value-pairs: Reply-Message += "Hello, %u", Calling-Station-Id = "" Exec-Program: returned: 0 radius_xlat: 'Hello, ecds' Login OK: [ecds] (from client ECDSnin-1 port 0) Sending Access-Accept of id 20 to 192.168.4.31:35135 Reply-Message += "Hello, ecds" Calling-Station-Id = "" ===================================================== On 9/23/05, Alan DeKok <aland@ox.org> wrote:
TK Lew <tklew99@gmail.com> wrote:
handset --> authenticated successfully --> Steelbelt radius forward accounting packet to Freeradius and the application will the a lookup for MSISDN that match the IP address before allow the handset to use the services.
Is this possible ??
Yes, You can execute any program you want from FreeRADIUS, and that program can return add any RADIUS attribute to the reply.
I have tried to use the variable such as %{Calling-Station-Id} in the access-repky message but no values assign.
See the debug log for why.
Also, it might help if you posted the configuration. Saying "I did stuff and it didn't do what I expect" means that it's impossible for anyone to help you.
Alan DeKok.
participants (3)
-
Alan DeKok -
Tim Winders -
TK Lew