Different replies based on Service-Type

Dejan Markic Dejan.Markic at mobik.si
Mon May 5 13:23:15 CEST 2008


Hello!

Thanks, this cleared up the thing ... it's working now.
It would be great if this, what you wrote to me, would be on the FAQ - as what is written now, and I've read it, didn't give me correct clue :)

Thanks!

Kind regards,
Dejan

-----Original Message-----
From: freeradius-users-bounces+dejan.markic=mobik.si at lists.freeradius.org [mailto:freeradius-users-bounces+dejan.markic=mobik.si at lists.freeradius.org] On Behalf Of Ivan Kalik
Sent: Monday, May 05, 2008 1:07 PM
To: FreeRadius users mailing list
Subject: Re: Different replies based on Service-Type

Yes. Just add Auth-Type := Accept in radgroupcheck for Call-Check group.
This is documented in FAQ, you just adapt it for your case:

http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#How_do_I_permit_access_to_any_user_regardless_of_password.3F

Ivan Kalik
Kalik Informatika ISP


Dana 5/5/2008, "Dejan Markic" <Dejan.Markic at mobik.si> piše:

>Hello!
>
>I need some configuration help, I'm stuck! I have configured Freeradius to work great with PPP access with user/pass, etc using rlm_sql module with MySQL.
>Now I have a problem. I have different requests coming in from OpenSER. One is authentication it self (the registration) which includes the user/pass combination - the packet looks like this:
>        User-Name = "10000 at voip"
>        Digest-Attributes = 0x0a073130303030
>        Digest-Attributes = 0x0110766f69702e6962757273742e7369
>        Digest-Attributes = 0x022a34383165633632613431333361613638303939666434316333306136396363643665363765353239
>        Digest-Attributes = 0x04147369703a766f69702e6962757273742e7369
>        Digest-Attributes = 0x030a5245474953544552
>        Digest-Response = "0d741120406c55bb2631bc16ba79eedc"
>        Service-Type = Sip-Session
>        Sip-Uri-User = "10000"
>        NAS-Port = 5060
>        NAS-IP-Address = 172.16.3.10
>
>This works OK, and user get's authenticated. But how could I match also this query received:
>
>        User-Name = "10000 at voip"
>        Service-Type = Call-Check
>        NAS-Port = 0
>        NAS-IP-Address = 172.16.3.10
>
>Now, there's no Password or anything, I would just like to check if this user is in the database.
>I have put the user into two groups, one checking for Service-Type Sip-Session and the other to Service-Type Call-Check. I can see in the debug, that the user was found in Call-Check group, but then radius sends REJECT as there was no password provided. Can I somehow send Accept, without user/pass checking, if the user was found in this group?!
>
>Thank you for any inputs regarding this issue.
>
>Kind regards,
>Dejan Markic
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list