Em Qui, 2004-03-18 às 16:40, Morris, Scott escreveu:
Does anyone have example config files for an SER and RADIUS implementation. I'll take whatever you can send at this point.
Scott Morris Enterprise Network Engineer DOE - ORAU / ORISE 865-576-4672
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
I Use this : # # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # # simple quick-start config script #
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E)
#/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes #*/
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/acc.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/group.so" loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/uri_radius.so" loadmodule "/usr/local/lib/ser/modules/group_radius.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" loadmodule "/usr/local/lib/ser/modules/msilo.so" loadmodule "/usr/local/lib/ser/modules/enum.so" # ----------------- setting module-specific parameters ---------------
#### # all DB urls here modparam("usrloc|auth_db|msilo|uri", "db_url", "sql://ser:heslo@localhost/ser")
# -- usrloc params -- /* 0 -- dont use mysql, 1 -- write_through, 2--write_back */ modparam("usrloc", "db_mode", 2) modparam("usrloc", "timer_interval", 10)
# -- auth params --
modparam("auth_db", "calculate_ha1", yes) #modparam("auth_db", "user_column", "user_id") modparam("auth_db", "password_column", "password") modparam("auth", "nonce_expire", 300)
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# -- acc params -- # that is the flag for which we will account -- don't forget to modparam("acc", "db_flag", 1 ) modparam("acc", "db_missed_flag", 3 )
# -- tm params -- modparam("tm", "fr_timer", 20 ) modparam("tm", "fr_inv_timer", 90 ) modparam("tm", "wt_timer", 20 )
# -- msilo params modparam("msilo", "registrar", "sip:registrar@200.146.208.5")
# -- enum params -- # modparam("enum", "domain_suffix", "e164.arpa.") modparam("acc","radius_config","/usr/local/etc/radiusclient/radiusclient.conf") modparam("acc", "service_type", 15) modparam("acc", "radius_flag", 1) modparam("acc", "radius_missed_flag",2)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; };
if (method=="INVITE" || method=="BYE" || method=="CANCEL") { setflag(1); };
# we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route(); # loose-route processing if (loose_route()) { t_relay(); break; };
# if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication if (!radius_proxy_authorize("")) { proxy_challenge("", "1"); break; };
save("location"); break; };
# some UACs might be fooled by Contacts our UACs generate to make MSN # happy (web-im, e.g.) -- tell its urneachable if (uri=~"sip:daemon@" ) { sl_send_reply("410", "daemon is gone"); break; };
# native SIP destinations are handled using our USRLOC DB #if (!lookup("location")) { # sl_send_reply("404", "Not Found"); # break; #}; };
# forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP #if (!t_relay()) { # sl_reply_error(); #};
# does the user wish redirection on no availability? (i.e., is he # in the voicemail group?) -- determine it now and store it in # flag 4, before we rewrite the flag using UsrLoc if (is_user_in("Request-URI", "voicemail")) { setflag(4); };
# native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { # handle user which was not found route(4); break; };
# if user is on-line and is in voicemail group, enable redirection if (method == "INVITE" && isflagset(4)) { t_on_failure("1"); }; t_relay(); }
# ------------- handling of unavailable user ------------------ route[4] {
if (method=="MESSAGE") { t_newtran(); if (m_store("0")) { t_reply("202", "Accepted for Later Delivery"); } else { t_reply("503", "Service Unavailable"); }; break; };
# non-Voip -- just send "off-line" if (!(method == "INVITE" || method == "ACK" || method == "CANCEL")) { sl_send_reply("404", "Not Found"); break; };
# not voicemail subscriber #if (!isflagset(4)) { # sl_send_reply("404", "Not Found and no voicemail turned on"); # break; #};
# forward to voicemail now rewritehostport("200.146.208.4:5090"); t_relay_to_udp("200.146.208.4", "5090"); }
# if forwarding downstream did not succeed, try voicemail running # at 200.146.208.4:5090
failure_route[1] { revert_uri(); rewritehostport("200.146.208.4:5090"); append_branch(); t_relay_to_udp("200.146.208.4", "5090"); }