Hello Bruno,
what you described doesn't seem to have anything to do with the dictionary anymore, so let's forget that for now (may be it is fixed and you didn't noticed because the following case)
Yes, you're rigth ... It is another subject ... Sorry I'll finish with dictionaries later ...
So, now coming to SER. When I tried to make a call, only 1st auth took place between SER and IC-RADIUS.
SER IC-RADIUS | | |---(1st AUTH)---->| |<-----(OK!)-------| |------------------| | <- Data Flow -> | |------------------|
No 2nd auth, nor Acct-Messages were sent.
why would be a 2a auth for the same user? do you mean you desire a new auth per call?
Well, suppouse the following ...
User "A" exists in radius' database, and he is only allowed to call users B,C,D and E. What about if user "A" wants to call user "F", how do I control that ???
Well, I have (today) different "destination lists" wich I assign to any new user I create. In those lists I have several possible destinations for that particular user. So ... going back ...
SER IC-RADIUS | | |---(1st AUTH)---->| |<-----(OK!)-------| |---(2nd AUTH)---->| |<-----(OK!)-------| |------------------| | <- Data Flow -> | |------------------|
In 1st auth, I send Username and check if he/she exists in database (in this case user "A"). If so, then Access-Accept. Now, in 2nd auth I also send Calling-station-Id and Called-Station-Id, being Called-Station-Id the User who "A" wants to talk to, am I clear ? If Called-Station-Id does not exist in User's "A" destination list, then RADIUS sends back an Access-Reject.
Another option is, yes!, to send everything (username, calling-station-id and called-station-id) in just one message, so as to check destination too in only the 1st auth ... But I do not see SER being sending the Called-Station-Id attribute in the auth process nor the calling-station-id (which is NULL). I just see the Username attribute. Look ...
radrecv: Access Request from host c0a801fd code=1, id=47, length=281 User-Name = "1992005@192.168.1.253" Digest-Attributes = "\012\0111992005" Digest-Attributes = "\001\017192.168.1.253" Digest-Attributes = "\002*419e6d1044b039c6a5570602eb629a2b6b2cb881" Digest-Attributes = "\004\033sip:1992001@192.168.1.253" Digest-Attributes = "\003\010INVITE" Digest-Response = "5844c35bc08dfe74b5481c959c13d65e" Service-Type = Sip-Session Sip-Uri-User = "1992005" Cisco-AVPair = "call-id=3CBA2689-8049-4D01-AB08-1DE8EE7B20BE@192.168.1.178" NAS-IP-Address = 192.168.1.253 NAS-Port-Id = 5060 SQL: Attempting to reserve socket SQL: Reserved socket 0 Username is now 1992005 Calling station Id is now (null) CalledID==NULL credit_amount (18.90) Sending Access Ack of id 47 to c0a801fd (nas linux) Credit-Amount = "V9:T102:L26:683332332d6372656469742d616d6f756e743d31382e3930" SQL: Socket 0 used for 0.70 seconds SQL: Released socket 0
Do you see ?
How can I (if possible) do that (to send also [Called/Calling]-Station-Id)?
Cheers
Thank you again ..
Lucas
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.786 / Virus Database: 532 - Release Date: 29/10/2004