Hello Bruno,
what you described doesn't seem to have anything
to do with the dictionary anymore, so let's forget
that for now (may be it is fixed and you didn't
noticed because the following case)
Yes, you're rigth ... It is another subject ... Sorry
I'll finish with dictionaries later ...
So, now coming
to SER.
When I tried to make a call, only 1st auth took place
between SER and
IC-RADIUS.
SER IC-RADIUS
| |
|---(1st AUTH)---->|
|<-----(OK!)-------|
|------------------|
| <- Data Flow -> |
|------------------|
No 2nd auth, nor Acct-Messages were sent.
why would be a 2a auth for the same user? do you mean
you desire a new auth per call?
Well, suppouse the following ...
User "A" exists in radius' database, and he is only allowed to call
users B,C,D and E. What about if user "A" wants to call user "F", how
do
I control that ???
Well, I have (today) different "destination lists" wich I assign to any
new user I create. In those lists I have several possible destinations
for that particular user. So ... going back ...
SER IC-RADIUS
| |
|---(1st AUTH)---->|
|<-----(OK!)-------|
|---(2nd AUTH)---->|
|<-----(OK!)-------|
|------------------|
| <- Data Flow -> |
|------------------|
In 1st auth, I send Username and check if he/she exists in database (in
this case user "A"). If so, then Access-Accept. Now, in 2nd auth I also
send Calling-station-Id and Called-Station-Id, being Called-Station-Id
the User who "A" wants to talk to, am I clear ? If Called-Station-Id
does not exist in User's "A" destination list, then RADIUS sends back an
Access-Reject.
Another option is, yes!, to send everything (username,
calling-station-id and called-station-id) in just one message, so as to
check destination too in only the 1st auth ... But I do not see SER
being sending the Called-Station-Id attribute in the auth process nor
the calling-station-id (which is NULL). I just see the Username
attribute. Look ...
radrecv: Access Request from host c0a801fd code=1, id=47, length=281
User-Name = "1992005(a)192.168.1.253"
Digest-Attributes = "\012\0111992005"
Digest-Attributes = "\001\017192.168.1.253"
Digest-Attributes = "\002*419e6d1044b039c6a5570602eb629a2b6b2cb881"
Digest-Attributes = "\004\033sip:1992001@192.168.1.253"
Digest-Attributes = "\003\010INVITE"
Digest-Response = "5844c35bc08dfe74b5481c959c13d65e"
Service-Type = Sip-Session
Sip-Uri-User = "1992005"
Cisco-AVPair =
"call-id=3CBA2689-8049-4D01-AB08-1DE8EE7B20BE(a)192.168.1.178"
NAS-IP-Address = 192.168.1.253
NAS-Port-Id = 5060
SQL: Attempting to reserve socket
SQL: Reserved socket 0
Username is now 1992005
Calling station Id is now (null)
CalledID==NULL
credit_amount (18.90)
Sending Access Ack of id 47 to c0a801fd (nas linux)
Credit-Amount =
"V9:T102:L26:683332332d6372656469742d616d6f756e743d31382e3930"
SQL: Socket 0 used for 0.70 seconds
SQL: Released socket 0
Do you see ?
How can I (if possible) do that (to send also
[Called/Calling]-Station-Id)?
Cheers
Thank you again ..
Lucas
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (
http://www.grisoft.com).
Version: 6.0.786 / Virus Database: 532 - Release Date: 29/10/2004