Hi there,
You know I've got good results with Vovida's b2bua, because I'm trying to use the session-timeout attribute for prepaid users. It works nicely. Nicely if the User has NO PASSWORD ASSIGNED ...
This is the configuration:
UA <----> B2BUA <---> SER | | RADIUS
AT Register Time, there are no problems. b2bua sends the REGISTER message ( with digest-attrbiutes ) to radius, and the UA gets registered, with no problems ( with or without password it works fine ).
When an INVITE is sent ... b2bua sends Authorization to RADIUS ... but as User-Password value, it sends a dot ( yes!!! a DOT "." ) ... look
rad_recv: Access-Request packet from host 192.168.1.253:1024, id=1, length=82 User-Name = "1992001" User-Password = "." NAS-IP-Address = 192.168.1.253 NAS-Port = 1000 Called-Station-Id = "543515684478" Calling-Station-Id = "1992001" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 228 modcall[authorize]: module "preprocess" returns ok for request 228 modcall[authorize]: module "attr_filter" returns noop for request 228 modcall[authorize]: module "chap" returns noop for request 228 modcall[authorize]: module "digest" returns noop for request 228 rlm_realm: No '@' in User-Name = "1992001", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 228 radius_xlat: '1992001' rlm_sql (sql): sql_set_user escaped user --> '1992001' radius_xlat: 'rad_authorize_check_query '1992001'' rlm_sql (sql): Reserving sql socket id: 1 radius_xlat: '' radius_xlat: 'rad_authorize_reply_query '1992001','543515684478'' radius_xlat: '' rlm_sql (sql): No matching entry in the database for request from user [1992001] rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module "sql" returns notfound for request 228 modcall: group authorize returns ok for request 228 Entro a rad_check_password auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user.
.... obviously, the user will never authenticate.
I know this is not the place for asking this, but vovidas mailing list is not working and I thought that someone my have been thru this problem already.
Any help would be really appreciated.... if not, any help with other b2bua would be very helpful too.
Regards,
Lucas
You could give your users a password ='.' that would make it work :-), or use asterisk B2BUA, or there is a commercial one called sippy.
From vovida doc
http://www.vovida.org/downloads/b2bua/README-b2bua-1.4.0.txt
1. Currently B2BUA assumes that all calls reaching it are already authenticated and the message includes embedded authorization data. The assumption is that the previous hop to the B2BUA will do the user authentication and the INVITE coming to B2BUA would contain the Proxy-authorization field containing the User ID. The UserID is taken as the raw data and sent to the RADIUS server for authorization. It is assumued that even if the User ID is encrypted the server would do the right thing.
2. The password sent for authorization is hard-coded to "." . To suit a specific vendor in the future, there is a plan to incorporate a vendor specific password in the B2BUA configuration file. This password can also come from provisioning.
Hope that helps
Iqbal
Lucas Aimaretto wrote:
Hi there,
You know I've got good results with Vovida's b2bua, because I'm trying to use the session-timeout attribute for prepaid users. It works nicely. Nicely if the User has NO PASSWORD ASSIGNED ...
This is the configuration:
UA <----> B2BUA <---> SER | | RADIUS
AT Register Time, there are no problems. b2bua sends the REGISTER message ( with digest-attrbiutes ) to radius, and the UA gets registered, with no problems ( with or without password it works fine ).
When an INVITE is sent ... b2bua sends Authorization to RADIUS ... but as User-Password value, it sends a dot ( yes!!! a DOT "." ) ... look
rad_recv: Access-Request packet from host 192.168.1.253:1024, id=1, length=82 User-Name = "1992001" User-Password = "." NAS-IP-Address = 192.168.1.253 NAS-Port = 1000 Called-Station-Id = "543515684478" Calling-Station-Id = "1992001" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 228 modcall[authorize]: module "preprocess" returns ok for request 228 modcall[authorize]: module "attr_filter" returns noop for request 228 modcall[authorize]: module "chap" returns noop for request 228 modcall[authorize]: module "digest" returns noop for request 228 rlm_realm: No '@' in User-Name = "1992001", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 228 radius_xlat: '1992001' rlm_sql (sql): sql_set_user escaped user --> '1992001' radius_xlat: 'rad_authorize_check_query '1992001'' rlm_sql (sql): Reserving sql socket id: 1 radius_xlat: '' radius_xlat: 'rad_authorize_reply_query '1992001','543515684478'' radius_xlat: '' rlm_sql (sql): No matching entry in the database for request from user [1992001] rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module "sql" returns notfound for request 228 modcall: group authorize returns ok for request 228 Entro a rad_check_password auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user.
.... obviously, the user will never authenticate.
I know this is not the place for asking this, but vovidas mailing list is not working and I thought that someone my have been thru this problem already.
Any help would be really appreciated.... if not, any help with other b2bua would be very helpful too.
Regards,
Lucas
... It works nicely. Nicely if the User has NO PASSWORD ASSIGNED ...
This is the configuration:
UA <----> B2BUA <---> SER | | RADIUS
When an INVITE is sent ... b2bua sends Authorization to RADIUS ... but as User-Password value, it sends a dot ( yes!!! a DOT "." ) ... look
rad_recv: Access-Request packet from host 192.168.1.253:1024, id=1, length=82 User-Name = "1992001" User-Password = "." NAS-IP-Address = 192.168.1.253 NAS-Port = 1000 Called-Station-Id = "543515684478" Calling-Station-Id = "1992001"
[ ... ]
.... obviously, the user will never authenticate.
[ ... ]
You could give your users a password ='.' that would make it work :-), or use asterisk B2BUA, or there is a commercial one called sippy.
Nice solution, but I do not think my boss will like to have that password assigned to the clients ;-)
From vovida doc ...
- The password sent for authorization is hard-coded to "." .
To suit a specific vendor in the future, there is a plan to incorporate a vendor specific password in the B2BUA configuration file. This password can also come from provisioning.
Any docs where to have asterisk working as a b2bua ??? Have you tried it ??? Is it a nice solution ??? Any body tried sippy ???
Thanx
Regards,
Lucas
Hi
Can you change you email client, to add your reply to the start, rather than bottom :-)
Asterisk I have used, and is good, there is a asterisk B2Bua mailing list also, sippy, I think there are a few users on here who really like it, just post a message with sippy as the subject I guess.
I dont really use a B2Bua anymore, I am trying my best to stay away from the media stream, it just doesnt scale well.
Iqbal
Lucas Aimaretto wrote:
... It works nicely. Nicely if the User has NO PASSWORD ASSIGNED ...
This is the configuration:
UA <----> B2BUA <---> SER | | RADIUS
When an INVITE is sent ... b2bua sends Authorization to RADIUS ... but as User-Password value, it sends a dot ( yes!!! a DOT "." ) ... look
rad_recv: Access-Request packet from host 192.168.1.253:1024, id=1, length=82 User-Name = "1992001" User-Password = "." NAS-IP-Address = 192.168.1.253 NAS-Port = 1000 Called-Station-Id = "543515684478" Calling-Station-Id = "1992001"
[ ... ]
.... obviously, the user will never authenticate.
[ ... ]
You could give your users a password ='.' that would make it work :-), or use asterisk B2BUA, or there is a commercial one called sippy.
Nice solution, but I do not think my boss will like to have that password assigned to the clients ;-)
From vovida doc ...
- The password sent for authorization is hard-coded to "." .
To suit a specific vendor in the future, there is a plan to incorporate a vendor specific password in the B2BUA configuration file. This password can also come from provisioning.
Any docs where to have asterisk working as a b2bua ??? Have you tried it ??? Is it a nice solution ??? Any body tried sippy ???
Thanx
Regards,
Lucas
Can you change you email client, to add your reply to the start, rather than bottom :-)
Sure. I just order the text in a chronological way ...
Asterisk I have used, and is good, there is a asterisk B2Bua mailing list also, sippy, I think there are a few users on here who really like it, just post a message with sippy as the subject I guess.
I dont really use a B2Bua anymore, I am trying my best to stay away from the media stream, it just doesnt scale well.
And what do you do in case you need to cut a call because a prepaid user is running out of time ... ? If you have a nice hint, please let me know. I mean ... I have no trouble with post-paid users ... nor with prepaid users, if the user has no credit, the call want be placed, but the trouble arises when for an "X" amount of money, the user can call for an "Y" amount of minutes. And I want to cut the call when time reaches "Y" ... do you follow me ?
How many users are you managing at the moment ???
Regards,
Lucas
Hi
Well that is the hard part, I am looking at session-timers. But this is not a exact since, there are a few discussions on this list about howto get round the problem, but if u want a simple solutions b2bua is the way to go, I did some maths, and looked at what the andwidth cost and server cost would be for media streams, anbd realised if I had to negate a few mins here or there, it would still be cheaper, even though the hardware would depreciate the bandwidth would not...or would it..any accountants here...
Iqbal
Lucas Aimaretto wrote:
Can you change you email client, to add your reply to the start, rather than bottom :-)
Sure. I just order the text in a chronological way ...
Asterisk I have used, and is good, there is a asterisk B2Bua mailing list also, sippy, I think there are a few users on here who really like it, just post a message with sippy as the subject I guess.
I dont really use a B2Bua anymore, I am trying my best to stay away from the media stream, it just doesnt scale well.
And what do you do in case you need to cut a call because a prepaid user is running out of time ... ? If you have a nice hint, please let me know. I mean ... I have no trouble with post-paid users ... nor with prepaid users, if the user has no credit, the call want be placed, but the trouble arises when for an "X" amount of money, the user can call for an "Y" amount of minutes. And I want to cut the call when time reaches "Y" ... do you follow me ?
How many users are you managing at the moment ???
Regards,
Lucas
-
Iqbal -
Lucas Aimaretto