[OpenSER-Users] OpenSer and FreeRadius implementation

OpenSer ML openser at zap2link.com
Wed Jul 18 10:01:25 CEST 2007 

Please give me a bit more credit than that, I had been using Linux for the 
past 10 years ;-)

Although, from my previous questions, one can easily assume I'm a linux newbie :-D

Z2L
----- Original Message -----
From: "raviprakash sunkara" <sunkara.raviprakash.feb14 at gmail.com>
To: openser at zap2link.com
Sent: Wednesday, July 18, 2007 10:59:06 AM (GMT+0200) Asia/Jerusalem
Subject: Re: [OpenSER-Users] OpenSer and FreeRadius implementation

hi 

oops 
this versio is working fine 

did u try ldconfig v , to load the library files 



On 7/18/07 , OpenSer ML < openser at zap2link.com > wrote: 

Hi Neeraj, 

Can you please specify the versions of OpenSER and FreeRadius you are using? 
I'm trying to use OpenSER 1.2.1 and FreeRadius 1.1.6 

Regards, 
Z2L 

----- Original Message ----- 
From: "Neeraj Gupta" < Neeraj.Gupta at Sun.COM > 
To: openser at zap2link.com 
Cc: "users" < users at openser.org > 
Sent: Wednesday, July 18, 2007 1:20:11 AM (GMT+0200) Asia/Jerusalem 
Subject: Re: [OpenSER-Users] OpenSer and FreeRadius implementation 


Ok, I will paste critical configs in email. 
You need to setup radius as usual and copy dictionary files as usual. 

/etc/openser.cfg: 
# 
# $Id$ 
# 
# radius config script 
# 
# ----------- global configuration parameters ------------------------ 

debug=0 # debug level (cmd line: -dddddddddd) 
fork=yes 
log_stderror=no # (cmd line: -E) 
check_via=no # (cmd. line: -v) 
dns=no # (cmd. line: -r) 
rev_dns=no # (cmd. line: -R) 
port=5060 
children=4 
listen=udp:yy.yy.yy.yy 
listen=udp:xx.xx.xx.xx 
alias= sfbay.sun.com 
avp_aliases="day=i:101;time=i:102" 

#fifo="/tmp/openser_fifo" 

# ------------------ module loading ---------------------------------- 
#mpath="/usr/local/openser-1.0.1/lib/openser/modules" 
mpath="/usr/local/lib64/openser/modules" 

#loadmodule "mysql.so" 
loadmodule "sl.so" 
loadmodule "tm.so" 
loadmodule "rr.so" 
loadmodule "maxfwd.so" 
loadmodule "avpops.so" 
loadmodule "usrloc.so" 
loadmodule "registrar.so" 
loadmodule "textops.so" 
loadmodule "xlog.so" 
loadmodule "uri.so" 
loadmodule " acc.so" 
loadmodule "auth.so" 
loadmodule "auth_radius.so" 
loadmodule "group_radius.so" 
loadmodule "avp_radius.so" 

# ----------------- setting module-specific parameters --------------- 

# -- usrloc params -- 
#modparam("usrloc","db_url","mysql://openser:openserrw@localhost/openser") 

# neeraj changed to 0 from 2 
modparam("usrloc", "db_mode", 0) 

# -- acc params -- 
modparam("acc", "radius_flag", 1) 
modparam("acc", "radius_missed_flag", 2) 
modparam("acc", "log_flag", 1) 
modparam("acc", "log_missed_flag", 1) 
modparam("acc", "service_type", 15) 
modparam("acc", "radius_extra", "Sip-Src-IP=$si;Sip-Src-Port=$sp") 
modparam("acc|auth_radius|group_radius|avp_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf") 

# -- group_radius params -- 
modparam("group_radius", "use_domain", 1) 

# -- rr params -- 
# add value to ;lr param to make some broken UAs happy 
modparam("rr", "enable_full_lr", 1) 

# ------------------------- request routing logic ------------------- 

# main routing logic 

route{ 

# initial sanity checks -- messages with 
# max_forwards==0, or excessively long requests 
if (!mf_process_maxfwd_header("10")) { 
sl_send_reply("483","Too Many Hops"); 
}; 

if (msg:len >= 2048 ) { 
sl_send_reply("513", "Message too big"); 
}; 

# check if user is suspended 
###if(is_method("REGISTER|INVITE|MESSAGE|OPTIONS|SUBSCRIBE")) { 
### if (radius_is_user_in("From", "suspended")) { 
### sl_send_reply("403", "Forbidden - suspended"); 
### exit; 
### }; 
###}; 

# we record-route all messages -- to make sure that 
# subsequent messages will go through our proxy; that's 
# particularly good if upstream and downstream entities 
# use different transport protocol 
if (!method=="REGISTER") 
record_route(); 

# subsequent messages withing a dialog should take the 
# path determined by record-routing 
if (loose_route()) { 
# mark routing logic in request 
append_hf("P-hint: rr-enforced\r\n"); 
if(is_method("BYE")) { # log it all the time 
acc_rad_request("200 ok"); 
acc_log_request("200 ok"); 
} 
route(1); 
}; 

if(is_method("INVITE") && !has_totag()) 
{ # set the acc flags 
setflag(1); 
setflag(2); 
}; 

if (!uri==myself) { 
# check if user is allowed to do voip calls to other domains 
if(is_method("INVITE|MESSAGE")) { 
if (!radius_is_user_in("From", "voip")) { 
sl_send_reply("403", "Forbidden VoIP"); 
exit; 
}; 
}; 
# mark routing logic in request 
append_hf("P-hint: outbound\r\n"); 
route(1); 
}; 

# if the request is for other domain use UsrLoc 
# (in case, it does not work, use the following command 
# with proper names and addresses in it) 
if (uri==myself) { 
# authenticate registers 
if (method=="REGISTER") { 
if (!radius_www_authorize("")) { 
www_challenge("", "1"); 
exit; 
}; 

# check the src ip address 
# no need to use this now. tested OK 
###if(!avp_check("$avp(i:2)", "eq/$src_ip/ig")) { 
### sl_send_reply("403", "Forbidden IP"); 
### exit; 
###}; 

save("location"); 
exit; 
}; 

# calls to pstn 
if(uri=~"sip:00[1-9][0-9]+@") { 
if(is_method("INVITE") && !has_totag()) { 
if (!radius_is_user_in("From", "pstn")) { 
sl_send_reply("403", "Forbidden PSTN"); 
exit; 
}; 
}; 
# set gateway address 
rewritehostport(" 10.10.10.10:5090 "); 
route(1); 
}; 

# native SIP destinations are handled using our USRLOC DB 
if (!lookup("location")) { 
# log to acc as missed call 
acc_rad_request("404 Not Found"); 
acc_log_request("404 Not Found"); 
sl_send_reply("404", "Not Found"); 
exit; 
}; 
append_hf("P-hint: usrloc applied\r\n"); 
}; 

route(1); 
} 

# generic forward 
route[1] { 
# send it out now; use stateful forwarding as it works reliably 
# even for UDP2TCP 
if (!t_relay()) { 
sl_reply_error(); 
}; 
exit; 
} 

/etc/radiusclient-ng/servers: 
xx.xx.xx.xx test1234 
yy.yy.yy.yy test1234 


/etc/radiusclient-ng/radiusclient.conf: 
<snip> 


# neeraj 
authserver xx.xx.xx.xx:1812 
# RADIUS server to use for accouting requests. All that I 
# said for authserver applies, too. 
# 
# neeraj 
#acctserver localhost 
acctserver xx.xx.xx.xx :1813 
<snip> 



Neeraj Gupta wrote: 

Yes. I have this working.. all with latest pieces of software on Sun SPARC Solaris 10. 

What exactly do you need ? 

-Neeraj 

OpenSER ML wrote: 


Hi All, 

Ok, I'm a bit mixed up here, the documents are simply not cutting it. 
I'm wondering if any of you have a working OpenSER + FreeRadius configuration 
that I can look at and extrapulate my required settings? 

I've gone over all the material I could find, but all of it reverts back 
to the outdated how-to on the FreeRadius website. 
Assistance would be highly appreciated. 

Regards, 
Z2L 

_______________________________________________ 
Users mailing list 
Users at openser.org 
http://openser.org/cgi-bin/mailman/listinfo/users 


-- 
------------------------------------------------------------- 
o Neeraj Gupta email: neeraj.gupta at sun.com o Netra Systems & Networking phone: +1(408) 276-7214 x71214 
o Sun Microsystems, Inc. fax : +1(408) 276-4552 o 4120 Network Circle, USCA12-216, Santa Clara, CA 95054, USA 
------------------------------------------------------------- 

_______________________________________________ 
Users mailing list 
Users at openser.org 
http://openser.org/cgi-bin/mailman/listinfo/users 



-- 
Thanks &Regards 
Ravi Prakash Sunkara

More information about the Users mailing list