прикручиваем freeswitch к radius

FreeSwitch, Asterisk, MVTS, Alaris, UTM5, JeraSoft

Модераторы: Emilio, admin, alex

alex
Сообщения: 38
Зарегистрирован: 18 апр 2016, 11:43

прикручиваем freeswitch к radius

Сообщение alex » 18 апр 2016, 14:40

ссылки для изучения:
mod_xml_radius
https://freeswitch.org/confluence/displ ... xml_radius

mod_rad_auth
https://freeswitch.org/confluence/displ ... d_rad_auth

но у меня по этой теме не пошло.
http://zhutov.ru/post/29/

что удалось выяснить:
обязательно включаем дебаг из консоли фрисвича
xml_radius_debug on

т.к. у меня схема собрана на локальной машине все, и радиус сервер и utm5 и freesiwtch, то можно пощупать tcpdump пакетики
tcpdump -i lo -vvvnnn port 1812

перегрузка модуля из консоли фрисвича
reload mod_xml_radius

по итогу:
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:849 mod_xml_radius: starting authentication
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:851 Event: Event-Name: REQUEST_PARAMS
Core-UUID: b5647f02-0559-11e6-b69f-f726db227647
FreeSWITCH-Hostname: ip-172-31-44-241
FreeSWITCH-Switchname: ip-172-31-44-241
FreeSWITCH-IPv4: 172.31.44.241
FreeSWITCH-IPv6: %3A%3A1
Event-Date-Local: 2016-04-18%2014%3A39%3A06
Event-Date-GMT: Mon,%2018%20Apr%202016%2011%3A39%3A06%20GMT
Event-Date-Timestamp: 1460979546026753
Event-Calling-File: sofia_reg.c
Event-Calling-Function: sofia_reg_parse_auth
Event-Calling-Line-Number: 2741
Event-Sequence: 574
action: sip_auth
sip_profile: external
sip_user_agent: eyeBeam%20release%201102u%20stamp%2052345
sip_auth_username: alexx100
sip_auth_realm: server
sip_auth_nonce: 27f1942e-055a-11e6-b6a3-f726db227647
sip_auth_uri: sip%3Aserver%3A5080
sip_contact_user: alexx
sip_contact_host: Y.Y.Y.Y
sip_to_user: alexx
sip_to_host: server
sip_to_port: 5080
sip_via_protocol: udp
sip_from_user: alexx
sip_from_host: server
sip_from_port: 5080
sip_call_id: N2E3YzE0Njk1NTRlZTAxYzBiMGJkZjQyY2I1ZDYwOTk.
sip_request_host: server
sip_request_port: 5080
sip_auth_qop: auth
sip_auth_cnonce: 60a96f0bf0602ba029363a5e21a928e4
sip_auth_nc: 00000001
sip_auth_response: 0aba79bd947062cd38e04ff62dd484bc
sip_auth_method: REGISTER
client_port: 50983
key: id
user: alexx100
domain: server
ip: X.X.X.X


2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:852
Section: directory
Tag: domain
Key_name: name
Key_value: server
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:741 mod_xml_radius: starting registration authentication
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:94 Attempting to add param 'authserver' with value '127.0.0.1:1812:secret'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:94 Attempting to add param 'radius_timeout' with value '10'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:94 Attempting to add param 'radius_retries' with value '2'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:94 Attempting to add param 'radius_deadtime' with value '0'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:94 Attempting to add param 'dictionary' with value '/usr/src/freeswitch/src/mod/xml_int/mod_xml_radius/dictionaries/dictionary'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:94 Attempting to add param 'seqfile' with value '/var/run/radius.seq'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Cisco-AVPair' value '589825' type '0'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:393 mod_xml_radius: dict vend name 'Cisco' vendorpec '9'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'ip' val: 91.106.201.242
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Cisco-AVPair' value '589825' type '0'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:393 mod_xml_radius: dict vend name 'Cisco' vendorpec '9'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'ip' val: 91.106.201.242
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Cisco-AVPair' value '589825' type '0'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:393 mod_xml_radius: dict vend name 'Cisco' vendorpec '9'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_from_user' val: alexx
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'User-Name' value '1' type '0'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_from_user' val: alexx
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Digest-Response' value '103' type '0'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_auth_response' val: 0aba79bd947062cd38e04ff62dd484bc
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Digest-Realm' value '104' type '0'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_auth_realm' val: server
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Digest-Nonce' value '105' type '0'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_auth_nonce' val: 27f1942e-055a-11e6-b6a3-f726db227647
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Digest-Username' value '115' type '0'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_auth_username' val: alexx100
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Digest-URI' value '109' type '0'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_auth_uri' val: sip:server:5080
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Digest-Method' value '108' type '0'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_auth_method' val: REGISTER
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Digest-Algorithm' value '111' type '0'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_auth_method' val: REGISTER
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Digest-Qop' value '110' type '0'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_auth_qop' val: auth
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Digest-CNonce' value '113' type '0'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_auth_cnonce' val: 60a96f0bf0602ba029363a5e21a928e4
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Digest-Nonce-Count' value '114' type '0'
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_auth_nc' val: 00000001
2016-04-18 14:39:06.026753 [ERR] mod_xml_radius.c:771 mod_xml_radius: result(RC=2)


------------
tcpdump -i lo -vvvnnn port 1812
127.0.0.1.44257 > 127.0.0.1.1812: [bad udp cksum 4aba!] RADIUS, length: 317
Access Request (1), id: 0x5f, Authenticator: a1276953de7fc20389c87f7c70aceca8
Vendor Specific Attribute (26), length: 25, Value: Vendor: Cisco (9)
Vendor Attribute: 1, Length: 17, Value: request-type=user
0x0000: 0000 0009 0113 7265 7175 6573 742d 7479
0x0010: 7065 3d75 7365 72
Vendor Specific Attribute (26), length: 32, Value: Vendor: Cisco (9)
Vendor Attribute: 1, Length: 24, Value: src-gw-ip=91.106.201.242
0x0000: 0000 0009 011a 7372 632d 6777 2d69 703d
0x0010: 3931 2e31 3036 2e32 3031 2e32 3432
Vendor Specific Attribute (26), length: 25, Value: Vendor: Cisco (9)
Vendor Attribute: 1, Length: 17, Value: src-gw-name=alexx
0x0000: 0000 0009 0113 7372 632d 6777 2d6e 616d
0x0010: 653d 616c 6578 78
Username Attribute (1), length: 7, Value: alexx
0x0000: 616c 6578 78
Unknown Attribute (103), length: 34, Value:
0x0000: 3061 6261 3739 6264 3934 3730 3632 6364
0x0010: 3338 6530 3466 6636 3264 6434 3834 6263
Unknown Attribute (104), length: 17, Value:
0x0000: 6673 322e 7465 6b6e 6f6c 6162 2e72 75
Unknown Attribute (105), length: 38, Value:
0x0000: 3237 6631 3934 3265 2d30 3535 612d 3131
0x0010: 6536 2d62 3661 332d 6637 3236 6462 3232
0x0020: 3736 3437
Unknown Attribute (115), length: 10, Value:
0x0000: 616c 6578 7831 3030
Unknown Attribute (109), length: 26, Value:
0x0000: 7369 703a 6673 322e 7465 6b6e 6f6c 6162
0x0010: 2e72 753a 3530 3830
Unknown Attribute (108), length: 10, Value:
0x0000: 5245 4749 5354 4552
Unknown Attribute (111), length: 5, Value:
0x0000: 4d44 35
Unknown Attribute (110), length: 6, Value:
0x0000: 6175 7468
Unknown Attribute (113), length: 34, Value:
0x0000: 3630 6139 3666 3062 6630 3630 3262 6130
0x0010: 3239 3336 3361 3565 3231 6139 3238 6534
Unknown Attribute (114), length: 10, Value:
0x0000: 3030 3030 3030 3031
Service Type Attribute (6), length: 6, Value: Authenticate Only
0x0000: 0000 0008
NAS Port Attribute (5), length: 6, Value: 0
0x0000: 0000 0000
NAS IP Address Attribute (4), length: 6, Value: 127.0.0.1
0x0000: 7f00 0001

----------
и utm5_radius сервер выдает следующее:
Code: [1] ID: [95]
Auth: Size 16; Data [0xa1276953de7fc20389c87f7c70aceca8]
Attr: [1] Vendor: [9] Size 17; Data [0x726571756573742d747970653d75736572]
(Cisco:Cisco-AVPair=STRING:request-type=user)
Attr: [1] Vendor: [9] Size 24; Data [0x7372632d67772d69703d39312e3130362e3230312e323432]
(Cisco:Cisco-AVPair=STRING:src-gw-ip=91.106.201.242)
Attr: [1] Vendor: [9] Size 17; Data [0x7372632d67772d6e616d653d616c657878]
(Cisco:Cisco-AVPair=STRING:src-gw-name=alexx)
Attr: [1] Vendor: [0] Size 5; Data [0x616c657878]
(User-Name=STRING:alexx)
Attr: [103] Vendor: [0] Size 32; Data [0x3061626137396264393437303632636433386530346666363264643438346263]
Attr: [104] Vendor: [0] Size 15; Data [0x6673322e74656b6e6f6c61622e7275]
Attr: [105] Vendor: [0] Size 36; Data [0x32376631393432652d303535612d313165362d623661332d663732366462323237363437]
Attr: [115] Vendor: [0] Size 8; Data [0x616c657878313030]
Attr: [109] Vendor: [0] Size 24; Data [0x7369703a6673322e74656b6e6f6c61622e72753a35303830]
Attr: [108] Vendor: [0] Size 8; Data [0x5245474953544552]
Attr: [111] Vendor: [0] Size 3; Data [0x4d4435]
Attr: [110] Vendor: [0] Size 4; Data [0x61757468]
Attr: [113] Vendor: [0] Size 32; Data [0x3630613936663062663036303262613032393336336135653231613932386534]
Attr: [114] Vendor: [0] Size 8; Data [0x3030303030303031]
Attr: [6] Vendor: [0] Size 4; Data [0x00000008]
(Service-Type=INT:8)
Attr: [5] Vendor: [0] Size 4; Data [0x00000000]
(NAS-Port=INT:0)
Attr: [4] Vendor: [0] Size 4; Data [0x7f000001]
(NAS-IP-Address=IP:127.0.0.1)

Apr 18 14:39:06 ?Debug : f7515b70 AuthQueue: Login 'alexx'
Apr 18 14:39:06 ?Debug : f7515b70 AuthQueue: Request authentication method is not supported
Apr 18 14:39:06 ?Debug : f7515b70 AcctQueue: lookup: session ID 27 closed
Apr 18 14:39:06 ?Debug : f7515b70 SessionManager: put: sessiond ID 27 from NAS 1 is closed
Apr 18 14:39:06 ?Debug : f7515b70 AuthQueue: Reply
--- RADIUS Pkt ---

мысль пока одна, фриисвич неверно формирует атрибуты

alex
Сообщения: 38
Зарегистрирован: 18 апр 2016, 11:43

Re: прикручиваем freeswitch к radius

Сообщение alex » 18 апр 2016, 14:44

заметка, при подгрузки модуля mod_xml_radius локальные клиенты проходят аутентификацию через радиус

alex
Сообщения: 38
Зарегистрирован: 18 апр 2016, 11:43

Re: прикручиваем freeswitch к radius

Сообщение alex » 18 апр 2016, 15:02

1-ая проблема была в том, что словарь dictionary.rfc5090 не распозновался UTM5, когда подсунул dictionary.sip - ситуация немного изменилась.


2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:852
Section: directory
Tag: domain
Key_name: name
Key_value: server
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:741 mod_xml_radius: starting registration authentication
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:94 Attempting to add param 'authserver' with value '127.0.0.1:1812:secret'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:94 Attempting to add param 'radius_timeout' with value '10'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:94 Attempting to add param 'radius_retries' with value '2'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:94 Attempting to add param 'radius_deadtime' with value '0'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:94 Attempting to add param 'dictionary' with value '/usr/src/freeswitch/src/mod/xml_int/mod_xml_radius/dictionaries/dictionary'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:94 Attempting to add param 'seqfile' with value '/var/run/radius.seq'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Cisco-AVPair' value '589825' type '0'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:393 mod_xml_radius: dict vend name 'Cisco' vendorpec '9'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'ip' val: server
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Cisco-AVPair' value '589825' type '0'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:393 mod_xml_radius: dict vend name 'Cisco' vendorpec '9'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'ip' val: server
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Cisco-AVPair' value '589825' type '0'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:393 mod_xml_radius: dict vend name 'Cisco' vendorpec '9'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_from_user' val: alexx
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'User-Name' value '1' type '0'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_from_user' val: alexx
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Digest-Response' value '206' type '0'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_auth_response' val: 10d71ed4db8ee9b3464604716c70e363
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Digest-Realm' value '1063' type '0'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_auth_realm' val: server
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Digest-Nonce' value '1064' type '0'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_auth_nonce' val: 7f63fdee-055c-11e6-b6a8-f726db227647
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Digest-UserName' value '1072' type '0'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_auth_username' val: alexx100
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Digest-URI' value '1066' type '0'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_auth_uri' val: sip:server:5080
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Digest-Method' value '1065' type '0'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_auth_method' val: REGISTER
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Digest-Algorithm' value '1068' type '0'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_auth_method' val: REGISTER
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Digest-QOP' value '1067' type '0'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_auth_qop' val: auth
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Digest-CNonce' value '1070' type '0'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_auth_cnonce' val: 23d8f2664a69a2b3acd4e2fdd81dfc01
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:377 mod_xml_radius: dict attr 'Digest-Nonce-Count' value '1071' type '0'
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:566 mod_xml_radius: param var 'sip_auth_nc' val: 00000001
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:771 mod_xml_radius: result(RC=2)
2016-04-18 14:55:51.726754 [ERR] mod_xml_radius.c:775 mod_xml_radius: Failed to authenticate

alex
Сообщения: 38
Зарегистрирован: 18 апр 2016, 11:43

Re: прикручиваем freeswitch к radius

Сообщение alex » 18 апр 2016, 15:53

и еще трала есть, сервер валится (freeswitch) если подключили модуль радиуса но он не отрабатывает, при ввроде команды
list_user


Вернуться в «VoIP»

Кто сейчас на конференции

Сейчас этот форум просматривают: нет зарегистрированных пользователей и 3 гостя