[OpenSIPS-Users] radius_send_auth returns Vendor Specific Attributes

Bogdan-Andrei Iancu bogdan at opensips.org
Thu Apr 3 17:53:11 CEST 2014


John,

We could do that (pushing back to OpenSIPS all values for that RADIUS 
AVP), but it may be dangerous if you use on the OpenSIPS side a variable 
that does not support multiple values - actually the AVPs are the only 
one doing that.

Imagine the RADIUS reply returns multiple instances on an RADIUS AVP. 
And you use a $var() variable to get the value - each value will be 
pushed to that $var(), but as it can hold only one value, it will keep 
being overwritten -> only last value will be actually available.
If this behavior is not a problem, we can fix the code and iterate 
through the entire list of RADIUS AVP and get all instances.

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 02.04.2014 10:20, John Quick wrote:
> Bogdan,
>
> I was hoping to get all the values returned in 1 avp, the avp defined for
> Cisco-AVPairs in set2. This takes advantage of the ability of OpenSIPS avps
> to hold multiple indexed values and also means minimal changes to the
> documentation of the aaa_radius module. If you add a numeric index in the
> set definition, you must know which position the required attribute is in
> and it is even possible the server may return them in a different order.
> Also, if you want to retrieve 10 values this makes the set2 definition very
> big and clumsy. Adding an index in the set definition would only be a good
> solution if the index was a string identifying the Attribute name within
> Cisco-AVPairs.
>
> I would be very happy to test if you can show me what changes need to be
> made in the sources. I would have tried it already, but wasn't sure how to
> add multiple values to the avp.
>
> John
>
> -----Original Message-----
> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
> Sent: 01 April 2014 22:49
> To: john.quick at smartvox.co.uk
> Cc: 'OpenSIPS users mailling list'
> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor Specific
> Attributes
>
> John,
>
> I understand the issue and agree over the need of a solution. Two possible
> approaches:
>       - return all the values for that radius AVP
>       - include an index in the set definition - to say which instance of the
> radius AVP you are looking for
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
>
> On 01.04.2014 21:29, John Quick wrote:
>> Hi Bogdan,
>>
>> Yes absolutely certain. I used Wireshark to check.
>>
>> I did make a little progress with this problem after finding some info
>> on the Internet.
>> The name that has to be used in set2 is "Cisco-AVPair". This allows me
>> to retrieve just one VSA value.
>> The *real* problem is that you cannot retrieve values 2, 3, 4, etc.
>> This is because multiple instances are returned using the same VSA.
>> They are all returned by the server in the attribute called
>> h323-ivr-in. I even found the code in the sources that retrieves them.
>> It loops through every instance in
>> set2 and looks for 1 matching value. So even if you add "Cisco-AVPair"
>> several times into set2 all you get is the first matching value many
> times.
>> John
>>
>> -----Original Message-----
>> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
>> Sent: 01 April 2014 19:15
>> To: john.quick at smartvox.co.uk; OpenSIPS users mailling list
>> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor Specific
>> Attributes
>>
>> Hi John,
>>
>> It may be a stupid question, but are you sure the AVP does exist in
>> the RADIUS reply ?
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>> OpenSIPS Founder and Developer
>> http://www.opensips-solutions.com
>>
>> On 28.03.2014 13:23, John Quick wrote:
>>> Hi,
>>>
>>> With help from this forum, I have just got radius_send_auth working.
>>> I needed some extra dictionaries including dictionary.cisco In that
>>> dictionary, there are vendor specific attributes like this:
>>> ATTRIBUTE       h323-ivr-in                     100     string
>>> Cisco
>>> ATTRIBUTE       h323-credit-amount              101     string
>>> Cisco
>>>
>>> My Radius server returns some data using these VSA's. In particular,
>>> it returns many values using the same VSA - h323-ivr-in
>>>
>>> I am having trouble recovering the returned values using set2 of
>>> radius_send_auth Can anyone advise me how I should define set2 to get
>>> at these returned values? I have tried the following with no success:
>>>
>>> modparam("aaa_radius", "sets", "set2 =
>>> (h323-return-code=$avp(retcode),
>>> h323-ivr-in=$avp(authretvals))")
>>>
>>> After the function is called, there are no values in
>>> $avp(authretvals)
>>>
>>> Thanks.
>>>
>>> John Quick
>>> Smartvox Limited
>>> Web: www.smartvox.co.uk
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>
>
>




More information about the Users mailing list