YRadius
(Created page with " YRadius Module adds support for RADIUS in Yate to bill calls using well known RADIUS billing mechanism. The ''yradius'' module requires the ''cdrbuild'' module. ===RADIUS A...") |
Revision as of 12:52, 18 October 2012
YRadius Module adds support for RADIUS in Yate to bill calls using well known RADIUS billing mechanism.
The yradius module requires the cdrbuild module.
RADIUS Attributes
YRadius supports both Authentication (may be Authorization is the best term there) and Accounting. It doesn't support Authentification (Registration) yet.
It supports following RADIUS attributes:
User-Name User-Password NAS-IP-Address NAS-Port Vendor-Specific (only for CISCO's h323-conf-id) Session-Timeout Called-Station-Id Calling-Station-Id NAS-Identifier Acct-Status-Type Acct-Delay-Time Acct-Session-Id Acct-Session-Time
The h323-conf-id is the billing id used by YATE.
You can add as many RADIUS servers you want.
Configuration File
Configuration has 3 sections. First one is general specifying the IDs of NAS. The other 2 sections are for nas and radius. Each nas section is named with words nasN' where N is the number of nas in this configuration, like nas1, nas2, nas3 ... nasN. But don't miss any nas in the middle. (This behavior will soon change). The radius section is for radius server, it follows similar pattern and should contain radius1, radius2, radius3 ... radiusN, respectively.
Right now one server is supported for each NAS. Option to have more backup servers will be added soon. Although you can reference same radius server sections more than once in different NAS sections.
Disabling Accounting or Authentication
By default a radius section would have both authentication and accounting enabled. But this can be controlled by disabling the feature you don't want. if you only want to bill then use:
disable_auth=on
Comprehensive yradius.conf
[general] nas_id=yatenas ; identifier for this NAS nas_ip=192.168.0.2 ; ip address of this nas nas_port=5062 ; port to use for listening (can be anything) priority=55 [nas1] called_num=^1234\(.*\)$ ; number to match for authenticating/billing. radsec=radius1 ; name of section containing info about RADIUS server, defined later authfailnum=1235 ; number to route to if authfails. autherrnum=1236 ; number to route to if some other error occurs [radius1] server=192.168.0.2 ; address of RADIUS server auth_port=1812 ; auth port for radius server acct_port=1813 ; acct port for radius server secret=nassecret ; shared secret with RADIUS server ;disable_auth=on ; disable auth for this radius server ;disable_acct=on ; disable accounting for this radius server timeoutsecs = 5 ; timeout for receiving reply from server retries = 2 ; retries to send auth or acct packets
File yradius.conf
[general] ; set global parameters of the RADIUS client ; enabled: bool: Enable the RADIUS module ;enabled=true ; addr: ipaddress: IP address to bind to - must be set to enable, 0.0.0.0 is OK ;addr= ; port: integer: UDP port to bind to, must be non-zero ;port=1810 ; single_socket: bool: Share the socket for requests (not recommended) ;single_socket=false ; local_time: bool: Use local timestamps instead of GMT ;local_time=false ; short_number: bool: Prefer to use parameter "called" over "calledfull" ;short_number=false ; auth_priority: integer: Priority of the user.auth handler ;auth_priority=70 ; acct_priority: integer: Priority of the call.cdr handler ;acct_priority=70 ; print_attributes: bool: Print returned attributes on debug level ALL ;print_attributes=false ; cisco_attributes: bool: Set hardcoded attributes in Cisco format ;cisco_attributes=true ; quintum_attributes: bool: Set hardcoded attributes in Quintum format ; NOTE: The Cisco and Quintum attributes can be enabled both at the same time ; and the hardcoded attributes will be added as Cisco and Quintum attributes ; quintum_attributes=false [portabill] ; Settings related to interoperation with PortaOne's PortaBill ; enabled: bool: Enable handling of the routing parameters ;enabled=no ; parallel: bool: Make outgoing calls in parallel instead of sequence ;parallel=no ; simplify: bool: Simplify returned partial URIs by stripping parameters ;simplify=no ; maxcall: int: Maximum time to wait until call is answered in milliseconds ;maxcall= ; stoperror: string: Regular expression matching the names of the errors ; that will terminate the entire call, not just one route ;stoperror=busy ;[nas] ;There can be several sections named [nas] or [nas SOMETHING] ; rad_auth: bool: Enable authentication on this virtual NAS ;rad_auth=yes ; rad_acct: bool: Enable accounting on this virtual NAS ;rad_acct=yes ; rad_server: string: Name of the server to use, default [radius SOMETHING] ;rad_server= ; add: will add an attribute to the RADIUS request ;add:attribute-name=EXPRESSION ;add:subtype:attribute-name=EXPRESSION ; set: will set message parameters ;set:paramname=EXPRESSION ; ret: will set authentication returned attributes back into message ;ret:attribute-name=paramname ; ret-fail: will set returned attributes from auth rejection back into message ;ret-fail:attribute-name=paramname ; Any other parameter will attempt to match the right hand Regexp ;paramname=REGEXP [nas register] ; Sample SIP REGISTER authentication NAS rad_acct=false rad_server=common protocol=sip method=REGISTER add:Service-Type=15 add:Cisco-AVPair=h323-session-protocol=sipv2 [nas invite] ; Sample SIP INVITE authentication NAS rad_acct=false rad_server=common protocol=sip method=INVITE add:Service-Type=15 add:Cisco-AVPair=h323-session-protocol=sipv2 ; PortaOne specific ;add:Cisco-AVPair=h323-ivr-out=PortaBilling_Routing:SIP [nas auth] ; Sample authentication NAS ; Settings and matching rules specific to this virtual Network Access Server rad_acct=no rad_server=common ; Some RADIUS attributes you're likely to set add:Service-Type=8 [nas acct] ; Sample accounting NAS ; Settings and matching rules specific to this virtual Network Access Server rad_auth=no rad_server=common ; Some RADIUS attributes you're likely to set add:h323-disconnect-cause=${cause_q931} add:Acct-Delay-Time=0 [radius common] ; Settings specific to this RADIUS server ; server: ipaddress: IP address of the server - must be set ;server= ; secret: string: Secret token (password) used to authenticate to the server ;secret= ; auth_port: integer: UDP port used by the server for authentication ;auth_port=1812 ; acct_port: integer: UDP port used by the server for accounting ;acct_port=1813 ; timeout: integer: How much to wait for an answer from the server (milliseconds) ;timeout=2000 ; retries: integer: How many attempts to make until timing out ;retries=2 ; Some RADIUS attributes you're likely to set add:Cisco-NAS-Port=${chan} add:NAS-Identifier=Yate ;add:NAS-IP-Address=