Toolpack:Configuring RADIUS authorization B
From TBwiki
(Difference between revisions)
m |
|||
(4 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
− | |||
{{DISPLAYTITLE:Configuring RADIUS Authorization }} | {{DISPLAYTITLE:Configuring RADIUS Authorization }} | ||
+ | {| class="wikitable" | ||
+ | |- | ||
+ | |rowspan="3"|This article applies to: | ||
+ | |'''Product''' | ||
+ | |'''Version''' | ||
+ | |- | ||
+ | |Tmedia | ||
+ | |2.8, 2.9, 2.10, 3.0, 3.2 | ||
+ | |- | ||
+ | |SBC | ||
+ | |3.0, 3.1 | ||
+ | |} | ||
This article describes how to configure RADIUS authentication and authorization. | This article describes how to configure RADIUS authentication and authorization. |
Latest revision as of 14:14, 10 December 2020
This article applies to: | Product | Version |
Tmedia | 2.8, 2.9, 2.10, 3.0, 3.2 | |
SBC | 3.0, 3.1 |
This article describes how to configure RADIUS authentication and authorization.
1- Click Routing script in the navigation panel.
2- Edit your main script
3- Do the following operations in your script:
- At the top of the page
require 'radius_authorization'
- Following your main class definition
include RadiusAuthorization
- Add before filter in your main class
before_filter :method => :radius_authorization
- Optional: add the fill_authorization_attributes method
def fill_authorization_attributes(params, auth) auth[:"User-Name"] = "bob" ... end
- Optional: add the requires_radius_authorization? method to reduce the scope of the authorization:
def requires_radius_authorization?(params) case params[:call][:called] when /^123/ true ... else false end end
- Optional: add methods to handle the possible results of authorization: on_radius_authorization_accept, on_radius_authorization_challenge, on_radius_authorization_reject and on_radius_authorization_timeout:
def on_radius_authorization_accept(params, auth) log_trace :always, "Access-Accept: #{auth.inspect}" end def on_radius_authorization_challenge(params, auth) log_trace :always, "Access-Challenge: #{auth.inspect}" raise RoutingException, :call_rejected end def on_radius_authorization_reject(params, auth) log_trace :always, "Access-Reject: #{auth.inspect}" raise RoutingException, :call_rejected end def on_radius_authorization_timeout(params, auth) log_trace :always, "Authorization Timeout" raise RoutingException, :call_rejected end
4- Click 'Save'
Example
The following script configures RADIUS authorization with the default attributes (User-Name, Calling-Station-Id and Called-Station-Id):
require 'base_routing' require 'radius_authorization' # <- Add this line here class MyScript < BaseRouting include RadiusAuthorization # <- Add this line here before_filter :method => :radius_authorization # <- Add this line here route_match :call_field_name => :called route_match :call_field_name => :calling route_match :call_field_name => :nap route_remap :call_field_name => :called, :route_field_name => :remapped_called route_remap :call_field_name => :calling, :route_field_name => :remapped_calling route_remap :call_field_name => :nap, :route_field_name => :remapped_nap end @@routing = MyScript.new def init_routes( routes ) @@routing.init routes end def route( call, nap_list ) @@routing.route call, nap_list end
Advanced example
The following script configures RADIUS authorization with user-defined attributes, and prints attributes found in the Access-Accept message if it is received:
require 'base_routing' require 'radius_authorization' # <- Add this line here class MyScript < BaseRouting include RadiusAuthorization # <- Add this line here before_filter :method => :radius_authorization # <- Add this line here def fill_authorization_attributes(params, auth) # <- Add this line here call = params[:call] # <- Add this line here auth[:"User-Name"] = "bob" # <- Add this line here auth[:"User-Password"] = "hello" # <- Add this line here auth[:"Calling-Station-Id"] = call[:calling] # <- Add this line here auth[:"Called-Station-Id"] = call[:called] # <- Add this line here end # <- Add this line here def on_radius_authorization_accept(params, auth) # <- Add this line here log_trace :always, "Access-Accept: #{auth.inspect}" # <- Add this line here end # <- Add this line here route_match :call_field_name => :called route_match :call_field_name => :calling route_match :call_field_name => :nap route_remap :call_field_name => :called, :route_field_name => :remapped_called route_remap :call_field_name => :calling, :route_field_name => :remapped_calling route_remap :call_field_name => :nap, :route_field_name => :remapped_nap end @@routing = MyScript.new def init_routes( routes ) @@routing.init routes end def route( call, nap_list ) @@routing.route call, nap_list end