Toolpack:Configuring RADIUS authorization A
From TBwiki
(Difference between revisions)
(→Example) |
(Improved examples) |
||
| Line 25: | Line 25: | ||
... | ... | ||
end | end | ||
| − | *'''Optional: add the ''on_radius_authorization_accept'' | + | *'''Optional: add methods to handle the possible results of authorization: ''on_radius_authorization_accept'', ''on_radius_authorization_challenge'', ''on_radius_authorization_reject'' and ''on_radius_authorization_timeout'':''' |
def on_radius_authorization_accept(params, auth) | def on_radius_authorization_accept(params, auth) | ||
log_trace :always, "Access-Accept: #{auth.inspect}" | log_trace :always, "Access-Accept: #{auth.inspect}" | ||
| + | end | ||
| + | |||
| + | def on_radius_authorization_challenge(params, auth) | ||
| + | log_trace :always, "Access-Challenge: #{auth.inspect}" | ||
| + | raise RoutingException, :no_route | ||
| + | end | ||
| + | |||
| + | def on_radius_authorization_reject(params, auth) | ||
| + | log_trace :always, "Access-Reject: #{auth.inspect}" | ||
| + | raise RoutingException, :no_route | ||
| + | end | ||
| + | |||
| + | def on_radius_authorization_timeout(params, auth) | ||
| + | log_trace :always, "Authorization Timeout" | ||
| + | raise RoutingException, :no_route | ||
end | end | ||
4- Click 'Save' | 4- Click 'Save' | ||
| − | == Example | + | == Example == |
| + | The following script configures RADIUS authorization with the default attributes (''User-Name'', ''Calling-Station-Id'' and ''Called-Station-Id''): | ||
<pre> | <pre> | ||
require 'base_routing' | require 'base_routing' | ||
| Line 41: | Line 57: | ||
before_filter :method => :radius_authorization # <- Add this line here | before_filter :method => :radius_authorization # <- Add this line here | ||
| + | |||
| + | route_match :call_field_name => :called | ||
| + | route_match :call_field_name => :calling | ||
| + | route_match :call_field_name => :nap | ||
| + | route_remap :call_field_name => :called, :route_field_name => :remapped_called | ||
| + | route_remap :call_field_name => :calling, :route_field_name => :remapped_calling | ||
| + | route_remap :call_field_name => :nap, :route_field_name => :remapped_nap | ||
| + | end | ||
| + | |||
| + | @@routing = my_script.new | ||
| + | |||
| + | def init_routes( routes ) | ||
| + | @@routing.init routes | ||
| + | end | ||
| + | |||
| + | def route( call, nap_list ) | ||
| + | @@routing.route call, nap_list | ||
| + | end | ||
| + | </pre> | ||
| + | |||
| + | == Advanced example == | ||
| + | The following script configures RADIUS authorization with user-defined attributes, and prints attributes found in the Access-Accept message if it is received: | ||
| + | <pre> | ||
| + | require 'base_routing' | ||
| + | require 'radius_authorization' # <- Add this line here | ||
| + | |||
| + | class my_script < BaseRouting | ||
| + | include RadiusAuthorization # <- Add this line here | ||
| + | |||
| + | before_filter :method => :radius_authorization # <- Add this line here | ||
| + | |||
| + | def fill_authorization_attributes(params, auth) # <- Add this line here | ||
| + | call = params[:call] # <- Add this line here | ||
| + | auth[:"User-Name"] = "bob" # <- Add this line here | ||
| + | auth[:"User-Password"] = "hello" # <- Add this line here | ||
| + | auth[:"Calling-Station-Id"] = call[:calling] # <- Add this line here | ||
| + | auth[:"Called-Station-Id"] = call[:called] # <- Add this line here | ||
| + | end # <- Add this line here | ||
| + | |||
| + | def on_radius_authorization_accept(params, auth) # <- Add this line here | ||
| + | log_trace :always, "Access-Accept: #{auth.inspect}" # <- Add this line here | ||
| + | end # <- Add this line here | ||
route_match :call_field_name => :called | route_match :call_field_name => :called | ||
Revision as of 10:57, 21 January 2013
Applies to version(s): v2.7.
This page describes how to configure RADIUS authentication and authorization with Toolpack.
1- Select Gateway -> Routing script from the navigation panel.
2- Edit your main script
3- Do the following operations in your script:
- At the top of the page
require 'radius_authorization'
- Following your main class definition
include RadiusAuthorization
- Add before filter in your main class
before_filter :method => :radius_authorization
- Optional: add the fill_authorization_attributes method
def fill_authorization_attributes(params, auth) auth[:"User-Name"] = "bob" ... end
- Optional: add methods to handle the possible results of authorization: on_radius_authorization_accept, on_radius_authorization_challenge, on_radius_authorization_reject and on_radius_authorization_timeout:
def on_radius_authorization_accept(params, auth)
log_trace :always, "Access-Accept: #{auth.inspect}"
end
def on_radius_authorization_challenge(params, auth)
log_trace :always, "Access-Challenge: #{auth.inspect}"
raise RoutingException, :no_route
end
def on_radius_authorization_reject(params, auth)
log_trace :always, "Access-Reject: #{auth.inspect}"
raise RoutingException, :no_route
end
def on_radius_authorization_timeout(params, auth)
log_trace :always, "Authorization Timeout"
raise RoutingException, :no_route
end
4- Click 'Save'
Example
The following script configures RADIUS authorization with the default attributes (User-Name, Calling-Station-Id and Called-Station-Id):
require 'base_routing' require 'radius_authorization' # <- Add this line here class my_script < BaseRouting include RadiusAuthorization # <- Add this line here before_filter :method => :radius_authorization # <- Add this line here route_match :call_field_name => :called route_match :call_field_name => :calling route_match :call_field_name => :nap route_remap :call_field_name => :called, :route_field_name => :remapped_called route_remap :call_field_name => :calling, :route_field_name => :remapped_calling route_remap :call_field_name => :nap, :route_field_name => :remapped_nap end @@routing = my_script.new def init_routes( routes ) @@routing.init routes end def route( call, nap_list ) @@routing.route call, nap_list end
Advanced example
The following script configures RADIUS authorization with user-defined attributes, and prints attributes found in the Access-Accept message if it is received:
require 'base_routing'
require 'radius_authorization' # <- Add this line here
class my_script < BaseRouting
include RadiusAuthorization # <- Add this line here
before_filter :method => :radius_authorization # <- Add this line here
def fill_authorization_attributes(params, auth) # <- Add this line here
call = params[:call] # <- Add this line here
auth[:"User-Name"] = "bob" # <- Add this line here
auth[:"User-Password"] = "hello" # <- Add this line here
auth[:"Calling-Station-Id"] = call[:calling] # <- Add this line here
auth[:"Called-Station-Id"] = call[:called] # <- Add this line here
end # <- Add this line here
def on_radius_authorization_accept(params, auth) # <- Add this line here
log_trace :always, "Access-Accept: #{auth.inspect}" # <- Add this line here
end # <- Add this line here
route_match :call_field_name => :called
route_match :call_field_name => :calling
route_match :call_field_name => :nap
route_remap :call_field_name => :called, :route_field_name => :remapped_called
route_remap :call_field_name => :calling, :route_field_name => :remapped_calling
route_remap :call_field_name => :nap, :route_field_name => :remapped_nap
end
@@routing = my_script.new
def init_routes( routes )
@@routing.init routes
end
def route( call, nap_list )
@@routing.route call, nap_list
end
