Configuring RADIUS Authorization

This article describes how to configure RADIUS authentication and authorization.

1- Click Routing script in the navigation panel.

2- Edit your main script

3- Do the following operations in your script:

At the top of the page

require 'radius_authorization'

Following your main class definition

include RadiusAuthorization

Add before filter in your main class

before_filter :method => :radius_authorization

Optional: add the fill_authorization_attributes method

def fill_authorization_attributes(params, auth)
  auth[:"User-Name"] = "bob"
  ...
end

Optional: add the requires_radius_authorization? method to reduce the scope of the authorization:

def requires_radius_authorization?(params)
  case params[:call][:called]
    when /^123/
      true
    ...
    else
      false
  end
end

Optional: add methods to handle the possible results of authorization: on_radius_authorization_accept, on_radius_authorization_challenge, on_radius_authorization_reject and on_radius_authorization_timeout:

def on_radius_authorization_accept(params, auth)
  log_trace :always, "Access-Accept: #{auth.inspect}"
end

def on_radius_authorization_challenge(params, auth)
  log_trace :always, "Access-Challenge: #{auth.inspect}"
  raise RoutingException, :call_rejected
end

def on_radius_authorization_reject(params, auth)
  log_trace :always, "Access-Reject: #{auth.inspect}"
  raise RoutingException, :call_rejected
end

def on_radius_authorization_timeout(params, auth)
  log_trace :always, "Authorization Timeout"
  raise RoutingException, :call_rejected
end

4- Click 'Save'

Example

The following script configures RADIUS authorization with the default attributes (User-Name, Calling-Station-Id and Called-Station-Id):

require 'base_routing'
require 'radius_authorization'                                                    # <- Add this line here

class MyScript < BaseRouting
  include RadiusAuthorization                                                     # <- Add this line here
  
  before_filter :method => :radius_authorization                                  # <- Add this line here

  route_match :call_field_name => :called
  route_match :call_field_name => :calling
  route_match :call_field_name => :nap
  route_remap :call_field_name => :called, :route_field_name => :remapped_called
  route_remap :call_field_name => :calling, :route_field_name => :remapped_calling
  route_remap :call_field_name => :nap, :route_field_name => :remapped_nap
end

@@routing = MyScript.new

def init_routes( routes )
  @@routing.init routes
end

def route( call, nap_list )
  @@routing.route call, nap_list
end

Advanced example

The following script configures RADIUS authorization with user-defined attributes, and prints attributes found in the Access-Accept message if it is received:

require 'base_routing'
require 'radius_authorization'                                                    # <- Add this line here

class MyScript < BaseRouting
  include RadiusAuthorization                                                     # <- Add this line here
  
  before_filter :method => :radius_authorization                                  # <- Add this line here

  def fill_authorization_attributes(params, auth)                                 # <- Add this line here
    call = params[:call]                                                          # <- Add this line here
    auth[:"User-Name"] = "bob"                                                    # <- Add this line here
    auth[:"User-Password"] = "hello"                                              # <- Add this line here
    auth[:"Calling-Station-Id"] = call[:calling]                                  # <- Add this line here
    auth[:"Called-Station-Id"] = call[:called]                                    # <- Add this line here
  end                                                                             # <- Add this line here

  def on_radius_authorization_accept(params, auth)                                # <- Add this line here
    log_trace :always, "Access-Accept: #{auth.inspect}"                           # <- Add this line here
  end                                                                             # <- Add this line here

  route_match :call_field_name => :called
  route_match :call_field_name => :calling
  route_match :call_field_name => :nap
  route_remap :call_field_name => :called, :route_field_name => :remapped_called
  route_remap :call_field_name => :calling, :route_field_name => :remapped_calling
  route_remap :call_field_name => :nap, :route_field_name => :remapped_nap
end

@@routing = MyScript.new

def init_routes( routes )
  @@routing.init routes
end

def route( call, nap_list )
  @@routing.route call, nap_list
end

PreviousUpdate the Routeset Definition Files NextImporting a RADIUS Custom Dictionary

Last updated 13 days ago

Was this helpful?

def on_radius_authorization_accept(params, auth) log_trace :always, "Access-Accept: #{auth.inspect}" end def on_radius_authorization_challenge(params, auth) log_trace :always, "Access-Challenge: #{auth.inspect}" raise RoutingException, :call_rejected end def on_radius_authorization_reject(params, auth) log_trace :always, "Access-Reject: #{auth.inspect}" raise RoutingException, :call_rejected end def on_radius_authorization_timeout(params, auth) log_trace :always, "Authorization Timeout" raise RoutingException, :call_rejected end

require 'base_routing' require 'radius_authorization' # <- Add this line here class MyScript < BaseRouting include RadiusAuthorization # <- Add this line here before_filter :method => :radius_authorization # <- Add this line here route_match :call_field_name => :called route_match :call_field_name => :calling route_match :call_field_name => :nap route_remap :call_field_name => :called, :route_field_name => :remapped_called route_remap :call_field_name => :calling, :route_field_name => :remapped_calling route_remap :call_field_name => :nap, :route_field_name => :remapped_nap end @@routing = MyScript.new def init_routes( routes ) @@routing.init routes end def route( call, nap_list ) @@routing.route call, nap_list end

require 'base_routing' require 'radius_authorization' # <- Add this line here class MyScript < BaseRouting include RadiusAuthorization # <- Add this line here before_filter :method => :radius_authorization # <- Add this line here def fill_authorization_attributes(params, auth) # <- Add this line here call = params[:call] # <- Add this line here auth[:"User-Name"] = "bob" # <- Add this line here auth[:"User-Password"] = "hello" # <- Add this line here auth[:"Calling-Station-Id"] = call[:calling] # <- Add this line here auth[:"Called-Station-Id"] = call[:called] # <- Add this line here end # <- Add this line here def on_radius_authorization_accept(params, auth) # <- Add this line here log_trace :always, "Access-Accept: #{auth.inspect}" # <- Add this line here end # <- Add this line here route_match :call_field_name => :called route_match :call_field_name => :calling route_match :call_field_name => :nap route_remap :call_field_name => :called, :route_field_name => :remapped_called route_remap :call_field_name => :calling, :route_field_name => :remapped_calling route_remap :call_field_name => :nap, :route_field_name => :remapped_nap end @@routing = MyScript.new def init_routes( routes ) @@routing.init routes end def route( call, nap_list ) @@routing.route call, nap_list end