Re: Call controll: PrefixAuth and Q931 Setup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Julius,

Thanks for your excellent guide! Although I don't use radius myself (yet),
since LDAP is the my favoured mechanism, I find your comments and associated
links very useful.

Franz.

----- Original Message ----- 
From: "Julius Stavaris" <TJST@bite.lt>
To: <openh323gk-users@lists.sourceforge.net>
Sent: Tuesday, October 07, 2003 15:15
Subject: RE:  Call controll: PrefixAuth and Q931 Setup


Hi,

  Well lets presume you're using FreeRadius with MySQL backend (my personal
favorites :). Then:

1. Do the FreeRadius/MySQL instalations. Good place to take a look would be
:
   http://www.frontios.com/freeradius.html

2. Setup gnugk to authenticate ARQ's using AliasAuth method using FreeRadius
server.

3. In database "radius" create table :
CREATE TABLE radcheck (
  id int(11) unsigned NOT NULL auto_increment,
  UserName varchar(64) NOT NULL default '',
  Attribute varchar(32)  NOT NULL default '',
  op char(2) NOT NULL DEFAULT '==',
  Value varchar(253) NOT NULL default '',
  IP varchar(15) NOT NULL default '0.0.0.0',
  REG varchar(30) NOT NULL default '^$',
  PRIMARY KEY  (id),
  KEY UserName (UserName(32))
) ;

4. modify sql.conf :
authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM
${authcheck_table} WHERE Username = '%{SQL-User-Name}' AND IP =
'%{Framed-IP-Address}' AND '%{Called-Station-Id}' REGEXP REG ORDER BY id
LIMIT 1"

  Call from gw with h323-id "UserName" will be permited only if it comes
from defined IP address, and "Called-Station-Id" matches regular expression
stored in "REG" field.

  Sample table might look like:
+----+----------+-----------+----+-------+---------------+------------+
| id | UserName | Attribute | op | Value | IP            | REG        |
+----+----------+-----------+----+-------+---------------+------------+
|  1 | gwm      | Password  | == | gwm   | 192.168.3.1   | ^.*$       |
|  2 | gw1      | Password  | == | gk1   | 192.168.1.1   | ^0.......$ |
+----+----------+-----------+----+-------+---------------+------------+

 So gwm is allowed to call anywhere, gw1 is allowed to call only numbers in
format  "0 + seven more digits".

  You should take extra care to make sure that only originating calls get
authenticated by this module, not answering ones.
  Authentication using regular expressions might not scale very well since
sql queries using regular expressions might be a bit slow.

Julius


-----Original Message-----
From: Oleg Ustinov [mailto:Oleg.Ustinov@nectis.com]
Sent: Sunday, October 05, 2003 1:34 AM
To: openh323gk-users@lists.sourceforge.net
Subject: RE:  Call controll: PrefixAuth and Q931 Setup


Hello Michal,
can you explain which parameter have to configure in Radius to allow or deny
destinations and what is example string, please!

best regards,
Oleg

-----Original Message-----
From: openh323gk-users-admin@lists.sourceforge.net
[mailto:openh323gk-users-admin@lists.sourceforge.net]On Behalf Of
Zygmuntowicz Michal
Sent: Thursday, October 02, 2003 4:14 AM
To: openh323gk-users@lists.sourceforge.net
Subject: Re:  Call controll: PrefixAuth and Q931 Setup


As always, Radius comes to my mind;-)
Just send Access-Reject for some destinations
(actually, it is better to send Access-Accept for known destinations
from your prefix table and Access-Reject for all other).

----- Original Message -----
From: "Oleg Ustinov" <Oleg.Ustinov@nectis.com>
Sent: Thursday, October 02, 2003 1:58 AM


> As was before PrefixAuth planned for ARQ and LRQ,
> Is there changes with new 2.0.6 version?
> I need just call controll for endpoints (allow or deny call some
> destinations for a customers)
> Or there is other controll mechanisms?



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
List: Openh323gk-users@lists.sourceforge.net
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
List: Openh323gk-users@lists.sourceforge.net
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
List: Openh323gk-users@lists.sourceforge.net
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id.49
Homepage: http://www.gnugk.org/



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
List: Openh323gk-users@lists.sourceforge.net
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/

[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux