Julius, Thanks for your excellent guide! Although I don't use radius myself (yet), since LDAP is the my favoured mechanism, I find your comments and associated links very useful. Franz. ----- Original Message ----- From: "Julius Stavaris" <TJST@bite.lt> To: <openh323gk-users@lists.sourceforge.net> Sent: Tuesday, October 07, 2003 15:15 Subject: RE: Call controll: PrefixAuth and Q931 Setup Hi, Well lets presume you're using FreeRadius with MySQL backend (my personal favorites :). Then: 1. Do the FreeRadius/MySQL instalations. Good place to take a look would be : http://www.frontios.com/freeradius.html 2. Setup gnugk to authenticate ARQ's using AliasAuth method using FreeRadius server. 3. In database "radius" create table : CREATE TABLE radcheck ( id int(11) unsigned NOT NULL auto_increment, UserName varchar(64) NOT NULL default '', Attribute varchar(32) NOT NULL default '', op char(2) NOT NULL DEFAULT '==', Value varchar(253) NOT NULL default '', IP varchar(15) NOT NULL default '0.0.0.0', REG varchar(30) NOT NULL default '^$', PRIMARY KEY (id), KEY UserName (UserName(32)) ) ; 4. modify sql.conf : authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM ${authcheck_table} WHERE Username = '%{SQL-User-Name}' AND IP = '%{Framed-IP-Address}' AND '%{Called-Station-Id}' REGEXP REG ORDER BY id LIMIT 1" Call from gw with h323-id "UserName" will be permited only if it comes from defined IP address, and "Called-Station-Id" matches regular expression stored in "REG" field. Sample table might look like: +----+----------+-----------+----+-------+---------------+------------+ | id | UserName | Attribute | op | Value | IP | REG | +----+----------+-----------+----+-------+---------------+------------+ | 1 | gwm | Password | == | gwm | 192.168.3.1 | ^.*$ | | 2 | gw1 | Password | == | gk1 | 192.168.1.1 | ^0.......$ | +----+----------+-----------+----+-------+---------------+------------+ So gwm is allowed to call anywhere, gw1 is allowed to call only numbers in format "0 + seven more digits". You should take extra care to make sure that only originating calls get authenticated by this module, not answering ones. Authentication using regular expressions might not scale very well since sql queries using regular expressions might be a bit slow. Julius -----Original Message----- From: Oleg Ustinov [mailto:Oleg.Ustinov@nectis.com] Sent: Sunday, October 05, 2003 1:34 AM To: openh323gk-users@lists.sourceforge.net Subject: RE: Call controll: PrefixAuth and Q931 Setup Hello Michal, can you explain which parameter have to configure in Radius to allow or deny destinations and what is example string, please! best regards, Oleg -----Original Message----- From: openh323gk-users-admin@lists.sourceforge.net [mailto:openh323gk-users-admin@lists.sourceforge.net]On Behalf Of Zygmuntowicz Michal Sent: Thursday, October 02, 2003 4:14 AM To: openh323gk-users@lists.sourceforge.net Subject: Re: Call controll: PrefixAuth and Q931 Setup As always, Radius comes to my mind;-) Just send Access-Reject for some destinations (actually, it is better to send Access-Accept for known destinations from your prefix table and Access-Reject for all other). ----- Original Message ----- From: "Oleg Ustinov" <Oleg.Ustinov@nectis.com> Sent: Thursday, October 02, 2003 1:58 AM > As was before PrefixAuth planned for ARQ and LRQ, > Is there changes with new 2.0.6 version? > I need just call controll for endpoints (allow or deny call some > destinations for a customers) > Or there is other controll mechanisms? ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ List: Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ List: Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ List: Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_id.49 Homepage: http://www.gnugk.org/ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ List: Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
