Configuring for multiple vendors

classic Classic list List threaded Threaded
5 messages Options
| Threaded
Open this post in threaded view
|

Configuring for multiple vendors

Mike Chamberlain-2
Hi everyone.

I am trying to set up my FreeRadius server for use with multiple
vendors simultaneously, namely Cisco and Quintum.  Currently we have
everything working fine with Quintum boxes and are trying to add
support for Cisco.

We are using FreeRadius to call a SQL Server back end.  Here is the
stored procedure config for the group reply query in our mssql.conf
file:

authorize_group_reply_query = "EXEC ${groupreply_sp}
'%{SQL-User-Name}', '%{Calling-Station-Id}', '%{Called-Station-Id}',
'%{Quintum-h323-conf-id}', '%{Quintum-AVPair}',
'%{Quintum-h323-gw-id}', '%{NAS-IP-Address}',
'%{Quintum-h323-call-origin}'

You can see the problem we are going having - if we introduce a Cisco
box then none of the vendor specific attributes are matched by the
radius server and so we just get a load of blanks passed in to the
stored procedure for these attributes.

We have tried various things such as including the Cisco dictionary.
However, Cisco attributes by default are in the format h323-xxxxx
rather than Quintum-h323-xxxxx so they again don't match the SQL
procedure config.  If we try changing the Quintum dictionary so its
parameters are names similarly to Cisco's, then the radius won't even
start, complaining that duplicate attribute names are defined (as
indeed they are).

Surely it must be possible to run free radius with equipment from
multiple vendors... can anyone help?

Mike

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

RE: Configuring for multiple vendors

Mitchell, Michael J
Well, if you have different vendor attributes for the same thing then
you should be able to do for example:

%{Quintum-h323-call-origin:-%{Cisco-h323-call-origin}}

That will use Quintum-h323-call-origin if it exists, otherwise
Cisco-h323-call-origin

See variables.txt in the doc directory for more details...

Cheers,
Mike
 

>-----Original Message-----
>From: [hidden email]
>[mailto:[hidden email]] On Behalf
>Of Mike Chamberlain
>Sent: Tuesday, 24 May 2005 5:08 PM
>To: [hidden email]
>Subject: Configuring for multiple vendors
>
>Hi everyone.
>
>I am trying to set up my FreeRadius server for use with
>multiple vendors simultaneously, namely Cisco and Quintum.  
>Currently we have everything working fine with Quintum boxes
>and are trying to add support for Cisco.
>
>We are using FreeRadius to call a SQL Server back end.  Here
>is the stored procedure config for the group reply query in
>our mssql.conf
>file:
>
>authorize_group_reply_query = "EXEC ${groupreply_sp}
>'%{SQL-User-Name}', '%{Calling-Station-Id}',
>'%{Called-Station-Id}', '%{Quintum-h323-conf-id}',
>'%{Quintum-AVPair}', '%{Quintum-h323-gw-id}',
>'%{NAS-IP-Address}', '%{Quintum-h323-call-origin}'
>
>You can see the problem we are going having - if we introduce
>a Cisco box then none of the vendor specific attributes are
>matched by the radius server and so we just get a load of
>blanks passed in to the stored procedure for these attributes.
>
>We have tried various things such as including the Cisco dictionary.
>However, Cisco attributes by default are in the format
>h323-xxxxx rather than Quintum-h323-xxxxx so they again don't
>match the SQL procedure config.  If we try changing the
>Quintum dictionary so its parameters are names similarly to
>Cisco's, then the radius won't even start, complaining that
>duplicate attribute names are defined (as indeed they are).
>
>Surely it must be possible to run free radius with equipment
>from multiple vendors... can anyone help?
>
>Mike
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Configuring for multiple vendors

Mike Chamberlain-2
Fantastic!  That is exactly what I was looking for.

The only downside to this is that we will have to reconfigure the
system for each additional manufacturer we want to add.  Is there a
more general way of doing it?  Or is this just the nature of VSAs?

Thanks,

Mike

On 5/24/05, Mitchell, Michael J <[hidden email]> wrote:

> Well, if you have different vendor attributes for the same thing then
> you should be able to do for example:
>
> %{Quintum-h323-call-origin:-%{Cisco-h323-call-origin}}
>
> That will use Quintum-h323-call-origin if it exists, otherwise
> Cisco-h323-call-origin
>
> See variables.txt in the doc directory for more details...
>
> Cheers,
> Mike
>
>
> >-----Original Message-----
> >From: [hidden email]
> >[mailto:[hidden email]] On Behalf
> >Of Mike Chamberlain
> >Sent: Tuesday, 24 May 2005 5:08 PM
> >To: [hidden email]
> >Subject: Configuring for multiple vendors
> >
> >Hi everyone.
> >
> >I am trying to set up my FreeRadius server for use with
> >multiple vendors simultaneously, namely Cisco and Quintum.
> >Currently we have everything working fine with Quintum boxes
> >and are trying to add support for Cisco.
> >
> >We are using FreeRadius to call a SQL Server back end.  Here
> >is the stored procedure config for the group reply query in
> >our mssql.conf
> >file:
> >
> >authorize_group_reply_query = "EXEC ${groupreply_sp}
> >'%{SQL-User-Name}', '%{Calling-Station-Id}',
> >'%{Called-Station-Id}', '%{Quintum-h323-conf-id}',
> >'%{Quintum-AVPair}', '%{Quintum-h323-gw-id}',
> >'%{NAS-IP-Address}', '%{Quintum-h323-call-origin}'
> >
> >You can see the problem we are going having - if we introduce
> >a Cisco box then none of the vendor specific attributes are
> >matched by the radius server and so we just get a load of
> >blanks passed in to the stored procedure for these attributes.
> >
> >We have tried various things such as including the Cisco dictionary.
> >However, Cisco attributes by default are in the format
> >h323-xxxxx rather than Quintum-h323-xxxxx so they again don't
> >match the SQL procedure config.  If we try changing the
> >Quintum dictionary so its parameters are names similarly to
> >Cisco's, then the radius won't even start, complaining that
> >duplicate attribute names are defined (as indeed they are).
> >
> >Surely it must be possible to run free radius with equipment
> >from multiple vendors... can anyone help?
> >
> >Mike
> >
> >-
> >List info/subscribe/unsubscribe? See
> >http://www.freeradius.org/list/users.html
> >
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

RE: Configuring for multiple vendors

Mitchell, Michael J
In reply to this post by Mike Chamberlain-2
>
>Fantastic!  That is exactly what I was looking for.
>
>The only downside to this is that we will have to reconfigure
>the system for each additional manufacturer we want to add.  
>Is there a more general way of doing it?  Or is this just the
>nature of VSAs?

Hmm, can't think of one. But there are people on this list much smarter
than me... ;-)



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Configuring for multiple vendors

Alan DeKok
"Mitchell, Michael J" <[hidden email]> wrote:
> >The only downside to this is that we will have to reconfigure
> >the system for each additional manufacturer we want to add.

  The good news is that few vendors do the annoying "AVPair" stuff that
Cisco does.

> >Is there a more general way of doing it?  Or is this just the
> >nature of VSAs?
>
> Hmm, can't think of one. But there are people on this list much smarter
> than me... ;-)

  Code hacks.  Create "virtual" attributes, and use those in the
configurion files.  This leaves the mapping between real & virtual
attributes all in one place.

  e.g.

  virtual {
          My-Attribute-Foo = %{Vendor-Foo:-%{Vendor-Bar:-%{Vendor-Stuff}}}
  }
...

DEFAULT My-Attribute-Foo == "stuff"... # compare against 1 of the 3 above

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html