I've setup a radius server in our local network (using freeradius3), and now the clients are successfully login and send their accounting requests to the radius server.
What I need to accomplish is to pass the Accounting Requests (and their attributes) to an external program to process or filter some information. the external program however does not need to return anything to the radius server or change the normal workflow in the radius, so simply a copy of accounting requests has to be sent to the external program.
Couldn't find anything useful on web, so could you please point me to a tutorial or explain how would you implement that ?
Thank you
See the exec module config. The key thing is to set wait to no this means FreeRADIUS will not wait for the program to return.
You can then use the exec module instance as detailed in the header of that file i.e.
"%{exec:<path to program> '%{<attribute>}' '%{<attribute>}'}"
Related
I write a wallboard for asterisk queue system. The document says that when a call is transferred away by an agent an ATTENDEDTRANSFER (or BLINDTRANSFER) event log should be added to the queue_log file automatically. Unfortunately there is no line for any transferred calls in the log file (queue_log in my case). Is there any setting to be changed to let the system to log them properly ?
When I check the CEL files, I see the transfer logs. So the system is logging correctly for CEL but not for queue_log.
I tried to transfer the call to another agent, to an IVR and to another user who is not an agent for any queue. The result is the same, no log for the transfer process.
Any suggestions ?
I use the following:
Asterisk Version: 13.22.0
Freepbx 14.0.5.25
All trunks and clients are connected via SIP
If your phone do transfer via internal features - no log entries.
You have parse AMI events for needed info.
Write your own queue wallboard is VERY hard task. Queue module have really alot of issues.
Can recommend read some already written modules like https://www.asternic.net or queuemetric
I'm developing a product that need to integrate with RADIUS server as an authentication method.
When configuring the RADIUS server (IP Address, Port, Shared Secret) I would like to do a "test" in order to check that the configuration is valid - The server is available and it is indeed a RADIUS server, Shared secret is OK.
I did some research on how to do it,
My options are:
Send Access-Request message with fictional user name and password to the RADIUS server
Send Status-Server message to the RADIUS server
RFC 5997 introduces the use of Status-Server Packets in the RADIUS protocol.
This packet extension enabling clients to query the status of a RADIUS server.
The Status-Server is marked as experimental and as Informational RFC rather than as a Standards-Track RFC
My questions are:
Which are the most common \ in use RADIUS server vendors ? MS NPS, FreeRADIUS, Other?
Are these vendors supporting Status-Server request - Do they implementing this packet type ?
If i will use Access-Request, I will receive "Access-Reject" with a failure message in "Reply-Message" attribute. Can i understand the reason for the refusal from that text message? Is there any list of error codes\messages that are part of the Standard ?
Thanks a lot,
Yossi Zrahia
Ad 1) Exact (or even estimate) numbers are hard to come by, but you should expect to encounter FreeRADIUS, Microsoft NPS, Radiator and maybe Cisco ACS/ISE.
Ad 2) FreeRADIUS, Radiator support it. Microsoft NPS and Cisco ACS/ISE do not. If your "test" is used once (upon configuring) I would use option 1 with the Access-Request. If you wish to periodically check the availability and configuration of a RADIUS server, I would suggest implementing both options and allow for configuration of the check as part of the RADIUS configuration:
IP: 1.2.3.4
Port: 1812
Shared Secret: U7tr453cur3
Servercheck: [x] Status-Server
[ ] Access-Request
Ad 3) From RFC2865, section 5.18 (Reply-Message):
"[...] This Attribute indicates text which MAY be displayed to the user. [...] When used in an Access-Reject, it is the failure message. It MAY indicate a dialog message to prompt the user before another Access-Request attempt. [...] The Text field is one or more octets, and its contents are implementation dependent. It is intended to be human readable, and MUST NOT affect operation of the protocol. It is recommended that the message contain UTF-8 encoded 10646 [7] characters."
There apparently are no standard messages specified; however if IP, Port or Shared Secret are configured incorrectly you should not get a response at all, because RFC 2865 specifies:
"A request from a client for which the RADIUS server does not have a shared secret MUST be silently discarded."
In all Diameter implementations I saw, the messages originating from the server is always sent towards the DNS resolved IP address of whats in the Destination-Host AVP. But, in commercial servers, we see an option to configure a DRA or a DEA which takes in all the messages and routes them.
Thus, when it comes to the mobicents diameter stack, this approach is sometimes hard to do. I can anyway re-configure the hosts file so that the message ends up in a DRA/DEA, yet, its a pain. I see no option to send these messages to a central diameter agent which will take care of all the dirty work for me.
The next issue is, if I plan to create such a DRA/DEA, the stack does not accept messages to a different host. Where, the message's Destination-Host parameter might contain a different hostname than ours. (which would be the ultimate destination it needs to go)
Is there a hack to achieve this without meddling with the internals of the jdiameter code and RA code?
If you change jdiameter's config to something like this:
<Network>
<Peers>
<Peer name="aaa://127.0.0.1:21812" attempt_connect="false" rating="1" />
<Peer name="aaa://CUSTOM_HOST:4545" attempt_connect="false" rating="1" />
</Peers>
<Realms>
<Realm name="custom.realm" peers="CUSTOM_HOST" local_action="LOCAL" dynamic="false" exp_time="1">
<ApplicationID>
...
</ApplicationID>
</Realm>
</Realms>
</Network>
In your sbb, then you'll need to create a client session providing your custom realm using this method:
DiameterCCAResourceAdaptor.CreditControlProviderImpl.createClientSession(DiameterIdentity destinationHost, DiameterIdentity destinationRealm)
Example:
ccaRaSbb.createClientSession(null, "custom.realm")
where ccaRaSbb is a CreditControlProvider instance (resource adaptor interface)
finally, when creating your CCR, the method CreditControlClientSession.createCreditControlRequest() will use the session' realm to find an available peer previously configured.
Let me know if this makes sense to you
Posting the method I used to solve this problem.
As it turns out its not possible out of the box to send a diameter message towards a peer which is not configured in the stack's jdiameter-config.xml file.
For me, the option to alter the stack in this case was also not feasible. So I devised a workaround for the problem by co-operating with the DRA we have. (most DRA's should be able to handle this method)
I added two custom AVPs to the outgoing request, namely Ultimate-Destination-Host and Ultimate-Destination-Realm.
In the DRA, I asked the admin to delete my Destination-Host and Destination-Realm AVPs and replace them with the ones created in step 1.
Now, whenever I send a packet destined to other diameter peers outside the configured peer, I target them towards the DRA and set these 'Ultimate' destination AVPs.
Ours is an Oracle DSR which is capable of doing this AVP manipulation. Most commercial ones should be able to handle it. Hope someone who wanted an answer for this question found this useful.
I need tips to build an infrastructe to send 1000 simultaneous voice calls (automated IVR calls with voicexml). Up to now i used asterisk with voiceglue but now i have performance issues.
The infrasturcture was like this:
the asterisk pulls request from queue
the queue consumer create a call file
when the call ends, call file is read and status is sent to the application server
To be honest, i am asking for tips to implement an infrastructure like callfire[1] or voxeo[2]?
[1]https://www.callfire.com/
[2]http://voxeo.com/
you can go with voxeo prophecy (http://voxeo.com/prophecy/) one of the good server which have the capability of making simultaneous voice calls
Note: The requirement which your are expecting to do will not only possible with voxeo prophecy it should also depend the web server like Tomcat, IIS e.t.c in case if you dealing with databases like Sql , Oracle e.t.c
Please do refer to know the architecture
http://www.alpensoftware.com/define_VoiceOverview.html
CallFire's API has a CreateBroadcast method where you can throw up an IVR using their XML in seconds. You can read up on the documentation here:
https://www.callfire.com/api-documentation/rest/version/1.1#!/broadcast
CallFire also offers a PHP-SDK, hosted on Github, with examples of how to do this. The SDK is minimal setup and allows you to easily tap into the APIs robust functionality. Version 1.1 can be found here, with instructions on how to get started: https://github.com/CallFire/CallFire-PHP-SDK
The method call might look something like this. Note the required dependencies.
<?php
use CallFire\Api\Rest\Request;
use CallFire\Api\Rest\Response;
require 'vendor/autoload.php';
$dialplan = <<<DIALPLAN
<dialplan><play type="tts">Congratulations! You have successfully configured a CallFire I V R.</play></dialplan>
DIALPLAN;
$client = CallFire\Api\Client::Rest("<api-login>", "<api-password>", "Broadcast");
$request = new Request\CreateBroadcast;
$request->setName('My CallFire Broadcast');
$request->setType('IVR');
$request->setFrom('15551231234'); // A valid Caller ID number
$request->setDialplanXml($dialplan);
$response = $client->CreateBroadcast($request);
$result = $client::response($response);
if($result instanceof Response\ResourceReference) {
// Success
}
You can read this:
http://www.voip-info.org/wiki/view/Asterisk+auto-dial+out
Main tip: you WILL have ALOT of issues. If you are not expert with at least 5 years development experience with asterisk, you have use already developed dialling cores or hire guru. There are no opensource core that can do more then 300 calls on single server.
You can't do 1000 calls on single asterisk in app developed by "just nice developer". It will just not work.
Task of create dialling core for 1000 calls is "rocket science" type task. It require very special dialling core, very special server/server tunning and very specialized dialler with pre-planning.
1000 calls will result 23Mbit to 80Mbit bandwidth usage with SMALL packets, even that single fact can result you be banned on your hosting and require linux network stack be tunned.
You can use ICTBroadcast REST API to integerate your application with reknown autodialer , please visit following link for more detail
http://www.ictbroadcast.com/news/using-rest-api-integerate-ictbroadcast--third-party-application-autodialer
ICTBroadcast is based on asterisk communication engine
I've already done this for phone validation and for phone message broadcasting using Asterisk and Freeswitch. I would go with Freeswitch and xmlrpc:
https://wiki.freeswitch.org/wiki/Freeswitch_XML-RPC
I am trying to configure syslog-ng destination path to use unix-stream sockets for Inter process communication. I have gone throgh this documentation http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.3-guides/en/syslog-ng-ose-v3.3-guide-admin-en/html/configuring_destinations_unixstream.html .
My syslog.conf(only part of it) for the same is as follows:
source s_dxtcp { tcp(ip(0.0.0.0) port(514)); };
filter f_request {program("dxall");};
destination d_dxall_unixstream {unix-stream("/var/run/logs/all.log");};
log {source(s_dxtcp); filter(f_request); destination(d_dxall_unixstream);};
When I restart my syslog-ng server, I have got the following message:
Connection failed; fd='11', server='AF_UNIX(/var/run/logs/all.log)',
local='AF_UNIX(anonymous)', error='Connection refused (111)'
Initiating connection failed, reconnecting; time_reopen='60'
What this error signifies? How can I use unix sockets with syslog-ng? Could any one help me out.
Till now I am not able to create a Unix Domain Socket for inter process communication. But I got a way around it. All I want is a one way communication to send data created at syslog-ng to a running java program(a process, I can say). This I achieved with Using Named Pipes in Syslog-ng. Documents for achieving is http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.4-guides/en/syslog-ng-ose-v3.4-guide-admin/html-single/index.html#configuring-destinations-pipe .
Reading from Named Pipe is same as reading from a normal file. One important point to note is that Reader process(here the Java program) should be started before Syslog-ng, (Writer, that writes log messages to the Named pipe).
Reason, Writer will block until there is a Reader. Absence of Reader will lead to loss of some messages, that got accumulated before Reader Started. And there should be only one instance of Reader. If there are multiple readers, the second reader will get null pointer exception, as the message it want to read is already read by the first Reader. Kindly note that this is from my experience. Let me know, If I am wrong.