Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

IMG 1010 - Configure Free RADIUS on Red Hat Linux

The IMG runs a RADIUS client that is configured to send CDR start & stop events to a RADIUS server. The RADIUS Server is configured on a separate server and can be running any type of operating system RADIUS is supported on. The procedure below describes how to configure the Free RADIUS application on a Linux Server running Red Hat Enterprise Linux and is intended to be used as a sample or reference only. If configuring RADIUS on a different operating system, it is up to the user to configure their own RADIUS server.

Existing RADIUS servers migrating to GCEMS software 10.5.3 must be modified to use the dictionary.dialogic file otherwise the updated VSA's will not be parsed correctly.

Requirements

  • Server running Linux Redhat Enterprise Linux 3.0, 4.0, 5.1, 5.4 (64-bit), or 6.7 (64-bit) with Free RADIUS installed.

  • When RADIUS authentication is accomplished, the username and password specified in the WebGUI for the Radius server authentication either needs to be in the /etc/raddb/users configuration -or- if using the Linux server for authentication should be added as a Linux user.

Procedure

  • If adding a RADIUS user by editing the users file, start with Step 1.

  • If using a Linux username for authentication, skip to Step  2.

  • If using RADIUS authentication (accounting only), skip to Step 3.

Step 1

In the Free RADIUS users file /etc/raddb/users, replace <your_username> and <your_password> with the RADIUS username and password.

<your_username> Auth-Type:=Local, User-Password==<"your_password">

Fall-Through = No

Step 2

Verify the DEFAULT Authorization Type is Reject. Edit the Free RADIUS users file /etc/raddb/users. If the following line below is missing, add it to the end of the file.

# IF NOTHING ELSE MATCHES, REJECT USER
DEFAULT Auth-Type:= Reject

Step 3

Modify the Detail File Rollover Interval in /etc/raddb/radiusd.conf. This is required for users with high call rates as the details file could reach the max file size in < 24 hours. This can cause incoming calls to be blocked and additional CDR records to not be logged.

Look for the following line around line 1030:
# Write a detailed log of all accounting records received
Look for the following line around line 1056:
detailfile =”,

At the end of this line, add the %H to have the log files roll over every hour.

Step 4

Add access for each IMG by editing the clients.conf file located at /etc/raddb/clients.conf. If there are multiple IMG’s, the username should be different for each IMG.

Shortname = The username configured in the RADIUS users file and ClientView. A unique username is recommended for each IMG.username.

Secret = A password that you choose for each IMG that is used in the ClientView RadiusServer Authentication & Accounting configuration.Key used to encrypt sensitive account information transmitted between the IMG and the RADIUS server.

Password = The RADIUS password configured in the RADIUS users file and ClientView:

client 10.129.44.240 {
secret = server_secret
shortname = your_username
password = your_password }

Step 5

Copy the dictionary.dialogic or dictionary.cantata file from /opt/dialogic/common/radius to /usr/share/freeradius. In the /usr/share/freeradius/ folder, edit the dictionary file and add the following include line.

$INCLUDE dictionary.dialogic  

$INCLUDE dictionary.cantata (prior to software 10.5.3)

In software 10.5.3, the dictionary.cantata file was renamed to dictionary.dialogic. Any software prior to 10.5.3 will utilize the dictionary.cantata format.

Step 6

Start the Radius service by entering the following command:

$service radiusd restart

Step 7

Set the Radius service to restart when the system restarts:

$chkconfig radiusd on

Step 8

In ClientView, Configure a Radius Client and Servers on the IMG. See Configuring RADIUS.

Step 9

Verify CDR’s are being generated. By default, the files will roll over once a day. Follow the instructions in step 3 to roll the log files over once an hour. CDR's stored at: /var/log/radius/radacct/<IMG_IP>. The file names are: detail-YYYYMMDDHH and detail-2005081801.

Step 10

Archive & delete CDR detail files. A copy of the following files can be found at /opt/dialogic/IMG/radius.

Step 11

In the /var/log/radius/radacct folder, create a script to archive files. Name the file "CDR".

#!/bin/sh
#  CDR
#       Sample script to archive CDR's.
#       Files are archived if more than 1 days old
#       Files are deleted if more than 31 days old
find /var/log/radius/radacct/*/detail* -mtime +1 -exec gzip {} \;
find /var/log/radius/radacct/*/detail* -mtime +31 -exec rm -f {} \;

Step 12

Create a cron task to run this script. This cron task can be run hourly or daily. The example below will run it hourly.

#!/bin/bash
crontab<<EOF
#cron.dat-cdr - cron file for CDR's
#
# This script restarts the CDR log files each hour.
0 * * * * /var/log/radius/radacct/CDR
#
EOF

Step 13

After creating this script, either restart the cron service or restart the server. In the /etc/cron.hourly folder, create a file to run the script created in the previous step.

  • No labels