------------ DESCRIPTION: ------------ Author Dan-Cristian Bogos [dan@itsyscom.com] FreeRADIUS-CDRTool is a freeradius module able to connect on the CDRTool prepaid engine through TCP API and implement a basic prepaid level for calls passing through OpenSER. I have created this module in my spare time and not being really expert in Python, so please watch it when u judge me ;). I am releasing this module free of any costs to be used or modified by anyone needs to (GPL), and I will try my best to support it from my own resources if this will be necessary, based on the respect I have for opensource software and community. Functionality and concepts behind: For calls being necessary to be authenticated, openser will send a Radius Access-Request packet which will contain the username and the destination for the call. As per configuration, freeradius will send those packets, sanitized by the digest module to python which will use the authorize function (again as per configuration). This function will query cdrtool as per described API (CDRTool PREPAID documentation) and return the necessary information back to OpenSER through the recommended way of SIP-AVP. The avps received will be available in openser as: callMaxDur and credit, where callMaxDur is the maximum duration the user is allowed to be connected with the destination and credit represents the amount of credit available at starting of the call. This info can be used later in an bbua able to timeout calls based on duration. At the starting of the call, freeradius-cdrtool module will record the timestamps for Accounting-Start packet received from OpenSER in the memory, so it should spare some processing time without being necessary to query any database for this later. When the call will be ended, OpenSER should inform FreeRADIUS about this, therefore freeradius-cdrtool beeing able to unlock the account as well as announce CDRTool to debit the necessary balance for the call from the user's account. In the case of failed calls, freeradius-cdrtool will properly unlock the accounts without debiting any credit from user's accounts. ------------- INSTALL PART: ------------- 1. FreeRADIUS with rlm_python enabled. a. Copy the patched rlm_digest.c provided on freeradius-cdrtool project page to /path_to_freeradius_sources/src/modules/rlm_digest/. b. Compile FreeRADIUS from sources, enabling rlm_python as static module (./configure --with-static-modules=python). Documentation provided at /path_to_freeradius_sources/doc/rlm_python c. Configure rlm_python to use the functions exported by freeradius-cdrtool module. A sample configuration is provided on project's website. Place that in the freeradius configuration folder and enable it in radiusd.conf after. d. Enable the use of python module in the authorize and accounting sections. 2. Install and configure CDRTool (detailed documentation found on the project website: http://cdrtool.ag-projects.com/) 3. Install and start memcached (if not installed by default with cdrtool) 4. Install python-memcache module (download page: ftp://ftp.tummy.com/pub/python-memcached/) 5. Install freeradius-cdrtool module a. Check and change where is necessary the variables in the configuration part at begining of the module (freeradius-cdrtool.py file). b. Install the module by executing "python setup.py install". Have fun! -------------------- Some CONFIG samples: -------------------- ###openser.cfg: # Authenticate the invites with Radius: if (is_method("INVITE")){ if (!radius_proxy_authorize("")) { proxy_challenge("","0"); exit; } else if (!check_from()) { sl_send_reply("403", "Use From=ID"); exit; }; }; # Mark the packets to be accounted, be aware about proper flag settings for acc, our case flag=1 if (is_method("INVITE|BYE")){ setflag(1); }; ###radiusd.conf ... python { mod_instantiate = freeradius-cdrtool func_instantiate = instantiate mod_authorize = freeradius-cdrtool func_authorize = authorize mod_accounting = freeradius-cdrtool func_accounting = accounting mod_detach = freeradius-cdrtool func_detach = detach } ... authorize { # preprocess digest sql python } ... accounting { sql python }