{ // CGRateS Configuration for PPPoE RADIUS Authentication - PAP // Single processor approach - fetches password from AttributeS, strips nulls, compares // Bypasses *radauth null-padding bug by using filter-based comparison "general": { "log_level": 7, "node_id": "pppoe_auth_server", "default_tenant": "cgrates.org" }, "listen": { "rpc_json": "127.0.0.1:2012", "rpc_gob": "127.0.0.1:2013", "http": "127.0.0.1:2080" }, "data_db": { "db_type": "*internal" }, "stor_db": { "db_type": "*internal" }, "caches":{ "partitions": { "*attribute_profiles": {"limit": -1, "ttl": "1h"}, "*attribute_filter_indexes": {"limit": -1, "ttl": "1h"} } }, "filters": { "apiers_conns": ["*localhost"] }, "attributes": { "enabled": true, "apiers_conns": ["*localhost"], "indexed_selects": true, "prefix_indexed_fields": ["*req.Account"] }, "chargers": { "enabled": true }, "sessions": { "enabled": true, "attributes_conns": ["*localhost"], "chargers_conns": ["*internal"], "debit_interval": "0" }, "radius_agent": { "enabled": true, "sessions_conns": ["*localhost"], "attributes_conns": ["*localhost"], "listeners":[ { "network": "udp", "auth_address": "0.0.0.0:1812", "acct_address": "0.0.0.0:1813" } ], "client_secrets": { "*default": "testing123" }, "client_dictionaries": { "*default": ["/usr/share/cgrates/radius/dict/"] }, "request_processors": [ // ============================================================ // Single processor for PAP authentication // Fetches password from AttributeS, strips nulls, compares // ============================================================ { "id": "PPPoE_PAP_Auth", "filters": [ "*string:~*vars.*radReqType:*radAuth" ], "flags": [ "*authorize", "*attributes", "*log" ], "request_fields": [ {"tag": "ToR", "path": "*cgreq.ToR", "type": "*constant", "value": "*data"}, {"tag": "Category", "path": "*cgreq.Category", "type": "*constant", "value": "pppoe"}, {"tag": "RequestType", "path": "*cgreq.RequestType", "type": "*constant", "value": "*none", "mandatory": true}, {"tag": "OriginID", "path": "*cgreq.OriginID", "type": "*composed", "value": "~*req.User-Name"}, {"tag": "Account", "path": "*cgreq.Account", "type": "*composed", "value": "~*req.User-Name", "mandatory": true}, {"tag": "Subject", "path": "*cgreq.Subject", "type": "*composed", "value": "~*req.User-Name"}, // Marker to fetch password from AttributeS {"tag": "Password", "path": "*cgreq.Password", "type": "*constant", "value": "*attributes"}, // Strip null padding from received password {"tag": "ReceivedPassword", "path": "*vars.ReceivedPassword", "type": "*variable", "value": "~*req.User-Password{*strip:*suffix:*nil}"} ], "reply_fields": [ // Get expected password from attributes reply {"tag": "ExpectedPassword", "path": "*vars.ExpectedPassword", "type": "*variable", "value": "~*cgrep.Attributes.Password"}, // SUCCESS: Passwords match - set standard PPP attributes {"tag": "FramedProtocol", "path": "*rep.Framed-Protocol", "filters": ["*string:~*vars.ReceivedPassword:~*vars.ExpectedPassword"], "type": "*constant", "value": "1"}, {"tag": "ServiceType", "path": "*rep.Service-Type", "filters": ["*string:~*vars.ReceivedPassword:~*vars.ExpectedPassword"], "type": "*constant", "value": "2"}, // FAILURE: Passwords don't match or not found - reject {"tag": "RejectCode", "path": "*rep.*radReplyCode", "filters": ["*notstring:~*vars.ReceivedPassword:~*vars.ExpectedPassword"], "type": "*constant", "value": "AccessReject"}, {"tag": "RejectMessage", "path": "*rep.Reply-Message", "filters": ["*notstring:~*vars.ReceivedPassword:~*vars.ExpectedPassword"], "type": "*constant", "value": "Invalid username or password"} ] } ] }, "apiers": { "enabled": true } }