uppal/cgrates-radius
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dfb925494cc9f71c4a5931daa94e83a7bd34a406
cgrates-radius/cgrates.json
Junaid Saeed Uppal dfb925494c Implement proper MS-CHAPv2 authentication for MikroTik PPPoE 
Two-processor approach:
1. MSCHAPv2GetPassword: Uses *authorize + *attributes to fetch password
   from CGRateS attributes subsystem and get MaxUsage for session timeout
2. MSCHAPv2Auth: Uses *radauth + *mschapv2 to perform actual MS-CHAPv2
   authentication with cryptographic proof (MS-CHAP2-Success)

The password is read from ~*cgrep.Attributes.Password (set via Attributes.csv)
and placed in *vars.UserPassword for the *radauth to use.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-23 21:07:05 +05:00

127 lines
3.4 KiB
JSON
Raw Blame History

{
// CGRateS Configuration file
//
"general": {
"log_level": 7,
},
"listen": {
"rpc_json": ":2012", // RPC JSON listening address
"rpc_gob": ":2013", // RPC GOB listening address
"http": ":2080", // HTTP listening address
},
"data_db": {
"db_type": "redis",
"db_port": 6379,
"db_name": "10",
},
"stor_db": { // database used to store offline tariff plans and CDRs
"db_password": "CGRateS.org", // password to use when connecting to stordb
},
"filters": {
"apiers_conns": ["*localhost"],
},
"rals": {
"enabled": true,
},
"schedulers": {
"enabled": true,
},
"cdrs": {
"enabled": true,
"rals_conns": ["*internal"],
},
"resources": {
"enabled": true,
},
"attributes": {
"enabled": true,
},
"routes": {
"enabled": true,
},
"chargers": {
"enabled": true,
},
"sessions": {
"enabled": true,
"attributes_conns": ["*localhost"],
"cdrs_conns": ["*localhost"],
"rals_conns": ["*localhost"],
"resources_conns": ["*localhost"],
"chargers_conns": ["*internal"],
"debit_interval": "10s",
},
"radius_agent": {
"enabled": true,
"sessions_conns": ["*localhost"],
"listeners":[
{
"network": "udp",
"auth_address": "0.0.0.0:1812",
"acct_address": "0.0.0.0:1813"
}
],
"client_secrets": {
"*default": "CGRateS.org"
},
"client_dictionaries": {
"*default": ["/usr/share/cgrates/radius/dict/"]
},
"request_processors": [
{
"id": "MSCHAPv2GetPassword",
"filters": ["*string:~*vars.*radReqType:*radAuth"],
"flags": ["*authorize", "*attributes", "*accounts", "*continue", "*log"],
"request_fields": [
{"tag": "Category", "path": "*cgreq.Category", "type": "*constant", "value": "call"},
{"tag": "RequestType", "path": "*cgreq.RequestType", "type": "*constant", "value": "*prepaid", "mandatory": true},
{"tag": "OriginID", "path": "*cgreq.OriginID", "type": "*composed", "value": "~*req.Acct-Session-Id", "mandatory": true},
{"tag": "Account", "path": "*cgreq.Account", "type": "*composed", "value": "~*req.User-Name", "mandatory": true},
{"tag": "Subject", "path": "*cgreq.Subject", "type": "*composed", "value": "~*req.User-Name", "mandatory": true},
{"tag": "Destination", "path": "*cgreq.Destination", "type": "*constant", "value": "pppoe"},
{"tag": "SetupTime", "path": "*cgreq.SetupTime", "type": "*constant", "value": "*now", "mandatory": true},
{"tag": "AnswerTime", "path": "*cgreq.AnswerTime", "type": "*constant", "value": "*now", "mandatory": true}
],
"reply_fields": [
{"tag": "MaxUsage", "path": "*rep.Session-Timeout", "type": "*composed", "value": "~*cgrep.MaxUsage{*duration_seconds}", "mandatory": true}
]
},
{
"id": "MSCHAPv2Auth",
"filters": ["*string:~*vars.*radReqType:*radAuth"],
"flags": ["*radauth", "*mschapv2", "*log"],
"request_fields": [
{"tag": "UserPassword", "path": "*vars.UserPassword", "type": "*variable", "value": "~*cgrep.Attributes.Password"}
],
"reply_fields": [
{"tag": "RemoveAddedFields", "filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"},
{"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"], "type": "*constant", "value": "AccessReject"},
{"tag": "ReplyMessage", "path": "*rep.Reply-Message", "filters": ["*notempty:~*cgrep.Error:"], "type": "*variable", "value": "~*cgrep.Error"}
]
}
]
},
"apiers": {
"enabled": true,
"scheduler_conns": ["*internal"],
},
}
Reference in New Issue View Git Blame Copy Permalink