Implementing Provisioning will be demonstrated by provisioning RADIUS using RADIUS
Reply Groups for MikroTik® for a 2M Up/4M Down Service when Open and
56K Up and Down when Suspended.
-
Determine data specific to the customer service that need to be captured and
maintained.
For RADIUS, three pieces of data are needed: username,
password, and plan
identifier
-
Define Resources
-
Select
-
Select New
-
Configure the Resource
For RADIUS enter:
Table 1.
| Field |
Value |
| Number |
1 |
| Name |
RADIUS |
| Description |
RADIUS AAA |
| Type |
RADIUS |
Note: Make a note of the Resource number. This number will be
needed for editing the service_hook. The
Resource number should not be changed in BillMax unless the
service_hook is modified as
well.
-
Click Save
-
Optionally add preconfigured RADIUS attributes for the hardware desired
For MikroTik® on the command line as the BillMax
system user, execute
load_dictionary.pl
-f
/usr/local/billmax/freeradius/share/freeradius/dictionary.mikrotik
-
Create one or more RADIUS Reply Groups
-
Select
-
Click the Attribute Group number that needs provisioning or Select
New
-
Add an Attribute Group
-
Select Add Attribute and add a predefined
attribute or add a new one. Repeat for as many attributes as
necessary
Create a
2MB Up/4MB Down Reply Group for an Open
Service and a
Suspended Reply Group for Suspended
Services.
- Create the 2MB Up/4MB Down Reply Group and add the following
Attribute:
| Attribute |
Operator |
Value |
Type |
| Mikrotik-Rate-Limit |
= |
2M/4M |
reply |
- Create the Suspended Reply Group and add the
following Attribute:
| Attribute |
Operator |
Value |
Type |
| Mikrotik-Rate-Limit |
= |
56k |
reply |
If you execute the SQL
SELECT * FROM radgroupreply
using you should see the following
-
Create or Modify a Product Definition to capture the Provisioning Data
-
Select
-
Click the product definition number that needs provisioning or Select
New
-
Select the Provisioning tab and enter provisioning data
For RADIUS, create of Service Definition named
2MB Up/4MB
Down with the following:
- Set Provisioning Variable Conflict to
Never OK
- Set Save Plain Text Password to
Yes
- Select the Resources
RADIUS check box.
- Enter the following:
Table 2.
| Field |
Value |
RADIUS Data |
| d01 |
User Name |
username |
| d02 |
Password |
password |
| d03 |
Plan |
plan identifier |
- In addition for d03, enter 2MB
Up/4MB Down for Constraint or List
? and 2MB Up/4MB Down entry
as the Default.
-
Select Save
-
If needed, create a program to transmit the provisioning data to the target
system or use an existing program. See Provisioning Executable
For RADIUS, copy
/usr/local/billmax/local/bx_provision_radius.pl-example
to /usr/local/billmax/local/bx_provision_radius.pl. Edit
the file and set $db, $dbuser and
$dbpass to the values needed to access the BillMax
database. In addition, set $DISABLEMETHOD to
group.
-
Activate /usr/local/billmax/local/service_hook
-
Warning: The service_hook runs as the BillMax
system user. It can be configured to run under a different id (including
root) if needed. The use of non-privileged users is recommended. Please
contact support@billmax.com for assistance if a different user id is
needed.
Copy service_hook-example to
service_hook in
/usr/local/billmax/local and ensure that it is
owned and executable by the billmax system
user.
-
Modify the script to call the appropriate system specific provisioning
executables
- Edit the SERVICES data structure or hash in
/usr/local/billmax/local/service_hook.
Every Resource must have its own hash set of parameters. Below
show the use of
/usr/local/billmax/local/bx_provision_radius.pl
my $cmd = "$BILLMAXDIR/local/bx_provision_radius.pl";
$SERVICES{1}{name} = "radius";
$SERVICES{1}{provision} = "yes";
$SERVICES{1}{groupswitch} = "-g";
$SERVICES{1}{passwordswitch} = "-p";
$SERVICES{1}{data} = [ "-s", "{NEW_state}", "-n", "{NEW_d01}",
$SERVICES{1}{passwordswitch}, "{NEW_plaintextpass}",
$SERVICES{1}{groupswitch}, "{NEW_d03}" ];
$SERVICES{1}{cmd}{create} = "$cmd -a create “ ."
$SERVICES{1}{passwordswitch} " . escL($ENV{NEW_plaintextpass}) . "
$SERVICES{1}{groupswitch} " . escL($ENV{NEW_d03}) . " " .
escL($ENV{NEW_d01});
$SERVICES{1}{cmd}{delete} = "$cmd -a delete " .
escL($ENV{NEW_d01});
$SERVICES{1}{cmd}{update} = "$cmd -a update";
$SERVICES{1}{remotecmd} = "";
Note: The $SERVICES{1} above refers Resource # 1. Each of the
cmd entries specify how to call the
system specific provisioning executable
("$BILLMAXDIR/local/bx_provision_radius.pl)
for that action defined. There are three actions: create,
delete and update. The create and delete actions are
explicitly defined. For updates, the information in the data
entry is used to dynamically create the update command
arguments. The data entry contains pairs of values that
define the update switch and associated value that if
changed will trigger a update call. In the above, the
remotecmd entry is blank which
indicates the command runs on the BillMax host. If populated
it is, almost always, the ssh command and any needed
arguments. In this way the $cmd
executable may be executed locally or on a remote
host.
-
Test the implementation
-
Go to a test Account within BillMax add a Service based on the Product
Definition
For the RADIUS example add the
2MB Up/4MB Down
Service Definition and enter:
| Field |
Value |
| User Name |
user |
| Password |
p@ssw0Rd |
If you execute the SQL
SELECT * FROM
radusergroup using you should see the following:
SELECT * FROM radcheck WHERE
username='user' will result in:
-
Suspend the Service
SELECT * FROM radusergroup should not
show:
Important: Whether or not a NAS will honor the changes made to the RADIUS table is
dependent on the NAS. The following are possibilities:
- The NAS will accept a RADIUS COA record and contact RADIUS for new
information.
- The NAS will accept an SNMP request to contact RADIUS for new
information.
- Something else NAS specific.