<AuthBy DIAMETER> converts and forwards all RADIUS authentication and accounting messages to another (possibly remote) DIAMETER server. The DIAMETER replies are converted back to RADIUS messages and returned to the requesting client which might be a remote client or this Radiator instance itself.

The default for <AuthBy DIAMETER> is to advertise values 0 and 1 (Diameter common message and NASREQ) with Auth-Application-Id. Value 3 (Diameter base accounting) is advertised with Acct-Application-Id.

See goodies/diameter-authby.cfg for an example configuration file.

<AuthBy DIAMETER> understands also the same parameters as <AuthBy xxxxxx>. For more information, see Section 3.32. <AuthBy xxxxxx>. <AuthBy DIAMETER> supports TLS. For more information about TLS parameters, see Section 3.11. TLS configuration.

Name or IP address of DIAMETER peer this AuthBy DIAMETER should connect to.

This parameter specifies one host name or address of an SCTP peer to connect to. An address can be an IPv4 or IPv6 address. Multiple SCTPPeer parameters are supported. When SCTPPeer is defined, it is used instead of Host or Peer parameters. Special formatting characters are supported. If SCTP multihoming is not supported, connection is attempted to each peer at a time.

Here is an example of using SCTPPeer:

# Peer has multiple IPv6 addresses
SCTPPeer 2001:db8:1500:1::a100
SCTPPeer 2001:db8:1500:2::a100

This optional parameter specifies port name or number of the Diameter peer. Defaults to 3868, the official IANA port number for Diameter. May be a numeric port number or symbolic port/service name.

If DestinationHost is unset, no Destination-Host attribute is added to Diameter messages. Setting DestinationHost is optional and there is no default value. Special formatting characters are supported. Formatting is done when the configuration is loaded and <AuthBy DIAMETER> clause is activated.

This optional parameter sets the Destination-Realm attribute in the Diameter messages sent to the peer. Destination-Realm is first taken from User-Name's realm part. If there is no realm, then DestinationRealm configuration parameter is used. The default is testdestinationrealm. Special formatting characters are supported. Formatting is done when the configuration is loaded and <AuthBy DIAMETER> clause is activated.

This parameter specifies the name that AuthBy DIAMETER will use to identify itself to Diameter peer it connects to. It is sets the value of the Origin-Realm attribute in the Diameter messages sent to the peer. OriginHost is not optional an must be specified in the AuthBy DIAMETER clause. Diameter peers may use OriginHost to determine whether they have connected to the correct peer, so it may be critical that it be configured correctly. OriginHost defaults to the hostname of the server Radiator is running on. Special formatting characters are supported. Formatting is done when the configuration is loaded and AuthBy DIAMETER clause is activated.

This parameter specifies the name of the user Realm that AuthBy DIAMETER is willing to handle. It is sets the value of the Origin-Realm attribute in the Diameter messages sent to the peer. OriginRealm is not optional an must be specified in the AuthBy DIAMETER clause. OriginRealm defaults to 'testoriginrealm'. Special formatting characters are supported. Formatting is done when the configuration is loaded and AuthBy DIAMETER clause is activated.

This optional parameter allows you to define a Perl function that will be called during packet processing. PostDiaToRadiusConversionHook is called after an incoming Diameter request has been converted to its equivalent RADIUS request, allowing you to alter or add to attribute conversions etc. It is passed references to the incoming Diameter request and the converted RADIUS request.

This optional parameter allows you to define a Perl function that will be called during packet processing. PostRadiusToDiaConversionHook is called after an RADIUS reply has been converted to its equivalent Diameter reply, prior to being sent back to the Diameter client. It is passed references to the RADIUS reply and the converted Diameter reply.

EAP_ApplicationId defines the Diameter message's Application-ID value and Auth-Application-Id AVP value for the converted RADIUS EAP requests. The default is to convert RADIUS EAP authentication to Diameter EAP application. This parameter allows, for example, converting RADIUS EAP-AKA to Diameter 3GPP SWm. EAP_ApplicationId defaults to value Diameter-EAP. For more information, see configuration sample goodies/diameter-authby.cfg

# We can convert EAP-AKA to SWm
EAP_ApplicationId 3GPP SWm

This optional parameter specifies which Stream protocol will be used to carry Diameter. Options are 'tcp' for TCP/IP or 'sctp' for SCTP (Stream Control Transmission Protocol). Defaults to 'tcp'. Not all hosts are able to support 'sctp': consult your vendor. The protocol setting must be the same as that being used by the Diameter server.

Protocol sctp

This optional parameter allows you to define the Auth Application Ids announced in CER. Defaults to '0, 1, 5' (i.e. DIAMETER BASE, NASREQ and Diameter-EAP).

AuthApplicationIds 0, 1

This optional parameter allows you to define the Acct Application Ids announced in CER. Defaults to ‘3’ (i.e. BASE_ACCOUNTING).

AcctApplicationIds 3

This optional parameter allows you to define the Supported Vendor Ids announced in CER. There is no default and no Supported-Vendor-Id is announced by default. Keyword "DictVendors" is an alias group for all vendors in the default dictionary and the dictionary file configured with DiameterDictionaryFile.

# Tell the peer we support all the vendors in our
# default and DiameterDictionaryFile dictionaries
SupportedVendorIds DictVendors

These parameters control the address and optionally the port number used for the client source port, although this is usually not necessary. LocalPort is a string, it can be a port number or name. It binds the local port if LocalAddress is defined. If LocalPort is not specified or if it is set to 0, a port number is allocated in the usual way.

When SCTP multihoming is supported, multiple comma separated addresses can be configured. All addresses defined with LocalAddress must be either IPv4 or IPv6 addresses.

LocalAddress 203.63.154.29
LocalPort 12345

This optional parameter specifies the number of seconds to wait before attempting to reconnect a failed, dropped or disconnected connection. It also specifies the timeout for the initial connect.

This optional parameter specifies log trace level for peer initiated disconnects. The default value is error level 0. When connections are known to be short-lived, a non-default value may be useful. This parameter is available for all Stream based modules, such as <ServerDIAMETER> and <AuthBy RADSEC>.

# Debug logging is enough for peer disconnects
DisconnectTraceLevel 4