[Serusers] Still having problems with Radius Accounting

Rafael J. Risco G.V. rrisco at millicom.net.pe
Wed Jul 14 17:32:05 UTC 2004


hello

I´m still having problems (since two months ago) to obtain radius accounting, the authentication process works well and the calls are completed but I did not see any "Accounting Report" in /var/log/radius/radacct/ or neither in radiusd -X debug and now I´ve just seen this error after ACK message in the debug file:  
" ERROR: acc_rad_request: radius-ing failed "

.
.
.
 8(7957) ERROR: acc_rad_request: radius-ing failed
 8(7957) DEBUG: cleanup_uacs: RETR/FR timers reset
 8(7957) DEBUG: add_to_tail_of_timer[2]: 0x402f59b8
 8(7957) receive_msg: cleaning up
 5(7954) ERROR: acc_rad_request: radius-ing failed
 5(7954) SER: forwarding ACK  statelessly 
 5(7954) DEBUG: mk_proxy: doing DNS lookup...
 5(7954) check_via_address(10.0.0.236, 10.0.0.236, 0)
 5(7954) Sending:
ACK sip:6604000 at 200.110.6.58 SIP/2.0
Record-Route: <sip:6604000 at 200.110.2.132;ftag=5c0013eda4;lr=on>
Via: SIP/2.0/UDP 200.110.2.132;branch=0
Via: SIP/2.0/UDP 10.0.0.236:5060;branch=z9hG4bK5c0013eda465
From: <sip:6603000 at 200.110.2.132>;tag=5c0013eda4
To: <sip:6604000 at 200.110.2.132>;tag=ac407c95a4
Call-ID: 5cc06e00-b11a-13ae-80ed-0002a40055b2 at 10.0.0.236
CSeq: 65 ACK
Content-Length: 0
Max-Forwards: 69
.
.
.

I have noticed that this error appears only when I try "setflag(1)" for the transactions I want to account, also in this case the ACK message it comes too late (not when pick Up the phone...).

these are some details of my installation:

- SuSE Linux 9.0 (i586)
- ser-0.8.12
- I have followed "radius-how-to" very carefully.
- radiusclient-0.3.2
- freeradius-0.9.3  (installed in the same host with ser and receiving accounting from other NAS)
- I am not using mysql (I will use it with radius integration).
- my current ser.cfg and endpoints configuration are shown below:

another question: Is it possible to have "per-call authentication" with this radius module?

I am new in SIP protocol and ser services so please I need someone share its ser.config file to make this works.

thanks.

Rafael Risco Gonzale-Vigil
Millicom Peru SA
Lima - Peru




ser1.cfg  
#
# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $

# ----------- global configuration parameters ------------------------

# debug=3         # debug level (cmd line: -dddddddddd)
# fork=yes
# log_stderror=no        # (cmd line: -E)

#/* Uncomment these lines to enter debugging mode 
debug=6
fork=yes
log_stderror=yes
#*/

check_via=no    # (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database
#loadmodule "/usr/local/lib/ser/modules/mysql.so"

loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"

# loadmodule "/usr/local/lib/ser/modules/uri.so"
# loadmodule "/usr/local/lib/ser/modules/uri_radius.so"

# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/ser/modules/auth.so"
# loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
loadmodule "/usr/local/lib/ser/modules/group_radius.so"
loadmodule "/usr/local/lib/ser/modules/acc.so"

# load the NAT Helper Module
# loadmodule "/usr/local/lib/ser/modules/nathelper.so"

# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
# modparam("usrloc", "db_mode",   0)
# Uncomment this if you want to use SQL database 
# for persistent storage and comment the previous line
# modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
# modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config), 
# uncomment also the following parameter)
#
# modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
modparam("acc","log_level",1)
modparam("auth_radius","radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
modparam("auth_radius","service_type",15)
modparam("acc","radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
modparam("acc", "service_type", 15)
modparam("acc", "radius_flag", 1)
modparam("acc", "radius_missed_flag", 3)

# -------------------------  request routing logic -------------------

# main routing logic

route{

setflag(1);
         if (method=="REGISTER")
                 log(1, "REGISTER message received\n");

         if (method=="INVITE")
                 log(1, "INVITE message received\n");

         if (method=="ACK")
                 log(1, "ACK message received\n");
 
         if (method=="BYE")
                 log(1, "BYE message received\n");
 
         if (method=="CANCEL")
                 log(1, "CANCEL message received\n");
 
         if (method=="SUBSCRIBE")
                 log(1, "SUBSCRIBE message received\n");
 
         if (method=="NOTIFY")
                 log(1, "NOTIFY message received\n");
 
         if (method=="OPTIONS")
                 log(1, "OPTIONS message received\n");
 
         if (method=="INFO")
                 log(1, "INFO message received\n");
 
         if (method=="MESSAGE")
                 log(1, "MESSAGE message received\n");
 
         if (method=="REFER")
                 log(1, "REFER message received\n");


/*
if (method =="INVITE" | method == "BYE"){
 log(1,"INVITE or BYE\n");
 setflag(1);
 };
if (method=="MESSAGE") {
 log(1,"MESSAGE\n");
 setflag(1);
 };
if (method=="BYE"){
 log (1, "BYEd or CANCEL\n");
 setflag(1);
 };
if (method=="CANCEL"){
 log (1, "BYEe or CANCEL\n");
 setflag(1);
 };
*/



        # initial sanity checks -- messages with
        # max_forwards==0, or excessively long requests
        if (!mf_process_maxfwd_header("10")) {
                sl_send_reply("483","Too Many Hops");
                break;
        };
        if ( msg:len > max_len ) {
                sl_send_reply("513", "Message too big");
                break;
        };

        # we record-route all messages -- to make sure that
        # subsequent messages will go through our proxy; that's
        # particularly good if upstream and downstream entities
        # use different transport protocol
        record_route();
        # loose-route processing
        if (loose_route()) {
                t_relay();
                break;
        };

        # if the request is for other domain use UsrLoc
        # (in case, it does not work, use the following command
        # with proper names and addresses in it)
        if (uri==myself) {

                if (method=="REGISTER") {

# Uncomment this if you want to use digest authentication
                       if (!radius_www_authorize("")) {
                               www_challenge("", "0");
                               break;
                        };

                        save("location");
                        break;
                };

 
               # native SIP destinations are handled using our USRLOC DB
                if (!lookup("location")) {
                        sl_send_reply("404", "Not Found");
                        break;
                };
        };
        # forward to current uri now; use stateful forwarding; that
        # works reliably even if we forward from TCP to UDP
        if (!t_relay()) {
                sl_reply_error();
        };
}



########################################################################
Example of one endpoint config:
VoiceFinder Gateway Series (http://www.addpac.com)
AP200B System software Revision 8.10


! 
! VoIP configuration. 
! 
! 
! Voice service voip configuration. 
! 
voice service voip 
 fax protocol t38 redundancy 0 
 fax rate 9600 
 h323 call start fast 
 no force-starth245 
 busyout monitor gatekeeper 
 busyout monitor voip-interface 
 display send e164
! 
! 
! Voice port configuration. 
! 
voice-port 0/0 
! FXS 
 caller-id enable 
! 
! 
voice-port 0/1 
! FXS 
 caller-id enable 
! 
! 
! 
!             
! Pots peer configuration. 
! 
dial-peer voice 0 pots
 destination-pattern 6600020 
 port 0/0 
 call-waiting
! 
dial-peer voice 1 pots
 destination-pattern 6603000 
 port 0/1 
 call-waiting
! 
! 
! 
! Voip peer configuration. 
! 
!             
dial-peer voice 1002 voip 
 destination-pattern 6604000 
 session target sip-server  
 session protocol sip 
 codec g7231r63 
 dtmf-relay rtp-2833 
! 
! 
! 
! SIP UA configuration. 
! 
sip-ua 
 user-register 
 sip-username 660300X 
 sip-password 1234 
 sip-server 200.X.2.132 
 register e164 
! 
! 
! MGCP configuration. 
! 
mgcp 
 codec  g711ulaw 
!             
! 
! Tones 
! 
! 
voip-interface ether0.0
!
agent00 # 




More information about the Serusers mailing list