[Serusers] Radius Authentication help

Jan Janak jan at iptel.org
Mon Sep 20 18:16:14 UTC 2004


Please send me the full log of ser, there are missing some lines in the
log below. SIP messages would be good as well.
 
 Jan.

On 20-09 12:26, AJ Grinnell wrote:
> I have added 192.168.1.119 as an alias, and still no registration or
> attempt against radius to register.
> 
> 
> On Mon, 20 Sep 2004 12:08:17 -0400, AJ Grinnell <ajgrinnell at gmail.com> wrote:
> > I guess this is the big confusion that I have to get past. The UAs
> > will be hitting SER from all over different IP blocks and subnets. Do
> > I need to re-write the source? I am sorry, this is  probly very basic,
> > but I am not understanding it right now.
> > 
> > 
> > 
> > 
> > On Mon, 20 Sep 2004 17:51:40 +0200, Jan Janak <jan at iptel.org> wrote:
> > > Do you have 192.168.1.119 as the domain in freeradius (because this is
> > > what the user agent uses).
> > >
> > >   Jan.
> > >
> > >
> > >
> > > On 19-09 11:13, AJ Grinnell wrote:
> > > > Sorry if this is a re-post, I did not see it come through the list in
> > > > the almot 24 hours since I sent it. Could someone please help me with
> > > > this? I am running SER 0.8.14 and
> > > > Freeradius 1.0.0. They are on sperate servers, but I can use
> > > > radiusclient on the SER box and succesfully authenticate a test
> > > > account on the remote radius box. When my sipura spa-200 trys to
> > > > register to SER, SER does not appear to be making a request to radius.
> > > > I have followed the ser-radius how-to, and still no good. Below are my
> > > > configs and debug. Thank you all for the help that you have given me
> > > > in the past and hopefully someone can help with this question.
> > > >
> > > > Config
> > > > # ----------- global configuration parameters ------------------------
> > > >
> > > > debug=7         # debug level (cmd line: -dddddddddd)
> > > > #fork=yes
> > > > log_stderror=yes        # (cmd line: -E)
> > > >
> > > > /* Uncomment these lines to enter debugging mode
> > > > debug=7
> > > > fork=no
> > > > log_stderror=yes
> > > > */
> > > >
> > > > check_via=no    # (cmd. line: -v)
> > > > dns=no           # (cmd. line: -r)
> > > > rev_dns=no      # (cmd. line: -R)
> > > > port=5060
> > > > children=4
> > > > fifo="/tmp/ser_fifo"
> > > >
> > > > alias=****************
> > > > alias=*****************
> > > >
> > > > # ------------------ module loading ----------------------------------
> > > >
> > > > loadmodule "/usr/local/lib/ser/modules/mysql.so"
> > > > loadmodule "/usr/local/lib/ser/modules/sl.so"
> > > > loadmodule "/usr/local/lib/ser/modules/tm.so"
> > > > loadmodule "/usr/local/lib/ser/modules/rr.so"
> > > > loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> > > > loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> > > > loadmodule "/usr/local/lib/ser/modules/registrar.so"
> > > > loadmodule "/usr/local/lib/ser/modules/auth.so"
> > > > loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
> > > > loadmodule "/usr/local/lib/ser/modules/uri_radius.so"
> > > > loadmodule "/usr/local/lib/ser/modules/group_radius.so"
> > > > loadmodule "/usr/local/lib/ser/modules/pa.so"
> > > > loadmodule "/usr/local/lib/ser/modules/nathelper.so"
> > > > loadmodule "/usr/local/lib/ser/modules/msilo.so"
> > > > # ----------------- setting module-specific parameters ---------------
> > > >
> > > > # -- usrloc params --
> > > >
> > > > modparam("usrloc", "db_mode", 2)
> > > > modparam("usrloc", "db_url", "sql://ser:*********@***********/ser")
> > > >
> > > > # -- auth  radius params --
> > > > modparam("auth_radius", "radius_config",
> > > > "/usr/local/etc/radiusclient/radiusclient.conf")
> > > > modparam("auth_radius", "service_type", 15)
> > > >
> > > > # -- URI radius params --
> > > > modparam("uri_radius", "radius_config",
> > > > "/usr/local/etc/radiusclient/radiusclient.conf")
> > > > modparam("uri_radius", "service_type", 10)
> > > >
> > > > # -- Group radius params --
> > > > modparam("group_radius", "radius_config",
> > > > "/usr/local/etc/radiusclient/radiusclient.conf")
> > > > modparam("group_radius", "use_domain", 0)
> > > >
> > > > # -- Presence params --
> > > > modparam("pa", "default_expires", 3600)
> > > >
> > > > # -- Nathelper params --
> > > > modparam("nathelper", "natping_interval", 10)
> > > >
> > > > # -- Msilo params --
> > > > modparam("msilo", "db_url", "sql://ser:********@*********/ser")
> > > > modparam("msilo", "db_table", "silo")
> > > > modparam("msilo", "expire_time", 36000)
> > > > modparam("msilo", "check_time", 20)
> > > > modparam("msilo", "clean_period", 3)
> > > > modparam("msilo", "use_contact", 1)
> > > >
> > > > # -- rr params --
> > > > # add value to ;lr param to make some broken UAs happy
> > > > modparam("rr", "enable_full_lr", 1)
> > > >
> > > > # -------------------------  request routing logic -------------------
> > > >
> > > > # main routing logic
> > > >
> > > > route{
> > > >
> > > >        # initial sanity checks -- messages with
> > > >        # max_forwards==0, or excessively long requests
> > > >        if (!mf_process_maxfwd_header("10")) {
> > > >                sl_send_reply("483","Too Many Hops");
> > > >                break;
> > > >        };
> > > >        if ( msg:len > max_len ) {
> > > >                sl_send_reply("513", "Message too big");
> > > >                break;
> > > >        };
> > > >
> > > >        # we record-route all messages -- to make sure that
> > > >        # subsequent messages will go through our proxy; that's
> > > >        # particularly good if upstream and downstream entities
> > > >        # use different transport protocol
> > > >        record_route();
> > > >        # loose-route processing
> > > >        if (loose_route()) {
> > > >                t_relay();
> > > >                break;
> > > >        };
> > > >
> > > >        # if the request is for other domain use UsrLoc
> > > >        # (in case, it does not work, use the following command
> > > >        # with proper names and addresses in it)
> > > > #       if (uri==myself) {
> > > >
> > > >                if (method=="REGISTER") {
> > > >
> > > > # Uncomment this if you want to use digest authentication
> > > >                        if (!radius_www_authorize("")) {
> > > >                                www_challenge("", "0");  # I have also
> > > > tried 1 in place of 0 #
> > > >                        };
> > > >
> > > >                        save("location");
> > > >                        break;
> > > >                };
> > > >
> > > >                # native SIP destinations are handled using our USRLOC DB
> > > >                if (!lookup("location")) {
> > > >                        sl_send_reply("404", "Not Found");
> > > >                        break;
> > > >                };
> > > > #       };
> > > >        # forward to current uri now; use stateful forwarding; that
> > > >        # works reliably even if we forward from TCP to UDP
> > > >        if (!t_relay()) {
> > > >                sl_reply_error();
> > > >        };
> > > >
> > > > }
> > > >
> > > > SER debug:
> > > >
> > > >  6(16294) SIP Request:
> > > > 6(16294)  method:  <REGISTER>
> > > > 6(16294)  uri:     <sip:192.168.1.119>
> > > > 6(16294)  version: <SIP/2.0>
> > > > 6(16294) parse_headers: flags=1
> > > > 6(16294) Found param type 232, <branch> = <z9hG4bK-5579ff0b>; state=16
> > > > 6(16294) end of header reached, state=5
> > > > 6(16294) parse_headers: Via found, flags=1
> > > > 6(16294) parse_headers: this is the first via
> > > > 6(16294) After parse_msg...
> > > > 6(16294) preparing to run routing scripts...
> > > > 6(16294) DEBUG : is_maxfwd_present: searching for max_forwards header
> > > > 6(16294) parse_headers: flags=128
> > > > 6(16294) end of header reached, state=9
> > > > 6(16294) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test at 192.168.1.119]
> > > > 6(16294) DEBUG: to body [test <sip:test at 192.168.1.119>
> > > > ]
> > > > 6(16294) get_hdr_field: cseq <CSeq>: <170> <REGISTER>
> > > > 6(16294) DEBUG: is_maxfwd_present: value = 70
> > > > 6(16294) DEBUG: add_param: tag=79b50153b98e6976
> > > > 6(16294) end of header reached, state=29
> > > > 6(16294) parse_headers: flags=256
> > > > 6(16294) DEBUG: get_hdr_body : content_length=0
> > > > 6(16294) found end of header
> > > > 6(16294) find_first_route(): No Route headers found
> > > > 6(16294) loose_route(): There is no Route HF
> > > > 6(16294) check_nonce(): comparing
> > > > [414c90ab7f933a6b3c06a4bbbca22ce39fbf8012] and
> > > > [414c90ab7f933a6b3c06a4bbbca22ce39fbf8012]
> > > > 10(16299) MSILO:clean_silo: cleaning stored messages - 20
> > > >
> > > > _______________________________________________
> > > > Serusers mailing list
> > > > serusers at lists.iptel.org
> > > > http://lists.iptel.org/mailman/listinfo/serusers
> > >
> >
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers




More information about the Serusers mailing list