[Serusers] Radius Authentication help

AJ Grinnell ajgrinnell at gmail.com
Tue Sep 21 21:33:48 UTC 2004


Anyone have any ideas on this?


On Mon, 20 Sep 2004 15:28:56 -0400, AJ Grinnell <ajgrinnell at gmail.com> wrote:
> Here is the confg part that I am using for authentication.
> 
>     # (in case, it does not work, use the following command
>         # with proper names and addresses in it)
>         if (uri==myself) {
> 
>                 if (method=="REGISTER") {
> 
> # Uncomment this if you want to use digest authentication
>                         if (!radius_www_authorize('192.168.1.119')) {
>                                 www_challenge('192.168.1.119', "1");
>                         };
> 
>                         save("location");
>                         break;
>                 };
> 
> Using Ethereal, I am getting SIP response 401 Unauthorized with the
> current config, and 407 Proxy Authentication Required when using
> radius_proxy_authorize. Here is the log from using the above config...
> 
> 8(26234) check_via_address(192.168.1.122, 192.168.1.122, 0)
>  8(26234) DEBUG:destroy_avp_list: destroing list (nil)
>  8(26234) receive_msg: cleaning up
>  8(26234) SIP Request:
>  8(26234)  method:  <REGISTER>
>  8(26234)  uri:     <sip:192.168.1.119>
>  8(26234)  version: <SIP/2.0>
>  8(26234) parse_headers: flags=1
>  8(26234) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16
>  8(26234) end of header reached, state=5
>  8(26234) parse_headers: Via found, flags=1
>  8(26234) parse_headers: this is the first via
>  8(26234) After parse_msg...
>  8(26234) preparing to run routing scripts...
>  8(26234) DEBUG : is_maxfwd_present: searching for max_forwards header
>  8(26234) parse_headers: flags=128
>  8(26234) end of header reached, state=9
>  8(26234) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test at 192.168.1.119]
>  8(26234) DEBUG: to body [test <sip:test at 192.168.1.119>
> ]
>  8(26234) get_hdr_field: cseq <CSeq>: <222> <REGISTER>
>  8(26234) DEBUG: is_maxfwd_present: value = 70
>  8(26234) DEBUG: add_param: tag=b6d95f3126a0bea
>  8(26234) end of header reached, state=29
>  8(26234) parse_headers: flags=256
>  8(26234) DEBUG: get_hdr_body : content_length=0
>  8(26234) found end of header
>  8(26234) find_first_route(): No Route headers found
>  8(26234) loose_route(): There is no Route HF
>  8(26234) check_self - checking if host==us: 13==9 &&  [192.168.1.119]
> == [127.0.0.1]
>  8(26234) check_self - checking if port 5060 matches port 5060
>  8(26234) check_self - checking if host==us: 13==13 &&
> [192.168.1.119] == [192.168.1.119]
>  8(26234) check_self - checking if port 5060 matches port 5060
>  8(26234) check_nonce(): comparing
> [414f2f30f649651c070ccbebd1e0fa25d84f8844] and
> [414f2f30f649651c070ccbebd1e0fa25d84f8844]
>  7(26233) res: 1
>  7(26233) radius_authorize_sterman(): Failure
>  7(26233) build_auth_hf(): 'WWW-Authenticate: Digest
> realm="192.168.1.119",
> nonce="414f303e9ba6002a4a6a52ef0193f6e4a78a9724", qop="auth"
> '
>  7(26233) parse_headers: flags=-1
>  7(26233) check_via_address(192.168.1.122, 192.168.1.122, 0)
>  7(26233) DEBUG:destroy_avp_list: destroing list (nil)
>  7(26233) receive_msg: cleaning up
>  7(26233) SIP Request:
>  7(26233)  method:  <REGISTER>
>  7(26233)  uri:     <sip:192.168.1.119>
>  7(26233)  version: <SIP/2.0>
>  7(26233) parse_headers: flags=1
>  7(26233) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16
>  7(26233) end of header reached, state=5
>  7(26233) parse_headers: Via found, flags=1
>  7(26233) parse_headers: this is the first via
>  7(26233) After parse_msg...
>  7(26233) preparing to run routing scripts...
>  7(26233) DEBUG : is_maxfwd_present: searching for max_forwards header
>  7(26233) parse_headers: flags=128
>  7(26233) end of header reached, state=9
>  7(26233) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test at 192.168.1.119]
>  7(26233) DEBUG: to body [test <sip:test at 192.168.1.119>
> ]
>  7(26233) get_hdr_field: cseq <CSeq>: <222> <REGISTER>
>  7(26233) DEBUG: is_maxfwd_present: value = 70
>  7(26233) DEBUG: add_param: tag=b6d95f3126a0bea
>  7(26233) end of header reached, state=29
>  7(26233) parse_headers: flags=256
>  7(26233) DEBUG: get_hdr_body : content_length=0
>  7(26233) found end of header
>  7(26233) find_first_route(): No Route headers found
>  7(26233) loose_route(): There is no Route HF
>  7(26233) check_self - checking if host==us: 13==9 &&  [192.168.1.119]
> == [127.0.0.1]
>  7(26233) check_self - checking if port 5060 matches port 5060
>  7(26233) check_self - checking if host==us: 13==13 &&
> [192.168.1.119] == [192.168.1.119]
>  7(26233) check_self - checking if port 5060 matches port 5060
>  7(26233) check_nonce(): comparing
> [414f2f30f649651c070ccbebd1e0fa25d84f8844] and
> [414f2f30f649651c070ccbebd1e0fa25d84f8844]
>  5(26231) res: 1
>  5(26231) radius_authorize_sterman(): Failure
>  5(26231) build_auth_hf(): 'WWW-Authenticate: Digest
> realm="192.168.1.119",
> nonce="414f303fbc908446eba362c1478e67eb0c4d8ea1", qop="auth"
> '
>  5(26231) parse_headers: flags=-1
>  5(26231) check_via_address(192.168.1.122, 192.168.1.122, 0)
>  5(26231) DEBUG:destroy_avp_list: destroing list (nil)
>  5(26231) receive_msg: cleaning up
>  5(26231) SIP Request:
>  5(26231)  method:  <REGISTER>
>  5(26231)  uri:     <sip:192.168.1.119>
>  5(26231)  version: <SIP/2.0>
>  5(26231) parse_headers: flags=1
>  5(26231) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16
>  5(26231) end of header reached, state=5
>  5(26231) parse_headers: Via found, flags=1
>  5(26231) parse_headers: this is the first via
>  5(26231) After parse_msg...
>  5(26231) preparing to run routing scripts...
>  5(26231) DEBUG : is_maxfwd_present: searching for max_forwards header
>  5(26231) parse_headers: flags=128
>  5(26231) end of header reached, state=9
>  5(26231) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test at 192.168.1.119]
>  5(26231) DEBUG: to body [test <sip:test at 192.168.1.119>
> ]
>  5(26231) get_hdr_field: cseq <CSeq>: <222> <REGISTER>
>  5(26231) DEBUG: is_maxfwd_present: value = 70
>  5(26231) DEBUG: add_param: tag=b6d95f3126a0bea
>  5(26231) end of header reached, state=29
>  5(26231) parse_headers: flags=256
>  5(26231) DEBUG: get_hdr_body : content_length=0
>  5(26231) found end of header
>  5(26231) find_first_route(): No Route headers found
>  5(26231) loose_route(): There is no Route HF
>  5(26231) check_self - checking if host==us: 13==9 &&  [192.168.1.119]
> == [127.0.0.1]
>  5(26231) check_self - checking if port 5060 matches port 5060
>  5(26231) check_self - checking if host==us: 13==13 &&
> [192.168.1.119] == [192.168.1.119]
>  5(26231) check_self - checking if port 5060 matches port 5060
>  5(26231) check_nonce(): comparing
> [414f2f30f649651c070ccbebd1e0fa25d84f8844] and
> [414f2f30f649651c070ccbebd1e0fa25d84f8844]
> 10(26236) MSILO:clean_silo: cleaning stored messages - 280
>  6(26232) res: 1
>  6(26232) radius_authorize_sterman(): Failure
>  6(26232) build_auth_hf(): 'WWW-Authenticate: Digest
> realm="192.168.1.119",
> nonce="414f3041a86f22554568df6d3889f6c6d1b005a0", qop="auth"
> '
>  6(26232) parse_headers: flags=-1
>  6(26232) check_via_address(192.168.1.122, 192.168.1.122, 0)
>  6(26232) DEBUG:destroy_avp_list: destroing list (nil)
>  6(26232) receive_msg: cleaning up
>  6(26232) SIP Request:
>  6(26232)  method:  <REGISTER>
>  6(26232)  uri:     <sip:192.168.1.119>
>  6(26232)  version: <SIP/2.0>
>  6(26232) parse_headers: flags=1
>  6(26232) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16
>  6(26232) end of header reached, state=5
>  6(26232) parse_headers: Via found, flags=1
>  6(26232) parse_headers: this is the first via
>  6(26232) After parse_msg...
>  6(26232) preparing to run routing scripts...
>  6(26232) DEBUG : is_maxfwd_present: searching for max_forwards header
>  6(26232) parse_headers: flags=128
>  6(26232) end of header reached, state=9
>  6(26232) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test at 192.168.1.119]
>  6(26232) DEBUG: to body [test <sip:test at 192.168.1.119>
> ]
>  6(26232) get_hdr_field: cseq <CSeq>: <222> <REGISTER>
>  6(26232) DEBUG: is_maxfwd_present: value = 70
>  6(26232) DEBUG: add_param: tag=b6d95f3126a0bea
>  6(26232) end of header reached, state=29
>  6(26232) parse_headers: flags=256
>  6(26232) DEBUG: get_hdr_body : content_length=0
>  6(26232) found end of header
>  6(26232) find_first_route(): No Route headers found
>  6(26232) loose_route(): There is no Route HF
>  6(26232) check_self - checking if host==us: 13==9 &&  [192.168.1.119]
> == [127.0.0.1]
>  6(26232) check_self - checking if port 5060 matches port 5060
>  6(26232) check_self - checking if host==us: 13==13 &&
> [192.168.1.119] == [192.168.1.119]
>  6(26232) check_self - checking if port 5060 matches port 5060
>  6(26232) check_nonce(): comparing
> [414f2f30f649651c070ccbebd1e0fa25d84f8844] and
> [414f2f30f649651c070ccbebd1e0fa25d84f8844]
> 10(26236) MSILO:clean_silo: cleaning stored messages - 300
> 10(26236) MSILO:clean_silo: cleaning expired messages
> 10(26236) MSILO:clean_silo: cleaning stored messages - 320
> ./serctl stop
> 
> Thank you for your help
> 
> 
> On Mon, 20 Sep 2004 20:16:14 +0200, Jan Janak <jan at iptel.org> wrote:
> > Please send me the full log of ser, there are missing some lines in the
> 
> 
> > log below. SIP messages would be good as well.
> >
> >  Jan.
> >
>




More information about the Serusers mailing list