So do I.
I also meet this problem.
radius_is_user_in() is not working correctly. I have
found many ones meet this problem.
Has anyone solved it?
--- Neeraj Gupta <Neeraj.Gupta@Sun.COM>дµÀ:
No, there is no radius request generated under this
scenario.
But the problem goes away when I comment out the
radius_is_user_in section.
I found another email thread on this same topic.
http://osdir.com/ml/voip.openser.user/2005-10/msg00230.html
But in my case, I dont see radius request in radiusd
-X output.
-Neeraj
Bogdan-Andrei Iancu wrote:
Hi Neeraj,
that is quite odd as the "credentials received are
not filled
properly" is generated by the authentication API
(auth module) and has
nothing to do with radius_is_user_in().
when hitting radius_is_user_in(), does the process
get blocked or it
just go through without doing anything? Can you
check with
ngrep/tcpdump if any radius request is sent by
radius_is_user_in()?
regards,
bogdan
Neeraj Gupta wrote:
Thanks Bogdan.
I spent a lot of time yesterday to troubleshoot
my own problem.
Its much better now. Here is the latest.
I found out that the routing script has a section
which was causing
all this.
# check if user is suspended
if(is_method("REGISTER|INVITE|MESSAGE|OPTIONS|SUBSCRIBE"))
{
if (radius_is_user_in("From",
"suspended")) {
sl_send_reply("403", "Forbidden -
suspended");
exit;
};
};
I confirmed that is_method function works fine
but when the call hits
radius_is_user_in, it does not go through
and I see "credentials received are not properly
filled in" on
openser. When I commented out this and other
radius_is_user_in and
re-ran, all is well.
Any clue on whats missing here ?
I am thinking of creating a how-to doc on openser
wiki after
completing my tests.
Thanks,
Neeraj
Sun Microsystems
Bogdan-Andrei Iancu wrote:
Hi Neeraj,
The "pre_auth(): credentials received are not
filled properly" is
generated in multiple cases, like missing
username/realm/nonce, etc.
Check your register request to see if it has all
the required info
in the auth hdr.
Logs in debug=6 are also useful.
regards,
bogdan
Neeraj Gupta wrote:
Hi,
I switched to OpenSER 1.2.1 last week, from ser
0.9.6.
And this is first time I am trying to use
FreeRADIUS 1.1.6 with
OpenSER 1.2.1
I followed instructions on web based on 1.0.1
and made some changes
by hand to adapt to 1.2.1 model.
This was my reference:
www.*openser*.org/docs/*openser*-radius-1.0.x.html
I can start OpenSER, no issues but I am not
able to use SiPP UA.
Openser does not respond back to UA (no
incoming message in
ethereal/wireshark).
Openser reports that "pre_auth(): credentials
received are not
filled properly".
I tried to comment out the avp sections in
openser.cfg.. but Its
not helping.
Please see my logs and configs below. If
someone can send me a
working config file, I will be very thankful.
If more info needed, let me know.
_*# openser -V*_
version: openser 1.2.1-tls (sparc64/solaris)
flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS,
DISABLE_NAGLE,
USE_MCAST, SHM_MEM, SHM_MMAP, PKG_MALLOC,
F_MALLOC,
FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE
262144, MAX_LISTEN
16, MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, select, /dev/poll.
svnrevision: unknown
@(#) $Id: main.c 1827 2007-03-12 15:22:53Z
bogdan_iancu $
main.c compiled on 23:04:19 Jun 26 2007 with
gcc 3.4.6
_*Radius users file*_
# from website examples
### --- avps ---
101@192.168.4.128 Auth-Type := Accept,
Service-Type ==
"SIP-Callee-AVPs"
Sip-Avp += "#3#1",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Fri"
102@192.168.4.128 Auth-Type := Accept,
Service-Type ==
"SIP-Callee-AVPs"
Sip-Avp += "#3#1",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Fri"
DEFAULT Auth-Type := Accept, Service-Type ==
"SIP-Callee-AVPs"
### --- group checking ---
### --- user 101 ---
101@192.168.4.128 Auth-Type := Accept,
Sip-Group == "voip",
Service-Type == "Group-Check"
Reply-Message = "Authorized"
101@192.168.4.128 Auth-Type := Accept,
Sip-Group == "pstn",
Service-Type == "Group-Check"
Reply-Message = "Authorized"
### --- user 102 ---
102@192.168.4.128 Auth-Type := Accept,
Sip-Group == "voip",
Service-Type == "Group-Check"
Reply-Message = "Authorized"
DEFAULT Auth-Type := Reject, Service-Type ==
"Group-Check"
### --- user authentication ---
101@192.168.4.128 Auth-Type := Digest,
User-Password == "101"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:101",
Sip-Avp += "#2:192.168.4.101",
Sip-Avp += "#2:192.168.4.100"
102@192.168.4.128 Auth-Type := Digest,
User-Password == "102"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:102",
Sip-Avp += "#2:192.168.4.101"
# test user
test Auth-Type := Digest, User-Password ==
"test"
Reply-Message = "Hello, test with
digest"
=== message truncated ===
___________________________________________________________
ÑÅ»¢Ãâ·ÑÓÊÏä3.5GÈÝÁ¿£¬20M¸½¼þ£¡
http://cn.mail.yahoo.com/