Hello List , I have problem with the authentication of users
via Radius. Mentioned below are the logs. Can anyone please give me hint where I
am doing wrong , I did exactly as mentioned in the ser-radius how to.
The logs from Radius are like the mentioned below.
Sip-Uri-User = "211069020"
NAS-Port = 5060
NAS-IP-Address = 127.0.0.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14421
modcall[authorize]: module "preprocess" returns
ok for request 14421
modcall[authorize]: module "chap" returns noop
for request 14421
modcall[authorize]: module "mschap" returns noop
for request 14421
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok
for request 14421
rlm_realm: Looking up realm "xxx.pt" for
User-Name = "211069020@XXX.pt"
rlm_realm: No such realm "xxx.pt"
modcall[authorize]: module "suffix" returns noop
for request 14421
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop
for request 14421
users: Matched entry DEFAULT at line 152
users: Matched entry 211069020@xxx.pt at line 217
modcall[authorize]: module "files" returns ok
for request 14421
modcall: leaving group authorize (returns ok) for request
14421
rad_check_password: Found Auth-Type Digest
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14421
rlm_digest: Converting Digest-Attributes to something
sane...
Digest-User-Name = "211069020"
Digest-Realm = "xxx.pt"
Digest-Nonce =
"453c9377946262d76fceca014a1553f8384db20f"
Digest-URI = "sip:xxx.pt"
Digest-Method = "REGISTER"
Digest-QOP = "auth"
Digest-Nonce-Count = "00000001"
Digest-CNonce = "5640622967614"
A1 = 211069020:xxx.pt:211069020
A2 = REGISTER:sip:xxx.pt
KD =
f7d0e83a9277bd217ba41ac8e070aee4:453c9377946262d76fceca014a1553f8384db20f:00000001:5640622967614:auth:4a210dfe3dc88ca825764f5ea20d8b01
modcall[authenticate]: module "digest" returns
ok for request 14421
modcall: leaving group authenticate (returns ok) for request
14421
radius_xlat: 'Authenticated from Radius'
Sending Access-Accept of id 131 to 127.0.0.1 port 56964
Reply-Message = "Authenticated from
Radius"
Sip-Rpid = "211069020"
Finished request 14421
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:56965,
id=132, length=57
User-Name = "@xxx.pt"
Service-Type = Callback-Administrative
NAS-Port = 0
NAS-IP-Address = 127.0.0.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14422
modcall[authorize]: module "preprocess" returns
ok for request 14422
modcall[authorize]: module "chap" returns noop
for request 14422
modcall[authorize]: module "mschap" returns noop
for request 14422
modcall[authorize]: module "digest" returns noop
for request 14422
rlm_realm: Looking up realm "xxx.pt" for
User-Name = "@xxx.pt"
rlm_realm: No such realm "xxx.pt"
modcall[authorize]: module "suffix" returns noop
for request 14422
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop
for request 14422
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok
for request 14422
modcall: leaving group authorize (returns ok) for request
14422
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14422
rlm_unix: Attribute "User-Password" is required
for authentication.
modcall[authenticate]: module "unix" returns
invalid for request 14422
modcall: leaving group authenticate (returns invalid) for
request 14422
auth: Failed to validate the user.
Delaying request 14422 for 1 seconds
Finished request 14422
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 14421 ID 131 with timestamp 453c9257
Sending Access-Reject of id 132 to 127.0.0.1 port 56965
Cleaning up request 14422 ID 132 with timestamp 453c9257
Nothing to do. Sleeping until we see a request.
And the logs from ser are like the mentioned below.
0(15034) found end of header
0(15034) find_first_route:
0(15034) loose_route: There is no Route HF
0(15034) parse_headers: flags=-1
0(15034) check_via_address(212.13.42.65, 192.168.0.47, 0)
0(15034) parse_headers: flags=64
0(15034) check_nonce(): comparing
[453c93b9459779f9f51440d01f13c9e0db2b2965] an d
[453c93b9459779f9f51440d01f13c9e0db2b2965]
0(15034) radius_authorize_sterman(): Success
0(15034) save_rpid(): rpid value is '211069020'
0(15034) radius_does_uri_exist(): Failure
0(15034) parse_headers: flags=-1
0(15034) check_via_address(212.13.42.65, 192.168.0.47, 0)
0(15034) DEBUG:destroy_avp_list: destroying list 0xf5062350
0(15034) receive_msg: cleaning up
0(15034) SIP Request:
0(15034) method: <OPTIONS>
0(15034) uri: <sip:xxx.pt:5060>
0(15034) version: <SIP/2.0>
0(15034) parse_headers: flags=1
0(15034) Found param type 235, <rport> = <n/a>;
state=6
0(15034) Found param type 232, <branch> =
<z9hG4bKc0a8002f0000000b453c94d700006 3800000fc1b>;
state=16
0(15034) end of header reached, state=5
0(15034) parse_headers: Via found, flags=1
0(15034) parse_headers: this is the first via
0(15034) After parse_msg...
0(15034) preparing to run routing scripts...
0(15034) parse_headers: flags=128
0(15034) DEBUG: get_hdr_body : content_length=0
0(15034) get_hdr_field: cseq <CSeq>: <11858>
<OPTIONS>
0(15034) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(15034) DBG:maxfwd:process_maxfwd_header: value 70
decreased to 16
0(15034) DEBUG: add_param: tag=56414607811795
0(15034) end of header reached, state=29
0(15034) parse_headers: flags=256
0(15034) end of header reached, state=9
0(15034) DEBUG: get_hdr_field: <To> [29]; uri=[sip:xxx.pt:5060]
0(15034) DEBUG: to body [<sip:xxx.pt:5060>
]
0(15034) found end of header
0(15034) find_first_route:
0(15034) loose_route: There is no Route HF
0(15034) lookup(): '' Not found in usrloc
0(15034) lookup(): '' Not found in usrloc
0(15034) parse_headers: flags=-1
0(15034) check_via_address(212.13.42.65, 192.168.0.47, 0)
0(15034) DEBUG:destroy_avp_list: destroying list (nil)
0(15034) receive_msg: cleaning up
The users file in raddb is like this
211069020@xxx.pt Auth-Type := Digest, User-Password ==
"211069020"
Reply-Message = "Authenticated from Radius",
Sip-Rpid = "211069020"
211069020@xxx.pt Sip-Group == "local", Auth-Type
:= Accept
Reply-Message = "Authorized"
"users" 221L,
7200C
I have mentioned dictionary.ser in radius and radiusclient.
Where I am doing wrong can anyone please give a hint.
Thank you very much
Lokesh