Try to change your users file according to the radius howto:
joe@iptel.org Auth-Type := Digest, User-Password == "heslo" Reply-Message = "Authenticated", Sip-Rpid = "1234"
Jan.
On 21-03 16:15, Rafael J. Risco G.V. wrote:
Hi, I´ve configured freeradius and SER according to the Radius HOW TO document, Accounting works very well but now I am doing some tests trying to do user authentication however all the authentication requests coming to the freeradius fails and X-lite sipphone is receiving an Unauthorized message from SER, please some advice,
thanks rafael
PS: config files...
in /usr/local/etc/raddb/users :
test Auth-Type := Digest, User-Password == "test" Reply-Message = "Hello, test with digest"
6609876 Auth-Type := Digest User-Password := "9876", Digest-Response = "lalalalala", Reply-Message = "Hello, ibm1"
6604321 Auth-Type := Digest User-Password := "4321", Digest-Response = "lalalalala", Reply-Message = "Hello, ibm2"
Some relevant data in ser.cfg: ... modparam("group_radius", "use_domain", 0) ....
if (uri==myself) { if (method=="REGISTER") {# Uncomment this if you want to use digest authentication if (!radius_www_authorize("")) { www_challenge("", "1"); break; };
if (!save("location")) { sl_reply_error(); }; break; }; lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); break; }; # does the user wish redirection on no availability?(i.e., is he # in the voicemail group?) -- determine it now and store it in # flag 4, before we rewrite the flag using UsrLoc
if (radius_is_user_in("Request-URI", "voicemail")) { log(1, "requested user is in voicemail group"); setflag(4); }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { # sl_send_reply("404", "Not Found"); log(1,"unable to locate user"); route(4); break; }; }; # End of "if(uri==myself)"....
------------------RADIUSD -X Output ---------------------------:
rad_recv: Access-Request packet from host 127.0.0.1:33187, id=79, length=311 User-Name = "6604321@10.0.1.22" Digest-Attributes = 0x0a0936363034333231 Digest-Attributes = 0x010b31302e302e312e3232 Digest-Attributes = 0x022a34323366333163373062336631643261643330383833633238303434316632663133643136613830 Digest-Attributes = 0x040f7369703a31302e302e312e3232 Digest-Attributes = 0x030a5245474953544552 Digest-Attributes = 0x050661757468 Digest-Attributes = 0x090a3030303030303162 Digest-Attributes = 0x08224433343132424232394131453131443939334232303035304241373836433642 Digest-Response = "a6a7812ac0331324f977453c228da2ed" Service-Type = IAPP-Register Sip-URI-User = "6604321" Cisco-AVPair = "call-id=D3412ADB9A1E11D993B20050BA786C6B@10.0.1.22" NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "6604321" Digest-Realm = "10.0.1.22" Digest-Nonce = "423f31c70b3f1d2ad30883c280441f2f13d16a80" Digest-URI = "sip:10.0.1.22" Digest-Method = "REGISTER" Digest-QOP = "auth" Digest-Nonce-Count = "0000001b" Digest-CNonce = "D3412BB29A1E11D993B20050BA786C6B" rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok for request 8 rlm_realm: Looking up realm "10.0.1.22" for User-Name = "6604321@10.0.1.22" rlm_realm: No such realm "10.0.1.22" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 8 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 8 modcall: group authorize returns ok for request 8 rad_check_password: Found Auth-Type DIGEST auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_digest: Configuration item "User-Password" is required for authentication. modcall[authenticate]: module "digest" returns invalid for request 8 modcall: group authenticate returns invalid for request 8 auth: Failed to validate the user. Delaying request 8 for 1 seconds Finished request 8 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 127.0.0.1:33188, id=80, length=311 User-Name = "6609876@10.0.1.22" Digest-Attributes = 0x0a0936363039383736 Digest-Attributes = 0x010b31302e302e312e3232 Digest-Attributes = 0x022a34323366333163373062336631643261643330383833633238303434316632663133643136613830 Digest-Attributes = 0x040f7369703a31302e302e312e3232 Digest-Attributes = 0x030a5245474953544552 Digest-Attributes = 0x050661757468 Digest-Attributes = 0x090a3030303030303163 Digest-Attributes = 0x08224433343132424235394131453131443939334232303035304241373836433642 Digest-Response = "50fa695654b20e2eec54a1003fe15d9f" Service-Type = IAPP-Register Sip-URI-User = "6609876" Cisco-AVPair = "call-id=D3412ADE9A1E11D993B20050BA786C6B@10.0.1.22" NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module "preprocess" returns ok for request 9 modcall[authorize]: module "chap" returns noop for request 9 modcall[authorize]: module "mschap" returns noop for request 9 rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "6609876" Digest-Realm = "10.0.1.22" Digest-Nonce = "423f31c70b3f1d2ad30883c280441f2f13d16a80" Digest-URI = "sip:10.0.1.22" Digest-Method = "REGISTER" Digest-QOP = "auth" Digest-Nonce-Count = "0000001c" Digest-CNonce = "D3412BB59A1E11D993B20050BA786C6B" rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok for request 9 rlm_realm: Looking up realm "10.0.1.22" for User-Name = "6609876@10.0.1.22" rlm_realm: No such realm "10.0.1.22" modcall[authorize]: module "suffix" returns noop for request 9 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 9 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 9 modcall: group authorize returns ok for request 9 rad_check_password: Found Auth-Type DIGEST auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_digest: Configuration item "User-Password" is required for authentication. modcall[authenticate]: module "digest" returns invalid for request 9 modcall: group authenticate returns invalid for request 9 auth: Failed to validate the user. Delaying request 9 for 1 seconds Finished request 9 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 79 to 127.0.0.1:33187 Waking up in 1 seconds... rad_recv: Access-Request packet from host 127.0.0.1:33189, id=81, length=311 User-Name = "6609876@10.0.1.22" Digest-Attributes = 0x0a0936363039383736 Digest-Attributes = 0x010b31302e302e312e3232 Digest-Attributes = 0x022a34323366333163373062336631643261643330383833633238303434316632663133643136613830 Digest-Attributes = 0x040f7369703a31302e302e312e3232 Digest-Attributes = 0x030a5245474953544552 Digest-Attributes = 0x050661757468 Digest-Attributes = 0x090a3030303030303163 Digest-Attributes = 0x08224433343132424236394131453131443939334232303035304241373836433642 Digest-Response = "e4f68760f2b3eed0ad45942b32542c92" Service-Type = IAPP-Register Sip-URI-User = "6609876" Cisco-AVPair = "call-id=D3412ADE9A1E11D993B20050BA786C6B@10.0.1.22" NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 10 modcall[authorize]: module "preprocess" returns ok for request 10 modcall[authorize]: module "chap" returns noop for request 10 modcall[authorize]: module "mschap" returns noop for request 10 rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "6609876" Digest-Realm = "10.0.1.22" Digest-Nonce = "423f31c70b3f1d2ad30883c280441f2f13d16a80" Digest-URI = "sip:10.0.1.22" Digest-Method = "REGISTER" Digest-QOP = "auth" Digest-Nonce-Count = "0000001c" Digest-CNonce = "D3412BB69A1E11D993B20050BA786C6B" rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok for request 10 rlm_realm: Looking up realm "10.0.1.22" for User-Name = "6609876@10.0.1.22" rlm_realm: No such realm "10.0.1.22" modcall[authorize]: module "suffix" returns noop for request 10 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 10 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 10 modcall: group authorize returns ok for request 10 rad_check_password: Found Auth-Type DIGEST auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 10 rlm_digest: Configuration item "User-Password" is required for authentication. modcall[authenticate]: module "digest" returns invalid for request 10 modcall: group authenticate returns invalid for request 10 auth: Failed to validate the user. Delaying request 10 for 1 seconds Finished request 10 Going to the next request Sending Access-Reject of id 80 to 127.0.0.1:33188 Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 81 to 127.0.0.1:33189 Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 8 ID 79 with timestamp 423f309b Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 9 ID 80 with timestamp 423f309c Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 10 ID 81 with timestamp 423f309d Nothing to do. Sleeping until we see a request.
--
rrgv
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers