I have also compiled "avp_radius" module and load it in openser.cfg. Nothing changed.
Sip Client IP: 192.168.1.2 OpenSER: 192.168.1.5 Radius Server: 192.168.1.3
Here is the openser debug log: ------------------------------------ [root@localhost openser]# 6(2884) SIP Request: 6(2884) method: <REGISTER> 6(2884) uri: sip:192.168.1.5 6(2884) version: <SIP/2.0> 6(2884) parse_headers: flags=2 6(2884) DEBUG:parse_to:end of header reached, state=9 6(2884) DEBUG: get_hdr_field: <To> [36]; uri=[sip:arda@192.168.1.5] 6(2884) DEBUG: to body [arda_eyebeamsip:arda@192.168.1.5 ] 6(2884) Found param type 232, <branch> = <z9hG4bK-d87543-622802375-1--d87543->; state=6 6(2884) Found param type 235, <rport> = <n/a>; state=17 6(2884) end of header reached, state=5 6(2884) parse_headers: Via found, flags=2 6(2884) parse_headers: this is the first via 6(2884) After parse_msg... 6(2884) preparing to run routing scripts... 6(2884) parse_headers: flags=100 6(2884) get_hdr_field: cseq <CSeq>: <1> <REGISTER> 6(2884) DEBUG:maxfwd:is_maxfwd_present: value = 70 6(2884) parse_headers: flags=200 6(2884) DEBUG: get_hdr_body : content_length=0 6(2884) found end of header 6(2884) find_first_route: No Route headers found 6(2884) loose_route: There is no Route HF 6(2884) grep_sock_info - checking if host==us: 11==9 && [192.168.1.5] == [127.0.0.1] 6(2884) grep_sock_info - checking if port 5060 matches port 5060 6(2884) grep_sock_info - checking if host==us: 11==11 && [192.168.1.5] == [192.168.1.5] 6(2884) grep_sock_info - checking if port 5060 matches port 5060 6(2884) grep_sock_info - checking if host==us: 11==9 && [192.168.1.5] == [127.0.0.1] 6(2884) grep_sock_info - checking if port 5060 matches port 5060 6(2884) grep_sock_info - checking if host==us: 11==11 && [192.168.1.5] == [192.168.1.5] 6(2884) grep_sock_info - checking if port 5060 matches port 5060 6(2884) parse_headers: flags=2000 6(2884) pre_auth(): Credentials with given realm not found 6(2884) REGISTER: challenging user2 6(2884) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.5", nonce="438222d8c7aac499351c46bad60c32a2c03eb751" ' 6(2884) parse_headers: flags=ffffffffffffffff 6(2884) check_via_address(192.168.1.2, 192.168.1.2, 0) 6(2884) DEBUG:destroy_avp_list: destroying list (nil) 6(2884) receive_msg: cleaning up 6(2884) SIP Request: 6(2884) method: <REGISTER> 6(2884) uri: sip:192.168.1.5 6(2884) version: <SIP/2.0> 6(2884) parse_headers: flags=2 6(2884) DEBUG:parse_to:end of header reached, state=9 6(2884) DEBUG: get_hdr_field: <To> [36]; uri=[sip:arda@192.168.1.5] 6(2884) DEBUG: to body [arda_eyebeamsip:arda@192.168.1.5 ] 6(2884) Found param type 232, <branch> = <z9hG4bK-d87543-907902613-1--d87543->; state=6 6(2884) Found param type 235, <rport> = <n/a>; state=17 6(2884) end of header reached, state=5 6(2884) parse_headers: Via found, flags=2 6(2884) parse_headers: this is the first via 6(2884) After parse_msg... 6(2884) preparing to run routing scripts... 6(2884) parse_headers: flags=100 6(2884) get_hdr_field: cseq <CSeq>: <2> <REGISTER> 6(2884) DEBUG:maxfwd:is_maxfwd_present: value = 70 6(2884) parse_headers: flags=200 6(2884) DEBUG: get_hdr_body : content_length=0 6(2884) found end of header 6(2884) find_first_route: No Route headers found 6(2884) loose_route: There is no Route HF 6(2884) grep_sock_info - checking if host==us: 11==9 && [192.168.1.5] == [127.0.0.1] 6(2884) grep_sock_info - checking if port 5060 matches port 5060 6(2884) grep_sock_info - checking if host==us: 11==11 && [192.168.1.5] == [192.168.1.5] 6(2884) grep_sock_info - checking if port 5060 matches port 5060 6(2884) grep_sock_info - checking if host==us: 11==9 && [192.168.1.5] == [127.0.0.1] 6(2884) grep_sock_info - checking if port 5060 matches port 5060 6(2884) grep_sock_info - checking if host==us: 11==11 && [192.168.1.5] == [192.168.1.5] 6(2884) grep_sock_info - checking if port 5060 matches port 5060 6(2884) check_nonce(): comparing [438222d8c7aac499351c46bad60c32a2c03eb751] and [438222d8c7aac499351c46bad60c32a2c03eb751] 6(2884) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed 6(2884) REGISTER: challenging user2 6(2884) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.5", nonce="438222d8c7aac499351c46bad60c32a2c03eb751" ' 6(2884) parse_headers: flags=ffffffffffffffff 6(2884) check_via_address(192.168.1.2, 192.168.1.2, 0) 6(2884) DEBUG:destroy_avp_list: destroying list (nil) 6(2884) receive_msg: cleaning up -------------------------------------------
As I see in the sterman.c source rc_auth fails:
/* Send request */ if ((i = rc_auth(rh, SIP_PORT, send, &received, msg)) == OK_RC) { DBG("DEBUG:auth_radius:radius_authorize_sterman: Success\n"); rc_avpair_free(send); send = 0;
generate_avps(received);
rc_avpair_free(received); return 1; } else { LOG(L_ERR,"ERROR:auth_radius:radius_authorize_sterman: " "rc_auth failed\n"); goto err; }
Any opinion?
Thanks in advance
Arda
----- Original Message ----- From: "Bogdan-Andrei Iancu" bogdan@voice-system.ro To: "Arda Tekin" arda@nicivr.com Cc: users@openser.org Sent: Friday, November 25, 2005 5:00 PM Subject: Re: [Users] How can I send radius authentication packet with openser
Hi Arda,
you need to use auth_radius for this purpose. See: http://www.openser.org/docs/modules/1.1.x/auth_radius.html
regards, bogdan
Arda Tekin wrote:
Hi, I have installed openser, mysql, radiusclient-ng-0.5.2 successfully on REL3.0. openser works well with mysql. I need to send a radius authentication packet to a radius server(according to RFC2865). Packet contains base params:
User-name (attr.1) $Username
Password (attr.2) $Password
NAS-Identifier (attr.4) (auto-generated)
NAS-Port (attr.5) $uref
State (attr.24) 0
Client-Port-DNIS (attr.30) NONE
Caller-Id (attr.31) $calling
I can not find a clear sample about radius. Which module is used for this purpose? Regards Arda
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users