if (!lookup("location")) {
                         # sl_send_reply("404", "Not Found");
                         log(1,"unable to locate user");
                         route(4);
                         break;
                 };

Try to change your users file according to the radius howto:

joe@iptel.org Auth-Type := Digest, User-Password == "heslo"
     Reply-Message = "Authenticated",
     Sip-Rpid = "1234"

       Jan.

On 21-03 16:15, Rafael J. Risco G.V. wrote:
  

Hi,
I´ve configured freeradius and SER according to the Radius HOW TO
document, Accounting works very well but now I am doing some tests
trying to do user authentication however all the authentication
requests coming to the freeradius fails and X-lite sipphone is
receiving an Unauthorized message from SER, please some advice,

thanks
rafael

PS: config files...

in /usr/local/etc/raddb/users :
---------
test      Auth-Type := Digest, User-Password == "test"
           Reply-Message = "Hello, test with digest"

6609876    Auth-Type := Digest
                User-Password := "9876",
                Digest-Response = "lalalalala",
                Reply-Message = "Hello, ibm1"

6604321    Auth-Type := Digest
                User-Password := "4321",
                Digest-Response = "lalalalala",
                Reply-Message = "Hello, ibm2"

---------
Some relevant data in ser.cfg:
...
modparam("group_radius", "use_domain", 0)
....

        if (uri==myself) {

                if (method=="REGISTER") {

	# Uncomment this if you want to use digest authentication
                        if (!radius_www_authorize("")) {
                                www_challenge("", "1");
                                break;
                        };

                        if (!save("location")) {
                                sl_reply_error();
                        };
                        break;
                };

                lookup("aliases");
                if (!uri==myself) {
                        append_hf("P-hint: outbound alias\r\n");
                        route(1);
                        break;
                };

                # does the user wish redirection on no availability?
(i.e., is he
                # in the voicemail group?) -- determine it now and store it in
                # flag 4, before we rewrite the flag using UsrLoc

                if (radius_is_user_in("Request-URI", "voicemail")) {
                        log(1, "requested user is in voicemail group");
                        setflag(4);
                };

                # native SIP destinations are handled using our USRLOC DB
                if (!lookup("location")) {
                        # sl_send_reply("404", "Not Found");
                        log(1,"unable to locate user");
                        route(4);
                        break;
                };

        }; # End of "if(uri==myself)"
....


------------------RADIUSD -X Output ---------------------------:

rad_recv: Access-Request packet from host 127.0.0.1:33187, id=79, length=311
        User-Name = "6604321@10.0.1.22"
        Digest-Attributes = 0x0a0936363034333231
        Digest-Attributes = 0x010b31302e302e312e3232
        Digest-Attributes =
0x022a34323366333163373062336631643261643330383833633238303434316632663133643136613830
        Digest-Attributes = 0x040f7369703a31302e302e312e3232
        Digest-Attributes = 0x030a5245474953544552
        Digest-Attributes = 0x050661757468
        Digest-Attributes = 0x090a3030303030303162
        Digest-Attributes =
0x08224433343132424232394131453131443939334232303035304241373836433642
        Digest-Response = "a6a7812ac0331324f977453c228da2ed"
        Service-Type = IAPP-Register
        Sip-URI-User = "6604321"
        Cisco-AVPair = "call-id=D3412ADB9A1E11D993B20050BA786C6B@10.0.1.22"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 5060
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
  modcall[authorize]: module "preprocess" returns ok for request 8
  modcall[authorize]: module "chap" returns noop for request 8
  modcall[authorize]: module "mschap" returns noop for request 8
    rlm_digest: Converting Digest-Attributes to something sane...
        Digest-User-Name = "6604321"
        Digest-Realm = "10.0.1.22"
        Digest-Nonce = "423f31c70b3f1d2ad30883c280441f2f13d16a80"
        Digest-URI = "sip:10.0.1.22"
        Digest-Method = "REGISTER"
        Digest-QOP = "auth"
        Digest-Nonce-Count = "0000001b"
        Digest-CNonce = "D3412BB29A1E11D993B20050BA786C6B"
rlm_digest: Adding Auth-Type = DIGEST
  modcall[authorize]: module "digest" returns ok for request 8
    rlm_realm: Looking up realm "10.0.1.22" for User-Name = "6604321@10.0.1.22"
    rlm_realm: No such realm "10.0.1.22"
  modcall[authorize]: module "suffix" returns noop for request 8
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 8
    users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok for request 8
modcall: group authorize returns ok for request 8
  rad_check_password:  Found Auth-Type DIGEST
auth: type "digest"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_digest: Configuration item "User-Password" is required for authentication.
  modcall[authenticate]: module "digest" returns invalid for request 8
modcall: group authenticate returns invalid for request 8
auth: Failed to validate the user.
Delaying request 8 for 1 seconds
Finished request 8
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:33188, id=80, length=311
        User-Name = "6609876@10.0.1.22"
        Digest-Attributes = 0x0a0936363039383736
        Digest-Attributes = 0x010b31302e302e312e3232
        Digest-Attributes =
0x022a34323366333163373062336631643261643330383833633238303434316632663133643136613830
        Digest-Attributes = 0x040f7369703a31302e302e312e3232
        Digest-Attributes = 0x030a5245474953544552
        Digest-Attributes = 0x050661757468
        Digest-Attributes = 0x090a3030303030303163
        Digest-Attributes =
0x08224433343132424235394131453131443939334232303035304241373836433642
        Digest-Response = "50fa695654b20e2eec54a1003fe15d9f"
        Service-Type = IAPP-Register
        Sip-URI-User = "6609876"
        Cisco-AVPair = "call-id=D3412ADE9A1E11D993B20050BA786C6B@10.0.1.22"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 5060
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
  modcall[authorize]: module "preprocess" returns ok for request 9
  modcall[authorize]: module "chap" returns noop for request 9
  modcall[authorize]: module "mschap" returns noop for request 9
    rlm_digest: Converting Digest-Attributes to something sane...
        Digest-User-Name = "6609876"
        Digest-Realm = "10.0.1.22"
        Digest-Nonce = "423f31c70b3f1d2ad30883c280441f2f13d16a80"
        Digest-URI = "sip:10.0.1.22"
        Digest-Method = "REGISTER"
        Digest-QOP = "auth"
        Digest-Nonce-Count = "0000001c"
        Digest-CNonce = "D3412BB59A1E11D993B20050BA786C6B"
rlm_digest: Adding Auth-Type = DIGEST
  modcall[authorize]: module "digest" returns ok for request 9
    rlm_realm: Looking up realm "10.0.1.22" for User-Name = "6609876@10.0.1.22"
    rlm_realm: No such realm "10.0.1.22"
  modcall[authorize]: module "suffix" returns noop for request 9
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 9
    users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok for request 9
modcall: group authorize returns ok for request 9
  rad_check_password:  Found Auth-Type DIGEST
auth: type "digest"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_digest: Configuration item "User-Password" is required for authentication.
  modcall[authenticate]: module "digest" returns invalid for request 9
modcall: group authenticate returns invalid for request 9
auth: Failed to validate the user.
Delaying request 9 for 1 seconds
Finished request 9
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 79 to 127.0.0.1:33187
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:33189, id=81, length=311
        User-Name = "6609876@10.0.1.22"
        Digest-Attributes = 0x0a0936363039383736
        Digest-Attributes = 0x010b31302e302e312e3232
        Digest-Attributes =
0x022a34323366333163373062336631643261643330383833633238303434316632663133643136613830
        Digest-Attributes = 0x040f7369703a31302e302e312e3232
        Digest-Attributes = 0x030a5245474953544552
        Digest-Attributes = 0x050661757468
        Digest-Attributes = 0x090a3030303030303163
        Digest-Attributes =
0x08224433343132424236394131453131443939334232303035304241373836433642
        Digest-Response = "e4f68760f2b3eed0ad45942b32542c92"
        Service-Type = IAPP-Register
        Sip-URI-User = "6609876"
        Cisco-AVPair = "call-id=D3412ADE9A1E11D993B20050BA786C6B@10.0.1.22"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 5060
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 10
  modcall[authorize]: module "preprocess" returns ok for request 10
  modcall[authorize]: module "chap" returns noop for request 10
  modcall[authorize]: module "mschap" returns noop for request 10
    rlm_digest: Converting Digest-Attributes to something sane...
        Digest-User-Name = "6609876"
        Digest-Realm = "10.0.1.22"
        Digest-Nonce = "423f31c70b3f1d2ad30883c280441f2f13d16a80"
        Digest-URI = "sip:10.0.1.22"
        Digest-Method = "REGISTER"
        Digest-QOP = "auth"
        Digest-Nonce-Count = "0000001c"
        Digest-CNonce = "D3412BB69A1E11D993B20050BA786C6B"
rlm_digest: Adding Auth-Type = DIGEST
  modcall[authorize]: module "digest" returns ok for request 10
    rlm_realm: Looking up realm "10.0.1.22" for User-Name = "6609876@10.0.1.22"
    rlm_realm: No such realm "10.0.1.22"
  modcall[authorize]: module "suffix" returns noop for request 10
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 10
    users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok for request 10
modcall: group authorize returns ok for request 10
  rad_check_password:  Found Auth-Type DIGEST
auth: type "digest"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 10
rlm_digest: Configuration item "User-Password" is required for authentication.
  modcall[authenticate]: module "digest" returns invalid for request 10
modcall: group authenticate returns invalid for request 10
auth: Failed to validate the user.
Delaying request 10 for 1 seconds
Finished request 10
Going to the next request
Sending Access-Reject of id 80 to 127.0.0.1:33188
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 81 to 127.0.0.1:33189
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 8 ID 79 with timestamp 423f309b
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 9 ID 80 with timestamp 423f309c
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 10 ID 81 with timestamp 423f309d
Nothing to do.  Sleeping until we see a request.






-- 

rrgv

_______________________________________________
Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
    

_______________________________________________
Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers