RE: [Serusers] Problem authorizing with radius

Hello. Mmmhh, are you sure you modified the de www_challenge for the proxy_challenge in the ser.cfg file?. I use RADIATOR as my Radius Server so i'm not very familiarized with freeRadius. But for the debug it seems to be an error maybe with the configuration from the Radius Server? For example , is normal this : Invalid operator for item Suffix: reverting to '==' ? Maybe somone that uses freeRadius could give you more details. To accounting i use Radiator but working together with an Oracle Database, i use the Start and Stop message from SER to bill the call. Regards, Ricardo Martinez.- -----Mensaje original----- De: Naresh Parmar [mailto:naresh_parmar14@yahoo.com] Enviado el: Miércoles, 20 de Julio de 2005 13:09 Para: Ricardo Martinez; serusers(a)lists.iptel.org Asunto: RE: [Serusers] Problem authorizing with radius Hi Ricardo, Tried it. It still gives me the same error. Please let me know the version of the radius server you are using.?? Also can you please let me know wht did u do to make the accounting work...?? Best Regards, Naresh Ricardo Martinez &lt;rmartinez(a)redvoiss.net&gt; wrote: Hello Naresh. I guess there is an error in the way you call the authorization for the INVITE. As far as i know for the REGISTER message (authentication) you need the statement : radius_www_authorize But for the INVITE you need to call "radius_proxy_authorize". This is what i have in my ser.cfg if (method=="INVITE") { if (!radius_proxy_authorize("")) { proxy_challenge("","1"); break; }; }; maybe you can try this and tell me how it works. Good luck Ricardo Martinez.- -----Mensaje original----- De: Naresh Parmar [mailto:naresh_parmar14@yahoo.com] Enviado el: Miércoles, 20 de Julio de 2005 12:10 Para: Ricardo Martinez; serusers(a)lists.iptel.org Asunto: RE: [Serusers] Problem authorizing with radius Hi Ricardo, We are using freeradius server 0.9.1 and SER 0.9.3. The version of radius client is radiusclient-ng-0.5.1. The users file in the radius server looks like as below: test(a)sip2.zone <mailto:test@sip2.zone> Auth-Type := Digest, User-Password == "cisco1234" Reply-Message = "Authenticated", Sip-Rpid = "1970" test(a)sip2.zone <mailto:test@sip2.zone> Auth-Type := Accept Reply-Message = "Authorized", Sip-Group == "ld" The radius authentication and authorization parts in the ser.cfg file are given below: if (uri=~"^sip:9[0-9]*@") { if (method=="INVITE"){ if (!radius_www_authorize("")) { www_challenge("", "1"); break; }else{ if (radius_is_user_in("Credentials", "ld")){ forward(192.168.2.101,5060); break; }else{ break; }; }; }; }; And finally the error is as below: Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "chap" returns noop rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "test" Digest-Realm = "sip2.zone" Digest-Nonce = "42de75b2e9e39194a286e8ccd284646ffa14bcc2" Digest-URI = "sip:94161000@sip2.zone" Digest-Method = "INVITE" Digest-QOP = "auth" Digest-Nonce-Count = "0000000a" Digest-CNonce = "753F926DB8F5415D8D56EE7816410E33" rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok rlm_realm: Looking up realm "sip2.zone" for User-Name = " test(a)sip2.zone <mailto:test@sip2.zone> " rlm_realm: No such realm "sip2.zone" modcall[authorize]: module "suffix" returns noop users: Matched entry test(a)sip2.zone <mailto:test@sip2.zone> at line 226 modcall[authorize]: module "files" returns ok modcall[authorize]: module "mschap" returns noop modcall: group authorize returns ok rad_check_password: Found Auth-Type Digest auth: type "digest" modcall: entering group authenticate A1 = test:sip2.zone:cisco1234 A2 = INVITE:sip:94161000@sip2.zone KD = 53d3b82970bada131a062103f553b8b8:42de75b2e9e39194a286e8ccd284646ffa14bcc2:00 00000a:753F926DB8F5415D8D56EE7816410E33:auth:18227b358ffe96049a3745eeb449fae 2 modcall[authenticate]: module "digest" returns ok modcall: group authenticate returns ok radius_xlat: 'Authenticated' Login OK: [test(a)sip2.zone/&lt;no User-Password attribute>] (from client proxy port 5060) Sending Access-Accept of id 203 to 192.168.2.1:32831 Reply-Message = "Authenticated" Sip-Rpid = "1970" Finished request 6 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.1:32831, id=204, length=53 User-Name = "test" Sip-Group = "ld" Service-Type = Group-Check NAS-IP-Address = 192.168.2.1 NAS-Port = 0 modcall: entering group authorize Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "chap" returns noop rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop modcall[authorize]: module "digest" returns noop rlm_realm: No '@' <mailto:'@'> in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop modcall[authorize]: module "files" returns notfound modcall[authorize]: module "mschap" returns noop modcall: group authorize returns ok auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [test/<no User-Password attribute>] (from client proxy port 0) Delaying request 7 for 1 seconds Finished request 7 Going to the next request Waking up in 6 seconds... As you can see from the above configuration, the authentication works perfect, its only in the authorization where it fails. Also can you please let me know about the accounting configuration?? Thanks a lot.. Naresh Ricardo Martinez &lt;rmartinez(a)redvoiss.net&gt; wrote: Hello Naresh I have authentication, authorization and accounting (AAA) through radius working fine. What radius server are you using?, can you send us more information about the configuration? Cheers, Ricardo.- -----Mensaje original----- De: Naresh Parmar [mailto:naresh_parmar14@yahoo.com] Enviado el: Miércoles, 20 de Julio de 2005 10:37 Para: serusers(a)lists.iptel.org Asunto: [Serusers] Problem authorizing with radius hi friends, I am having problems while authorizing with the radius server. I am using the same configuration as mentioned in the radius-howto. Authentication works perfect as I am able to authenticate using the radius server. However while authorizing against the radius server to make a call I get the following error: auth: No authenticate method (Auth-Type) configuration found for the user request: Rejecting the user auth: Failed to validate the user. Delaying request 2 for 1 seconds Finished request 2 When I authorize against the mysql database, it works fine. Any clue??? Best Regards, Naresh __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _____ Start <http://us.rd.yahoo.com/evt=34442/*http://www.yahoo.com/r/hs> your day with Yahoo! - make it your home page