I am trying to authenticate through radius (info in LDAP database). I am using kamailio 3.1

First of all I would like to clear up an issue: 

As shown the way to do the authentication is done with: 

Code:

if (! radius_www_authorize("uu.net")) { 
                www_challenge("uu.net", "0"); 
                return; 
        } 


Ok, when I installed openser I did it with kamailio "flavour" so it was using the auth_radius module belonging to it. 
Does anyone know which would be the correct way to do the challenge to the user cause is was not working at all. The radius client does not even send it. I got stuck some time till I just decided to load the module from ser modules folder and then freeradius server started to get correctly my requests. Actually I can even see it authenticates them correctly. 

However Openser/Kamailio doesn't seem to see the same and it doesn't saves location. 



Code:


route[AUTH] { 
#!ifdef WITH_AUTH 
# Primeramente comprobamos si pertenece a nuestro dominio; si no ya no hace falta comprobar credenciales. 
        if (uri==myself) 
        { 
                if (is_method("REGISTER")) 
                { 
                        xlog("L_NOTICE","KAM-INFO: r[AUTH] - REGISTER - User info: ($fu):($si)>\n"); 
                        if (!radius_www_authorize("i2cat.net")){ 
                                route(RADIUS); 
                                #www_challenge("i2cat.net","0"); 
                                exit; 
                        } 
                } 

                if ($au!=$tU) 
                { 
                        sl_send_reply("403","Forbidden auth ID"); 
                        exit; 
                } 
        } else { 

#!ifdef WITH_IPAUTH 
                if(allow_source_address()) 
                { 
                        # source IP allowed 
                        return; 
                } 
#!endif 

                # authenticate if from local subscriber 
                if (from_uri==myself) 
                { 
                        if (!proxy_authorize("$fd", "subscriber")) { 
                                proxy_challenge("$fd", "0"); 
                                exit; 
                        } 
                        if (is_method("PUBLISH")) 
                        { 
                                if ($au!=$tU) { 
                                        sl_send_reply("403","Forbidden auth ID"); 
                                        exit; 
                                } 
                        } else { 
                                if ($au!=$fU) { 
                                        sl_send_reply("403","Forbidden auth ID"); 
                                        exit; 
                                } 
                        } 

                        consume_credentials(); 
                        # caller authenticated 
                } else { 
                        # caller is not local subscriber, then check if it calls 
                        # a local destination, otherwise deny, not an open relay here 
                        if (!uri==myself) 
                        { 
                                sl_send_reply("403","Not relaying"); 
                                exit; 
                        } 
                } 
        } 
#!endif 
        return; 
}                                                                              


Before doing the challenge then it just goes throught: 

Code:


route[RADIUS] 


   sl_send_reply("100", "Trying"); 
   append_to_reply("Expires: 600\r\n"); 
   append_to_reply("Min-Expires: 240\r\n"); 

   xlog("L_NOTICE","KAM-INFO: RADIUS AUTHENTICATION - AUTHORIZING USER $fU - <$fu>:<$si>\n"); 

   xlog("L_NOTICE","KAM-INFO: CHALLENGING. - RETCODE-> $rc \n"); 
   www_challenge("i2cat.net", "0"); 
   switch($rc){ 
         case -5: 
            xlog("L_INFO", "-> 500: internal server error"); 
            sl_send_reply("500", "Internal Server Error"); 
         case -4: 
            xlog("L_INFO", "-> 404: credentials not found"); 
            sl_send_reply("404", "Credentials Not Found");  
         case -3: 
            xlog("L_INFO", "-> 400: bad request - stale nonce"); 
            sl_send_reply("400", "Bad Request"); 
         case -2: 
            xlog("L_INFO", "-> 401: invalid password"); 
            sl_send_reply("401", "Invalid Password"); 
         case -1: 
            xlog("L_INFO", "-> 401: invalid user"); 
            sl_send_reply("401", "Invalid User"); 
         default: 
            xlog("L_INFO", "-> 401: unauthorized"); 
            sl_send_reply("401", "Unauthorized"); 
         } 



Buuuuuuuuuuuuut... I got that in the debug of Kamailio: 


Code:
 4(31099) DEBUG: auth [api.c:95]: auth: digest-algo: MD5 parsed value: 1 
 4(31099) DEBUG: auth_radius [sterman.c:271]: radius_authorize_sterman(): Success 
 4(31099) WARNING: auth_radius [authorize.c:89]: RADIUS server did not send SER-UID attribute in digest authentication reply 
 4(31099) DEBUG: auth [challenge.c:102]: build_challenge_hf: realm='i2cat.net
 4(31099) DEBUG: auth [challenge.c:113]: build_challenge_hf: qop='auth' 
 4(31099) DEBUG: auth [challenge.c:236]: auth: 'WWW-Authenticate: Digest realm="i2cat.net", nonce="TWZJLk1mSAKFVzL0b+dVPzkuyyAnZHQs", qop="auth" 


I guess it has something to do with this SER-UID attribute and thus something about the dictonary? It is weird seeing that the radius server says 'ok' but then openser is not authenticating it. 

I need some clues! Thank you!.

--
Pablo Ros