Apparently OpenBSD just plain sucks for anything radius related. Having troubles with radiusclient-ng, and rlm_perl on FreeRADIUS. I switched both machines to FreeBSD now everything works without a problem.
On 1/15/07, Daniel Corbe daniel.junkmail@gmail.com wrote:
The 2nd request actually is in the debug output, if you scroll down about half way.
0(19309) check_nonce(): comparing [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e]
The nonce provided by the UA is correct, and when you go a little further down, you see a really strange error message:
0(19309) res: -1 0(19309) radius_authorize_sterman(): Failure
I'm not even sure what that means.
On 1/15/07, Greger V. Teigre greger@teigre.com wrote:
You just sent the debug output for the first message (the one creating the challenge). The next message should contain the credentials, which will be used for radius auth. As far as I remember, by default radiusclient uses localhost to send its radius requests. When the radius server is only listening on a physical interface or remote server, you need to add a directive to radiusclient.conf. I don't remember right now. g-)
Daniel Corbe wrote:
Turned debug to 9, this is what I get
0(19309) SIP Request: 0(19309) method: <REGISTER> 0(19309) uri: sip:192.168.1.109 0(19309) version: <SIP/2.0> 0(19309) parse_headers: flags=1 0(19309) Found param type 235, <rport> = <n/a>; state=6 0(19309) Found param type 232, <branch> = <z9hG4bK3AA0D153A44111DB884A0017F2C52DAE>; state=16 0(19309) end of header reached, state=5 0(19309) parse_headers: Via found, flags=1 0(19309) parse_headers: this is the first via 0(19309) After parse_msg... 0(19309) preparing to run routing scripts... 0(19309) parse_headers: flags=128 0(19309) end of header reached, state=9 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109] 0(19309) DEBUG: to body [1234 sip:admin@192.168.1.109 ] 0(19309) get_hdr_field: cseq <CSeq>: <40142> <REGISTER> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 0(19309) parse_headers: flags=256 0(19309) DEBUG: get_hdr_body : content_length=0 0(19309) found end of header 0(19309) find_first_route: No Route headers found 0(19309) loose_route: There is no Route HF 0(19309) XLOG: xl_print_log: final buffer length 26 0(19309) REGISTER request received 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) parse_headers: flags=64 0(19309) XLOG: xl_print_log: final buffer length 27 0(19309) NATed client, enabling NAT 0(19309) parse_headers: flags=4096 0(19309) pre_auth(): Credentials with given realm not found 0(19309) XLOG: xl_print_log: final buffer length 28 0(19309) No Digest, sending challenge 0(19309) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.109", nonce="45aaa391b970a38171714c791e2feec0b390aeed" ' 0(19309) parse_headers: flags=-1 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0 0(19309) receive_msg: cleaning up 0(19309) SIP Request: 0(19309) method: <REGISTER> 0(19309) uri: sip:192.168.1.109 0(19309) version: <SIP/2.0> 0(19309) parse_headers: flags=1 0(19309) Found param type 235, <rport> = <n/a>; state=6 0(19309) Found param type 232, <branch> = <z9hG4bK3AA5DFEFA44111DB884A0017F2C52DAE>; state=16 0(19309) end of header reached, state=5 0(19309) parse_headers: Via found, flags=1 0(19309) parse_headers: this is the first via 0(19309) After parse_msg... 0(19309) preparing to run routing scripts... 0(19309) parse_headers: flags=128 0(19309) end of header reached, state=9 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109] 0(19309) DEBUG: to body [1234 sip:admin@192.168.1.109 ] 0(19309) get_hdr_field: cseq <CSeq>: <40143> <REGISTER> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 0(19309) parse_headers: flags=256 0(19309) DEBUG: get_hdr_body : content_length=0 0(19309) found end of header 0(19309) find_first_route: No Route headers found 0(19309) loose_route: There is no Route HF 0(19309) XLOG: xl_print_log: final buffer length 26 0(19309) REGISTER request received 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) parse_headers: flags=64 0(19309) XLOG: xl_print_log: final buffer length 27 0(19309) NATed client, enabling NAT 0(19309) check_nonce(): comparing [45aaa391b970a38171714c791e2feec0b390aeed] and [45aaa391b970a38171714c791e2feec0b390aeed] 0(19309) res: -1 0(19309) radius_authorize_sterman(): Failure 0(19309) XLOG: xl_print_log: final buffer length 28 0(19309) No Digest, sending challenge 0(19309) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.109", nonce="45aaa391b970a38171714c791e2feec0b390aeed" ' 0(19309) parse_headers: flags=-1 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0 0(19309) receive_msg: cleaning up 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195 0(19309) SIP Request: 0(19309) method: <REGISTER> 0(19309) uri: sip:192.168.1.109 0(19309) version: <SIP/2.0> 0(19309) parse_headers: flags=1 0(19309) Found param type 235, <rport> = <n/a>; state=6 0(19309) Found param type 232, <branch> = <z9hG4bK46BAEDC8A44111DB884A0017F2C52DAE>; state=16 0(19309) end of header reached, state=5 0(19309) parse_headers: Via found, flags=1 0(19309) parse_headers: this is the first via 0(19309) After parse_msg... 0(19309) preparing to run routing scripts... 0(19309) parse_headers: flags=128 0(19309) end of header reached, state=9 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109] 0(19309) DEBUG: to body [1234 sip:admin@192.168.1.109 ] 0(19309) get_hdr_field: cseq <CSeq>: <40144> <REGISTER> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 0(19309) parse_headers: flags=256 0(19309) DEBUG: get_hdr_body : content_length=0 0(19309) found end of header 0(19309) find_first_route: No Route headers found 0(19309) loose_route: There is no Route HF 0(19309) XLOG: xl_print_log: final buffer length 26 0(19309) REGISTER request received 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) parse_headers: flags=64 0(19309) XLOG: xl_print_log: final buffer length 27 0(19309) NATed client, enabling NAT 0(19309) parse_headers: flags=4096 0(19309) pre_auth(): Credentials with given realm not found 0(19309) XLOG: xl_print_log: final buffer length 28 0(19309) No Digest, sending challenge 0(19309) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.109", nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e" ' 0(19309) parse_headers: flags=-1 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0 0(19309) receive_msg: cleaning up 0(19309) SIP Request: 0(19309) method: <REGISTER> 0(19309) uri: sip:192.168.1.109 0(19309) version: <SIP/2.0> 0(19309) parse_headers: flags=1 0(19309) Found param type 235, <rport> = <n/a>; state=6 0(19309) Found param type 232, <branch> = <z9hG4bK46BF0C4DA44111DB884A0017F2C52DAE>; state=16 0(19309) end of header reached, state=5 0(19309) parse_headers: Via found, flags=1 0(19309) parse_headers: this is the first via 0(19309) After parse_msg... 0(19309) preparing to run routing scripts... 0(19309) parse_headers: flags=128 0(19309) end of header reached, state=9 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109] 0(19309) DEBUG: to body [1234 sip:admin@192.168.1.109 ] 0(19309) get_hdr_field: cseq <CSeq>: <40145> <REGISTER> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 0(19309) parse_headers: flags=256 0(19309) DEBUG: get_hdr_body : content_length=0 0(19309) found end of header 0(19309) find_first_route: No Route headers found 0(19309) loose_route: There is no Route HF 0(19309) XLOG: xl_print_log: final buffer length 26 0(19309) REGISTER request received 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) parse_headers: flags=64 0(19309) XLOG: xl_print_log: final buffer length 27 0(19309) NATed client, enabling NAT 0(19309) check_nonce(): comparing [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] 0(19309) res: -1 0(19309) radius_authorize_sterman(): Failure 0(19309) XLOG: xl_print_log: final buffer length 28 0(19309) No Digest, sending challenge 0(19309) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.109", nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e" ' 0(19309) parse_headers: flags=-1 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0 0(19309) receive_msg: cleaning up 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
On 1/14/07, Daniel Corbe daniel.junkmail@gmail.com wrote:
I cannot get my SER to talk to my RADIUS server, its just blindly 401ing things without ever making contact with RADIUS.
SER config looks like this
if (method == "REGISTER") { if (!radius_www_authorize("")) { www_challenge("", "1"); break; };
save("location");};
radiusclient-ng servers file: 192.168.1.103 heslo
radiusclient.conf: auth_order radius,local login_tries 4 login_timeout 60 authserver 192.168.1.103:1812 acctserver 192.168.1.103:1813 dictionary /usr/local/etc/radiusclient-ng/dictionary
FreeRADIUS clients.conf: client 192.168.1.109 { secret = heslo shortname = proxy1 nastype = other
Not sure what to do!
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers