Re: [Serusers] SER with Radius Authentication

How can I check if a user is registered if I'm using radius authentication and persistent storage without adding users at the usrloc DB?

The following section only works if you have added the users at the usrloc DB if (!lookup("location")) { # sl_send_reply("404", "Not Found"); log(1,"unable to locate user"); route(4); break; }; But If I have my users in the Radius Server DB I'm going to receive the message that "Not Found" when I try to place a call. Regards Alberto Cruz Jan Janak wrote: Try to change your users file according to the radius howto: joe(a)iptel.org Auth-Type := Digest, User-Password == "heslo" Reply-Message = "Authenticated", Sip-Rpid = "1234" Jan. On 21-03 16:15, Rafael J. Risco G.V. wrote: Hi, I´ve configured freeradius and SER according to the Radius HOW TO document, Accounting works very well but now I am doing some tests trying to do user authentication however all the authentication requests coming to the freeradius fails and X-lite sipphone is receiving an Unauthorized message from SER, please some advice, thanks rafael PS: config files... in /usr/local/etc/raddb/users : --------- test Auth-Type := Digest, User-Password == "test" Reply-Message = "Hello, test with digest" 6609876 Auth-Type := Digest User-Password := "9876", Digest-Response = "lalalalala", Reply-Message = "Hello, ibm1" 6604321 Auth-Type := Digest User-Password := "4321", Digest-Response = "lalalalala", Reply-Message = "Hello, ibm2" --------- Some relevant data in ser.cfg: ... modparam("group_radius", "use_domain", 0) .... if (uri==myself) { if (method=="REGISTER") { # Uncomment this if you want to use digest authentication if (!radius_www_authorize("")) { www_challenge("", "1"); break; }; if (!save("location")) { sl_reply_error(); }; break; }; lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); break; }; # does the user wish redirection on no availability? (i.e., is he # in the voicemail group?) -- determine it now and store it in # flag 4, before we rewrite the flag using UsrLoc if (radius_is_user_in("Request-URI", "voicemail")) { log(1, "requested user is in voicemail group"); setflag(4); }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { # sl_send_reply("404", "Not Found"); log(1,"unable to locate user"); route(4); break; }; }; # End of "if(uri==myself)" .... ------------------RADIUSD -X Output ---------------------------: rad_recv: Access-Request packet from host 127.0.0.1:33187, id=79, length=311 User-Name = "6604321(a)10.0.1.22" Digest-Attributes = 0x0a0936363034333231 Digest-Attributes = 0x010b31302e302e312e3232 Digest-Attributes = 0x022a34323366333163373062336631643261643330383833633238303434316632663133643136613830 Digest-Attributes = 0x040f7369703a31302e302e312e3232 Digest-Attributes = 0x030a5245474953544552 Digest-Attributes = 0x050661757468 Digest-Attributes = 0x090a3030303030303162 Digest-Attributes = 0x08224433343132424232394131453131443939334232303035304241373836433642 Digest-Response = "a6a7812ac0331324f977453c228da2ed" Service-Type = IAPP-Register Sip-URI-User = "6604321" Cisco-AVPair = "call-id=D3412ADB9A1E11D993B20050BA786C6B(a)10.0.1.22" NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "6604321" Digest-Realm = "10.0.1.22" Digest-Nonce = "423f31c70b3f1d2ad30883c280441f2f13d16a80" Digest-URI = "sip:10.0.1.22" Digest-Method = "REGISTER" Digest-QOP = "auth" Digest-Nonce-Count = "0000001b" Digest-CNonce = "D3412BB29A1E11D993B20050BA786C6B" rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok for request 8 rlm_realm: Looking up realm "10.0.1.22" for User-Name = "6604321(a)10.0.1.22" rlm_realm: No such realm "10.0.1.22" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 8 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 8 modcall: group authorize returns ok for request 8 rad_check_password: Found Auth-Type DIGEST auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_digest: Configuration item "User-Password" is required for authentication. modcall[authenticate]: module "digest" returns invalid for request 8 modcall: group authenticate returns invalid for request 8 auth: Failed to validate the user. Delaying request 8 for 1 seconds Finished request 8 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 127.0.0.1:33188, id=80, length=311 User-Name = "6609876(a)10.0.1.22" Digest-Attributes = 0x0a0936363039383736 Digest-Attributes = 0x010b31302e302e312e3232 Digest-Attributes = 0x022a34323366333163373062336631643261643330383833633238303434316632663133643136613830 Digest-Attributes = 0x040f7369703a31302e302e312e3232 Digest-Attributes = 0x030a5245474953544552 Digest-Attributes = 0x050661757468 Digest-Attributes = 0x090a3030303030303163 Digest-Attributes = 0x08224433343132424235394131453131443939334232303035304241373836433642 Digest-Response = "50fa695654b20e2eec54a1003fe15d9f" Service-Type = IAPP-Register Sip-URI-User = "6609876" Cisco-AVPair = "call-id=D3412ADE9A1E11D993B20050BA786C6B(a)10.0.1.22" NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module "preprocess" returns ok for request 9 modcall[authorize]: module "chap" returns noop for request 9 modcall[authorize]: module "mschap" returns noop for request 9 rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "6609876" Digest-Realm = "10.0.1.22" Digest-Nonce = "423f31c70b3f1d2ad30883c280441f2f13d16a80" Digest-URI = "sip:10.0.1.22" Digest-Method = "REGISTER" Digest-QOP = "auth" Digest-Nonce-Count = "0000001c" Digest-CNonce = "D3412BB59A1E11D993B20050BA786C6B" rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok for request 9 rlm_realm: Looking up realm "10.0.1.22" for User-Name = "6609876(a)10.0.1.22" rlm_realm: No such realm "10.0.1.22" modcall[authorize]: module "suffix" returns noop for request 9 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 9 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 9 modcall: group authorize returns ok for request 9 rad_check_password: Found Auth-Type DIGEST auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_digest: Configuration item "User-Password" is required for authentication. modcall[authenticate]: module "digest" returns invalid for request 9 modcall: group authenticate returns invalid for request 9 auth: Failed to validate the user. Delaying request 9 for 1 seconds Finished request 9 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 79 to 127.0.0.1:33187 Waking up in 1 seconds... rad_recv: Access-Request packet from host 127.0.0.1:33189, id=81, length=311 User-Name = "6609876(a)10.0.1.22" Digest-Attributes = 0x0a0936363039383736 Digest-Attributes = 0x010b31302e302e312e3232 Digest-Attributes = 0x022a34323366333163373062336631643261643330383833633238303434316632663133643136613830 Digest-Attributes = 0x040f7369703a31302e302e312e3232 Digest-Attributes = 0x030a5245474953544552 Digest-Attributes = 0x050661757468 Digest-Attributes = 0x090a3030303030303163 Digest-Attributes = 0x08224433343132424236394131453131443939334232303035304241373836433642 Digest-Response = "e4f68760f2b3eed0ad45942b32542c92" Service-Type = IAPP-Register Sip-URI-User = "6609876" Cisco-AVPair = "call-id=D3412ADE9A1E11D993B20050BA786C6B(a)10.0.1.22" NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 10 modcall[authorize]: module "preprocess" returns ok for request 10 modcall[authorize]: module "chap" returns noop for request 10 modcall[authorize]: module "mschap" returns noop for request 10 rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "6609876" Digest-Realm = "10.0.1.22" Digest-Nonce = "423f31c70b3f1d2ad30883c280441f2f13d16a80" Digest-URI = "sip:10.0.1.22" Digest-Method = "REGISTER" Digest-QOP = "auth" Digest-Nonce-Count = "0000001c" Digest-CNonce = "D3412BB69A1E11D993B20050BA786C6B" rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok for request 10 rlm_realm: Looking up realm "10.0.1.22" for User-Name = "6609876(a)10.0.1.22" rlm_realm: No such realm "10.0.1.22" modcall[authorize]: module "suffix" returns noop for request 10 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 10 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 10 modcall: group authorize returns ok for request 10 rad_check_password: Found Auth-Type DIGEST auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 10 rlm_digest: Configuration item "User-Password" is required for authentication. modcall[authenticate]: module "digest" returns invalid for request 10 modcall: group authenticate returns invalid for request 10 auth: Failed to validate the user. Delaying request 10 for 1 seconds Finished request 10 Going to the next request Sending Access-Reject of id 80 to 127.0.0.1:33188 Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 81 to 127.0.0.1:33189 Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 8 ID 79 with timestamp 423f309b Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 9 ID 80 with timestamp 423f309c Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 10 ID 81 with timestamp 423f309d Nothing to do. Sleeping until we see a request.