> How can I check if a user is registered if I'm using radius
>
authentication and persistent storage without adding users at the
> usrloc
DB?
What is "radius authentication and persistent storage"?
You don't want to use the DB? Then set it the db_mode to no DB and
use save("location") as you would normally. You can also use save_memory(), but
in that mode I assume they will basically do the same.
If you mean that you are saving location to RADIUS, I'm curios to know
how? usrloc contains flags, expires etc necessary for SER to function
properly. If you have an external location database, then the clients
haven't registered with SER, right?
g-)
> The following section only works if you have added the users at
the
> usrloc DB
>
> if (!lookup("location"))
{
>
# sl_send_reply("404", "Not
Found");
>
log(1,"unable to locate
user");
>
route(4);
>
break;
>
};
> But If I have my users in the Radius Server DB I'm going to
receive
> the message that "Not Found" when I try to place a call.
>
> Regards
>
> Alberto Cruz
>
> Jan
Janak wrote:
>
> Try to change your users file according to the
radius howto:
>
> joe@iptel.org Auth-Type := Digest, User-Password
== "heslo"
> Reply-Message =
"Authenticated",
> Sip-Rpid = "1234"
>
> Jan.
>
> On
21-03 16:15, Rafael J. Risco G.V. wrote:
>
> Hi,
> I´ve
configured freeradius and SER according to the Radius HOW TO
> document,
Accounting works very well but now I am doing some tests
> trying to do
user authentication however all the authentication
> requests coming to
the freeradius fails and X-lite sipphone is
> receiving an Unauthorized
message from SER, please some advice,
>
> thanks
>
rafael
>
> PS: config files...
>
> in
/usr/local/etc/raddb/users :
> ---------
>
test Auth-Type := Digest, User-Password ==
"test"
>
Reply-Message = "Hello, test with digest"
>
>
6609876 Auth-Type :=
Digest
>
User-Password :=
"9876",
>
Digest-Response =
"lalalalala",
>
Reply-Message = "Hello, ibm1"
>
> 6604321
Auth-Type :=
Digest
>
User-Password :=
"4321",
>
Digest-Response =
"lalalalala",
>
Reply-Message = "Hello, ibm2"
>
> ---------
> Some relevant
data in ser.cfg:
> ...
> modparam("group_radius", "use_domain",
0)
> ....
>
>
if (uri==myself) {
>
>
if (method=="REGISTER") {
>
> # Uncomment this if you want to
use digest
authentication
>
if (!radius_www_authorize(""))
{
>
www_challenge("",
"1");
>
break;
>
};
>
>
if (!save("location"))
{
>
sl_reply_error();
>
};
>
break;
>
};
>
>
lookup("aliases");
>
if (!uri==myself)
{
>
append_hf("P-hint: outbound
alias\r\n");
>
route(1);
>
break;
>
};
>
>
# does the user wish redirection on no availability?
> (i.e., is
he
>
# in the voicemail group?) -- determine it now and
> store it in
>
# flag 4, before we rewrite the flag using UsrLoc
>
>
if (radius_is_user_in("Request-URI", "voicemail"))
{
>
log(1, "requested user is in voicemail
> group");
>
setflag(4);
>
};
>
>
# native SIP destinations are handled using our
> USRLOC DB
>
if (!lookup("location"))
{
>
# sl_send_reply("404", "Not
Found");
>
log(1,"unable to locate
user");
>
route(4);
>
break;
>
};
>
> }; # End of
"if(uri==myself)"
> ....
>
>
>
------------------RADIUSD -X Output ---------------------------:
>
> rad_recv: Access-Request packet from host 127.0.0.1:33187,
id=79,
> length=311
> User-Name =
"6604321@10.0.1.22"
>
Digest-Attributes =
0x0a0936363034333231
>
Digest-Attributes =
0x010b31302e302e312e3232
>
Digest-Attributes =
>
0x022a34323366333163373062336631643261643330383833633238303434316632663133643136613830
>
Digest-Attributes =
0x040f7369703a31302e302e312e3232
>
Digest-Attributes =
0x030a5245474953544552
>
Digest-Attributes =
0x050661757468
>
Digest-Attributes =
0x090a3030303030303162
>
Digest-Attributes =
>
0x08224433343132424232394131453131443939334232303035304241373836433642
>
Digest-Response =
"a6a7812ac0331324f977453c228da2ed"
>
Service-Type =
IAPP-Register
>
Sip-URI-User = "6604321"
>
Cisco-AVPair =
> "call-id=D3412ADB9A1E11D993B20050BA786C6B@10.0.1.22"
> NAS-IP-Address =
127.0.0.1
> NAS-Port =
5060
> Processing the authorize section of
radiusd.conf
> modcall: entering group authorize for request
8
> modcall[authorize]: module "preprocess" returns ok for
request 8
> modcall[authorize]: module "chap" returns noop for
request 8
> modcall[authorize]: module "mschap" returns noop
for request 8
> rlm_digest: Converting
Digest-Attributes to something
sane...
> Digest-User-Name
= "6604321"
> Digest-Realm
= "10.0.1.22"
>
Digest-Nonce =
"423f31c70b3f1d2ad30883c280441f2f13d16a80"
>
Digest-URI =
"sip:10.0.1.22"
>
Digest-Method =
"REGISTER"
> Digest-QOP =
"auth"
>
Digest-Nonce-Count =
"0000001b"
> Digest-CNonce
= "D3412BB29A1E11D993B20050BA786C6B"
> rlm_digest: Adding Auth-Type =
DIGEST
> modcall[authorize]: module "digest" returns ok for
request 8
> rlm_realm: Looking up realm
"10.0.1.22" for User-Name =
> "6604321@10.0.1.22"
> rlm_realm: No such realm
"10.0.1.22"
> modcall[authorize]: module "suffix" returns noop
for request 8
> rlm_eap: No EAP-Message, not doing
EAP
> modcall[authorize]: module "eap" returns noop for
request 8
> users: Matched DEFAULT at
152
> modcall[authorize]: module "files" returns ok for
request 8
> modcall: group authorize returns ok for request
8
> rad_check_password: Found Auth-Type DIGEST
>
auth: type "digest"
> Processing the authenticate section of
radiusd.conf
> modcall: entering group authenticate for request 8
>
rlm_digest: Configuration item "User-Password" is required for
>
authentication.
> modcall[authenticate]: module "digest"
returns invalid for request 8
> modcall: group authenticate returns
invalid for request 8
> auth: Failed to validate the user.
>
Delaying request 8 for 1 seconds
> Finished request 8
> Going to the
next request
> --- Walking the entire request list ---
> Waking up
in 1 seconds...
> rad_recv: Access-Request packet from host
127.0.0.1:33188, id=80,
> length=311
> User-Name =
"6609876@10.0.1.22"
>
Digest-Attributes =
0x0a0936363039383736
>
Digest-Attributes =
0x010b31302e302e312e3232
>
Digest-Attributes =
>
0x022a34323366333163373062336631643261643330383833633238303434316632663133643136613830
>
Digest-Attributes =
0x040f7369703a31302e302e312e3232
>
Digest-Attributes =
0x030a5245474953544552
>
Digest-Attributes =
0x050661757468
>
Digest-Attributes =
0x090a3030303030303163
>
Digest-Attributes =
>
0x08224433343132424235394131453131443939334232303035304241373836433642
>
Digest-Response =
"50fa695654b20e2eec54a1003fe15d9f"
>
Service-Type =
IAPP-Register
>
Sip-URI-User = "6609876"
>
Cisco-AVPair =
> "call-id=D3412ADE9A1E11D993B20050BA786C6B@10.0.1.22"
> NAS-IP-Address =
127.0.0.1
> NAS-Port =
5060
> Processing the authorize section of
radiusd.conf
> modcall: entering group authorize for request
9
> modcall[authorize]: module "preprocess" returns ok for
request 9
> modcall[authorize]: module "chap" returns noop for
request 9
> modcall[authorize]: module "mschap" returns noop
for request 9
> rlm_digest: Converting
Digest-Attributes to something
sane...
> Digest-User-Name
= "6609876"
> Digest-Realm
= "10.0.1.22"
>
Digest-Nonce =
"423f31c70b3f1d2ad30883c280441f2f13d16a80"
>
Digest-URI =
"sip:10.0.1.22"
>
Digest-Method =
"REGISTER"
> Digest-QOP =
"auth"
>
Digest-Nonce-Count =
"0000001c"
> Digest-CNonce
= "D3412BB59A1E11D993B20050BA786C6B"
> rlm_digest: Adding Auth-Type =
DIGEST
> modcall[authorize]: module "digest" returns ok for
request 9
> rlm_realm: Looking up realm
"10.0.1.22" for User-Name =
> "6609876@10.0.1.22"
> rlm_realm: No such realm
"10.0.1.22"
> modcall[authorize]: module "suffix" returns noop
for request 9
> rlm_eap: No EAP-Message, not doing
EAP
> modcall[authorize]: module "eap" returns noop for
request 9
> users: Matched DEFAULT at
152
> modcall[authorize]: module "files" returns ok for
request 9
> modcall: group authorize returns ok for request
9
> rad_check_password: Found Auth-Type DIGEST
>
auth: type "digest"
> Processing the authenticate section of
radiusd.conf
> modcall: entering group authenticate for request 9
>
rlm_digest: Configuration item "User-Password" is required for
>
authentication.
> modcall[authenticate]: module "digest"
returns invalid for request 9
> modcall: group authenticate returns
invalid for request 9
> auth: Failed to validate the user.
>
Delaying request 9 for 1 seconds
> Finished request 9
> Going to the
next request
> --- Walking the entire request list ---
> Waking up
in 1 seconds...
> --- Walking the entire request list ---
> Sending
Access-Reject of id 79 to 127.0.0.1:33187
> Waking up in 1
seconds...
> rad_recv: Access-Request packet from host 127.0.0.1:33189,
id=81,
> length=311
> User-Name =
"6609876@10.0.1.22"
>
Digest-Attributes =
0x0a0936363039383736
>
Digest-Attributes =
0x010b31302e302e312e3232
>
Digest-Attributes =
>
0x022a34323366333163373062336631643261643330383833633238303434316632663133643136613830
>
Digest-Attributes =
0x040f7369703a31302e302e312e3232
>
Digest-Attributes =
0x030a5245474953544552
>
Digest-Attributes =
0x050661757468
>
Digest-Attributes =
0x090a3030303030303163
>
Digest-Attributes =
>
0x08224433343132424236394131453131443939334232303035304241373836433642
>
Digest-Response =
"e4f68760f2b3eed0ad45942b32542c92"
>
Service-Type =
IAPP-Register
>
Sip-URI-User = "6609876"
>
Cisco-AVPair =
> "call-id=D3412ADE9A1E11D993B20050BA786C6B@10.0.1.22"
> NAS-IP-Address =
127.0.0.1
> NAS-Port =
5060
> Processing the authorize section of
radiusd.conf
> modcall: entering group authorize for request
10
> modcall[authorize]: module "preprocess" returns ok for
request 10
> modcall[authorize]: module "chap" returns noop
for request 10
> modcall[authorize]: module "mschap" returns
noop for request 10
> rlm_digest: Converting
Digest-Attributes to something
sane...
> Digest-User-Name
= "6609876"
> Digest-Realm
= "10.0.1.22"
>
Digest-Nonce =
"423f31c70b3f1d2ad30883c280441f2f13d16a80"
>
Digest-URI =
"sip:10.0.1.22"
>
Digest-Method =
"REGISTER"
> Digest-QOP =
"auth"
>
Digest-Nonce-Count =
"0000001c"
> Digest-CNonce
= "D3412BB69A1E11D993B20050BA786C6B"
> rlm_digest: Adding Auth-Type =
DIGEST
> modcall[authorize]: module "digest" returns ok for
request 10
> rlm_realm: Looking up realm
"10.0.1.22" for User-Name =
> "6609876@10.0.1.22"
> rlm_realm: No such realm
"10.0.1.22"
> modcall[authorize]: module "suffix" returns noop
for request 10
> rlm_eap: No EAP-Message, not doing
EAP
> modcall[authorize]: module "eap" returns noop for
request 10
> users: Matched DEFAULT at
152
> modcall[authorize]: module "files" returns ok for
request 10
> modcall: group authorize returns ok for request
10
> rad_check_password: Found Auth-Type DIGEST
>
auth: type "digest"
> Processing the authenticate section of
radiusd.conf
> modcall: entering group authenticate for request 10
>
rlm_digest: Configuration item "User-Password" is required for
>
authentication.
> modcall[authenticate]: module "digest"
returns invalid for request
> 10
> modcall: group authenticate
returns invalid for request 10
> auth: Failed to validate the
user.
> Delaying request 10 for 1 seconds
> Finished request
10
> Going to the next request
> Sending Access-Reject of id 80 to
127.0.0.1:33188
> Waking up in 1 seconds...
> --- Walking the entire
request list ---
> Waking up in 1 seconds...
> --- Walking the
entire request list ---
> Sending Access-Reject of id 81 to
127.0.0.1:33189
> Waking up in 2 seconds...
> --- Walking the entire
request list ---
> Cleaning up request 8 ID 79 with timestamp
423f309b
> Waking up in 1 seconds...
> --- Walking the entire
request list ---
> Cleaning up request 9 ID 80 with timestamp
423f309c
> Waking up in 1 seconds...
> --- Walking the entire
request list ---
> Cleaning up request 10 ID 81 with timestamp
423f309d
> Nothing to do. Sleeping until we see a
request.