Re: [Serusers] Radius Authentication help

21 Sep 2004


      Anyone have any ideas on this?
On Mon, 20 Sep 2004 15:28:56 -0400, AJ Grinnell ajgrinnell@gmail.com wrote:
...
Here is the confg part that I am using for authentication.
# (in case, it does not work, use the following command
    # with proper names and addresses in it)
    if (uri==myself) {

            if (method=="REGISTER") {


# Uncomment this if you want to use digest authentication
                        if (!radius_www_authorize('192.168.1.119')) {
                                www_challenge('192.168.1.119', "1");
                        };
                    save("location");
                    break;
            };


Using Ethereal, I am getting SIP response 401 Unauthorized with the
current config, and 407 Proxy Authentication Required when using
radius_proxy_authorize. Here is the log from using the above config...
8(26234) check_via_address(192.168.1.122, 192.168.1.122, 0)
 8(26234) DEBUG:destroy_avp_list: destroing list (nil)
 8(26234) receive_msg: cleaning up
 8(26234) SIP Request:
 8(26234)  method:  <REGISTER>
 8(26234)  uri:     sip:192.168.1.119
 8(26234)  version: <SIP/2.0>
 8(26234) parse_headers: flags=1
 8(26234) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16
 8(26234) end of header reached, state=5
 8(26234) parse_headers: Via found, flags=1
 8(26234) parse_headers: this is the first via
 8(26234) After parse_msg...
 8(26234) preparing to run routing scripts...
 8(26234) DEBUG : is_maxfwd_present: searching for max_forwards header
 8(26234) parse_headers: flags=128
 8(26234) end of header reached, state=9
 8(26234) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119]
 8(26234) DEBUG: to body [test sip:test@192.168.1.119
]
 8(26234) get_hdr_field: cseq <CSeq>: <222> <REGISTER>
 8(26234) DEBUG: is_maxfwd_present: value = 70
 8(26234) DEBUG: add_param: tag=b6d95f3126a0bea
 8(26234) end of header reached, state=29
 8(26234) parse_headers: flags=256
 8(26234) DEBUG: get_hdr_body : content_length=0
 8(26234) found end of header
 8(26234) find_first_route(): No Route headers found
 8(26234) loose_route(): There is no Route HF
 8(26234) check_self - checking if host==us: 13==9 &&  [192.168.1.119]
== [127.0.0.1]
 8(26234) check_self - checking if port 5060 matches port 5060
 8(26234) check_self - checking if host==us: 13==13 &&
[192.168.1.119] == [192.168.1.119]
 8(26234) check_self - checking if port 5060 matches port 5060
 8(26234) check_nonce(): comparing
[414f2f30f649651c070ccbebd1e0fa25d84f8844] and
[414f2f30f649651c070ccbebd1e0fa25d84f8844]
 7(26233) res: 1
 7(26233) radius_authorize_sterman(): Failure
 7(26233) build_auth_hf(): 'WWW-Authenticate: Digest
realm="192.168.1.119",
nonce="414f303e9ba6002a4a6a52ef0193f6e4a78a9724", qop="auth"
'
 7(26233) parse_headers: flags=-1
 7(26233) check_via_address(192.168.1.122, 192.168.1.122, 0)
 7(26233) DEBUG:destroy_avp_list: destroing list (nil)
 7(26233) receive_msg: cleaning up
 7(26233) SIP Request:
 7(26233)  method:  <REGISTER>
 7(26233)  uri:     sip:192.168.1.119
 7(26233)  version: <SIP/2.0>
 7(26233) parse_headers: flags=1
 7(26233) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16
 7(26233) end of header reached, state=5
 7(26233) parse_headers: Via found, flags=1
 7(26233) parse_headers: this is the first via
 7(26233) After parse_msg...
 7(26233) preparing to run routing scripts...
 7(26233) DEBUG : is_maxfwd_present: searching for max_forwards header
 7(26233) parse_headers: flags=128
 7(26233) end of header reached, state=9
 7(26233) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119]
 7(26233) DEBUG: to body [test sip:test@192.168.1.119
]
 7(26233) get_hdr_field: cseq <CSeq>: <222> <REGISTER>
 7(26233) DEBUG: is_maxfwd_present: value = 70
 7(26233) DEBUG: add_param: tag=b6d95f3126a0bea
 7(26233) end of header reached, state=29
 7(26233) parse_headers: flags=256
 7(26233) DEBUG: get_hdr_body : content_length=0
 7(26233) found end of header
 7(26233) find_first_route(): No Route headers found
 7(26233) loose_route(): There is no Route HF
 7(26233) check_self - checking if host==us: 13==9 &&  [192.168.1.119]
== [127.0.0.1]
 7(26233) check_self - checking if port 5060 matches port 5060
 7(26233) check_self - checking if host==us: 13==13 &&
[192.168.1.119] == [192.168.1.119]
 7(26233) check_self - checking if port 5060 matches port 5060
 7(26233) check_nonce(): comparing
[414f2f30f649651c070ccbebd1e0fa25d84f8844] and
[414f2f30f649651c070ccbebd1e0fa25d84f8844]
 5(26231) res: 1
 5(26231) radius_authorize_sterman(): Failure
 5(26231) build_auth_hf(): 'WWW-Authenticate: Digest
realm="192.168.1.119",
nonce="414f303fbc908446eba362c1478e67eb0c4d8ea1", qop="auth"
'
 5(26231) parse_headers: flags=-1
 5(26231) check_via_address(192.168.1.122, 192.168.1.122, 0)
 5(26231) DEBUG:destroy_avp_list: destroing list (nil)
 5(26231) receive_msg: cleaning up
 5(26231) SIP Request:
 5(26231)  method:  <REGISTER>
 5(26231)  uri:     sip:192.168.1.119
 5(26231)  version: <SIP/2.0>
 5(26231) parse_headers: flags=1
 5(26231) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16
 5(26231) end of header reached, state=5
 5(26231) parse_headers: Via found, flags=1
 5(26231) parse_headers: this is the first via
 5(26231) After parse_msg...
 5(26231) preparing to run routing scripts...
 5(26231) DEBUG : is_maxfwd_present: searching for max_forwards header
 5(26231) parse_headers: flags=128
 5(26231) end of header reached, state=9
 5(26231) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119]
 5(26231) DEBUG: to body [test sip:test@192.168.1.119
]
 5(26231) get_hdr_field: cseq <CSeq>: <222> <REGISTER>
 5(26231) DEBUG: is_maxfwd_present: value = 70
 5(26231) DEBUG: add_param: tag=b6d95f3126a0bea
 5(26231) end of header reached, state=29
 5(26231) parse_headers: flags=256
 5(26231) DEBUG: get_hdr_body : content_length=0
 5(26231) found end of header
 5(26231) find_first_route(): No Route headers found
 5(26231) loose_route(): There is no Route HF
 5(26231) check_self - checking if host==us: 13==9 &&  [192.168.1.119]
== [127.0.0.1]
 5(26231) check_self - checking if port 5060 matches port 5060
 5(26231) check_self - checking if host==us: 13==13 &&
[192.168.1.119] == [192.168.1.119]
 5(26231) check_self - checking if port 5060 matches port 5060
 5(26231) check_nonce(): comparing
[414f2f30f649651c070ccbebd1e0fa25d84f8844] and
[414f2f30f649651c070ccbebd1e0fa25d84f8844]
10(26236) MSILO:clean_silo: cleaning stored messages - 280
 6(26232) res: 1
 6(26232) radius_authorize_sterman(): Failure
 6(26232) build_auth_hf(): 'WWW-Authenticate: Digest
realm="192.168.1.119",
nonce="414f3041a86f22554568df6d3889f6c6d1b005a0", qop="auth"
'
 6(26232) parse_headers: flags=-1
 6(26232) check_via_address(192.168.1.122, 192.168.1.122, 0)
 6(26232) DEBUG:destroy_avp_list: destroing list (nil)
 6(26232) receive_msg: cleaning up
 6(26232) SIP Request:
 6(26232)  method:  <REGISTER>
 6(26232)  uri:     sip:192.168.1.119
 6(26232)  version: <SIP/2.0>
 6(26232) parse_headers: flags=1
 6(26232) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16
 6(26232) end of header reached, state=5
 6(26232) parse_headers: Via found, flags=1
 6(26232) parse_headers: this is the first via
 6(26232) After parse_msg...
 6(26232) preparing to run routing scripts...
 6(26232) DEBUG : is_maxfwd_present: searching for max_forwards header
 6(26232) parse_headers: flags=128
 6(26232) end of header reached, state=9
 6(26232) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119]
 6(26232) DEBUG: to body [test sip:test@192.168.1.119
]
 6(26232) get_hdr_field: cseq <CSeq>: <222> <REGISTER>
 6(26232) DEBUG: is_maxfwd_present: value = 70
 6(26232) DEBUG: add_param: tag=b6d95f3126a0bea
 6(26232) end of header reached, state=29
 6(26232) parse_headers: flags=256
 6(26232) DEBUG: get_hdr_body : content_length=0
 6(26232) found end of header
 6(26232) find_first_route(): No Route headers found
 6(26232) loose_route(): There is no Route HF
 6(26232) check_self - checking if host==us: 13==9 &&  [192.168.1.119]
== [127.0.0.1]
 6(26232) check_self - checking if port 5060 matches port 5060
 6(26232) check_self - checking if host==us: 13==13 &&
[192.168.1.119] == [192.168.1.119]
 6(26232) check_self - checking if port 5060 matches port 5060
 6(26232) check_nonce(): comparing
[414f2f30f649651c070ccbebd1e0fa25d84f8844] and
[414f2f30f649651c070ccbebd1e0fa25d84f8844]
10(26236) MSILO:clean_silo: cleaning stored messages - 300
10(26236) MSILO:clean_silo: cleaning expired messages
10(26236) MSILO:clean_silo: cleaning stored messages - 320
./serctl stop
Thank you for your help
On Mon, 20 Sep 2004 20:16:14 +0200, Jan Janak jan@iptel.org wrote:
...
Please send me the full log of ser, there are missing some lines in the
...
log below. SIP messages would be good as well.
Jan.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: [Serusers] Radius Authentication help