hello
IŽm still having problems (since two months ago) to obtain radius accounting, the
authentication process works well and the calls are completed but I did not see any
"Accounting Report" in /var/log/radius/radacct/ or neither in radiusd -X debug
and now IŽve just seen this error after ACK message in the debug file:
" ERROR: acc_rad_request: radius-ing failed "
.
.
.
8(7957) ERROR: acc_rad_request: radius-ing failed
8(7957) DEBUG: cleanup_uacs: RETR/FR timers reset
8(7957) DEBUG: add_to_tail_of_timer[2]: 0x402f59b8
8(7957) receive_msg: cleaning up
5(7954) ERROR: acc_rad_request: radius-ing failed
5(7954) SER: forwarding ACK statelessly
5(7954) DEBUG: mk_proxy: doing DNS lookup...
5(7954) check_via_address(10.0.0.236, 10.0.0.236, 0)
5(7954) Sending:
ACK sip:6604000@200.110.6.58 SIP/2.0
Record-Route: <sip:6604000@200.110.2.132;ftag=5c0013eda4;lr=on>
Via: SIP/2.0/UDP 200.110.2.132;branch=0
Via: SIP/2.0/UDP 10.0.0.236:5060;branch=z9hG4bK5c0013eda465
From: <sip:6603000@200.110.2.132>;tag=5c0013eda4
To: <sip:6604000@200.110.2.132>;tag=ac407c95a4
Call-ID: 5cc06e00-b11a-13ae-80ed-0002a40055b2(a)10.0.0.236
CSeq: 65 ACK
Content-Length: 0
Max-Forwards: 69
.
.
.
I have noticed that this error appears only when I try "setflag(1)" for the
transactions I want to account, also in this case the ACK message it comes too late (not
when pick Up the phone...).
these are some details of my installation:
- SuSE Linux 9.0 (i586)
- ser-0.8.12
- I have followed "radius-how-to" very carefully.
- radiusclient-0.3.2
- freeradius-0.9.3 (installed in the same host with ser and receiving accounting from
other NAS)
- I am not using mysql (I will use it with radius integration).
- my current ser.cfg and endpoints configuration are shown below:
another question: Is it possible to have "per-call authentication" with this
radius module?
I am new in SIP protocol and ser services so please I need someone share its ser.config
file to make this works.
thanks.
Rafael Risco Gonzale-Vigil
Millicom Peru SA
Lima - Peru
ser1.cfg
#
# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
# ----------- global configuration parameters ------------------------
# debug=3 # debug level (cmd line: -dddddddddd)
# fork=yes
# log_stderror=no # (cmd line: -E)
#/* Uncomment these lines to enter debugging mode
debug=6
fork=yes
log_stderror=yes
#*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
#loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
# loadmodule "/usr/local/lib/ser/modules/uri.so"
# loadmodule "/usr/local/lib/ser/modules/uri_radius.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/ser/modules/auth.so"
# loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
loadmodule "/usr/local/lib/ser/modules/group_radius.so"
loadmodule "/usr/local/lib/ser/modules/acc.so"
# load the NAT Helper Module
# loadmodule "/usr/local/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
# modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
# modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
# modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
# modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
modparam("acc","log_level",1)
modparam("auth_radius","radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
modparam("auth_radius","service_type",15)
modparam("acc","radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
modparam("acc", "service_type", 15)
modparam("acc", "radius_flag", 1)
modparam("acc", "radius_missed_flag", 3)
# ------------------------- request routing logic -------------------
# main routing logic
route{
setflag(1);
if (method=="REGISTER")
log(1, "REGISTER message received\n");
if (method=="INVITE")
log(1, "INVITE message received\n");
if (method=="ACK")
log(1, "ACK message received\n");
if (method=="BYE")
log(1, "BYE message received\n");
if (method=="CANCEL")
log(1, "CANCEL message received\n");
if (method=="SUBSCRIBE")
log(1, "SUBSCRIBE message received\n");
if (method=="NOTIFY")
log(1, "NOTIFY message received\n");
if (method=="OPTIONS")
log(1, "OPTIONS message received\n");
if (method=="INFO")
log(1, "INFO message received\n");
if (method=="MESSAGE")
log(1, "MESSAGE message received\n");
if (method=="REFER")
log(1, "REFER message received\n");
/*
if (method =="INVITE" | method == "BYE"){
log(1,"INVITE or BYE\n");
setflag(1);
};
if (method=="MESSAGE") {
log(1,"MESSAGE\n");
setflag(1);
};
if (method=="BYE"){
log (1, "BYEd or CANCEL\n");
setflag(1);
};
if (method=="CANCEL"){
log (1, "BYEe or CANCEL\n");
setflag(1);
};
*/
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!radius_www_authorize("")) {
www_challenge("", "0");
break;
};
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
########################################################################
Example of one endpoint config:
VoiceFinder Gateway Series (
http://www.addpac.com)
AP200B System software Revision 8.10
!
! VoIP configuration.
!
!
! Voice service voip configuration.
!
voice service voip
fax protocol t38 redundancy 0
fax rate 9600
h323 call start fast
no force-starth245
busyout monitor gatekeeper
busyout monitor voip-interface
display send e164
!
!
! Voice port configuration.
!
voice-port 0/0
! FXS
caller-id enable
!
!
voice-port 0/1
! FXS
caller-id enable
!
!
!
!
! Pots peer configuration.
!
dial-peer voice 0 pots
destination-pattern 6600020
port 0/0
call-waiting
!
dial-peer voice 1 pots
destination-pattern 6603000
port 0/1
call-waiting
!
!
!
! Voip peer configuration.
!
!
dial-peer voice 1002 voip
destination-pattern 6604000
session target sip-server
session protocol sip
codec g7231r63
dtmf-relay rtp-2833
!
!
!
! SIP UA configuration.
!
sip-ua
user-register
sip-username 660300X
sip-password 1234
sip-server 200.X.2.132
register e164
!
!
! MGCP configuration.
!
mgcp
codec g711ulaw
!
!
! Tones
!
!
voip-interface ether0.0
!
agent00 #