23 Oct
2006
23 Oct
'06
12:17 p.m.
Hello List , I have problem with the authentication of users via Radius.
Mentioned below are the logs. Can anyone please give me hint where I am
doing wrong , I did exactly as mentioned in the ser-radius how to.
The logs from Radius are like the mentioned below.
Sip-Uri-User = "211069020"
NAS-Port = 5060
NAS-IP-Address = 127.0.0.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14421
modcall[authorize]: module "preprocess" returns ok for request 14421
modcall[authorize]: module "chap" returns noop for request 14421
modcall[authorize]: module "mschap" returns noop for request 14421
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok for request 14421
rlm_realm: Looking up realm "xxx.pt" for User-Name =
"211069020(a)XXX.pt"
rlm_realm: No such realm "xxx.pt"
modcall[authorize]: module "suffix" returns noop for request 14421
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 14421
users: Matched entry DEFAULT at line 152
users: Matched entry 211069020(a)xxx.pt at line 217
modcall[authorize]: module "files" returns ok for request 14421
modcall: leaving group authorize (returns ok) for request 14421
rad_check_password: Found Auth-Type Digest
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14421
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "211069020"
Digest-Realm = "xxx.pt"
Digest-Nonce = "453c9377946262d76fceca014a1553f8384db20f"
Digest-URI = "sip:xxx.pt"
Digest-Method = "REGISTER"
Digest-QOP = "auth"
Digest-Nonce-Count = "00000001"
Digest-CNonce = "5640622967614"
A1 = 211069020:xxx.pt:211069020
A2 = REGISTER:sip:xxx.pt
KD =
f7d0e83a9277bd217ba41ac8e070aee4:453c9377946262d76fceca014a1553f8384db20f:00
000001:5640622967614:auth:4a210dfe3dc88ca825764f5ea20d8b01
modcall[authenticate]: module "digest" returns ok for request 14421
modcall: leaving group authenticate (returns ok) for request 14421
radius_xlat: 'Authenticated from Radius'
Sending Access-Accept of id 131 to 127.0.0.1 port 56964
Reply-Message = "Authenticated from Radius"
Sip-Rpid = "211069020"
Finished request 14421
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:56965, id=132, length=57
User-Name = "(a)xxx.pt"
Service-Type = Callback-Administrative
NAS-Port = 0
NAS-IP-Address = 127.0.0.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14422
modcall[authorize]: module "preprocess" returns ok for request 14422
modcall[authorize]: module "chap" returns noop for request 14422
modcall[authorize]: module "mschap" returns noop for request 14422
modcall[authorize]: module "digest" returns noop for request 14422
rlm_realm: Looking up realm "xxx.pt" for User-Name = "(a)xxx.pt"
rlm_realm: No such realm "xxx.pt"
modcall[authorize]: module "suffix" returns noop for request 14422
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 14422
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 14422
modcall: leaving group authorize (returns ok) for request 14422
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14422
rlm_unix: Attribute "User-Password" is required for authentication.
modcall[authenticate]: module "unix" returns invalid for request 14422
modcall: leaving group authenticate (returns invalid) for request 14422
auth: Failed to validate the user.
Delaying request 14422 for 1 seconds
Finished request 14422
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 14421 ID 131 with timestamp 453c9257
Sending Access-Reject of id 132 to 127.0.0.1 port 56965
Cleaning up request 14422 ID 132 with timestamp 453c9257
Nothing to do. Sleeping until we see a request.
And the logs from ser are like the mentioned below.
0(15034) found end of header
0(15034) find_first_route: No Route headers found
0(15034) loose_route: There is no Route HF
0(15034) parse_headers: flags=-1
0(15034) check_via_address(212.13.42.65, 192.168.0.47, 0)
0(15034) parse_headers: flags=64
0(15034) check_nonce(): comparing
[453c93b9459779f9f51440d01f13c9e0db2b2965] an
d [453c93b9459779f9f51440d01f13c9e0db2b2965]
0(15034) radius_authorize_sterman(): Success
0(15034) save_rpid(): rpid value is '211069020'
0(15034) radius_does_uri_exist(): Failure
0(15034) parse_headers: flags=-1
0(15034) check_via_address(212.13.42.65, 192.168.0.47, 0)
0(15034) DEBUG:destroy_avp_list: destroying list 0xf5062350
0(15034) receive_msg: cleaning up
0(15034) SIP Request:
0(15034) method: <OPTIONS>
0(15034) uri: <sip:xxx.pt:5060>
0(15034) version: <SIP/2.0>
0(15034) parse_headers: flags=1
0(15034) Found param type 235, <rport> = <n/a>; state=6
0(15034) Found param type 232, <branch> =
<z9hG4bKc0a8002f0000000b453c94d700006
3800000fc1b>; state=16
0(15034) end of header reached, state=5
0(15034) parse_headers: Via found, flags=1
0(15034) parse_headers: this is the first via
0(15034) After parse_msg...
0(15034) preparing to run routing scripts...
0(15034) parse_headers: flags=128
0(15034) DEBUG: get_hdr_body : content_length=0
0(15034) get_hdr_field: cseq <CSeq>: <11858> <OPTIONS>
0(15034) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(15034) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
0(15034) DEBUG: add_param: tag=56414607811795
0(15034) end of header reached, state=29
0(15034) parse_headers: flags=256
0(15034) end of header reached, state=9
0(15034) DEBUG: get_hdr_field: <To> [29]; uri=[sip:xxx.pt:5060]
0(15034) DEBUG: to body [<sip:xxx.pt:5060>
]
0(15034) found end of header
0(15034) find_first_route: No Route headers found
0(15034) loose_route: There is no Route HF
0(15034) lookup(): '' Not found in usrloc
0(15034) lookup(): '' Not found in usrloc
0(15034) parse_headers: flags=-1
0(15034) check_via_address(212.13.42.65, 192.168.0.47, 0)
0(15034) DEBUG:destroy_avp_list: destroying list (nil)
0(15034) receive_msg: cleaning up
The users file in raddb is like this
211069020(a)xxx.pt Auth-Type := Digest, User-Password == "211069020"
Reply-Message = "Authenticated from Radius",
Sip-Rpid = "211069020"
211069020(a)xxx.pt Sip-Group == "local", Auth-Type := Accept
Reply-Message = "Authorized"
"users" 221L, 7200C
I have mentioned dictionary.ser in radius and radiusclient.
Where I am doing wrong can anyone please give a hint.
Thank you very much
Lokesh
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.408 / Virus Database: 268.13.9/490 - Release Date: 10/20/2006
23 Oct
23 Oct
1:07 p.m.
Looks ok. Just don't challenge OPTIONS messages (second message)
g-)
Lokesh Kumar wrote:
Hello List , I have problem with the authentication of users via
Radius. Mentioned below are the logs. Can anyone please give me hint
where I am doing wrong , I did exactly as mentioned in the ser-radius
how to.
The logs from Radius are like the mentioned below.
Sip-Uri-User = "211069020"
NAS-Port = 5060
NAS-IP-Address = 127.0.0.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14421
modcall[authorize]: module "preprocess" returns ok for request 14421
modcall[authorize]: module "chap" returns noop for request 14421
modcall[authorize]: module "mschap" returns noop for request 14421
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok for request 14421
rlm_realm: Looking up realm "xxx.pt" for User-Name =
"211069020(a)XXX.pt"
rlm_realm: No such realm "xxx.pt"
modcall[authorize]: module "suffix" returns noop for request 14421
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 14421
users: Matched entry DEFAULT at line 152
users: Matched entry 211069020(a)xxx.pt at line 217
modcall[authorize]: module "files" returns ok for request 14421
modcall: leaving group authorize (returns ok) for request 14421
rad_check_password: Found Auth-Type Digest
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14421
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "211069020"
Digest-Realm = "xxx.pt"
Digest-Nonce = "453c9377946262d76fceca014a1553f8384db20f"
Digest-URI = "sip:xxx.pt"
Digest-Method = "REGISTER"
Digest-QOP = "auth"
Digest-Nonce-Count = "00000001"
Digest-CNonce = "5640622967614"
A1 = 211069020:xxx.pt:211069020
A2 = REGISTER:sip:xxx.pt
KD =
f7d0e83a9277bd217ba41ac8e070aee4:453c9377946262d76fceca014a1553f8384db20f:00000001:5640622967614:auth:4a210dfe3dc88ca825764f5ea20d8b01
modcall[authenticate]: module "digest" returns ok for request 14421
modcall: leaving group authenticate (returns ok) for request 14421
radius_xlat: 'Authenticated from Radius'
Sending Access-Accept of id 131 to 127.0.0.1 port 56964
Reply-Message = "Authenticated from Radius"
Sip-Rpid = "211069020"
Finished request 14421
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:56965, id=132,
length=57
User-Name = "(a)xxx.pt"
Service-Type = Callback-Administrative
NAS-Port = 0
NAS-IP-Address = 127.0.0.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14422
modcall[authorize]: module "preprocess" returns ok for request 14422
modcall[authorize]: module "chap" returns noop for request 14422
modcall[authorize]: module "mschap" returns noop for request 14422
modcall[authorize]: module "digest" returns noop for request 14422
rlm_realm: Looking up realm "xxx.pt" for User-Name = "(a)xxx.pt"
rlm_realm: No such realm "xxx.pt"
modcall[authorize]: module "suffix" returns noop for request 14422
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 14422
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 14422
modcall: leaving group authorize (returns ok) for request 14422
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14422
rlm_unix: Attribute "User-Password" is required for authentication.
modcall[authenticate]: module "unix" returns invalid for request 14422
modcall: leaving group authenticate (returns invalid) for request 14422
auth: Failed to validate the user.
Delaying request 14422 for 1 seconds
Finished request 14422
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 14421 ID 131 with timestamp 453c9257
Sending Access-Reject of id 132 to 127.0.0.1 port 56965
Cleaning up request 14422 ID 132 with timestamp 453c9257
Nothing to do. Sleeping until we see a request.
And the logs from ser are like the mentioned below.
0(15034) found end of header
0(15034) find_first_route: No Route headers found
0(15034) loose_route: There is no Route HF
0(15034) parse_headers: flags=-1
0(15034) check_via_address(212.13.42.65, 192.168.0.47, 0)
0(15034) parse_headers: flags=64
0(15034) check_nonce(): comparing
[453c93b9459779f9f51440d01f13c9e0db2b2965] an
d
[453c93b9459779f9f51440d01f13c9e0db2b2965]
0(15034) radius_authorize_sterman(): Success
0(15034) save_rpid(): rpid value is '211069020'
0(15034) radius_does_uri_exist(): Failure
0(15034) parse_headers: flags=-1
0(15034) check_via_address(212.13.42.65, 192.168.0.47, 0)
0(15034) DEBUG:destroy_avp_list: destroying list 0xf5062350
0(15034) receive_msg: cleaning up
0(15034) SIP Request:
0(15034) method: <OPTIONS>
0(15034) uri: <sip:xxx.pt:5060>
0(15034) version: <SIP/2.0>
0(15034) parse_headers: flags=1
0(15034) Found param type 235, <rport> = <n/a>; state=6
0(15034) Found param type 232, <branch> =
<z9hG4bKc0a8002f0000000b453c94d700006
3800000fc1b>;
state=16
0(15034) end of header reached, state=5
0(15034) parse_headers: Via found, flags=1
0(15034) parse_headers: this is the first via
0(15034) After parse_msg...
0(15034) preparing to run routing scripts...
0(15034) parse_headers: flags=128
0(15034) DEBUG: get_hdr_body : content_length=0
0(15034) get_hdr_field: cseq <CSeq>: <11858> <OPTIONS>
0(15034) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(15034) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
0(15034) DEBUG: add_param: tag=56414607811795
0(15034) end of header reached, state=29
0(15034) parse_headers: flags=256
0(15034) end of header reached, state=9
0(15034) DEBUG: get_hdr_field: <To> [29]; uri=[sip:xxx.pt:5060]
0(15034) DEBUG: to body [<sip:xxx.pt:5060>
]
0(15034) found end of header
0(15034) find_first_route: No Route headers found
0(15034) loose_route: There is no Route HF
0(15034) lookup(): '' Not found in usrloc
0(15034) lookup(): '' Not found in usrloc
0(15034) parse_headers: flags=-1
0(15034) check_via_address(212.13.42.65, 192.168.0.47, 0)
0(15034) DEBUG:destroy_avp_list: destroying list (nil)
0(15034) receive_msg: cleaning up
The users file in raddb is like this
211069020(a)xxx.pt Auth-Type := Digest, User-Password == "211069020"
Reply-Message = "Authenticated from Radius",
Sip-Rpid = "211069020"
211069020(a)xxx.pt Sip-Group == "local", Auth-Type := Accept
Reply-Message = "Authorized"
"users" 221L,
7200C
I have mentioned dictionary.ser in radius and radiusclient.
Where I am doing wrong can anyone please give a hint.
Thank you very much
Lokesh
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.408 / Virus Database: 268.13.9/490 - Release Date: 10/20/2006
------------------------------------------------------------------------
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
6584
days inactive
6584
days old
1 comments
2 participants
participants (2)
-
Greger V. Teigre -
Lokesh Kumar