I cannot get my SER to talk to my RADIUS server, its just blindly 401ing things without ever making contact with RADIUS.
SER config looks like this
if (method == "REGISTER") { if (!radius_www_authorize("")) { www_challenge("", "1"); break; };
save("location"); };
radiusclient-ng servers file: 192.168.1.103 heslo
radiusclient.conf: auth_order radius,local login_tries 4 login_timeout 60 authserver 192.168.1.103:1812 acctserver 192.168.1.103:1813 dictionary /usr/local/etc/radiusclient-ng/dictionary
FreeRADIUS clients.conf: client 192.168.1.109 { secret = heslo shortname = proxy1 nastype = other
Not sure what to do!
Turned debug to 9, this is what I get
0(19309) SIP Request: 0(19309) method: <REGISTER> 0(19309) uri: sip:192.168.1.109 0(19309) version: <SIP/2.0> 0(19309) parse_headers: flags=1 0(19309) Found param type 235, <rport> = <n/a>; state=6 0(19309) Found param type 232, <branch> = <z9hG4bK3AA0D153A44111DB884A0017F2C52DAE>; state=16 0(19309) end of header reached, state=5 0(19309) parse_headers: Via found, flags=1 0(19309) parse_headers: this is the first via 0(19309) After parse_msg... 0(19309) preparing to run routing scripts... 0(19309) parse_headers: flags=128 0(19309) end of header reached, state=9 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109] 0(19309) DEBUG: to body [1234 sip:admin@192.168.1.109 ] 0(19309) get_hdr_field: cseq <CSeq>: <40142> <REGISTER> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 0(19309) parse_headers: flags=256 0(19309) DEBUG: get_hdr_body : content_length=0 0(19309) found end of header 0(19309) find_first_route: No Route headers found 0(19309) loose_route: There is no Route HF 0(19309) XLOG: xl_print_log: final buffer length 26 0(19309) REGISTER request received 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) parse_headers: flags=64 0(19309) XLOG: xl_print_log: final buffer length 27 0(19309) NATed client, enabling NAT 0(19309) parse_headers: flags=4096 0(19309) pre_auth(): Credentials with given realm not found 0(19309) XLOG: xl_print_log: final buffer length 28 0(19309) No Digest, sending challenge 0(19309) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.109", nonce="45aaa391b970a38171714c791e2feec0b390aeed" ' 0(19309) parse_headers: flags=-1 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0 0(19309) receive_msg: cleaning up 0(19309) SIP Request: 0(19309) method: <REGISTER> 0(19309) uri: sip:192.168.1.109 0(19309) version: <SIP/2.0> 0(19309) parse_headers: flags=1 0(19309) Found param type 235, <rport> = <n/a>; state=6 0(19309) Found param type 232, <branch> = <z9hG4bK3AA5DFEFA44111DB884A0017F2C52DAE>; state=16 0(19309) end of header reached, state=5 0(19309) parse_headers: Via found, flags=1 0(19309) parse_headers: this is the first via 0(19309) After parse_msg... 0(19309) preparing to run routing scripts... 0(19309) parse_headers: flags=128 0(19309) end of header reached, state=9 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109] 0(19309) DEBUG: to body [1234 sip:admin@192.168.1.109 ] 0(19309) get_hdr_field: cseq <CSeq>: <40143> <REGISTER> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 0(19309) parse_headers: flags=256 0(19309) DEBUG: get_hdr_body : content_length=0 0(19309) found end of header 0(19309) find_first_route: No Route headers found 0(19309) loose_route: There is no Route HF 0(19309) XLOG: xl_print_log: final buffer length 26 0(19309) REGISTER request received 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) parse_headers: flags=64 0(19309) XLOG: xl_print_log: final buffer length 27 0(19309) NATed client, enabling NAT 0(19309) check_nonce(): comparing [45aaa391b970a38171714c791e2feec0b390aeed] and [45aaa391b970a38171714c791e2feec0b390aeed] 0(19309) res: -1 0(19309) radius_authorize_sterman(): Failure 0(19309) XLOG: xl_print_log: final buffer length 28 0(19309) No Digest, sending challenge 0(19309) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.109", nonce="45aaa391b970a38171714c791e2feec0b390aeed" ' 0(19309) parse_headers: flags=-1 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0 0(19309) receive_msg: cleaning up 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195 0(19309) SIP Request: 0(19309) method: <REGISTER> 0(19309) uri: sip:192.168.1.109 0(19309) version: <SIP/2.0> 0(19309) parse_headers: flags=1 0(19309) Found param type 235, <rport> = <n/a>; state=6 0(19309) Found param type 232, <branch> = <z9hG4bK46BAEDC8A44111DB884A0017F2C52DAE>; state=16 0(19309) end of header reached, state=5 0(19309) parse_headers: Via found, flags=1 0(19309) parse_headers: this is the first via 0(19309) After parse_msg... 0(19309) preparing to run routing scripts... 0(19309) parse_headers: flags=128 0(19309) end of header reached, state=9 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109] 0(19309) DEBUG: to body [1234 sip:admin@192.168.1.109 ] 0(19309) get_hdr_field: cseq <CSeq>: <40144> <REGISTER> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 0(19309) parse_headers: flags=256 0(19309) DEBUG: get_hdr_body : content_length=0 0(19309) found end of header 0(19309) find_first_route: No Route headers found 0(19309) loose_route: There is no Route HF 0(19309) XLOG: xl_print_log: final buffer length 26 0(19309) REGISTER request received 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) parse_headers: flags=64 0(19309) XLOG: xl_print_log: final buffer length 27 0(19309) NATed client, enabling NAT 0(19309) parse_headers: flags=4096 0(19309) pre_auth(): Credentials with given realm not found 0(19309) XLOG: xl_print_log: final buffer length 28 0(19309) No Digest, sending challenge 0(19309) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.109", nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e" ' 0(19309) parse_headers: flags=-1 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0 0(19309) receive_msg: cleaning up 0(19309) SIP Request: 0(19309) method: <REGISTER> 0(19309) uri: sip:192.168.1.109 0(19309) version: <SIP/2.0> 0(19309) parse_headers: flags=1 0(19309) Found param type 235, <rport> = <n/a>; state=6 0(19309) Found param type 232, <branch> = <z9hG4bK46BF0C4DA44111DB884A0017F2C52DAE>; state=16 0(19309) end of header reached, state=5 0(19309) parse_headers: Via found, flags=1 0(19309) parse_headers: this is the first via 0(19309) After parse_msg... 0(19309) preparing to run routing scripts... 0(19309) parse_headers: flags=128 0(19309) end of header reached, state=9 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109] 0(19309) DEBUG: to body [1234 sip:admin@192.168.1.109 ] 0(19309) get_hdr_field: cseq <CSeq>: <40145> <REGISTER> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 0(19309) parse_headers: flags=256 0(19309) DEBUG: get_hdr_body : content_length=0 0(19309) found end of header 0(19309) find_first_route: No Route headers found 0(19309) loose_route: There is no Route HF 0(19309) XLOG: xl_print_log: final buffer length 26 0(19309) REGISTER request received 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) parse_headers: flags=64 0(19309) XLOG: xl_print_log: final buffer length 27 0(19309) NATed client, enabling NAT 0(19309) check_nonce(): comparing [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] 0(19309) res: -1 0(19309) radius_authorize_sterman(): Failure 0(19309) XLOG: xl_print_log: final buffer length 28 0(19309) No Digest, sending challenge 0(19309) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.109", nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e" ' 0(19309) parse_headers: flags=-1 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0 0(19309) receive_msg: cleaning up 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
On 1/14/07, Daniel Corbe daniel.junkmail@gmail.com wrote:
I cannot get my SER to talk to my RADIUS server, its just blindly 401ing things without ever making contact with RADIUS.
SER config looks like this
if (method == "REGISTER") { if (!radius_www_authorize("")) { www_challenge("", "1"); break; };
save("location");};
radiusclient-ng servers file: 192.168.1.103 heslo
radiusclient.conf: auth_order radius,local login_tries 4 login_timeout 60 authserver 192.168.1.103:1812 acctserver 192.168.1.103:1813 dictionary /usr/local/etc/radiusclient-ng/dictionary
FreeRADIUS clients.conf: client 192.168.1.109 { secret = heslo shortname = proxy1 nastype = other
Not sure what to do!
You just sent the debug output for the first message (the one creating the challenge). The next message should contain the credentials, which will be used for radius auth. As far as I remember, by default radiusclient uses localhost to send its radius requests. When the radius server is only listening on a physical interface or remote server, you need to add a directive to radiusclient.conf. I don't remember right now. g-)
Daniel Corbe wrote:
Turned debug to 9, this is what I get
0(19309) SIP Request: 0(19309) method: <REGISTER> 0(19309) uri: sip:192.168.1.109 0(19309) version: <SIP/2.0> 0(19309) parse_headers: flags=1 0(19309) Found param type 235, <rport> = <n/a>; state=6 0(19309) Found param type 232, <branch> = <z9hG4bK3AA0D153A44111DB884A0017F2C52DAE>; state=16 0(19309) end of header reached, state=5 0(19309) parse_headers: Via found, flags=1 0(19309) parse_headers: this is the first via 0(19309) After parse_msg... 0(19309) preparing to run routing scripts... 0(19309) parse_headers: flags=128 0(19309) end of header reached, state=9 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109] 0(19309) DEBUG: to body [1234 sip:admin@192.168.1.109 ] 0(19309) get_hdr_field: cseq <CSeq>: <40142> <REGISTER> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 0(19309) parse_headers: flags=256 0(19309) DEBUG: get_hdr_body : content_length=0 0(19309) found end of header 0(19309) find_first_route: No Route headers found 0(19309) loose_route: There is no Route HF 0(19309) XLOG: xl_print_log: final buffer length 26 0(19309) REGISTER request received 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) parse_headers: flags=64 0(19309) XLOG: xl_print_log: final buffer length 27 0(19309) NATed client, enabling NAT 0(19309) parse_headers: flags=4096 0(19309) pre_auth(): Credentials with given realm not found 0(19309) XLOG: xl_print_log: final buffer length 28 0(19309) No Digest, sending challenge 0(19309) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.109", nonce="45aaa391b970a38171714c791e2feec0b390aeed" ' 0(19309) parse_headers: flags=-1 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0 0(19309) receive_msg: cleaning up 0(19309) SIP Request: 0(19309) method: <REGISTER> 0(19309) uri: sip:192.168.1.109 0(19309) version: <SIP/2.0> 0(19309) parse_headers: flags=1 0(19309) Found param type 235, <rport> = <n/a>; state=6 0(19309) Found param type 232, <branch> = <z9hG4bK3AA5DFEFA44111DB884A0017F2C52DAE>; state=16 0(19309) end of header reached, state=5 0(19309) parse_headers: Via found, flags=1 0(19309) parse_headers: this is the first via 0(19309) After parse_msg... 0(19309) preparing to run routing scripts... 0(19309) parse_headers: flags=128 0(19309) end of header reached, state=9 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109] 0(19309) DEBUG: to body [1234 sip:admin@192.168.1.109 ] 0(19309) get_hdr_field: cseq <CSeq>: <40143> <REGISTER> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 0(19309) parse_headers: flags=256 0(19309) DEBUG: get_hdr_body : content_length=0 0(19309) found end of header 0(19309) find_first_route: No Route headers found 0(19309) loose_route: There is no Route HF 0(19309) XLOG: xl_print_log: final buffer length 26 0(19309) REGISTER request received 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) parse_headers: flags=64 0(19309) XLOG: xl_print_log: final buffer length 27 0(19309) NATed client, enabling NAT 0(19309) check_nonce(): comparing [45aaa391b970a38171714c791e2feec0b390aeed] and [45aaa391b970a38171714c791e2feec0b390aeed] 0(19309) res: -1 0(19309) radius_authorize_sterman(): Failure 0(19309) XLOG: xl_print_log: final buffer length 28 0(19309) No Digest, sending challenge 0(19309) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.109", nonce="45aaa391b970a38171714c791e2feec0b390aeed" ' 0(19309) parse_headers: flags=-1 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0 0(19309) receive_msg: cleaning up 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195 0(19309) SIP Request: 0(19309) method: <REGISTER> 0(19309) uri: sip:192.168.1.109 0(19309) version: <SIP/2.0> 0(19309) parse_headers: flags=1 0(19309) Found param type 235, <rport> = <n/a>; state=6 0(19309) Found param type 232, <branch> = <z9hG4bK46BAEDC8A44111DB884A0017F2C52DAE>; state=16 0(19309) end of header reached, state=5 0(19309) parse_headers: Via found, flags=1 0(19309) parse_headers: this is the first via 0(19309) After parse_msg... 0(19309) preparing to run routing scripts... 0(19309) parse_headers: flags=128 0(19309) end of header reached, state=9 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109] 0(19309) DEBUG: to body [1234 sip:admin@192.168.1.109 ] 0(19309) get_hdr_field: cseq <CSeq>: <40144> <REGISTER> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 0(19309) parse_headers: flags=256 0(19309) DEBUG: get_hdr_body : content_length=0 0(19309) found end of header 0(19309) find_first_route: No Route headers found 0(19309) loose_route: There is no Route HF 0(19309) XLOG: xl_print_log: final buffer length 26 0(19309) REGISTER request received 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) parse_headers: flags=64 0(19309) XLOG: xl_print_log: final buffer length 27 0(19309) NATed client, enabling NAT 0(19309) parse_headers: flags=4096 0(19309) pre_auth(): Credentials with given realm not found 0(19309) XLOG: xl_print_log: final buffer length 28 0(19309) No Digest, sending challenge 0(19309) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.109", nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e" ' 0(19309) parse_headers: flags=-1 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0 0(19309) receive_msg: cleaning up 0(19309) SIP Request: 0(19309) method: <REGISTER> 0(19309) uri: sip:192.168.1.109 0(19309) version: <SIP/2.0> 0(19309) parse_headers: flags=1 0(19309) Found param type 235, <rport> = <n/a>; state=6 0(19309) Found param type 232, <branch> = <z9hG4bK46BF0C4DA44111DB884A0017F2C52DAE>; state=16 0(19309) end of header reached, state=5 0(19309) parse_headers: Via found, flags=1 0(19309) parse_headers: this is the first via 0(19309) After parse_msg... 0(19309) preparing to run routing scripts... 0(19309) parse_headers: flags=128 0(19309) end of header reached, state=9 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109] 0(19309) DEBUG: to body [1234 sip:admin@192.168.1.109 ] 0(19309) get_hdr_field: cseq <CSeq>: <40145> <REGISTER> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 0(19309) parse_headers: flags=256 0(19309) DEBUG: get_hdr_body : content_length=0 0(19309) found end of header 0(19309) find_first_route: No Route headers found 0(19309) loose_route: There is no Route HF 0(19309) XLOG: xl_print_log: final buffer length 26 0(19309) REGISTER request received 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) parse_headers: flags=64 0(19309) XLOG: xl_print_log: final buffer length 27 0(19309) NATed client, enabling NAT 0(19309) check_nonce(): comparing [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] 0(19309) res: -1 0(19309) radius_authorize_sterman(): Failure 0(19309) XLOG: xl_print_log: final buffer length 28 0(19309) No Digest, sending challenge 0(19309) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.109", nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e" ' 0(19309) parse_headers: flags=-1 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0 0(19309) receive_msg: cleaning up 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
On 1/14/07, Daniel Corbe daniel.junkmail@gmail.com wrote:
I cannot get my SER to talk to my RADIUS server, its just blindly 401ing things without ever making contact with RADIUS.
SER config looks like this
if (method == "REGISTER") { if (!radius_www_authorize("")) { www_challenge("", "1"); break; };
save("location");};
radiusclient-ng servers file: 192.168.1.103 heslo
radiusclient.conf: auth_order radius,local login_tries 4 login_timeout 60 authserver 192.168.1.103:1812 acctserver 192.168.1.103:1813 dictionary /usr/local/etc/radiusclient-ng/dictionary
FreeRADIUS clients.conf: client 192.168.1.109 { secret = heslo shortname = proxy1 nastype = other
Not sure what to do!
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
The 2nd request actually is in the debug output, if you scroll down about half way.
0(19309) check_nonce(): comparing [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e]
The nonce provided by the UA is correct, and when you go a little further down, you see a really strange error message:
0(19309) res: -1 0(19309) radius_authorize_sterman(): Failure
I'm not even sure what that means.
On 1/15/07, Greger V. Teigre greger@teigre.com wrote:
You just sent the debug output for the first message (the one creating the challenge). The next message should contain the credentials, which will be used for radius auth. As far as I remember, by default radiusclient uses localhost to send its radius requests. When the radius server is only listening on a physical interface or remote server, you need to add a directive to radiusclient.conf. I don't remember right now. g-)
Daniel Corbe wrote:
Turned debug to 9, this is what I get
0(19309) SIP Request: 0(19309) method: <REGISTER> 0(19309) uri: sip:192.168.1.109 0(19309) version: <SIP/2.0> 0(19309) parse_headers: flags=1 0(19309) Found param type 235, <rport> = <n/a>; state=6 0(19309) Found param type 232, <branch> = <z9hG4bK3AA0D153A44111DB884A0017F2C52DAE>; state=16 0(19309) end of header reached, state=5 0(19309) parse_headers: Via found, flags=1 0(19309) parse_headers: this is the first via 0(19309) After parse_msg... 0(19309) preparing to run routing scripts... 0(19309) parse_headers: flags=128 0(19309) end of header reached, state=9 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109] 0(19309) DEBUG: to body [1234 sip:admin@192.168.1.109 ] 0(19309) get_hdr_field: cseq <CSeq>: <40142> <REGISTER> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 0(19309) parse_headers: flags=256 0(19309) DEBUG: get_hdr_body : content_length=0 0(19309) found end of header 0(19309) find_first_route: No Route headers found 0(19309) loose_route: There is no Route HF 0(19309) XLOG: xl_print_log: final buffer length 26 0(19309) REGISTER request received 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) parse_headers: flags=64 0(19309) XLOG: xl_print_log: final buffer length 27 0(19309) NATed client, enabling NAT 0(19309) parse_headers: flags=4096 0(19309) pre_auth(): Credentials with given realm not found 0(19309) XLOG: xl_print_log: final buffer length 28 0(19309) No Digest, sending challenge 0(19309) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.109", nonce="45aaa391b970a38171714c791e2feec0b390aeed" ' 0(19309) parse_headers: flags=-1 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0 0(19309) receive_msg: cleaning up 0(19309) SIP Request: 0(19309) method: <REGISTER> 0(19309) uri: sip:192.168.1.109 0(19309) version: <SIP/2.0> 0(19309) parse_headers: flags=1 0(19309) Found param type 235, <rport> = <n/a>; state=6 0(19309) Found param type 232, <branch> = <z9hG4bK3AA5DFEFA44111DB884A0017F2C52DAE>; state=16 0(19309) end of header reached, state=5 0(19309) parse_headers: Via found, flags=1 0(19309) parse_headers: this is the first via 0(19309) After parse_msg... 0(19309) preparing to run routing scripts... 0(19309) parse_headers: flags=128 0(19309) end of header reached, state=9 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109] 0(19309) DEBUG: to body [1234 sip:admin@192.168.1.109 ] 0(19309) get_hdr_field: cseq <CSeq>: <40143> <REGISTER> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 0(19309) parse_headers: flags=256 0(19309) DEBUG: get_hdr_body : content_length=0 0(19309) found end of header 0(19309) find_first_route: No Route headers found 0(19309) loose_route: There is no Route HF 0(19309) XLOG: xl_print_log: final buffer length 26 0(19309) REGISTER request received 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) parse_headers: flags=64 0(19309) XLOG: xl_print_log: final buffer length 27 0(19309) NATed client, enabling NAT 0(19309) check_nonce(): comparing [45aaa391b970a38171714c791e2feec0b390aeed] and [45aaa391b970a38171714c791e2feec0b390aeed] 0(19309) res: -1 0(19309) radius_authorize_sterman(): Failure 0(19309) XLOG: xl_print_log: final buffer length 28 0(19309) No Digest, sending challenge 0(19309) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.109", nonce="45aaa391b970a38171714c791e2feec0b390aeed" ' 0(19309) parse_headers: flags=-1 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0 0(19309) receive_msg: cleaning up 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195 0(19309) SIP Request: 0(19309) method: <REGISTER> 0(19309) uri: sip:192.168.1.109 0(19309) version: <SIP/2.0> 0(19309) parse_headers: flags=1 0(19309) Found param type 235, <rport> = <n/a>; state=6 0(19309) Found param type 232, <branch> = <z9hG4bK46BAEDC8A44111DB884A0017F2C52DAE>; state=16 0(19309) end of header reached, state=5 0(19309) parse_headers: Via found, flags=1 0(19309) parse_headers: this is the first via 0(19309) After parse_msg... 0(19309) preparing to run routing scripts... 0(19309) parse_headers: flags=128 0(19309) end of header reached, state=9 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109] 0(19309) DEBUG: to body [1234 sip:admin@192.168.1.109 ] 0(19309) get_hdr_field: cseq <CSeq>: <40144> <REGISTER> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 0(19309) parse_headers: flags=256 0(19309) DEBUG: get_hdr_body : content_length=0 0(19309) found end of header 0(19309) find_first_route: No Route headers found 0(19309) loose_route: There is no Route HF 0(19309) XLOG: xl_print_log: final buffer length 26 0(19309) REGISTER request received 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) parse_headers: flags=64 0(19309) XLOG: xl_print_log: final buffer length 27 0(19309) NATed client, enabling NAT 0(19309) parse_headers: flags=4096 0(19309) pre_auth(): Credentials with given realm not found 0(19309) XLOG: xl_print_log: final buffer length 28 0(19309) No Digest, sending challenge 0(19309) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.109", nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e" ' 0(19309) parse_headers: flags=-1 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0 0(19309) receive_msg: cleaning up 0(19309) SIP Request: 0(19309) method: <REGISTER> 0(19309) uri: sip:192.168.1.109 0(19309) version: <SIP/2.0> 0(19309) parse_headers: flags=1 0(19309) Found param type 235, <rport> = <n/a>; state=6 0(19309) Found param type 232, <branch> = <z9hG4bK46BF0C4DA44111DB884A0017F2C52DAE>; state=16 0(19309) end of header reached, state=5 0(19309) parse_headers: Via found, flags=1 0(19309) parse_headers: this is the first via 0(19309) After parse_msg... 0(19309) preparing to run routing scripts... 0(19309) parse_headers: flags=128 0(19309) end of header reached, state=9 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109] 0(19309) DEBUG: to body [1234 sip:admin@192.168.1.109 ] 0(19309) get_hdr_field: cseq <CSeq>: <40145> <REGISTER> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 0(19309) parse_headers: flags=256 0(19309) DEBUG: get_hdr_body : content_length=0 0(19309) found end of header 0(19309) find_first_route: No Route headers found 0(19309) loose_route: There is no Route HF 0(19309) XLOG: xl_print_log: final buffer length 26 0(19309) REGISTER request received 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) parse_headers: flags=64 0(19309) XLOG: xl_print_log: final buffer length 27 0(19309) NATed client, enabling NAT 0(19309) check_nonce(): comparing [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] 0(19309) res: -1 0(19309) radius_authorize_sterman(): Failure 0(19309) XLOG: xl_print_log: final buffer length 28 0(19309) No Digest, sending challenge 0(19309) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.109", nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e" ' 0(19309) parse_headers: flags=-1 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0 0(19309) receive_msg: cleaning up 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
On 1/14/07, Daniel Corbe daniel.junkmail@gmail.com wrote:
I cannot get my SER to talk to my RADIUS server, its just blindly 401ing things without ever making contact with RADIUS.
SER config looks like this
if (method == "REGISTER") { if (!radius_www_authorize("")) { www_challenge("", "1"); break; };
save("location");};
radiusclient-ng servers file: 192.168.1.103 heslo
radiusclient.conf: auth_order radius,local login_tries 4 login_timeout 60 authserver 192.168.1.103:1812 acctserver 192.168.1.103:1813 dictionary /usr/local/etc/radiusclient-ng/dictionary
FreeRADIUS clients.conf: client 192.168.1.109 { secret = heslo shortname = proxy1 nastype = other
Not sure what to do!
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Apparently OpenBSD just plain sucks for anything radius related. Having troubles with radiusclient-ng, and rlm_perl on FreeRADIUS. I switched both machines to FreeBSD now everything works without a problem.
On 1/15/07, Daniel Corbe daniel.junkmail@gmail.com wrote:
The 2nd request actually is in the debug output, if you scroll down about half way.
0(19309) check_nonce(): comparing [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e]
The nonce provided by the UA is correct, and when you go a little further down, you see a really strange error message:
0(19309) res: -1 0(19309) radius_authorize_sterman(): Failure
I'm not even sure what that means.
On 1/15/07, Greger V. Teigre greger@teigre.com wrote:
You just sent the debug output for the first message (the one creating the challenge). The next message should contain the credentials, which will be used for radius auth. As far as I remember, by default radiusclient uses localhost to send its radius requests. When the radius server is only listening on a physical interface or remote server, you need to add a directive to radiusclient.conf. I don't remember right now. g-)
Daniel Corbe wrote:
Turned debug to 9, this is what I get
0(19309) SIP Request: 0(19309) method: <REGISTER> 0(19309) uri: sip:192.168.1.109 0(19309) version: <SIP/2.0> 0(19309) parse_headers: flags=1 0(19309) Found param type 235, <rport> = <n/a>; state=6 0(19309) Found param type 232, <branch> = <z9hG4bK3AA0D153A44111DB884A0017F2C52DAE>; state=16 0(19309) end of header reached, state=5 0(19309) parse_headers: Via found, flags=1 0(19309) parse_headers: this is the first via 0(19309) After parse_msg... 0(19309) preparing to run routing scripts... 0(19309) parse_headers: flags=128 0(19309) end of header reached, state=9 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109] 0(19309) DEBUG: to body [1234 sip:admin@192.168.1.109 ] 0(19309) get_hdr_field: cseq <CSeq>: <40142> <REGISTER> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 0(19309) parse_headers: flags=256 0(19309) DEBUG: get_hdr_body : content_length=0 0(19309) found end of header 0(19309) find_first_route: No Route headers found 0(19309) loose_route: There is no Route HF 0(19309) XLOG: xl_print_log: final buffer length 26 0(19309) REGISTER request received 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) parse_headers: flags=64 0(19309) XLOG: xl_print_log: final buffer length 27 0(19309) NATed client, enabling NAT 0(19309) parse_headers: flags=4096 0(19309) pre_auth(): Credentials with given realm not found 0(19309) XLOG: xl_print_log: final buffer length 28 0(19309) No Digest, sending challenge 0(19309) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.109", nonce="45aaa391b970a38171714c791e2feec0b390aeed" ' 0(19309) parse_headers: flags=-1 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0 0(19309) receive_msg: cleaning up 0(19309) SIP Request: 0(19309) method: <REGISTER> 0(19309) uri: sip:192.168.1.109 0(19309) version: <SIP/2.0> 0(19309) parse_headers: flags=1 0(19309) Found param type 235, <rport> = <n/a>; state=6 0(19309) Found param type 232, <branch> = <z9hG4bK3AA5DFEFA44111DB884A0017F2C52DAE>; state=16 0(19309) end of header reached, state=5 0(19309) parse_headers: Via found, flags=1 0(19309) parse_headers: this is the first via 0(19309) After parse_msg... 0(19309) preparing to run routing scripts... 0(19309) parse_headers: flags=128 0(19309) end of header reached, state=9 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109] 0(19309) DEBUG: to body [1234 sip:admin@192.168.1.109 ] 0(19309) get_hdr_field: cseq <CSeq>: <40143> <REGISTER> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 0(19309) parse_headers: flags=256 0(19309) DEBUG: get_hdr_body : content_length=0 0(19309) found end of header 0(19309) find_first_route: No Route headers found 0(19309) loose_route: There is no Route HF 0(19309) XLOG: xl_print_log: final buffer length 26 0(19309) REGISTER request received 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) parse_headers: flags=64 0(19309) XLOG: xl_print_log: final buffer length 27 0(19309) NATed client, enabling NAT 0(19309) check_nonce(): comparing [45aaa391b970a38171714c791e2feec0b390aeed] and [45aaa391b970a38171714c791e2feec0b390aeed] 0(19309) res: -1 0(19309) radius_authorize_sterman(): Failure 0(19309) XLOG: xl_print_log: final buffer length 28 0(19309) No Digest, sending challenge 0(19309) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.109", nonce="45aaa391b970a38171714c791e2feec0b390aeed" ' 0(19309) parse_headers: flags=-1 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0 0(19309) receive_msg: cleaning up 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195 0(19309) SIP Request: 0(19309) method: <REGISTER> 0(19309) uri: sip:192.168.1.109 0(19309) version: <SIP/2.0> 0(19309) parse_headers: flags=1 0(19309) Found param type 235, <rport> = <n/a>; state=6 0(19309) Found param type 232, <branch> = <z9hG4bK46BAEDC8A44111DB884A0017F2C52DAE>; state=16 0(19309) end of header reached, state=5 0(19309) parse_headers: Via found, flags=1 0(19309) parse_headers: this is the first via 0(19309) After parse_msg... 0(19309) preparing to run routing scripts... 0(19309) parse_headers: flags=128 0(19309) end of header reached, state=9 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109] 0(19309) DEBUG: to body [1234 sip:admin@192.168.1.109 ] 0(19309) get_hdr_field: cseq <CSeq>: <40144> <REGISTER> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 0(19309) parse_headers: flags=256 0(19309) DEBUG: get_hdr_body : content_length=0 0(19309) found end of header 0(19309) find_first_route: No Route headers found 0(19309) loose_route: There is no Route HF 0(19309) XLOG: xl_print_log: final buffer length 26 0(19309) REGISTER request received 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) parse_headers: flags=64 0(19309) XLOG: xl_print_log: final buffer length 27 0(19309) NATed client, enabling NAT 0(19309) parse_headers: flags=4096 0(19309) pre_auth(): Credentials with given realm not found 0(19309) XLOG: xl_print_log: final buffer length 28 0(19309) No Digest, sending challenge 0(19309) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.109", nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e" ' 0(19309) parse_headers: flags=-1 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0 0(19309) receive_msg: cleaning up 0(19309) SIP Request: 0(19309) method: <REGISTER> 0(19309) uri: sip:192.168.1.109 0(19309) version: <SIP/2.0> 0(19309) parse_headers: flags=1 0(19309) Found param type 235, <rport> = <n/a>; state=6 0(19309) Found param type 232, <branch> = <z9hG4bK46BF0C4DA44111DB884A0017F2C52DAE>; state=16 0(19309) end of header reached, state=5 0(19309) parse_headers: Via found, flags=1 0(19309) parse_headers: this is the first via 0(19309) After parse_msg... 0(19309) preparing to run routing scripts... 0(19309) parse_headers: flags=128 0(19309) end of header reached, state=9 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109] 0(19309) DEBUG: to body [1234 sip:admin@192.168.1.109 ] 0(19309) get_hdr_field: cseq <CSeq>: <40145> <REGISTER> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 0(19309) parse_headers: flags=256 0(19309) DEBUG: get_hdr_body : content_length=0 0(19309) found end of header 0(19309) find_first_route: No Route headers found 0(19309) loose_route: There is no Route HF 0(19309) XLOG: xl_print_log: final buffer length 26 0(19309) REGISTER request received 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) parse_headers: flags=64 0(19309) XLOG: xl_print_log: final buffer length 27 0(19309) NATed client, enabling NAT 0(19309) check_nonce(): comparing [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] 0(19309) res: -1 0(19309) radius_authorize_sterman(): Failure 0(19309) XLOG: xl_print_log: final buffer length 28 0(19309) No Digest, sending challenge 0(19309) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.109", nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e" ' 0(19309) parse_headers: flags=-1 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0) 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0 0(19309) receive_msg: cleaning up 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
On 1/14/07, Daniel Corbe daniel.junkmail@gmail.com wrote:
I cannot get my SER to talk to my RADIUS server, its just blindly 401ing things without ever making contact with RADIUS.
SER config looks like this
if (method == "REGISTER") { if (!radius_www_authorize("")) { www_challenge("", "1"); break; };
save("location");};
radiusclient-ng servers file: 192.168.1.103 heslo
radiusclient.conf: auth_order radius,local login_tries 4 login_timeout 60 authserver 192.168.1.103:1812 acctserver 192.168.1.103:1813 dictionary /usr/local/etc/radiusclient-ng/dictionary
FreeRADIUS clients.conf: client 192.168.1.109 { secret = heslo shortname = proxy1 nastype = other
Not sure what to do!
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hi!
I am setting SER to work with radius. When I try to authenticate user I get the following error: Jan 29 12:05:39 rd ser[2207]: rc_check_reply: received invalid reply digest from RADIUS server
Ser sends the following Access request: Packet-Type = Access-Request User-Name = "hellboy@voip.touk.pl" Digest-Attributes = 0x0a0968656c6c626f79 Digest-Attributes = 0x010e766f69702e746f756b2e706c Digest-Attributes = 0x022a34356264636134623937373137333632653937323139316435306238383239356338326261363934 Digest-Attributes = 0x04127369703a766f69702e746f756b2e706c Digest-Attributes = 0x030a5245474953544552 Digest-Attributes = 0x050661757468 Digest-Attributes = 0x090a3030303030303031 Digest-Attributes = 0x08223745414239354131344231423535314641344234333531353438364237363434 Digest-Response = "9e88c767fb24351dee073aea725b4240" Service-Type = 0x0000000f00000000 SER-Service-Type = 0x0000000300000000 SER-Uri-User = "hellboy" NAS-Port = 0x000013c400000000 NAS-IP-Address = 0x7f00000100000000
Free radius answers: Mon Jan 29 11:42:37 2007 Packet-Type = Access-Accept User-Name = "hellboy@voip.touk.pl" Reply-Message = "Authenticated" SER-UID = "hellboy@voip.touk.pl"
Please tell what is missing that SER reports such problem?
The radius debug may be helpful: modcall: entering group Digest for request 0 rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "hellboy" Digest-Realm = "voip.touk.pl" Digest-Nonce = "45bdd62fbc015a37f74ea55bacff289355a4e711" Digest-URI = "sip:hellboy@voip.touk.pl" Digest-Method = "INVITE" Digest-QOP = "auth" Digest-Nonce-Count = "00000001" Digest-CNonce = "6A8675513A084320027EC9F1160D4EAC" A1 = hellboy:voip.touk.pl:hellboy A2 = INVITE:sip:hellboy@voip.touk.pl H(A1) = a383a13215180e1f7d2fc755c99af602 H(A2) = b2bcd7301bd325296c0d4ad31546892f KD = a383a13215180e1f7d2fc755c99af602:45bdd62fbc015a37f74ea55bacff289355a4e711:00000001:6A8675513A084320027EC9F1160D4EAC:auth:b2bcd7301bd325296c0d4ad31546892f EXPECTED 3b561958428c5891959e8d3c6a466b62 RECEIVED 3b561958428c5891959e8d3c6a466b62 modcall[authenticate]: module "digest" returns ok for request 0 modcall: group Digest returns ok for request 0 Login OK: [hellboy@voip.touk.pl/<via Auth-Type = DIGEST>] (from client localhost.ip4 port 0) Sending Access-Accept of id 54 to 127.0.0.1 port 32870 User-Name = "hellboy@voip.touk.pl" SER-UID = "hellboy@voip.touk.pl" Reply-Message = "Authenticated"
best tomasz
Hi!
I am setting SER to work with radius. When I try to authenticate user I get the following error: Jan 29 12:05:39 rd ser[2207]: rc_check_reply: received invalid reply digest from RADIUS server
Ser sends the following Access request: Packet-Type = Access-Request User-Name = "hellboy@voip.touk.pl" Digest-Attributes = 0x0a0968656c6c626f79 Digest-Attributes = 0x010e766f69702e746f756b2e706c Digest-Attributes = 0x022a34356264636134623937373137333632653937323139316435306238383239356338326261363934 Digest-Attributes = 0x04127369703a766f69702e746f756b2e706c Digest-Attributes = 0x030a5245474953544552 Digest-Attributes = 0x050661757468 Digest-Attributes = 0x090a3030303030303031 Digest-Attributes = 0x08223745414239354131344231423535314641344234333531353438364237363434 Digest-Response = "9e88c767fb24351dee073aea725b4240" Service-Type = 0x0000000f00000000 SER-Service-Type = 0x0000000300000000 SER-Uri-User = "hellboy" NAS-Port = 0x000013c400000000 NAS-IP-Address = 0x7f00000100000000
Free radius answers: Mon Jan 29 11:42:37 2007 Packet-Type = Access-Accept User-Name = "hellboy@voip.touk.pl" Reply-Message = "Authenticated" SER-UID = "hellboy@voip.touk.pl"
Please tell what is missing that SER reports such problem?
The radius debug may be helpful: modcall: entering group Digest for request 0 rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "hellboy" Digest-Realm = "voip.touk.pl" Digest-Nonce = "45bdd62fbc015a37f74ea55bacff289355a4e711" Digest-URI = "sip:hellboy@voip.touk.pl" Digest-Method = "INVITE" Digest-QOP = "auth" Digest-Nonce-Count = "00000001" Digest-CNonce = "6A8675513A084320027EC9F1160D4EAC" A1 = hellboy:voip.touk.pl:hellboy A2 = INVITE:sip:hellboy@voip.touk.pl H(A1) = a383a13215180e1f7d2fc755c99af602 H(A2) = b2bcd7301bd325296c0d4ad31546892f KD = a383a13215180e1f7d2fc755c99af602:45bdd62fbc015a37f74ea55bacff289355a4e711:00000001:6A8675513A084320027EC9F1160D4EAC:auth:b2bcd7301bd325296c0d4ad31546892f EXPECTED 3b561958428c5891959e8d3c6a466b62 RECEIVED 3b561958428c5891959e8d3c6a466b62 modcall[authenticate]: module "digest" returns ok for request 0 modcall: group Digest returns ok for request 0 Login OK: [hellboy@voip.touk.pl/<via Auth-Type = DIGEST>] (from client localhost.ip4 port 0) Sending Access-Accept of id 54 to 127.0.0.1 port 32870 User-Name = "hellboy@voip.touk.pl" SER-UID = "hellboy@voip.touk.pl" Reply-Message = "Authenticated"
best tomasz
hi I am still fighting with this issue and there is one thing more is it correct that ser sends the attributes values in such form: NAS-Port = 0x000013c400000000 NAS-IP-Address = 0x7f00000100000000 when I use another tool radtest delivered with freeradius the parameters are printed as for instance: NAS-IP-Address = 192.168.0.74
Please help me with this problem I cann't figure out what could be wrong I use libradiusclient-ng2
best Tomasz
Hi!
I am setting SER to work with radius. When I try to authenticate user I get the following error: Jan 29 12:05:39 rd ser[2207]: rc_check_reply: received invalid reply digest from RADIUS server
Ser sends the following Access request: Packet-Type = Access-Request User-Name = "hellboy@voip.touk.pl" Digest-Attributes = 0x0a0968656c6c626f79 Digest-Attributes = 0x010e766f69702e746f756b2e706c Digest-Attributes = 0x022a34356264636134623937373137333632653937323139316435306238383239356338326261363934 Digest-Attributes = 0x04127369703a766f69702e746f756b2e706c Digest-Attributes = 0x030a5245474953544552 Digest-Attributes = 0x050661757468 Digest-Attributes = 0x090a3030303030303031 Digest-Attributes = 0x08223745414239354131344231423535314641344234333531353438364237363434 Digest-Response = "9e88c767fb24351dee073aea725b4240" Service-Type = 0x0000000f00000000 SER-Service-Type = 0x0000000300000000 SER-Uri-User = "hellboy" NAS-Port = 0x000013c400000000 NAS-IP-Address = 0x7f00000100000000
Free radius answers: Mon Jan 29 11:42:37 2007 Packet-Type = Access-Accept User-Name = "hellboy@voip.touk.pl" Reply-Message = "Authenticated" SER-UID = "hellboy@voip.touk.pl"
Please tell what is missing that SER reports such problem?
The radius debug may be helpful: modcall: entering group Digest for request 0 rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "hellboy" Digest-Realm = "voip.touk.pl" Digest-Nonce = "45bdd62fbc015a37f74ea55bacff289355a4e711" Digest-URI = "sip:hellboy@voip.touk.pl" Digest-Method = "INVITE" Digest-QOP = "auth" Digest-Nonce-Count = "00000001" Digest-CNonce = "6A8675513A084320027EC9F1160D4EAC" A1 = hellboy:voip.touk.pl:hellboy A2 = INVITE:sip:hellboy@voip.touk.pl H(A1) = a383a13215180e1f7d2fc755c99af602 H(A2) = b2bcd7301bd325296c0d4ad31546892f KD = a383a13215180e1f7d2fc755c99af602:45bdd62fbc015a37f74ea55bacff289355a4e711:00000001:6A8675513A084320027EC9F1160D4EAC:auth:b2bcd7301bd325296c0d4ad31546892f EXPECTED 3b561958428c5891959e8d3c6a466b62 RECEIVED 3b561958428c5891959e8d3c6a466b62 modcall[authenticate]: module "digest" returns ok for request 0 modcall: group Digest returns ok for request 0 Login OK: [hellboy@voip.touk.pl/<via Auth-Type = DIGEST>] (from client localhost.ip4 port 0) Sending Access-Accept of id 54 to 127.0.0.1 port 32870 User-Name = "hellboy@voip.touk.pl" SER-UID = "hellboy@voip.touk.pl" Reply-Message = "Authenticated"
best tomasz _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hi! know I realy don't know what could be the problem. I have the same configuration set on two different machines On the first one everything works and on the other one there is still this problem. The only difference is that the first one is a 32 bit CPU and the second one is 64bit. Is is possible that radiusclient cannot work on 64 bit CPU What can I do in such situation?? Please help
-Tomasz
hi I am still fighting with this issue and there is one thing more is it correct that ser sends the attributes values in such form: NAS-Port = 0x000013c400000000 NAS-IP-Address = 0x7f00000100000000 when I use another tool radtest delivered with freeradius the parameters are printed as for instance: NAS-IP-Address = 192.168.0.74
Please help me with this problem I cann't figure out what could be wrong I use libradiusclient-ng2
best Tomasz
Hi!
I am setting SER to work with radius. When I try to authenticate user I get the following error: Jan 29 12:05:39 rd ser[2207]: rc_check_reply: received invalid reply digest from RADIUS server
Ser sends the following Access request: Packet-Type = Access-Request User-Name = "hellboy@voip.touk.pl" Digest-Attributes = 0x0a0968656c6c626f79 Digest-Attributes = 0x010e766f69702e746f756b2e706c Digest-Attributes = 0x022a34356264636134623937373137333632653937323139316435306238383239356338326261363934 Digest-Attributes = 0x04127369703a766f69702e746f756b2e706c Digest-Attributes = 0x030a5245474953544552 Digest-Attributes = 0x050661757468 Digest-Attributes = 0x090a3030303030303031 Digest-Attributes = 0x08223745414239354131344231423535314641344234333531353438364237363434 Digest-Response = "9e88c767fb24351dee073aea725b4240" Service-Type = 0x0000000f00000000 SER-Service-Type = 0x0000000300000000 SER-Uri-User = "hellboy" NAS-Port = 0x000013c400000000 NAS-IP-Address = 0x7f00000100000000
Free radius answers: Mon Jan 29 11:42:37 2007 Packet-Type = Access-Accept User-Name = "hellboy@voip.touk.pl" Reply-Message = "Authenticated" SER-UID = "hellboy@voip.touk.pl"
Please tell what is missing that SER reports such problem?
The radius debug may be helpful: modcall: entering group Digest for request 0 rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "hellboy" Digest-Realm = "voip.touk.pl" Digest-Nonce = "45bdd62fbc015a37f74ea55bacff289355a4e711" Digest-URI = "sip:hellboy@voip.touk.pl" Digest-Method = "INVITE" Digest-QOP = "auth" Digest-Nonce-Count = "00000001" Digest-CNonce = "6A8675513A084320027EC9F1160D4EAC" A1 = hellboy:voip.touk.pl:hellboy A2 = INVITE:sip:hellboy@voip.touk.pl H(A1) = a383a13215180e1f7d2fc755c99af602 H(A2) = b2bcd7301bd325296c0d4ad31546892f KD = a383a13215180e1f7d2fc755c99af602:45bdd62fbc015a37f74ea55bacff289355a4e711:00000001:6A8675513A084320027EC9F1160D4EAC:auth:b2bcd7301bd325296c0d4ad31546892f EXPECTED 3b561958428c5891959e8d3c6a466b62 RECEIVED 3b561958428c5891959e8d3c6a466b62 modcall[authenticate]: module "digest" returns ok for request 0 modcall: group Digest returns ok for request 0 Login OK: [hellboy@voip.touk.pl/<via Auth-Type = DIGEST>] (from client localhost.ip4 port 0) Sending Access-Accept of id 54 to 127.0.0.1 port 32870 User-Name = "hellboy@voip.touk.pl" SER-UID = "hellboy@voip.touk.pl" Reply-Message = "Authenticated"
best tomasz _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hi! know I realy don't know what could be the problem. I have the same configuration set on two different machines On the first one everything works and on the other one there is still this problem. The only difference is that the first one is a 32 bit CPU and the second one is 64bit. Is is possible that radiusclient cannot work on 64 bit CPU What can I do in such situation?? Please help
-Tomasz
hi I am still fighting with this issue and there is one thing more is it correct that ser sends the attributes values in such form: NAS-Port = 0x000013c400000000 NAS-IP-Address = 0x7f00000100000000 when I use another tool radtest delivered with freeradius the parameters are printed as for instance: NAS-IP-Address = 192.168.0.74
Please help me with this problem I cann't figure out what could be wrong I use libradiusclient-ng2
best Tomasz
Hi!
I am setting SER to work with radius. When I try to authenticate user I get the following error: Jan 29 12:05:39 rd ser[2207]: rc_check_reply: received invalid reply digest from RADIUS server
Ser sends the following Access request: Packet-Type = Access-Request User-Name = "hellboy@voip.touk.pl" Digest-Attributes = 0x0a0968656c6c626f79 Digest-Attributes = 0x010e766f69702e746f756b2e706c Digest-Attributes = 0x022a34356264636134623937373137333632653937323139316435306238383239356338326261363934 Digest-Attributes = 0x04127369703a766f69702e746f756b2e706c Digest-Attributes = 0x030a5245474953544552 Digest-Attributes = 0x050661757468 Digest-Attributes = 0x090a3030303030303031 Digest-Attributes = 0x08223745414239354131344231423535314641344234333531353438364237363434 Digest-Response = "9e88c767fb24351dee073aea725b4240" Service-Type = 0x0000000f00000000 SER-Service-Type = 0x0000000300000000 SER-Uri-User = "hellboy" NAS-Port = 0x000013c400000000 NAS-IP-Address = 0x7f00000100000000
Free radius answers: Mon Jan 29 11:42:37 2007 Packet-Type = Access-Accept User-Name = "hellboy@voip.touk.pl" Reply-Message = "Authenticated" SER-UID = "hellboy@voip.touk.pl"
Please tell what is missing that SER reports such problem?
The radius debug may be helpful: modcall: entering group Digest for request 0 rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "hellboy" Digest-Realm = "voip.touk.pl" Digest-Nonce = "45bdd62fbc015a37f74ea55bacff289355a4e711" Digest-URI = "sip:hellboy@voip.touk.pl" Digest-Method = "INVITE" Digest-QOP = "auth" Digest-Nonce-Count = "00000001" Digest-CNonce = "6A8675513A084320027EC9F1160D4EAC" A1 = hellboy:voip.touk.pl:hellboy A2 = INVITE:sip:hellboy@voip.touk.pl H(A1) = a383a13215180e1f7d2fc755c99af602 H(A2) = b2bcd7301bd325296c0d4ad31546892f KD = a383a13215180e1f7d2fc755c99af602:45bdd62fbc015a37f74ea55bacff289355a4e711:00000001:6A8675513A084320027EC9F1160D4EAC:auth:b2bcd7301bd325296c0d4ad31546892f EXPECTED 3b561958428c5891959e8d3c6a466b62 RECEIVED 3b561958428c5891959e8d3c6a466b62 modcall[authenticate]: module "digest" returns ok for request 0 modcall: group Digest returns ok for request 0 Login OK: [hellboy@voip.touk.pl/<via Auth-Type = DIGEST>] (from client localhost.ip4 port 0) Sending Access-Accept of id 54 to 127.0.0.1 port 32870 User-Name = "hellboy@voip.touk.pl" SER-UID = "hellboy@voip.touk.pl" Reply-Message = "Authenticated"
best tomasz _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
(I got three equal posts from you)
received invalid reply digest from RADIUS server means that ser was not able to interpret the response from freeradius. This would normally be due to two different shared secrets. But as your attributes reach freeradius, there might be a problem in the reply. You could use wireshark to look at the communication to see if wireshark is able to interpret the response. g-)
TZieleniewski wrote:
Hi! know I realy don't know what could be the problem. I have the same configuration set on two different machines On the first one everything works and on the other one there is still this problem. The only difference is that the first one is a 32 bit CPU and the second one is 64bit. Is is possible that radiusclient cannot work on 64 bit CPU What can I do in such situation?? Please help
-Tomasz
tzieleniewski napisał(a):
hi I am still fighting with this issue and there is one thing more is it correct that ser sends the attributes values in such form: NAS-Port = 0x000013c400000000 NAS-IP-Address = 0x7f00000100000000 when I use another tool radtest delivered with freeradius the parameters are printed as for instance: NAS-IP-Address = 192.168.0.74
Please help me with this problem I cann't figure out what could be wrong I use libradiusclient-ng2
best Tomasz
Hi!
I am setting SER to work with radius. When I try to authenticate user I get the following error: Jan 29 12:05:39 rd ser[2207]: rc_check_reply: received invalid reply digest from RADIUS server
Ser sends the following Access request: Packet-Type = Access-Request User-Name = "hellboy@voip.touk.pl" Digest-Attributes = 0x0a0968656c6c626f79 Digest-Attributes = 0x010e766f69702e746f756b2e706c Digest-Attributes = 0x022a34356264636134623937373137333632653937323139316435306238383239356338326261363934 Digest-Attributes = 0x04127369703a766f69702e746f756b2e706c Digest-Attributes = 0x030a5245474953544552 Digest-Attributes = 0x050661757468 Digest-Attributes = 0x090a3030303030303031 Digest-Attributes = 0x08223745414239354131344231423535314641344234333531353438364237363434 Digest-Response = "9e88c767fb24351dee073aea725b4240" Service-Type = 0x0000000f00000000 SER-Service-Type = 0x0000000300000000 SER-Uri-User = "hellboy" NAS-Port = 0x000013c400000000 NAS-IP-Address = 0x7f00000100000000
Free radius answers: Mon Jan 29 11:42:37 2007 Packet-Type = Access-Accept User-Name = "hellboy@voip.touk.pl" Reply-Message = "Authenticated" SER-UID = "hellboy@voip.touk.pl"
Please tell what is missing that SER reports such problem?
The radius debug may be helpful: modcall: entering group Digest for request 0 rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "hellboy" Digest-Realm = "voip.touk.pl" Digest-Nonce = "45bdd62fbc015a37f74ea55bacff289355a4e711" Digest-URI = "sip:hellboy@voip.touk.pl" Digest-Method = "INVITE" Digest-QOP = "auth" Digest-Nonce-Count = "00000001" Digest-CNonce = "6A8675513A084320027EC9F1160D4EAC" A1 = hellboy:voip.touk.pl:hellboy A2 = INVITE:sip:hellboy@voip.touk.pl H(A1) = a383a13215180e1f7d2fc755c99af602 H(A2) = b2bcd7301bd325296c0d4ad31546892f KD = a383a13215180e1f7d2fc755c99af602:45bdd62fbc015a37f74ea55bacff289355a4e711:00000001:6A8675513A084320027EC9F1160D4EAC:auth:b2bcd7301bd325296c0d4ad31546892f EXPECTED 3b561958428c5891959e8d3c6a466b62 RECEIVED 3b561958428c5891959e8d3c6a466b62 modcall[authenticate]: module "digest" returns ok for request 0 modcall: group Digest returns ok for request 0 Login OK: [hellboy@voip.touk.pl/<via Auth-Type = DIGEST>] (from client localhost.ip4 port 0) Sending Access-Accept of id 54 to 127.0.0.1 port 32870 User-Name = "hellboy@voip.touk.pl" SER-UID = "hellboy@voip.touk.pl" Reply-Message = "Authenticated"
best tomasz _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Daniel Corbe -
Greger V. Teigre -
tzieleniewski