15 Jan
2007
15 Jan
'07
1:32 a.m.
I cannot get my SER to talk to my RADIUS server, its just blindly
401ing things without ever making contact with RADIUS.
SER config looks like this
if (method == "REGISTER") {
if (!radius_www_authorize("")) {
www_challenge("", "1");
break;
};
save("location");
};
radiusclient-ng servers file:
192.168.1.103 heslo
radiusclient.conf:
auth_order radius,local
login_tries 4
login_timeout 60
authserver 192.168.1.103:1812
acctserver 192.168.1.103:1813
dictionary /usr/local/etc/radiusclient-ng/dictionary
FreeRADIUS clients.conf:
client 192.168.1.109 {
secret = heslo
shortname = proxy1
nastype = other
Not sure what to do!
15 Jan
15 Jan
3:37 a.m.
New subject: [Serusers] Re: Ser 0.9.6 + RADIUS
Turned debug to 9, this is what I get
0(19309) SIP Request:
0(19309) method: <REGISTER>
0(19309) uri: <sip:192.168.1.109>
0(19309) version: <SIP/2.0>
0(19309) parse_headers: flags=1
0(19309) Found param type 235, <rport> = <n/a>; state=6
0(19309) Found param type 232, <branch> =
<z9hG4bK3AA0D153A44111DB884A0017F2C52DAE>; state=16
0(19309) end of header reached, state=5
0(19309) parse_headers: Via found, flags=1
0(19309) parse_headers: this is the first via
0(19309) After parse_msg...
0(19309) preparing to run routing scripts...
0(19309) parse_headers: flags=128
0(19309) end of header reached, state=9
0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109]
0(19309) DEBUG: to body [1234 <sip:admin@192.168.1.109>
]
0(19309) get_hdr_field: cseq <CSeq>: <40142> <REGISTER>
0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
0(19309) parse_headers: flags=256
0(19309) DEBUG: get_hdr_body : content_length=0
0(19309) found end of header
0(19309) find_first_route: No Route headers found
0(19309) loose_route: There is no Route HF
0(19309) XLOG: xl_print_log: final buffer length 26
0(19309) REGISTER request received
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) parse_headers: flags=64
0(19309) XLOG: xl_print_log: final buffer length 27
0(19309) NATed client, enabling NAT
0(19309) parse_headers: flags=4096
0(19309) pre_auth(): Credentials with given realm not found
0(19309) XLOG: xl_print_log: final buffer length 28
0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
'WWW-Authenticate: Digest realm="192.168.1.109",
nonce="45aaa391b970a38171714c791e2feec0b390aeed"
'
0(19309) parse_headers: flags=-1
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
0(19309) receive_msg: cleaning up
0(19309) SIP Request:
0(19309) method: <REGISTER>
0(19309) uri: <sip:192.168.1.109>
0(19309) version: <SIP/2.0>
0(19309) parse_headers: flags=1
0(19309) Found param type 235, <rport> = <n/a>; state=6
0(19309) Found param type 232, <branch> =
<z9hG4bK3AA5DFEFA44111DB884A0017F2C52DAE>; state=16
0(19309) end of header reached, state=5
0(19309) parse_headers: Via found, flags=1
0(19309) parse_headers: this is the first via
0(19309) After parse_msg...
0(19309) preparing to run routing scripts...
0(19309) parse_headers: flags=128
0(19309) end of header reached, state=9
0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109]
0(19309) DEBUG: to body [1234 <sip:admin@192.168.1.109>
]
0(19309) get_hdr_field: cseq <CSeq>: <40143> <REGISTER>
0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
0(19309) parse_headers: flags=256
0(19309) DEBUG: get_hdr_body : content_length=0
0(19309) found end of header
0(19309) find_first_route: No Route headers found
0(19309) loose_route: There is no Route HF
0(19309) XLOG: xl_print_log: final buffer length 26
0(19309) REGISTER request received
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) parse_headers: flags=64
0(19309) XLOG: xl_print_log: final buffer length 27
0(19309) NATed client, enabling NAT
0(19309) check_nonce(): comparing
[45aaa391b970a38171714c791e2feec0b390aeed] and
[45aaa391b970a38171714c791e2feec0b390aeed]
0(19309) res: -1
0(19309) radius_authorize_sterman(): Failure
0(19309) XLOG: xl_print_log: final buffer length 28
0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
'WWW-Authenticate: Digest realm="192.168.1.109",
nonce="45aaa391b970a38171714c791e2feec0b390aeed"
'
0(19309) parse_headers: flags=-1
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
0(19309) receive_msg: cleaning up
0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
0(19309) SIP Request:
0(19309) method: <REGISTER>
0(19309) uri: <sip:192.168.1.109>
0(19309) version: <SIP/2.0>
0(19309) parse_headers: flags=1
0(19309) Found param type 235, <rport> = <n/a>; state=6
0(19309) Found param type 232, <branch> =
<z9hG4bK46BAEDC8A44111DB884A0017F2C52DAE>; state=16
0(19309) end of header reached, state=5
0(19309) parse_headers: Via found, flags=1
0(19309) parse_headers: this is the first via
0(19309) After parse_msg...
0(19309) preparing to run routing scripts...
0(19309) parse_headers: flags=128
0(19309) end of header reached, state=9
0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109]
0(19309) DEBUG: to body [1234 <sip:admin@192.168.1.109>
]
0(19309) get_hdr_field: cseq <CSeq>: <40144> <REGISTER>
0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
0(19309) parse_headers: flags=256
0(19309) DEBUG: get_hdr_body : content_length=0
0(19309) found end of header
0(19309) find_first_route: No Route headers found
0(19309) loose_route: There is no Route HF
0(19309) XLOG: xl_print_log: final buffer length 26
0(19309) REGISTER request received
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) parse_headers: flags=64
0(19309) XLOG: xl_print_log: final buffer length 27
0(19309) NATed client, enabling NAT
0(19309) parse_headers: flags=4096
0(19309) pre_auth(): Credentials with given realm not found
0(19309) XLOG: xl_print_log: final buffer length 28
0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
'WWW-Authenticate: Digest realm="192.168.1.109",
nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e"
'
0(19309) parse_headers: flags=-1
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
0(19309) receive_msg: cleaning up
0(19309) SIP Request:
0(19309) method: <REGISTER>
0(19309) uri: <sip:192.168.1.109>
0(19309) version: <SIP/2.0>
0(19309) parse_headers: flags=1
0(19309) Found param type 235, <rport> = <n/a>; state=6
0(19309) Found param type 232, <branch> =
<z9hG4bK46BF0C4DA44111DB884A0017F2C52DAE>; state=16
0(19309) end of header reached, state=5
0(19309) parse_headers: Via found, flags=1
0(19309) parse_headers: this is the first via
0(19309) After parse_msg...
0(19309) preparing to run routing scripts...
0(19309) parse_headers: flags=128
0(19309) end of header reached, state=9
0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109]
0(19309) DEBUG: to body [1234 <sip:admin@192.168.1.109>
]
0(19309) get_hdr_field: cseq <CSeq>: <40145> <REGISTER>
0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
0(19309) parse_headers: flags=256
0(19309) DEBUG: get_hdr_body : content_length=0
0(19309) found end of header
0(19309) find_first_route: No Route headers found
0(19309) loose_route: There is no Route HF
0(19309) XLOG: xl_print_log: final buffer length 26
0(19309) REGISTER request received
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) parse_headers: flags=64
0(19309) XLOG: xl_print_log: final buffer length 27
0(19309) NATed client, enabling NAT
0(19309) check_nonce(): comparing
[45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and
[45aaa3a5f0d6c451172fad0e9784ef0e7a83193e]
0(19309) res: -1
0(19309) radius_authorize_sterman(): Failure
0(19309) XLOG: xl_print_log: final buffer length 28
0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
'WWW-Authenticate: Digest realm="192.168.1.109",
nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e"
'
0(19309) parse_headers: flags=-1
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
0(19309) receive_msg: cleaning up
0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
On 1/14/07, Daniel Corbe <daniel.junkmail(a)gmail.com> wrote:
I cannot get my SER to talk to my RADIUS server, its
just blindly
401ing things without ever making contact with RADIUS.
SER config looks like this
if (method == "REGISTER") {
if (!radius_www_authorize("")) {
www_challenge("", "1");
break;
};
save("location");
};
radiusclient-ng servers file:
192.168.1.103 heslo
radiusclient.conf:
auth_order radius,local
login_tries 4
login_timeout 60
authserver 192.168.1.103:1812
acctserver 192.168.1.103:1813
dictionary /usr/local/etc/radiusclient-ng/dictionary
FreeRADIUS clients.conf:
client 192.168.1.109 {
secret = heslo
shortname = proxy1
nastype = other
Not sure what to do!
9:25 a.m.
New subject: [Serusers] Re: Ser 0.9.6 + RADIUS
You just sent the debug output for the first message (the one creating
the challenge). The next message should contain the credentials, which
will be used for radius auth.
As far as I remember, by default radiusclient uses localhost to send its
radius requests. When the radius server is only listening on a physical
interface or remote server, you need to add a directive to
radiusclient.conf. I don't remember right now.
g-)
Daniel Corbe wrote:
Turned debug to 9, this is what I get
0(19309) SIP Request:
0(19309) method: <REGISTER>
0(19309) uri: <sip:192.168.1.109>
0(19309) version: <SIP/2.0>
0(19309) parse_headers: flags=1
0(19309) Found param type 235, <rport> = <n/a>; state=6
0(19309) Found param type 232, <branch> =
<z9hG4bK3AA0D153A44111DB884A0017F2C52DAE>; state=16
0(19309) end of header reached, state=5
0(19309) parse_headers: Via found, flags=1
0(19309) parse_headers: this is the first via
0(19309) After parse_msg...
0(19309) preparing to run routing scripts...
0(19309) parse_headers: flags=128
0(19309) end of header reached, state=9
0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109]
0(19309) DEBUG: to body [1234 <sip:admin@192.168.1.109>
]
0(19309) get_hdr_field: cseq <CSeq>: <40142> <REGISTER>
0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
0(19309) parse_headers: flags=256
0(19309) DEBUG: get_hdr_body : content_length=0
0(19309) found end of header
0(19309) find_first_route: No Route headers found
0(19309) loose_route: There is no Route HF
0(19309) XLOG: xl_print_log: final buffer length 26
0(19309) REGISTER request received
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) parse_headers: flags=64
0(19309) XLOG: xl_print_log: final buffer length 27
0(19309) NATed client, enabling NAT
0(19309) parse_headers: flags=4096
0(19309) pre_auth(): Credentials with given realm not found
0(19309) XLOG: xl_print_log: final buffer length 28
0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
'WWW-Authenticate: Digest realm="192.168.1.109",
nonce="45aaa391b970a38171714c791e2feec0b390aeed"
'
0(19309) parse_headers: flags=-1
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
0(19309) receive_msg: cleaning up
0(19309) SIP Request:
0(19309) method: <REGISTER>
0(19309) uri: <sip:192.168.1.109>
0(19309) version: <SIP/2.0>
0(19309) parse_headers: flags=1
0(19309) Found param type 235, <rport> = <n/a>; state=6
0(19309) Found param type 232, <branch> =
<z9hG4bK3AA5DFEFA44111DB884A0017F2C52DAE>; state=16
0(19309) end of header reached, state=5
0(19309) parse_headers: Via found, flags=1
0(19309) parse_headers: this is the first via
0(19309) After parse_msg...
0(19309) preparing to run routing scripts...
0(19309) parse_headers: flags=128
0(19309) end of header reached, state=9
0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109]
0(19309) DEBUG: to body [1234 <sip:admin@192.168.1.109>
]
0(19309) get_hdr_field: cseq <CSeq>: <40143> <REGISTER>
0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
0(19309) parse_headers: flags=256
0(19309) DEBUG: get_hdr_body : content_length=0
0(19309) found end of header
0(19309) find_first_route: No Route headers found
0(19309) loose_route: There is no Route HF
0(19309) XLOG: xl_print_log: final buffer length 26
0(19309) REGISTER request received
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) parse_headers: flags=64
0(19309) XLOG: xl_print_log: final buffer length 27
0(19309) NATed client, enabling NAT
0(19309) check_nonce(): comparing
[45aaa391b970a38171714c791e2feec0b390aeed] and
[45aaa391b970a38171714c791e2feec0b390aeed]
0(19309) res: -1
0(19309) radius_authorize_sterman(): Failure
0(19309) XLOG: xl_print_log: final buffer length 28
0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
'WWW-Authenticate: Digest realm="192.168.1.109",
nonce="45aaa391b970a38171714c791e2feec0b390aeed"
'
0(19309) parse_headers: flags=-1
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
0(19309) receive_msg: cleaning up
0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
0(19309) SIP Request:
0(19309) method: <REGISTER>
0(19309) uri: <sip:192.168.1.109>
0(19309) version: <SIP/2.0>
0(19309) parse_headers: flags=1
0(19309) Found param type 235, <rport> = <n/a>; state=6
0(19309) Found param type 232, <branch> =
<z9hG4bK46BAEDC8A44111DB884A0017F2C52DAE>; state=16
0(19309) end of header reached, state=5
0(19309) parse_headers: Via found, flags=1
0(19309) parse_headers: this is the first via
0(19309) After parse_msg...
0(19309) preparing to run routing scripts...
0(19309) parse_headers: flags=128
0(19309) end of header reached, state=9
0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109]
0(19309) DEBUG: to body [1234 <sip:admin@192.168.1.109>
]
0(19309) get_hdr_field: cseq <CSeq>: <40144> <REGISTER>
0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
0(19309) parse_headers: flags=256
0(19309) DEBUG: get_hdr_body : content_length=0
0(19309) found end of header
0(19309) find_first_route: No Route headers found
0(19309) loose_route: There is no Route HF
0(19309) XLOG: xl_print_log: final buffer length 26
0(19309) REGISTER request received
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) parse_headers: flags=64
0(19309) XLOG: xl_print_log: final buffer length 27
0(19309) NATed client, enabling NAT
0(19309) parse_headers: flags=4096
0(19309) pre_auth(): Credentials with given realm not found
0(19309) XLOG: xl_print_log: final buffer length 28
0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
'WWW-Authenticate: Digest realm="192.168.1.109",
nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e"
'
0(19309) parse_headers: flags=-1
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
0(19309) receive_msg: cleaning up
0(19309) SIP Request:
0(19309) method: <REGISTER>
0(19309) uri: <sip:192.168.1.109>
0(19309) version: <SIP/2.0>
0(19309) parse_headers: flags=1
0(19309) Found param type 235, <rport> = <n/a>; state=6
0(19309) Found param type 232, <branch> =
<z9hG4bK46BF0C4DA44111DB884A0017F2C52DAE>; state=16
0(19309) end of header reached, state=5
0(19309) parse_headers: Via found, flags=1
0(19309) parse_headers: this is the first via
0(19309) After parse_msg...
0(19309) preparing to run routing scripts...
0(19309) parse_headers: flags=128
0(19309) end of header reached, state=9
0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109]
0(19309) DEBUG: to body [1234 <sip:admin@192.168.1.109>
]
0(19309) get_hdr_field: cseq <CSeq>: <40145> <REGISTER>
0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
0(19309) parse_headers: flags=256
0(19309) DEBUG: get_hdr_body : content_length=0
0(19309) found end of header
0(19309) find_first_route: No Route headers found
0(19309) loose_route: There is no Route HF
0(19309) XLOG: xl_print_log: final buffer length 26
0(19309) REGISTER request received
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) parse_headers: flags=64
0(19309) XLOG: xl_print_log: final buffer length 27
0(19309) NATed client, enabling NAT
0(19309) check_nonce(): comparing
[45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and
[45aaa3a5f0d6c451172fad0e9784ef0e7a83193e]
0(19309) res: -1
0(19309) radius_authorize_sterman(): Failure
0(19309) XLOG: xl_print_log: final buffer length 28
0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
'WWW-Authenticate: Digest realm="192.168.1.109",
nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e"
'
0(19309) parse_headers: flags=-1
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
0(19309) receive_msg: cleaning up
0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
On 1/14/07, Daniel Corbe <daniel.junkmail(a)gmail.com> wrote:
I cannot get my SER to talk to my RADIUS server,
its just blindly
401ing things without ever making contact with RADIUS.
SER config looks like this
if (method == "REGISTER") {
if (!radius_www_authorize("")) {
www_challenge("", "1");
break;
};
save("location");
};
radiusclient-ng servers file:
192.168.1.103 heslo
radiusclient.conf:
auth_order radius,local
login_tries 4
login_timeout 60
authserver 192.168.1.103:1812
acctserver 192.168.1.103:1813
dictionary /usr/local/etc/radiusclient-ng/dictionary
FreeRADIUS clients.conf:
client 192.168.1.109 {
secret = heslo
shortname = proxy1
nastype = other
Not sure what to do!
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
6:40 p.m.
New subject: [Serusers] Re: Ser 0.9.6 + RADIUS
The 2nd request actually is in the debug output, if you scroll down
about half way.
0(19309) check_nonce(): comparing
[45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and
[45aaa3a5f0d6c451172fad0e9784ef0e7a83193e]
The nonce provided by the UA is correct, and when you go a little
further down, you see a really strange error message:
0(19309) res: -1
0(19309) radius_authorize_sterman(): Failure
I'm not even sure what that means.
On 1/15/07, Greger V. Teigre <greger(a)teigre.com> wrote:
You just sent the debug output for the first message
(the one creating
the challenge). The next message should contain the credentials, which
will be used for radius auth.
As far as I remember, by default radiusclient uses localhost to send its
radius requests. When the radius server is only listening on a physical
interface or remote server, you need to add a directive to
radiusclient.conf. I don't remember right now.
g-)
Daniel Corbe wrote:
Turned debug to 9, this is what I get
0(19309) SIP Request:
0(19309) method: <REGISTER>
0(19309) uri: <sip:192.168.1.109>
0(19309) version: <SIP/2.0>
0(19309) parse_headers: flags=1
0(19309) Found param type 235, <rport> = <n/a>; state=6
0(19309) Found param type 232, <branch> =
<z9hG4bK3AA0D153A44111DB884A0017F2C52DAE>; state=16
0(19309) end of header reached, state=5
0(19309) parse_headers: Via found, flags=1
0(19309) parse_headers: this is the first via
0(19309) After parse_msg...
0(19309) preparing to run routing scripts...
0(19309) parse_headers: flags=128
0(19309) end of header reached, state=9
0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109]
0(19309) DEBUG: to body [1234 <sip:admin@192.168.1.109>
]
0(19309) get_hdr_field: cseq <CSeq>: <40142> <REGISTER>
0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
0(19309) parse_headers: flags=256
0(19309) DEBUG: get_hdr_body : content_length=0
0(19309) found end of header
0(19309) find_first_route: No Route headers found
0(19309) loose_route: There is no Route HF
0(19309) XLOG: xl_print_log: final buffer length 26
0(19309) REGISTER request received
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) parse_headers: flags=64
0(19309) XLOG: xl_print_log: final buffer length 27
0(19309) NATed client, enabling NAT
0(19309) parse_headers: flags=4096
0(19309) pre_auth(): Credentials with given realm not found
0(19309) XLOG: xl_print_log: final buffer length 28
0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
'WWW-Authenticate: Digest realm="192.168.1.109",
nonce="45aaa391b970a38171714c791e2feec0b390aeed"
'
0(19309) parse_headers: flags=-1
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
0(19309) receive_msg: cleaning up
0(19309) SIP Request:
0(19309) method: <REGISTER>
0(19309) uri: <sip:192.168.1.109>
0(19309) version: <SIP/2.0>
0(19309) parse_headers: flags=1
0(19309) Found param type 235, <rport> = <n/a>; state=6
0(19309) Found param type 232, <branch> =
<z9hG4bK3AA5DFEFA44111DB884A0017F2C52DAE>; state=16
0(19309) end of header reached, state=5
0(19309) parse_headers: Via found, flags=1
0(19309) parse_headers: this is the first via
0(19309) After parse_msg...
0(19309) preparing to run routing scripts...
0(19309) parse_headers: flags=128
0(19309) end of header reached, state=9
0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109]
0(19309) DEBUG: to body [1234 <sip:admin@192.168.1.109>
]
0(19309) get_hdr_field: cseq <CSeq>: <40143> <REGISTER>
0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
0(19309) parse_headers: flags=256
0(19309) DEBUG: get_hdr_body : content_length=0
0(19309) found end of header
0(19309) find_first_route: No Route headers found
0(19309) loose_route: There is no Route HF
0(19309) XLOG: xl_print_log: final buffer length 26
0(19309) REGISTER request received
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) parse_headers: flags=64
0(19309) XLOG: xl_print_log: final buffer length 27
0(19309) NATed client, enabling NAT
0(19309) check_nonce(): comparing
[45aaa391b970a38171714c791e2feec0b390aeed] and
[45aaa391b970a38171714c791e2feec0b390aeed]
0(19309) res: -1
0(19309) radius_authorize_sterman(): Failure
0(19309) XLOG: xl_print_log: final buffer length 28
0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
'WWW-Authenticate: Digest realm="192.168.1.109",
nonce="45aaa391b970a38171714c791e2feec0b390aeed"
'
0(19309) parse_headers: flags=-1
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
0(19309) receive_msg: cleaning up
0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
0(19309) SIP Request:
0(19309) method: <REGISTER>
0(19309) uri: <sip:192.168.1.109>
0(19309) version: <SIP/2.0>
0(19309) parse_headers: flags=1
0(19309) Found param type 235, <rport> = <n/a>; state=6
0(19309) Found param type 232, <branch> =
<z9hG4bK46BAEDC8A44111DB884A0017F2C52DAE>; state=16
0(19309) end of header reached, state=5
0(19309) parse_headers: Via found, flags=1
0(19309) parse_headers: this is the first via
0(19309) After parse_msg...
0(19309) preparing to run routing scripts...
0(19309) parse_headers: flags=128
0(19309) end of header reached, state=9
0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109]
0(19309) DEBUG: to body [1234 <sip:admin@192.168.1.109>
]
0(19309) get_hdr_field: cseq <CSeq>: <40144> <REGISTER>
0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
0(19309) parse_headers: flags=256
0(19309) DEBUG: get_hdr_body : content_length=0
0(19309) found end of header
0(19309) find_first_route: No Route headers found
0(19309) loose_route: There is no Route HF
0(19309) XLOG: xl_print_log: final buffer length 26
0(19309) REGISTER request received
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) parse_headers: flags=64
0(19309) XLOG: xl_print_log: final buffer length 27
0(19309) NATed client, enabling NAT
0(19309) parse_headers: flags=4096
0(19309) pre_auth(): Credentials with given realm not found
0(19309) XLOG: xl_print_log: final buffer length 28
0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
'WWW-Authenticate: Digest realm="192.168.1.109",
nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e"
'
0(19309) parse_headers: flags=-1
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
0(19309) receive_msg: cleaning up
0(19309) SIP Request:
0(19309) method: <REGISTER>
0(19309) uri: <sip:192.168.1.109>
0(19309) version: <SIP/2.0>
0(19309) parse_headers: flags=1
0(19309) Found param type 235, <rport> = <n/a>; state=6
0(19309) Found param type 232, <branch> =
<z9hG4bK46BF0C4DA44111DB884A0017F2C52DAE>; state=16
0(19309) end of header reached, state=5
0(19309) parse_headers: Via found, flags=1
0(19309) parse_headers: this is the first via
0(19309) After parse_msg...
0(19309) preparing to run routing scripts...
0(19309) parse_headers: flags=128
0(19309) end of header reached, state=9
0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109]
0(19309) DEBUG: to body [1234 <sip:admin@192.168.1.109>
]
0(19309) get_hdr_field: cseq <CSeq>: <40145> <REGISTER>
0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
0(19309) parse_headers: flags=256
0(19309) DEBUG: get_hdr_body : content_length=0
0(19309) found end of header
0(19309) find_first_route: No Route headers found
0(19309) loose_route: There is no Route HF
0(19309) XLOG: xl_print_log: final buffer length 26
0(19309) REGISTER request received
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) parse_headers: flags=64
0(19309) XLOG: xl_print_log: final buffer length 27
0(19309) NATed client, enabling NAT
0(19309) check_nonce(): comparing
[45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and
[45aaa3a5f0d6c451172fad0e9784ef0e7a83193e]
0(19309) res: -1
0(19309) radius_authorize_sterman(): Failure
0(19309) XLOG: xl_print_log: final buffer length 28
0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
'WWW-Authenticate: Digest realm="192.168.1.109",
nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e"
'
0(19309) parse_headers: flags=-1
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
0(19309) receive_msg: cleaning up
0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
On 1/14/07, Daniel Corbe <daniel.junkmail(a)gmail.com> wrote:
I cannot get my SER to talk to my RADIUS server,
its just blindly
401ing things without ever making contact with RADIUS.
SER config looks like this
if (method == "REGISTER") {
if (!radius_www_authorize("")) {
www_challenge("", "1");
break;
};
save("location");
};
radiusclient-ng servers file:
192.168.1.103 heslo
radiusclient.conf:
auth_order radius,local
login_tries 4
login_timeout 60
authserver 192.168.1.103:1812
acctserver 192.168.1.103:1813
dictionary /usr/local/etc/radiusclient-ng/dictionary
FreeRADIUS clients.conf:
client 192.168.1.109 {
secret = heslo
shortname = proxy1
nastype = other
Not sure what to do!
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
26 Jan
26 Jan
7:58 p.m.
New subject: [Serusers] Re: Ser 0.9.6 + RADIUS
Apparently OpenBSD just plain sucks for anything radius related.
Having troubles with radiusclient-ng, and rlm_perl on FreeRADIUS. I
switched both machines to FreeBSD now everything works without a
problem.
On 1/15/07, Daniel Corbe <daniel.junkmail(a)gmail.com> wrote:
The 2nd request actually is in the debug output, if
you scroll down
about half way.
0(19309) check_nonce(): comparing
[45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and
[45aaa3a5f0d6c451172fad0e9784ef0e7a83193e]
The nonce provided by the UA is correct, and when you go a little
further down, you see a really strange error message:
0(19309) res: -1
0(19309) radius_authorize_sterman(): Failure
I'm not even sure what that means.
On 1/15/07, Greger V. Teigre <greger(a)teigre.com> wrote:
You just sent the debug output for the first
message (the one creating
the challenge). The next message should contain the credentials, which
will be used for radius auth.
As far as I remember, by default radiusclient uses localhost to send its
radius requests. When the radius server is only listening on a physical
interface or remote server, you need to add a directive to
radiusclient.conf. I don't remember right now.
g-)
Daniel Corbe wrote:
Turned debug to 9, this is what I get
0(19309) SIP Request:
0(19309) method: <REGISTER>
0(19309) uri: <sip:192.168.1.109>
0(19309) version: <SIP/2.0>
0(19309) parse_headers: flags=1
0(19309) Found param type 235, <rport> = <n/a>; state=6
0(19309) Found param type 232, <branch> =
<z9hG4bK3AA0D153A44111DB884A0017F2C52DAE>; state=16
0(19309) end of header reached, state=5
0(19309) parse_headers: Via found, flags=1
0(19309) parse_headers: this is the first via
0(19309) After parse_msg...
0(19309) preparing to run routing scripts...
0(19309) parse_headers: flags=128
0(19309) end of header reached, state=9
0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109]
0(19309) DEBUG: to body [1234 <sip:admin@192.168.1.109>
]
0(19309) get_hdr_field: cseq <CSeq>: <40142> <REGISTER>
0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
0(19309) parse_headers: flags=256
0(19309) DEBUG: get_hdr_body : content_length=0
0(19309) found end of header
0(19309) find_first_route: No Route headers found
0(19309) loose_route: There is no Route HF
0(19309) XLOG: xl_print_log: final buffer length 26
0(19309) REGISTER request received
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) parse_headers: flags=64
0(19309) XLOG: xl_print_log: final buffer length 27
0(19309) NATed client, enabling NAT
0(19309) parse_headers: flags=4096
0(19309) pre_auth(): Credentials with given realm not found
0(19309) XLOG: xl_print_log: final buffer length 28
0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
'WWW-Authenticate: Digest realm="192.168.1.109",
nonce="45aaa391b970a38171714c791e2feec0b390aeed"
'
0(19309) parse_headers: flags=-1
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
0(19309) receive_msg: cleaning up
0(19309) SIP Request:
0(19309) method: <REGISTER>
0(19309) uri: <sip:192.168.1.109>
0(19309) version: <SIP/2.0>
0(19309) parse_headers: flags=1
0(19309) Found param type 235, <rport> = <n/a>; state=6
0(19309) Found param type 232, <branch> =
<z9hG4bK3AA5DFEFA44111DB884A0017F2C52DAE>; state=16
0(19309) end of header reached, state=5
0(19309) parse_headers: Via found, flags=1
0(19309) parse_headers: this is the first via
0(19309) After parse_msg...
0(19309) preparing to run routing scripts...
0(19309) parse_headers: flags=128
0(19309) end of header reached, state=9
0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109]
0(19309) DEBUG: to body [1234 <sip:admin@192.168.1.109>
]
0(19309) get_hdr_field: cseq <CSeq>: <40143> <REGISTER>
0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
0(19309) parse_headers: flags=256
0(19309) DEBUG: get_hdr_body : content_length=0
0(19309) found end of header
0(19309) find_first_route: No Route headers found
0(19309) loose_route: There is no Route HF
0(19309) XLOG: xl_print_log: final buffer length 26
0(19309) REGISTER request received
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) parse_headers: flags=64
0(19309) XLOG: xl_print_log: final buffer length 27
0(19309) NATed client, enabling NAT
0(19309) check_nonce(): comparing
[45aaa391b970a38171714c791e2feec0b390aeed] and
[45aaa391b970a38171714c791e2feec0b390aeed]
0(19309) res: -1
0(19309) radius_authorize_sterman(): Failure
0(19309) XLOG: xl_print_log: final buffer length 28
0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
'WWW-Authenticate: Digest realm="192.168.1.109",
nonce="45aaa391b970a38171714c791e2feec0b390aeed"
'
0(19309) parse_headers: flags=-1
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
0(19309) receive_msg: cleaning up
0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
0(19309) SIP Request:
0(19309) method: <REGISTER>
0(19309) uri: <sip:192.168.1.109>
0(19309) version: <SIP/2.0>
0(19309) parse_headers: flags=1
0(19309) Found param type 235, <rport> = <n/a>; state=6
0(19309) Found param type 232, <branch> =
<z9hG4bK46BAEDC8A44111DB884A0017F2C52DAE>; state=16
0(19309) end of header reached, state=5
0(19309) parse_headers: Via found, flags=1
0(19309) parse_headers: this is the first via
0(19309) After parse_msg...
0(19309) preparing to run routing scripts...
0(19309) parse_headers: flags=128
0(19309) end of header reached, state=9
0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109]
0(19309) DEBUG: to body [1234 <sip:admin@192.168.1.109>
]
0(19309) get_hdr_field: cseq <CSeq>: <40144> <REGISTER>
0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
0(19309) parse_headers: flags=256
0(19309) DEBUG: get_hdr_body : content_length=0
0(19309) found end of header
0(19309) find_first_route: No Route headers found
0(19309) loose_route: There is no Route HF
0(19309) XLOG: xl_print_log: final buffer length 26
0(19309) REGISTER request received
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) parse_headers: flags=64
0(19309) XLOG: xl_print_log: final buffer length 27
0(19309) NATed client, enabling NAT
0(19309) parse_headers: flags=4096
0(19309) pre_auth(): Credentials with given realm not found
0(19309) XLOG: xl_print_log: final buffer length 28
0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
'WWW-Authenticate: Digest realm="192.168.1.109",
nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e"
'
0(19309) parse_headers: flags=-1
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
0(19309) receive_msg: cleaning up
0(19309) SIP Request:
0(19309) method: <REGISTER>
0(19309) uri: <sip:192.168.1.109>
0(19309) version: <SIP/2.0>
0(19309) parse_headers: flags=1
0(19309) Found param type 235, <rport> = <n/a>; state=6
0(19309) Found param type 232, <branch> =
<z9hG4bK46BF0C4DA44111DB884A0017F2C52DAE>; state=16
0(19309) end of header reached, state=5
0(19309) parse_headers: Via found, flags=1
0(19309) parse_headers: this is the first via
0(19309) After parse_msg...
0(19309) preparing to run routing scripts...
0(19309) parse_headers: flags=128
0(19309) end of header reached, state=9
0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin@192.168.1.109]
0(19309) DEBUG: to body [1234 <sip:admin@192.168.1.109>
]
0(19309) get_hdr_field: cseq <CSeq>: <40145> <REGISTER>
0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
0(19309) parse_headers: flags=256
0(19309) DEBUG: get_hdr_body : content_length=0
0(19309) found end of header
0(19309) find_first_route: No Route headers found
0(19309) loose_route: There is no Route HF
0(19309) XLOG: xl_print_log: final buffer length 26
0(19309) REGISTER request received
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) parse_headers: flags=64
0(19309) XLOG: xl_print_log: final buffer length 27
0(19309) NATed client, enabling NAT
0(19309) check_nonce(): comparing
[45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and
[45aaa3a5f0d6c451172fad0e9784ef0e7a83193e]
0(19309) res: -1
0(19309) radius_authorize_sterman(): Failure
0(19309) XLOG: xl_print_log: final buffer length 28
0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
'WWW-Authenticate: Digest realm="192.168.1.109",
nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e"
'
0(19309) parse_headers: flags=-1
0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
0(19309) receive_msg: cleaning up
0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
On 1/14/07, Daniel Corbe <daniel.junkmail(a)gmail.com> wrote:
I cannot get my SER to talk to my RADIUS server,
its just blindly
401ing things without ever making contact with RADIUS.
SER config looks like this
if (method == "REGISTER") {
if (!radius_www_authorize("")) {
www_challenge("", "1");
break;
};
save("location");
};
radiusclient-ng servers file:
192.168.1.103 heslo
radiusclient.conf:
auth_order radius,local
login_tries 4
login_timeout 60
authserver 192.168.1.103:1812
acctserver 192.168.1.103:1813
dictionary /usr/local/etc/radiusclient-ng/dictionary
FreeRADIUS clients.conf:
client 192.168.1.109 {
secret = heslo
shortname = proxy1
nastype = other
Not sure what to do!
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
29 Jan
29 Jan
12:09 p.m.
New subject: [Serusers] free radius and ser 0.10.99 - Jan 29 12:05:39 rd ser[2207]: rc_check_reply: received invalid reply digest from RADIUS server
Hi!
I am setting SER to work with radius.
When I try to authenticate user I get the following error:
Jan 29 12:05:39 rd ser[2207]: rc_check_reply: received invalid reply digest from RADIUS
server
Ser sends the following Access request:
Packet-Type = Access-Request
User-Name = "hellboy(a)voip.touk.pl"
Digest-Attributes = 0x0a0968656c6c626f79
Digest-Attributes = 0x010e766f69702e746f756b2e706c
Digest-Attributes =
0x022a34356264636134623937373137333632653937323139316435306238383239356338326261363934
Digest-Attributes = 0x04127369703a766f69702e746f756b2e706c
Digest-Attributes = 0x030a5245474953544552
Digest-Attributes = 0x050661757468
Digest-Attributes = 0x090a3030303030303031
Digest-Attributes =
0x08223745414239354131344231423535314641344234333531353438364237363434
Digest-Response = "9e88c767fb24351dee073aea725b4240"
Service-Type = 0x0000000f00000000
SER-Service-Type = 0x0000000300000000
SER-Uri-User = "hellboy"
NAS-Port = 0x000013c400000000
NAS-IP-Address = 0x7f00000100000000
Free radius answers:
Mon Jan 29 11:42:37 2007
Packet-Type = Access-Accept
User-Name = "hellboy(a)voip.touk.pl"
Reply-Message = "Authenticated"
SER-UID = "hellboy(a)voip.touk.pl"
Please tell what is missing that SER reports such problem?
The radius debug may be helpful:
modcall: entering group Digest for request 0
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "hellboy"
Digest-Realm = "voip.touk.pl"
Digest-Nonce = "45bdd62fbc015a37f74ea55bacff289355a4e711"
Digest-URI = "sip:hellboy@voip.touk.pl"
Digest-Method = "INVITE"
Digest-QOP = "auth"
Digest-Nonce-Count = "00000001"
Digest-CNonce = "6A8675513A084320027EC9F1160D4EAC"
A1 = hellboy:voip.touk.pl:hellboy
A2 = INVITE:sip:hellboy@voip.touk.pl
H(A1) = a383a13215180e1f7d2fc755c99af602
H(A2) = b2bcd7301bd325296c0d4ad31546892f
KD =
a383a13215180e1f7d2fc755c99af602:45bdd62fbc015a37f74ea55bacff289355a4e711:00000001:6A8675513A084320027EC9F1160D4EAC:auth:b2bcd7301bd325296c0d4ad31546892f
EXPECTED 3b561958428c5891959e8d3c6a466b62
RECEIVED 3b561958428c5891959e8d3c6a466b62
modcall[authenticate]: module "digest" returns ok for request 0
modcall: group Digest returns ok for request 0
Login OK: [hellboy(a)voip.touk.pl/<via Auth-Type = DIGEST>] (from client localhost.ip4
port 0)
Sending Access-Accept of id 54 to 127.0.0.1 port 32870
User-Name = "hellboy(a)voip.touk.pl"
SER-UID = "hellboy(a)voip.touk.pl"
Reply-Message = "Authenticated"
best
tomasz
12:35 p.m.
New subject: [Serusers] free radius and ser 0.10.99 - Jan 29 12:05:39 rd ser[2207]: rc_check_reply: received invalid reply digest from RADIUS server
Hi!
I am setting SER to work with radius.
When I try to authenticate user I get the following error:
Jan 29 12:05:39 rd ser[2207]: rc_check_reply: received invalid reply digest from RADIUS
server
Ser sends the following Access request:
Packet-Type = Access-Request
User-Name = "hellboy(a)voip.touk.pl"
Digest-Attributes = 0x0a0968656c6c626f79
Digest-Attributes = 0x010e766f69702e746f756b2e706c
Digest-Attributes =
0x022a34356264636134623937373137333632653937323139316435306238383239356338326261363934
Digest-Attributes = 0x04127369703a766f69702e746f756b2e706c
Digest-Attributes = 0x030a5245474953544552
Digest-Attributes = 0x050661757468
Digest-Attributes = 0x090a3030303030303031
Digest-Attributes =
0x08223745414239354131344231423535314641344234333531353438364237363434
Digest-Response = "9e88c767fb24351dee073aea725b4240"
Service-Type = 0x0000000f00000000
SER-Service-Type = 0x0000000300000000
SER-Uri-User = "hellboy"
NAS-Port = 0x000013c400000000
NAS-IP-Address = 0x7f00000100000000
Free radius answers:
Mon Jan 29 11:42:37 2007
Packet-Type = Access-Accept
User-Name = "hellboy(a)voip.touk.pl"
Reply-Message = "Authenticated"
SER-UID = "hellboy(a)voip.touk.pl"
Please tell what is missing that SER reports such problem?
The radius debug may be helpful:
modcall: entering group Digest for request 0
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "hellboy"
Digest-Realm = "voip.touk.pl"
Digest-Nonce = "45bdd62fbc015a37f74ea55bacff289355a4e711"
Digest-URI = "sip:hellboy@voip.touk.pl"
Digest-Method = "INVITE"
Digest-QOP = "auth"
Digest-Nonce-Count = "00000001"
Digest-CNonce = "6A8675513A084320027EC9F1160D4EAC"
A1 = hellboy:voip.touk.pl:hellboy
A2 = INVITE:sip:hellboy@voip.touk.pl
H(A1) = a383a13215180e1f7d2fc755c99af602
H(A2) = b2bcd7301bd325296c0d4ad31546892f
KD =
a383a13215180e1f7d2fc755c99af602:45bdd62fbc015a37f74ea55bacff289355a4e711:00000001:6A8675513A084320027EC9F1160D4EAC:auth:b2bcd7301bd325296c0d4ad31546892f
EXPECTED 3b561958428c5891959e8d3c6a466b62
RECEIVED 3b561958428c5891959e8d3c6a466b62
modcall[authenticate]: module "digest" returns ok for request 0
modcall: group Digest returns ok for request 0
Login OK: [hellboy(a)voip.touk.pl/<via Auth-Type = DIGEST>] (from client localhost.ip4
port 0)
Sending Access-Accept of id 54 to 127.0.0.1 port 32870
User-Name = "hellboy(a)voip.touk.pl"
SER-UID = "hellboy(a)voip.touk.pl"
Reply-Message = "Authenticated"
best
tomasz
3:49 p.m.
New subject: [Serusers] free radius and ser 0.10.99 error? + Jan 29 12:05:39 rd ser[2207]: rc_check_reply: received invalid reply digest from RADIUS server
hi I am still fighting with this issue and there is one thing more
is it correct that ser sends the attributes values in such form:
NAS-Port = 0x000013c400000000
NAS-IP-Address = 0x7f00000100000000
when I use another tool radtest delivered with freeradius the parameters are printed as
for instance:
NAS-IP-Address = 192.168.0.74
Please help me with this problem I cann't figure out what could be wrong
I use libradiusclient-ng2
best Tomasz
Hi!
I am setting SER to work with radius.
When I try to authenticate user I get the following error:
Jan 29 12:05:39 rd ser[2207]: rc_check_reply: received invalid reply digest from RADIUS
server
Ser sends the following Access request:
Packet-Type = Access-Request
User-Name = "hellboy(a)voip.touk.pl"
Digest-Attributes = 0x0a0968656c6c626f79
Digest-Attributes = 0x010e766f69702e746f756b2e706c
Digest-Attributes =
0x022a34356264636134623937373137333632653937323139316435306238383239356338326261363934
Digest-Attributes = 0x04127369703a766f69702e746f756b2e706c
Digest-Attributes = 0x030a5245474953544552
Digest-Attributes = 0x050661757468
Digest-Attributes = 0x090a3030303030303031
Digest-Attributes =
0x08223745414239354131344231423535314641344234333531353438364237363434
Digest-Response = "9e88c767fb24351dee073aea725b4240"
Service-Type = 0x0000000f00000000
SER-Service-Type = 0x0000000300000000
SER-Uri-User = "hellboy"
NAS-Port = 0x000013c400000000
NAS-IP-Address = 0x7f00000100000000
Free radius answers:
Mon Jan 29 11:42:37 2007
Packet-Type = Access-Accept
User-Name = "hellboy(a)voip.touk.pl"
Reply-Message = "Authenticated"
SER-UID = "hellboy(a)voip.touk.pl"
Please tell what is missing that SER reports such problem?
The radius debug may be helpful:
modcall: entering group Digest for request 0
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "hellboy"
Digest-Realm = "voip.touk.pl"
Digest-Nonce = "45bdd62fbc015a37f74ea55bacff289355a4e711"
Digest-URI = "sip:hellboy@voip.touk.pl"
Digest-Method = "INVITE"
Digest-QOP = "auth"
Digest-Nonce-Count = "00000001"
Digest-CNonce = "6A8675513A084320027EC9F1160D4EAC"
A1 = hellboy:voip.touk.pl:hellboy
A2 = INVITE:sip:hellboy@voip.touk.pl
H(A1) = a383a13215180e1f7d2fc755c99af602
H(A2) = b2bcd7301bd325296c0d4ad31546892f
KD =
a383a13215180e1f7d2fc755c99af602:45bdd62fbc015a37f74ea55bacff289355a4e711:00000001:6A8675513A084320027EC9F1160D4EAC:auth:b2bcd7301bd325296c0d4ad31546892f
EXPECTED 3b561958428c5891959e8d3c6a466b62
RECEIVED 3b561958428c5891959e8d3c6a466b62
modcall[authenticate]: module "digest" returns ok for request 0
modcall: group Digest returns ok for request 0
Login OK: [hellboy(a)voip.touk.pl/<via Auth-Type = DIGEST>] (from client
localhost.ip4 port 0)
Sending Access-Accept of id 54 to 127.0.0.1 port 32870
User-Name = "hellboy(a)voip.touk.pl"
SER-UID = "hellboy(a)voip.touk.pl"
Reply-Message = "Authenticated"
best
tomasz
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
4:55 p.m.
New subject: [Serusers] free radius and ser 0.10.99 64bit CPU error? + Jan 29 12:05:39 rd ser[2207]: rc_check_reply: received invalid reply digest from RADIUS server
Hi!
know I realy don't know what could be the problem.
I have the same configuration set on two different machines
On the first one everything works and on the other one there is still this problem.
The only difference is that the first one is a 32 bit CPU and the second one is 64bit.
Is is possible that radiusclient cannot work on 64 bit CPU
What can I do in such situation??
Please help
-Tomasz
hi I am still fighting with this issue and there is
one thing more
is it correct that ser sends the attributes values in such form:
NAS-Port = 0x000013c400000000
NAS-IP-Address = 0x7f00000100000000
when I use another tool radtest delivered with freeradius the parameters are printed as
for instance:
NAS-IP-Address = 192.168.0.74
Please help me with this problem I cann't figure out what could be wrong
I use libradiusclient-ng2
best Tomasz
Hi!
I am setting SER to work with radius.
When I try to authenticate user I get the following error:
Jan 29 12:05:39 rd ser[2207]: rc_check_reply: received invalid reply digest from RADIUS
server
Ser sends the following Access request:
Packet-Type = Access-Request
User-Name = "hellboy(a)voip.touk.pl"
Digest-Attributes = 0x0a0968656c6c626f79
Digest-Attributes = 0x010e766f69702e746f756b2e706c
Digest-Attributes =
0x022a34356264636134623937373137333632653937323139316435306238383239356338326261363934
Digest-Attributes = 0x04127369703a766f69702e746f756b2e706c
Digest-Attributes = 0x030a5245474953544552
Digest-Attributes = 0x050661757468
Digest-Attributes = 0x090a3030303030303031
Digest-Attributes =
0x08223745414239354131344231423535314641344234333531353438364237363434
Digest-Response = "9e88c767fb24351dee073aea725b4240"
Service-Type = 0x0000000f00000000
SER-Service-Type = 0x0000000300000000
SER-Uri-User = "hellboy"
NAS-Port = 0x000013c400000000
NAS-IP-Address = 0x7f00000100000000
Free radius answers:
Mon Jan 29 11:42:37 2007
Packet-Type = Access-Accept
User-Name = "hellboy(a)voip.touk.pl"
Reply-Message = "Authenticated"
SER-UID = "hellboy(a)voip.touk.pl"
Please tell what is missing that SER reports such problem?
The radius debug may be helpful:
modcall: entering group Digest for request 0
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "hellboy"
Digest-Realm = "voip.touk.pl"
Digest-Nonce = "45bdd62fbc015a37f74ea55bacff289355a4e711"
Digest-URI = "sip:hellboy@voip.touk.pl"
Digest-Method = "INVITE"
Digest-QOP = "auth"
Digest-Nonce-Count = "00000001"
Digest-CNonce = "6A8675513A084320027EC9F1160D4EAC"
A1 = hellboy:voip.touk.pl:hellboy
A2 = INVITE:sip:hellboy@voip.touk.pl
H(A1) = a383a13215180e1f7d2fc755c99af602
H(A2) = b2bcd7301bd325296c0d4ad31546892f
KD =
a383a13215180e1f7d2fc755c99af602:45bdd62fbc015a37f74ea55bacff289355a4e711:00000001:6A8675513A084320027EC9F1160D4EAC:auth:b2bcd7301bd325296c0d4ad31546892f
EXPECTED 3b561958428c5891959e8d3c6a466b62
RECEIVED 3b561958428c5891959e8d3c6a466b62
modcall[authenticate]: module "digest" returns ok for request 0
modcall: group Digest returns ok for request 0
Login OK: [hellboy(a)voip.touk.pl/<via Auth-Type = DIGEST>] (from client
localhost.ip4 port 0)
Sending Access-Accept of id 54 to 127.0.0.1 port 32870
User-Name = "hellboy(a)voip.touk.pl"
SER-UID = "hellboy(a)voip.touk.pl"
Reply-Message = "Authenticated"
best
tomasz
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
5:12 p.m.
New subject: [Serusers] free radius and ser 0.10.99 64bit CPU error? + Jan 29 12:05:39 rd ser[2207]: rc_check_reply: received invalid reply digest from RADIUS server
Hi!
know I realy don't know what could be the problem.
I have the same configuration set on two different machines
On the first one everything works and on the other one there is still this problem.
The only difference is that the first one is a 32 bit CPU and the second one is 64bit.
Is is possible that radiusclient cannot work on 64 bit CPU
What can I do in such situation??
Please help
-Tomasz
hi I am still fighting with this issue and there is
one thing more
is it correct that ser sends the attributes values in such form:
NAS-Port = 0x000013c400000000
NAS-IP-Address = 0x7f00000100000000
when I use another tool radtest delivered with freeradius the parameters are printed as
for instance:
NAS-IP-Address = 192.168.0.74
Please help me with this problem I cann't figure out what could be wrong
I use libradiusclient-ng2
best Tomasz
Hi!
I am setting SER to work with radius.
When I try to authenticate user I get the following error:
Jan 29 12:05:39 rd ser[2207]: rc_check_reply: received invalid reply digest from RADIUS
server
Ser sends the following Access request:
Packet-Type = Access-Request
User-Name = "hellboy(a)voip.touk.pl"
Digest-Attributes = 0x0a0968656c6c626f79
Digest-Attributes = 0x010e766f69702e746f756b2e706c
Digest-Attributes =
0x022a34356264636134623937373137333632653937323139316435306238383239356338326261363934
Digest-Attributes = 0x04127369703a766f69702e746f756b2e706c
Digest-Attributes = 0x030a5245474953544552
Digest-Attributes = 0x050661757468
Digest-Attributes = 0x090a3030303030303031
Digest-Attributes =
0x08223745414239354131344231423535314641344234333531353438364237363434
Digest-Response = "9e88c767fb24351dee073aea725b4240"
Service-Type = 0x0000000f00000000
SER-Service-Type = 0x0000000300000000
SER-Uri-User = "hellboy"
NAS-Port = 0x000013c400000000
NAS-IP-Address = 0x7f00000100000000
Free radius answers:
Mon Jan 29 11:42:37 2007
Packet-Type = Access-Accept
User-Name = "hellboy(a)voip.touk.pl"
Reply-Message = "Authenticated"
SER-UID = "hellboy(a)voip.touk.pl"
Please tell what is missing that SER reports such problem?
The radius debug may be helpful:
modcall: entering group Digest for request 0
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "hellboy"
Digest-Realm = "voip.touk.pl"
Digest-Nonce = "45bdd62fbc015a37f74ea55bacff289355a4e711"
Digest-URI = "sip:hellboy@voip.touk.pl"
Digest-Method = "INVITE"
Digest-QOP = "auth"
Digest-Nonce-Count = "00000001"
Digest-CNonce = "6A8675513A084320027EC9F1160D4EAC"
A1 = hellboy:voip.touk.pl:hellboy
A2 = INVITE:sip:hellboy@voip.touk.pl
H(A1) = a383a13215180e1f7d2fc755c99af602
H(A2) = b2bcd7301bd325296c0d4ad31546892f
KD =
a383a13215180e1f7d2fc755c99af602:45bdd62fbc015a37f74ea55bacff289355a4e711:00000001:6A8675513A084320027EC9F1160D4EAC:auth:b2bcd7301bd325296c0d4ad31546892f
EXPECTED 3b561958428c5891959e8d3c6a466b62
RECEIVED 3b561958428c5891959e8d3c6a466b62
modcall[authenticate]: module "digest" returns ok for request 0
modcall: group Digest returns ok for request 0
Login OK: [hellboy(a)voip.touk.pl/<via Auth-Type = DIGEST>] (from client
localhost.ip4 port 0)
Sending Access-Accept of id 54 to 127.0.0.1 port 32870
User-Name = "hellboy(a)voip.touk.pl"
SER-UID = "hellboy(a)voip.touk.pl"
Reply-Message = "Authenticated"
best
tomasz
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
6:21 p.m.
New subject: [Serusers] free radius and ser 0.10.99 64bit CPU error? - rc_check_reply: received invalid reply digest from RADIUS server
8:42 p.m.
New subject: [Serusers] free radius and ser 0.10.99 64bit CPU error? - rc_check_reply: received invalid reply digest from RADIUS server
(I got three equal posts from you)
received invalid reply digest from RADIUS server
means that ser was not able to interpret the response from freeradius.
This would normally be due to two different shared secrets. But as your
attributes reach freeradius, there might be a problem in the reply. You
could use wireshark to look at the communication to see if wireshark is
able to interpret the response.
g-)
TZieleniewski wrote:
Hi!
know I realy don't know what could be the problem.
I have the same configuration set on two different machines
On the first one everything works and on the other one there is still this problem.
The only difference is that the first one is a 32 bit CPU and the second one is 64bit.
Is is possible that radiusclient cannot work on 64 bit CPU
What can I do in such situation??
Please help
-Tomasz
tzieleniewski napisał(a):
hi I am still fighting with this issue and there
is one thing more
is it correct that ser sends the attributes values in such form:
NAS-Port = 0x000013c400000000
NAS-IP-Address = 0x7f00000100000000
when I use another tool radtest delivered with freeradius the parameters are printed as
for instance:
NAS-IP-Address = 192.168.0.74
Please help me with this problem I cann't figure out what could be wrong
I use libradiusclient-ng2
best Tomasz
------------------------------------------------------------------------
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
Hi!
I am setting SER to work with radius.
When I try to authenticate user I get the following error:
Jan 29 12:05:39 rd ser[2207]: rc_check_reply: received invalid reply digest from RADIUS
server
Ser sends the following Access request:
Packet-Type = Access-Request
User-Name = "hellboy(a)voip.touk.pl"
Digest-Attributes = 0x0a0968656c6c626f79
Digest-Attributes = 0x010e766f69702e746f756b2e706c
Digest-Attributes =
0x022a34356264636134623937373137333632653937323139316435306238383239356338326261363934
Digest-Attributes = 0x04127369703a766f69702e746f756b2e706c
Digest-Attributes = 0x030a5245474953544552
Digest-Attributes = 0x050661757468
Digest-Attributes = 0x090a3030303030303031
Digest-Attributes =
0x08223745414239354131344231423535314641344234333531353438364237363434
Digest-Response = "9e88c767fb24351dee073aea725b4240"
Service-Type = 0x0000000f00000000
SER-Service-Type = 0x0000000300000000
SER-Uri-User = "hellboy"
NAS-Port = 0x000013c400000000
NAS-IP-Address = 0x7f00000100000000
Free radius answers:
Mon Jan 29 11:42:37 2007
Packet-Type = Access-Accept
User-Name = "hellboy(a)voip.touk.pl"
Reply-Message = "Authenticated"
SER-UID = "hellboy(a)voip.touk.pl"
Please tell what is missing that SER reports such problem?
The radius debug may be helpful:
modcall: entering group Digest for request 0
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "hellboy"
Digest-Realm = "voip.touk.pl"
Digest-Nonce = "45bdd62fbc015a37f74ea55bacff289355a4e711"
Digest-URI = "sip:hellboy@voip.touk.pl"
Digest-Method = "INVITE"
Digest-QOP = "auth"
Digest-Nonce-Count = "00000001"
Digest-CNonce = "6A8675513A084320027EC9F1160D4EAC"
A1 = hellboy:voip.touk.pl:hellboy
A2 = INVITE:sip:hellboy@voip.touk.pl
H(A1) = a383a13215180e1f7d2fc755c99af602
H(A2) = b2bcd7301bd325296c0d4ad31546892f
KD =
a383a13215180e1f7d2fc755c99af602:45bdd62fbc015a37f74ea55bacff289355a4e711:00000001:6A8675513A084320027EC9F1160D4EAC:auth:b2bcd7301bd325296c0d4ad31546892f
EXPECTED 3b561958428c5891959e8d3c6a466b62
RECEIVED 3b561958428c5891959e8d3c6a466b62
modcall[authenticate]: module "digest" returns ok for request 0
modcall: group Digest returns ok for request 0
Login OK: [hellboy(a)voip.touk.pl/<via Auth-Type = DIGEST>] (from client
localhost.ip4 port 0)
Sending Access-Accept of id 54 to 127.0.0.1 port 32870
User-Name = "hellboy(a)voip.touk.pl"
SER-UID = "hellboy(a)voip.touk.pl"
Reply-Message = "Authenticated"
best
tomasz
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
6318
days inactive
6332
days old
11 comments
3 participants
participants (3)
-
Daniel Corbe -
Greger V. Teigre -
tzieleniewski