21 Sep
2015
21 Sep
'15
5:09 p.m.
Hi,
I want to implement Kamailio with Radius authentication. To be more exactly I want to
register SIP users (PhonerLite and/or Jitsi) based on the credentials stored in radcheck
table from radius database.
First of all, I have tried to register SIP users based on the credentials stored in users
file from /etc/raddb directory. In order to do this,I am using auth_radius module (you can
find the content of my kamailio.cfg file in the attachements) but without success. All of
the SIP users are registeres successfully even if they are not specified in users file.
Can you provide me some help to achieve this task? and also, can you explain to me how
should I do this authentication based on the credentials stored in radcheck table?
The content of users file in /etc/raddb: usertest@mydomain_name Auth-Type := Digest,
User-Password == "*89Lob?p" Reply-Message = "Authenticated"
Thank you for any help you can provide !
Best regards
PS: kamailio 4.0.5 freeradius 2.2.0
radclient 2.2.0
PPS: I managed to register SIP users based on the credentials stored in subscriber table
from kamailio db.
21 Sep
21 Sep
8:48 p.m.
Hello,
run kamailio with debug=3 in kamailio.cfg and look inside syslog file --
you should see a lot of debug messages, try to spot if radius module
prints some hints about what is happening.
A really old tutorial, maybe still useful to read to understand some
concepts on this topic:
- http://www.kamailio.org/docs/kamailio-radius-1.0.x.html
Cheers,
Daniel
On 21/09/15 09:09, Ciolpan Ionut-Marian wrote:
Hi,
I want to implement Kamailio with Radius authentication. To be more
exactly I want to register SIP users (PhonerLite and/or Jitsi) based
on the credentials stored in *radcheck* table from radius database.
First of all, I have tried to register SIP users based on the
credentials stored in *users* file from */etc/raddb* directory. In
order to do this,I am using *auth_radius* module (you can find the
content of my *kamailio.cfg* file in the attachements) but without
success. All of the SIP users are registeres successfully even if they
are not specified in users file.
Can you provide me some help to achieve this task? and also, can you
explain to me how should I do this authentication based on the
credentials stored in radcheck table?
The content of users file in /etc/raddb:
*usertest@mydomain_name Auth-Type := Digest, User-Password == "*89Lob?p"*
* Reply-Message = "Authenticated"*
Thank you for any help you can provide !
Best regards
PS: kamailio 4.0.5
freeradius 2.2.0
radclient 2.2.0
PPS: I managed to register SIP users based on the credentials stored
in subscriber table from kamailio db.
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
22 Sep
22 Sep
12:40 a.m.
Hi
syslog file contains the logs of service kamailio restart command after I've set
debug=3 in kamailio.cfglog kam.txt contains the logs of kamailio -E -ddd command.
Please have a look at the attached files(syslog and log kam.txt), maybe you can find some
valuable information there (I don't).Also if you can, please take a look at
kamailio.cfg file. Maybe I configured something wrong here.
Thank you very much for your help!
On Monday, September 21, 2015 1:48 PM, Daniel-Constantin Mierla
<miconda(a)gmail.com> wrote:
Hello,
run kamailio with debug=3 in kamailio.cfg and look inside syslog file -- you should see a
lot of debug messages, try to spot if radius module prints some hints about what is
happening.
A really old tutorial, maybe still useful to read to understand some concepts on this
topic:
- http://www.kamailio.org/docs/kamailio-radius-1.0.x.html
Cheers,
Daniel
On 21/09/15 09:09, Ciolpan Ionut-Marian wrote:
Hi,
I want to implement Kamailio with Radius authentication. To be more exactly I want to
register SIP users (PhonerLite and/or Jitsi) based on the credentials stored in radcheck
table from radius database.
First of all, I have tried to register SIP users based on the credentials stored in
users file from /etc/raddb directory. In order to do this,I am using auth_radius module
(you can find the content of my kamailio.cfg file in the attachements) but without
success. All of the SIP users are registeres successfully even if they are not specified
in users file.
Can you provide me some help to achieve this task? and also, can you explain to me how
should I do this authentication based on the credentials stored in radcheck table?
The content of users file in /etc/raddb: usertest@mydomain_name Auth-Type := Digest,
User-Password == "*89Lob?p" Reply-Message = "Authenticated"
Thank you for any help you can provide !
Best regards
PS: kamailio 4.0.5 freeradius 2.2.0
radclient 2.2.0
PPS: I managed to register SIP users based on the credentials stored in subscriber table
from kamailio db.
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
6:45 p.m.
Hello,
with a quick search I couldn't see any log related to radius for
runtime. Maybe the part with radius functions is not executed. Load
debugger module and set its cfgtrace parameter to 1. The register with
the phone and see if the radius authentication function is executed. If
not, look to see what are the actions executed (you should see the name
of the functions and lines) and why is not going to the radius auth part.
Cheers,
Daniel
On 21/09/15 16:40, Ciolpan Ionut-Marian wrote:
Hi
syslog file contains the logs of *service kamailio restart* command
after I've set debug=3 in kamailio.cfg
log kam.txt contains the logs of kamailio -E -ddd command.
Please have a look at the attached files(syslog and log kam.txt),
maybe you can find some valuable information there (I don't).
Also if you can, please take a look at kamailio.cfg file. Maybe I
configured something wrong here.
Thank you very much for your help!
On Monday, September 21, 2015 1:48 PM, Daniel-Constantin Mierla
<miconda(a)gmail.com> wrote:
Hello,
run kamailio with debug=3 in kamailio.cfg and look inside syslog file
-- you should see a lot of debug messages, try to spot if radius
module prints some hints about what is happening.
A really old tutorial, maybe still useful to read to understand some
concepts on this topic:
- http://www.kamailio.org/docs/kamailio-radius-1.0.x.html
Cheers,
Daniel
On 21/09/15 09:09, Ciolpan Ionut-Marian wrote:
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
Hi,
I want to implement Kamailio with Radius authentication. To be more
exactly I want to register SIP users (PhonerLite and/or Jitsi) based
on the credentials stored in *radcheck* table from radius database.
First of all, I have tried to register SIP users based on the
credentials stored in *users* file from */etc/raddb* directory. In
order to do this,I am using *auth_radius* module (you can find the
content of my *kamailio.cfg* file in the attachements) but without
success. All of the SIP users are registeres successfully even if
they are not specified in users file.
Can you provide me some help to achieve this task? and also, can you
explain to me how should I do this authentication based on the
credentials stored in radcheck table?
The content of users file in /etc/raddb:
*usertest@mydomain_name Auth-Type := Digest, User-Password == "*89Lob?p"*
* Reply-Message = "Authenticated"*
Thank you for any help you can provide !
Best regards
PS: kamailio 4.0.5
freeradius 2.2.0
radclient 2.2.0
PPS: I managed to register SIP users based on the credentials stored
in subscriber table from kamailio db.
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org <mailto:sr-users@lists.sip-router.org>
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> -
http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com <http://www.asipto.com/>
Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
8:06 p.m.
Hello again,
Thank you for your answer. As you could see in kamailio.cfg file, debugger module its
already loaded and cfgtrace param is set to 1.Attached you can find the logs from syslog
and from Phonerlite. Now thats a little bit awkward for me, maybe this is a stupid
question, but why am I unable to see if the credentials are checked for this user? from
what I understand from phonerlite logs, the user is registered based only on the realm -
am I right? Am I doing right if I'm using radius_www_authorize function in REGISTRAR
route?
Please, have a look at the attached files, maybe you will understand what I'm doing
wrong there.
My level of knowledges is beginner but unfortunately I am under pressure to solve this as
quickly as possible.
Thank you for your time and thank you again for any help you can provide !
Best regards,
p.s: At this point, if I am using radius_proxy_authorize in AUTH route I'm receiveing
an UNAUTHORIZED answer.
On Tuesday, September 22, 2015 11:45 AM, Daniel-Constantin Mierla
<miconda(a)gmail.com> wrote:
Hello,
with a quick search I couldn't see any log related to radius for runtime. Maybe the
part with radius functions is not executed. Load debugger module and set its cfgtrace
parameter to 1. The register with the phone and see if the radius authentication function
is executed. If not, look to see what are the actions executed (you should see the name of
the functions and lines) and why is not going to the radius auth part.
Cheers,
Daniel
On 21/09/15 16:40, Ciolpan Ionut-Marian wrote:
Hi
syslog file contains the logs of service kamailio restart command after I've set
debug=3 in kamailio.cfg log kam.txt contains the logs of kamailio -E -ddd command.
Please have a look at the attached files(syslog and log kam.txt), maybe you can find
some valuable information there (I don't). Also if you can, please take a look at
kamailio.cfg file. Maybe I configured something wrong here.
Thank you very much for your help!
On Monday, September 21, 2015 1:48 PM, Daniel-Constantin Mierla
<miconda(a)gmail.com> wrote:
Hello,
run kamailio with debug=3 in kamailio.cfg and look inside syslog file -- you should see a
lot of debug messages, try to spot if radius module prints some hints about what is
happening.
A really old tutorial, maybe still useful to read to understand some concepts on this
topic:
- http://www.kamailio.org/docs/kamailio-radius-1.0.x.html
Cheers,
Daniel
On 21/09/15 09:09, Ciolpan Ionut-Marian wrote:
Hi,
I want to implement Kamailio with Radius authentication. To be more exactly I want to
register SIP users (PhonerLite and/or Jitsi) based on the credentials stored in radcheck
table from radius database.
First of all, I have tried to register SIP users based on the credentials stored in
users file from /etc/raddb directory. In order to do this,I am using auth_radius module
(you can find the content of my kamailio.cfg file in the attachements) but without
success. All of the SIP users are registeres successfully even if they are not specified
in users file.
Can you provide me some help to achieve this task? and also, can you explain to me how
should I do this authentication based on the credentials stored in radcheck table?
The content of users file in /etc/raddb: usertest@mydomain_name Auth-Type := Digest,
User-Password == "*89Lob?p" Reply-Message = "Authenticated"
Thank you for any help you can provide !
Best regards
PS: kamailio 4.0.5 freeradius 2.2.0
radclient 2.2.0
PPS: I managed to register SIP users based on the credentials stored in subscriber table
from kamailio db.
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
10:34 p.m.
Hello,
the log file doesn't have any message from cfgtrace.
If you started from default kamailio.cfg, note that the debugger module
is not loaded unless you define WITH_DEBUG. To understand, see some docs
about defines at:
- https://www.kamailio.org/wiki/cookbooks/4.3.x/core#define
Cheers,
Daniel
On 22/09/15 12:06, Ciolpan Ionut-Marian wrote:
Hello again,
Thank you for your answer. As you could see in kamailio.cfg file,
debugger module its already loaded and cfgtrace param is set to 1.
Attached you can find the logs from syslog and from Phonerlite. Now
thats a little bit awkward for me, maybe this is a stupid question,
but why am I unable to see if the credentials are checked for this
user? from what I understand from phonerlite logs, the user is
registered based only on the realm - am I right?
Am I doing right if I'm using radius_www_authorize function in
REGISTRAR route?
Please, have a look at the attached files, maybe you will understand
what I'm doing wrong there.
My level of knowledges is beginner but unfortunately I am under
pressure to solve this as quickly as possible.
Thank you for your time and thank you again for any help you can provide !
Best regards,
p.s: At this point, if I am using radius_proxy_authorize in AUTH route
I'm receiveing an UNAUTHORIZED answer.
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
11:59 p.m.
The content of kamailio.cfg includes the following lines(still, cfgtrace doesn't
appear in syslog):#!define WITH_DEBUG
#!ifdef WITH_DEBUGdebug=3log_stderror=no#!elsedebug=2log_stderror=no#!endif
#!ifdef WITH_DEBUG
loadmodule "debugger.so"#!endif
#-----debugger params-----#!ifdef WITH_DEBUG
modparam("debugger", "cfgtrace", 1)#!endif
It seems that cfgtrace appears only if I am running kamailio -E -ddd command followed by
the registration process for a SIP user
Thank you!Br,
On Tuesday, September 22, 2015 3:34 PM, Daniel-Constantin Mierla
<miconda(a)gmail.com> wrote:
Hello,
the log file doesn't have any message from cfgtrace.
If you started from default kamailio.cfg, note that the debugger module is not loaded
unless you define WITH_DEBUG. To understand, see some docs about defines at:
- https://www.kamailio.org/wiki/cookbooks/4.3.x/core#define
Cheers,
Daniel
On 22/09/15 12:06, Ciolpan Ionut-Marian wrote:
Hello again,
Thank you for your answer. As you could see in kamailio.cfg file, debugger module its
already loaded and cfgtrace param is set to 1. Attached you can find the logs from syslog
and from Phonerlite. Now thats a little bit awkward for me, maybe this is a stupid
question, but why am I unable to see if the credentials are checked for this user? from
what I understand from phonerlite logs, the user is registered based only on the realm -
am I right? Am I doing right if I'm using radius_www_authorize function in REGISTRAR
route?
Please, have a look at the attached files, maybe you will understand what I'm doing
wrong there.
My level of knowledges is beginner but unfortunately I am under pressure to solve this
as quickly as possible.
Thank you for your time and thank you again for any help you can provide !
Best regards,
p.s: At this point, if I am using radius_proxy_authorize in AUTH route I'm
receiveing an UNAUTHORIZED answer.
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
23 Sep
23 Sep
7:21 p.m.
Hello,
the cfgtrace is printed now in the config, but the radius auth function
is not executed.
Very likely because you have an if condition on myself:
if(uri == myself)
{
if (is_method("REGISTER"))
{
if (!radius_www_authorize("sipauthdev.frequentis.frq")) {
If the request uri of REGISTER is not local IP or local domain, then the
uri==myself is false.
Add alias aprameter with your domain:
alias=yourdomain.com
Cheers,
Daniel
On 22/09/15 15:59, Ciolpan Ionut-Marian wrote:
The content of kamailio.cfg includes the following
lines(still,
cfgtrace doesn't appear in syslog):
/*#!define WITH_DEBUG*/
/*
*/
/*#!ifdef WITH_DEBUG*/
/*debug=3*/
/*log_stderror=no*/
/*#!else*/
/*debug=2*/
/*log_stderror=no*/
/*#!endif*/
/*
*/
/*#!ifdef WITH_DEBUG*//*
*/
/*loadmodule "debugger.so"*/
/*/*#!endif*/
*/
/*/*
*/*/
/*/*#-----debugger params-----*/*/
/*/*/*#!ifdef WITH_DEBUG*/
*/*/
/*/*modparam("debugger", "cfgtrace", 1)*/*/
/*/*/*/*#!endif*/*/
*/*/
/*/*
*/*/
It seems that cfgtrace appears only if I am running kamailio -E -ddd
command followed by the registration process for a SIP user
Thank you!
Br,
On Tuesday, September 22, 2015 3:34 PM, Daniel-Constantin Mierla
<miconda(a)gmail.com> wrote:
Hello,
the log file doesn't have any message from cfgtrace.
If you started from default kamailio.cfg, note that the debugger
module is not loaded unless you define WITH_DEBUG. To understand, see
some docs about defines at:
- https://www.kamailio.org/wiki/cookbooks/4.3.x/core#define
Cheers,
Daniel
On 22/09/15 12:06, Ciolpan Ionut-Marian wrote:
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
Hello again,
Thank you for your answer. As you could see in kamailio.cfg file,
debugger module its already loaded and cfgtrace param is set to 1.
Attached you can find the logs from syslog and from Phonerlite. Now
thats a little bit awkward for me, maybe this is a stupid question,
but why am I unable to see if the credentials are checked for this
user? from what I understand from phonerlite logs, the user is
registered based only on the realm - am I right?
Am I doing right if I'm using radius_www_authorize function in
REGISTRAR route?
Please, have a look at the attached files, maybe you will understand
what I'm doing wrong there.
My level of knowledges is beginner but unfortunately I am under
pressure to solve this as quickly as possible.
Thank you for your time and thank you again for any help you can
provide !
Best regards,
p.s: At this point, if I am using radius_proxy_authorize in AUTH
route I'm receiveing an UNAUTHORIZED answer.
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> -
http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com <http://www.asipto.com/>
Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
9:38 p.m.
Hello,
Thank you for your answer.
It seems that now radius auth function is executed.Unfortunately, now I am receiveing a
sip:user@domain not registered <Unauthorized> message for every user.
The content of users.file [/etc/raddb/users]:e.g: usertest@<my_domain_name>
Auth-Type := Digest, User-Password == "<user_password>"
Reply-Message = "Authenticated".......
The content of radcheck table from radius DB:id | username |
attribute | op |
value------------------------------------------------------------------------------------------------------------------------------------14
| abcdef@<domain_name> | Digest-HA1 | := |
f67erftg...................
Attached you can find the logs, maybe you'll figure it out which is the reason of
these errors.
Thank you very much for your help!
Br,
28 Sep
28 Sep
4 p.m.
Hello,
Some hints about this issue ? Still, doesn't work !
thank you
On Wednesday, September 23, 2015 2:38 PM, Ciolpan Ionut-Marian
<ionut.ciolpan(a)yahoo.com> wrote:
Hello,
Thank you for your answer.
It seems that now radius auth function is executed.Unfortunately, now I am receiveing a
sip:user@domain not registered <Unauthorized> message for every user.
The content of users.file [/etc/raddb/users]:e.g: usertest@<my_domain_name>
Auth-Type := Digest, User-Password == "<user_password>"
Reply-Message = "Authenticated".......
The content of radcheck table from radius DB:id | username |
attribute | op |
value------------------------------------------------------------------------------------------------------------------------------------14
| abcdef@<domain_name> | Digest-HA1 | := |
f67erftg...................
Attached you can find the logs, maybe you'll figure it out which is the reason of
these errors.
Thank you very much for your help!
Br,
29 Sep
29 Sep
7:36 a.m.
The logs indicate that the radius server didn't return auth ok:
2(2215) DEBUG: auth [api.c:96]: pre_auth(): auth: digest-algo: MD5
parsed value: 1
2(2215) ERROR: auth_radius [sterman.c:412]: radius_authorize_sterman():
authorization failed
Enable debugging to your radius server to see why it rejects the
authentication. Kamailio is only passing the attributes from
Authorization header, the Radius server does all the computation and
checks to match the response.
Cheers,
Daniel
On 28/09/15 08:00, Ciolpan Ionut-Marian wrote:
Hello,
Some hints about this issue ? Still, doesn't work !
thank you
On Wednesday, September 23, 2015 2:38 PM, Ciolpan Ionut-Marian
<ionut.ciolpan(a)yahoo.com> wrote:
Hello,
Thank you for your answer.
It seems that now radius auth function is executed.
Unfortunately, now I am receiveing a /*sip:user@domain not registered
<Unauthorized>*/ message for every user.
*The content of users.file [/etc/raddb/users]:*
e.g: usertest@<my_domain_name> Auth-Type := Digest, User-Password ==
"<user_password>"
Reply-Message = "Authenticated"
.......
*The content of radcheck table from radius DB:*
id | username | attribute |
op | value
------------------------------------------------------------------------------------------------------------------------------------
14 | abcdef@<domain_name> | Digest-HA1 | := |
f67erftg...................
Attached you can find the logs, maybe you'll figure it out which is
the reason of these errors.
Thank you very much for your help!
Br,
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
3403
days inactive
3410
days old
10 comments
2 participants
participants (2)
-
Ciolpan Ionut-Marian -
Daniel-Constantin Mierla