Hi, I want to implement Kamailio with Radius authentication. To be more exactly I want to register SIP users (PhonerLite and/or Jitsi) based on the credentials stored in radcheck table from radius database. First of all, I have tried to register SIP users based on the credentials stored in users file from /etc/raddb directory. In order to do this,I am using auth_radius module (you can find the content of my kamailio.cfg file in the attachements) but without success. All of the SIP users are registeres successfully even if they are not specified in users file. Can you provide me some help to achieve this task? and also, can you explain to me how should I do this authentication based on the credentials stored in radcheck table? The content of users file in /etc/raddb: usertest@mydomain_name Auth-Type := Digest, User-Password == "*89Lob?p" Reply-Message = "Authenticated"
Thank you for any help you can provide ! Best regards
PS: kamailio 4.0.5 freeradius 2.2.0 radclient 2.2.0 PPS: I managed to register SIP users based on the credentials stored in subscriber table from kamailio db.
Hello,
run kamailio with debug=3 in kamailio.cfg and look inside syslog file -- you should see a lot of debug messages, try to spot if radius module prints some hints about what is happening.
A really old tutorial, maybe still useful to read to understand some concepts on this topic:
- http://www.kamailio.org/docs/kamailio-radius-1.0.x.html
Cheers, Daniel
On 21/09/15 09:09, Ciolpan Ionut-Marian wrote:
Hi,
I want to implement Kamailio with Radius authentication. To be more exactly I want to register SIP users (PhonerLite and/or Jitsi) based on the credentials stored in *radcheck* table from radius database.
First of all, I have tried to register SIP users based on the credentials stored in *users* file from */etc/raddb* directory. In order to do this,I am using *auth_radius* module (you can find the content of my *kamailio.cfg* file in the attachements) but without success. All of the SIP users are registeres successfully even if they are not specified in users file.
Can you provide me some help to achieve this task? and also, can you explain to me how should I do this authentication based on the credentials stored in radcheck table?
The content of users file in /etc/raddb: *usertest@mydomain_name Auth-Type := Digest, User-Password == "*89Lob?p"*
Reply-Message = "Authenticated"*Thank you for any help you can provide !
Best regards
PS: kamailio 4.0.5 freeradius 2.2.0 radclient 2.2.0
PPS: I managed to register SIP users based on the credentials stored in subscriber table from kamailio db.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hi syslog file contains the logs of service kamailio restart command after I've set debug=3 in kamailio.cfglog kam.txt contains the logs of kamailio -E -ddd command. Please have a look at the attached files(syslog and log kam.txt), maybe you can find some valuable information there (I don't).Also if you can, please take a look at kamailio.cfg file. Maybe I configured something wrong here. Thank you very much for your help!
On Monday, September 21, 2015 1:48 PM, Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
run kamailio with debug=3 in kamailio.cfg and look inside syslog file -- you should see a lot of debug messages, try to spot if radius module prints some hints about what is happening.
A really old tutorial, maybe still useful to read to understand some concepts on this topic:
- http://www.kamailio.org/docs/kamailio-radius-1.0.x.html
Cheers, Daniel
On 21/09/15 09:09, Ciolpan Ionut-Marian wrote:
Hi, I want to implement Kamailio with Radius authentication. To be more exactly I want to register SIP users (PhonerLite and/or Jitsi) based on the credentials stored in radcheck table from radius database. First of all, I have tried to register SIP users based on the credentials stored in users file from /etc/raddb directory. In order to do this,I am using auth_radius module (you can find the content of my kamailio.cfg file in the attachements) but without success. All of the SIP users are registeres successfully even if they are not specified in users file. Can you provide me some help to achieve this task? and also, can you explain to me how should I do this authentication based on the credentials stored in radcheck table? The content of users file in /etc/raddb: usertest@mydomain_name Auth-Type := Digest, User-Password == "*89Lob?p" Reply-Message = "Authenticated"
Thank you for any help you can provide ! Best regards
PS: kamailio 4.0.5 freeradius 2.2.0 radclient 2.2.0 PPS: I managed to register SIP users based on the credentials stored in subscriber table from kamailio db.
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Book: SIP Routing With Kamailio - http://www.asipto.com Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
Hello,
with a quick search I couldn't see any log related to radius for runtime. Maybe the part with radius functions is not executed. Load debugger module and set its cfgtrace parameter to 1. The register with the phone and see if the radius authentication function is executed. If not, look to see what are the actions executed (you should see the name of the functions and lines) and why is not going to the radius auth part.
Cheers, Daniel
On 21/09/15 16:40, Ciolpan Ionut-Marian wrote:
Hi
syslog file contains the logs of *service kamailio restart* command after I've set debug=3 in kamailio.cfg log kam.txt contains the logs of kamailio -E -ddd command.
Please have a look at the attached files(syslog and log kam.txt), maybe you can find some valuable information there (I don't). Also if you can, please take a look at kamailio.cfg file. Maybe I configured something wrong here.
Thank you very much for your help!
On Monday, September 21, 2015 1:48 PM, Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
run kamailio with debug=3 in kamailio.cfg and look inside syslog file -- you should see a lot of debug messages, try to spot if radius module prints some hints about what is happening.
A really old tutorial, maybe still useful to read to understand some concepts on this topic:
Cheers, Daniel
On 21/09/15 09:09, Ciolpan Ionut-Marian wrote:
Hi,
I want to implement Kamailio with Radius authentication. To be more exactly I want to register SIP users (PhonerLite and/or Jitsi) based on the credentials stored in *radcheck* table from radius database.
First of all, I have tried to register SIP users based on the credentials stored in *users* file from */etc/raddb* directory. In order to do this,I am using *auth_radius* module (you can find the content of my *kamailio.cfg* file in the attachements) but without success. All of the SIP users are registeres successfully even if they are not specified in users file.
Can you provide me some help to achieve this task? and also, can you explain to me how should I do this authentication based on the credentials stored in radcheck table?
The content of users file in /etc/raddb: *usertest@mydomain_name Auth-Type := Digest, User-Password == "*89Lob?p"*
Reply-Message = "Authenticated"*Thank you for any help you can provide !
Best regards
PS: kamailio 4.0.5 freeradius 2.2.0 radclient 2.2.0
PPS: I managed to register SIP users based on the credentials stored in subscriber table from kamailio db.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla http://twitter.com/#!/miconda http://twitter.com/#%21/miconda - http://www.linkedin.com/in/miconda Book: SIP Routing With Kamailio - http://www.asipto.com http://www.asipto.com/ Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
Hello again, Thank you for your answer. As you could see in kamailio.cfg file, debugger module its already loaded and cfgtrace param is set to 1.Attached you can find the logs from syslog and from Phonerlite. Now thats a little bit awkward for me, maybe this is a stupid question, but why am I unable to see if the credentials are checked for this user? from what I understand from phonerlite logs, the user is registered based only on the realm - am I right? Am I doing right if I'm using radius_www_authorize function in REGISTRAR route? Please, have a look at the attached files, maybe you will understand what I'm doing wrong there. My level of knowledges is beginner but unfortunately I am under pressure to solve this as quickly as possible. Thank you for your time and thank you again for any help you can provide ! Best regards,
p.s: At this point, if I am using radius_proxy_authorize in AUTH route I'm receiveing an UNAUTHORIZED answer.
On Tuesday, September 22, 2015 11:45 AM, Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
with a quick search I couldn't see any log related to radius for runtime. Maybe the part with radius functions is not executed. Load debugger module and set its cfgtrace parameter to 1. The register with the phone and see if the radius authentication function is executed. If not, look to see what are the actions executed (you should see the name of the functions and lines) and why is not going to the radius auth part.
Cheers, Daniel
On 21/09/15 16:40, Ciolpan Ionut-Marian wrote:
Hi syslog file contains the logs of service kamailio restart command after I've set debug=3 in kamailio.cfg log kam.txt contains the logs of kamailio -E -ddd command. Please have a look at the attached files(syslog and log kam.txt), maybe you can find some valuable information there (I don't). Also if you can, please take a look at kamailio.cfg file. Maybe I configured something wrong here. Thank you very much for your help!
On Monday, September 21, 2015 1:48 PM, Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
run kamailio with debug=3 in kamailio.cfg and look inside syslog file -- you should see a lot of debug messages, try to spot if radius module prints some hints about what is happening.
A really old tutorial, maybe still useful to read to understand some concepts on this topic:
- http://www.kamailio.org/docs/kamailio-radius-1.0.x.html
Cheers, Daniel
On 21/09/15 09:09, Ciolpan Ionut-Marian wrote:
Hi, I want to implement Kamailio with Radius authentication. To be more exactly I want to register SIP users (PhonerLite and/or Jitsi) based on the credentials stored in radcheck table from radius database. First of all, I have tried to register SIP users based on the credentials stored in users file from /etc/raddb directory. In order to do this,I am using auth_radius module (you can find the content of my kamailio.cfg file in the attachements) but without success. All of the SIP users are registeres successfully even if they are not specified in users file. Can you provide me some help to achieve this task? and also, can you explain to me how should I do this authentication based on the credentials stored in radcheck table? The content of users file in /etc/raddb: usertest@mydomain_name Auth-Type := Digest, User-Password == "*89Lob?p" Reply-Message = "Authenticated"
Thank you for any help you can provide ! Best regards
PS: kamailio 4.0.5 freeradius 2.2.0 radclient 2.2.0 PPS: I managed to register SIP users based on the credentials stored in subscriber table from kamailio db.
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Book: SIP Routing With Kamailio - http://www.asipto.com Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
-- Daniel-Constantin Mierla http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Book: SIP Routing With Kamailio - http://www.asipto.com Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
Hello,
the log file doesn't have any message from cfgtrace.
If you started from default kamailio.cfg, note that the debugger module is not loaded unless you define WITH_DEBUG. To understand, see some docs about defines at:
- https://www.kamailio.org/wiki/cookbooks/4.3.x/core#define
Cheers, Daniel
On 22/09/15 12:06, Ciolpan Ionut-Marian wrote:
Hello again,
Thank you for your answer. As you could see in kamailio.cfg file, debugger module its already loaded and cfgtrace param is set to 1. Attached you can find the logs from syslog and from Phonerlite. Now thats a little bit awkward for me, maybe this is a stupid question, but why am I unable to see if the credentials are checked for this user? from what I understand from phonerlite logs, the user is registered based only on the realm - am I right? Am I doing right if I'm using radius_www_authorize function in REGISTRAR route?
Please, have a look at the attached files, maybe you will understand what I'm doing wrong there.
My level of knowledges is beginner but unfortunately I am under pressure to solve this as quickly as possible.
Thank you for your time and thank you again for any help you can provide !
Best regards,
p.s: At this point, if I am using radius_proxy_authorize in AUTH route I'm receiveing an UNAUTHORIZED answer.
The content of kamailio.cfg includes the following lines(still, cfgtrace doesn't appear in syslog):#!define WITH_DEBUG #!ifdef WITH_DEBUGdebug=3log_stderror=no#!elsedebug=2log_stderror=no#!endif #!ifdef WITH_DEBUG loadmodule "debugger.so"#!endif
#-----debugger params-----#!ifdef WITH_DEBUG modparam("debugger", "cfgtrace", 1)#!endif
It seems that cfgtrace appears only if I am running kamailio -E -ddd command followed by the registration process for a SIP user Thank you!Br,
On Tuesday, September 22, 2015 3:34 PM, Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
the log file doesn't have any message from cfgtrace.
If you started from default kamailio.cfg, note that the debugger module is not loaded unless you define WITH_DEBUG. To understand, see some docs about defines at:
- https://www.kamailio.org/wiki/cookbooks/4.3.x/core#define
Cheers, Daniel
On 22/09/15 12:06, Ciolpan Ionut-Marian wrote:
Hello again, Thank you for your answer. As you could see in kamailio.cfg file, debugger module its already loaded and cfgtrace param is set to 1. Attached you can find the logs from syslog and from Phonerlite. Now thats a little bit awkward for me, maybe this is a stupid question, but why am I unable to see if the credentials are checked for this user? from what I understand from phonerlite logs, the user is registered based only on the realm - am I right? Am I doing right if I'm using radius_www_authorize function in REGISTRAR route? Please, have a look at the attached files, maybe you will understand what I'm doing wrong there. My level of knowledges is beginner but unfortunately I am under pressure to solve this as quickly as possible. Thank you for your time and thank you again for any help you can provide ! Best regards,
p.s: At this point, if I am using radius_proxy_authorize in AUTH route I'm receiveing an UNAUTHORIZED answer.
-- Daniel-Constantin Mierla http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Book: SIP Routing With Kamailio - http://www.asipto.com Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
Hello,
the cfgtrace is printed now in the config, but the radius auth function is not executed.
Very likely because you have an if condition on myself:
if(uri == myself) { if (is_method("REGISTER")) { if (!radius_www_authorize("sipauthdev.frequentis.frq")) {
If the request uri of REGISTER is not local IP or local domain, then the uri==myself is false.
Add alias aprameter with your domain:
alias=yourdomain.com
Cheers, Daniel
On 22/09/15 15:59, Ciolpan Ionut-Marian wrote:
The content of kamailio.cfg includes the following lines(still, cfgtrace doesn't appear in syslog): /*#!define WITH_DEBUG*/ /* */ /*#!ifdef WITH_DEBUG*/ /*debug=3*/ /*log_stderror=no*/ /*#!else*/ /*debug=2*/ /*log_stderror=no*/ /*#!endif*/ /* */ /*#!ifdef WITH_DEBUG*//* */ /*loadmodule "debugger.so"*/ /*/*#!endif*/ */ /*/* */*/ /*/*#-----debugger params-----*/*/ /*/*/*#!ifdef WITH_DEBUG*/ */*/ /*/*modparam("debugger", "cfgtrace", 1)*/*/ /*/*/*/*#!endif*/*/ */*/ /*/* */*/ It seems that cfgtrace appears only if I am running kamailio -E -ddd command followed by the registration process for a SIP user
Thank you! Br,
On Tuesday, September 22, 2015 3:34 PM, Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
the log file doesn't have any message from cfgtrace.
If you started from default kamailio.cfg, note that the debugger module is not loaded unless you define WITH_DEBUG. To understand, see some docs about defines at:
Cheers, Daniel
On 22/09/15 12:06, Ciolpan Ionut-Marian wrote:
Hello again,
Thank you for your answer. As you could see in kamailio.cfg file, debugger module its already loaded and cfgtrace param is set to 1. Attached you can find the logs from syslog and from Phonerlite. Now thats a little bit awkward for me, maybe this is a stupid question, but why am I unable to see if the credentials are checked for this user? from what I understand from phonerlite logs, the user is registered based only on the realm - am I right? Am I doing right if I'm using radius_www_authorize function in REGISTRAR route?
Please, have a look at the attached files, maybe you will understand what I'm doing wrong there.
My level of knowledges is beginner but unfortunately I am under pressure to solve this as quickly as possible.
Thank you for your time and thank you again for any help you can provide !
Best regards,
p.s: At this point, if I am using radius_proxy_authorize in AUTH route I'm receiveing an UNAUTHORIZED answer.
-- Daniel-Constantin Mierla http://twitter.com/#!/miconda http://twitter.com/#%21/miconda - http://www.linkedin.com/in/miconda Book: SIP Routing With Kamailio - http://www.asipto.com http://www.asipto.com/ Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
Hello, Thank you for your answer. It seems that now radius auth function is executed.Unfortunately, now I am receiveing a sip:user@domain not registered <Unauthorized> message for every user. The content of users.file [/etc/raddb/users]:e.g: usertest@<my_domain_name> Auth-Type := Digest, User-Password == "<user_password>" Reply-Message = "Authenticated"....... The content of radcheck table from radius DB:id | username | attribute | op | value------------------------------------------------------------------------------------------------------------------------------------14 | abcdef@<domain_name> | Digest-HA1 | := | f67erftg................... Attached you can find the logs, maybe you'll figure it out which is the reason of these errors. Thank you very much for your help! Br,
Hello, Some hints about this issue ? Still, doesn't work ! thank you
On Wednesday, September 23, 2015 2:38 PM, Ciolpan Ionut-Marian ionut.ciolpan@yahoo.com wrote:
Hello, Thank you for your answer. It seems that now radius auth function is executed.Unfortunately, now I am receiveing a sip:user@domain not registered <Unauthorized> message for every user. The content of users.file [/etc/raddb/users]:e.g: usertest@<my_domain_name> Auth-Type := Digest, User-Password == "<user_password>" Reply-Message = "Authenticated"....... The content of radcheck table from radius DB:id | username | attribute | op | value------------------------------------------------------------------------------------------------------------------------------------14 | abcdef@<domain_name> | Digest-HA1 | := | f67erftg................... Attached you can find the logs, maybe you'll figure it out which is the reason of these errors. Thank you very much for your help! Br,
The logs indicate that the radius server didn't return auth ok:
2(2215) DEBUG: auth [api.c:96]: pre_auth(): auth: digest-algo: MD5 parsed value: 1 2(2215) ERROR: auth_radius [sterman.c:412]: radius_authorize_sterman(): authorization failed
Enable debugging to your radius server to see why it rejects the authentication. Kamailio is only passing the attributes from Authorization header, the Radius server does all the computation and checks to match the response.
Cheers, Daniel
On 28/09/15 08:00, Ciolpan Ionut-Marian wrote:
Hello,
Some hints about this issue ? Still, doesn't work !
thank you
On Wednesday, September 23, 2015 2:38 PM, Ciolpan Ionut-Marian ionut.ciolpan@yahoo.com wrote:
Hello,
Thank you for your answer.
It seems that now radius auth function is executed. Unfortunately, now I am receiveing a /*sip:user@domain not registered <Unauthorized>*/ message for every user.
*The content of users.file [/etc/raddb/users]:* e.g: usertest@<my_domain_name> Auth-Type := Digest, User-Password == "<user_password>" Reply-Message = "Authenticated" .......
*The content of radcheck table from radius DB:* id | username | attribute | op | value
14 | abcdef@<domain_name> | Digest-HA1 | := | f67erftg...................
Attached you can find the logs, maybe you'll figure it out which is the reason of these errors.
Thank you very much for your help!
Br,
-
Ciolpan Ionut-Marian -
Daniel-Constantin Mierla