Guys,
Im trying to setup radius Authenticate but cant figure out why I keep getting the below error. I have SER 0.12 and freeradius 0.9.3 installed on the same server. What could I be missing?
Freeradius has this config in the user file: greg Auth-Type := Digest, User-Password == "xxxxx" Reply-Message = "Authenticated"
Debug:
0(6147) SIP Request: 0(6147) method: <REGISTER> 0(6147) uri: sip:64.81.88.148 0(6147) version: <SIP/2.0> 0(6147) parse_headers: flags=1 0(6147) end of header reached, state=5 0(6147) parse_headers: Via found, flags=1 0(6147) parse_headers: this is the first via 0(6147) After parse_msg... 0(6147) preparing to run routing scripts... 0(6147) logging so message came in 0(6147) DEBUG : is_maxfwd_present: searching for max_forwards header 0(6147) parse_headers: flags=128 0(6147) end of header reached, state=9 0(6147) DEBUG: get_hdr_field: <To> [36]; uri=[sip:2012@64.81.88.148;user=phone] 0(6147) DEBUG: to body [sip:2012@64.81.88.148;user=phone ] 0(6147) get_hdr_field: cseq <CSeq>: <12> <REGISTER> 0(6147) DEBUG: get_hdr_body : content_length=0 0(6147) found end of header 0(6147) DEBUG: is_maxfwd_present: max_forwards header not found! 0(6147) DEBUG: add_param: tag=2161114233 0(6147) end of header reached, state=29 0(6147) parse_headers: flags=256 0(6147) find_first_route(): No Route headers found 0(6147) loose_route(): There is no Route HF 0(6147) check_nonce(): comparing [4015e5a000c7aec015d8da7e158f8720532f4d22] and [4015e5a000c7aec015d8da7e158f8720532f4d22] 0(6147) res: -2 0(6147) radius_authorize_sterman(): Failure 0(6147) build_auth_hf(): 'WWW-Authenticate: Digest realm="64.81.88.148", nonce="4015e5a1ed5da080d2f74b1e0a65e54e4b4bae8f", qop="auth" '
It looks like the radius server is working ok :
rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "greg" Digest-Realm = "64.81.88.148" Digest-Nonce = "4015e5a000c7aec015d8da7e158f8720532f4d22" Digest-Uri = "sip:64.81.88.148" Digest-Method = "REGISTER" Digest-Qop = "auth" Digest-Nonce-Count = "00000001" Digest-Cnonce = "05efa56c" modcall[authorize]: module "digest" returns ok for request 108 rlm_realm: Proxy reply, or no User-Name. Ignoring. modcall[authorize]: module "suffix" returns noop for request 108 users: Matched DEFAULT at 152 users: Matched greg at 214 modcall[authorize]: module "files" returns ok for request 108 modcall[authorize]: module "mschap" returns noop for request 108 modcall: group authorize returns ok for request 108 rad_check_password: Found Auth-Type Digest rad_check_password: Auth-Type = Accept, accepting the user radius_xlat: 'Authenticated' Sending Access-Accept of id 25 to 127.0.0.1:4720 Reply-Message = "Authenticated" Finished request 108
Either you have incorrect shared secret (so the radiusclient library and radius server are using different shared secrets) or you forgot to extend the radiusclient dictionary.
See http://iptel.org/ser/ser_radius.html for more details.
Jan.
On 26-01 20:19, Gregory D. Burns wrote:
Guys,
Im trying to setup radius Authenticate but cant figure out why I keep getting the below error. I have SER 0.12 and freeradius 0.9.3 installed on the same server. What could I be missing?
Freeradius has this config in the user file: greg Auth-Type := Digest, User-Password == "xxxxx" Reply-Message = "Authenticated"
Debug:
0(6147) SIP Request: 0(6147) method: <REGISTER> 0(6147) uri: sip:64.81.88.148 0(6147) version: <SIP/2.0> 0(6147) parse_headers: flags=1 0(6147) end of header reached, state=5 0(6147) parse_headers: Via found, flags=1 0(6147) parse_headers: this is the first via 0(6147) After parse_msg... 0(6147) preparing to run routing scripts... 0(6147) logging so message came in 0(6147) DEBUG : is_maxfwd_present: searching for max_forwards header 0(6147) parse_headers: flags=128 0(6147) end of header reached, state=9 0(6147) DEBUG: get_hdr_field: <To> [36]; uri=[sip:2012@64.81.88.148;user=phone] 0(6147) DEBUG: to body [sip:2012@64.81.88.148;user=phone ] 0(6147) get_hdr_field: cseq <CSeq>: <12> <REGISTER> 0(6147) DEBUG: get_hdr_body : content_length=0 0(6147) found end of header 0(6147) DEBUG: is_maxfwd_present: max_forwards header not found! 0(6147) DEBUG: add_param: tag=2161114233 0(6147) end of header reached, state=29 0(6147) parse_headers: flags=256 0(6147) find_first_route(): No Route headers found 0(6147) loose_route(): There is no Route HF 0(6147) check_nonce(): comparing [4015e5a000c7aec015d8da7e158f8720532f4d22] and [4015e5a000c7aec015d8da7e158f8720532f4d22] 0(6147) res: -2 0(6147) radius_authorize_sterman(): Failure 0(6147) build_auth_hf(): 'WWW-Authenticate: Digest realm="64.81.88.148", nonce="4015e5a1ed5da080d2f74b1e0a65e54e4b4bae8f", qop="auth" '
It looks like the radius server is working ok :
rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "greg" Digest-Realm = "64.81.88.148" Digest-Nonce = "4015e5a000c7aec015d8da7e158f8720532f4d22" Digest-Uri = "sip:64.81.88.148" Digest-Method = "REGISTER" Digest-Qop = "auth" Digest-Nonce-Count = "00000001" Digest-Cnonce = "05efa56c" modcall[authorize]: module "digest" returns ok for request 108 rlm_realm: Proxy reply, or no User-Name. Ignoring. modcall[authorize]: module "suffix" returns noop for request 108 users: Matched DEFAULT at 152 users: Matched greg at 214 modcall[authorize]: module "files" returns ok for request 108 modcall[authorize]: module "mschap" returns noop for request 108 modcall: group authorize returns ok for request 108 rad_check_password: Found Auth-Type Digest rad_check_password: Auth-Type = Accept, accepting the user radius_xlat: 'Authenticated' Sending Access-Accept of id 25 to 127.0.0.1:4720 Reply-Message = "Authenticated" Finished request 108
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Gregory D. Burns -
Jan Janak