Sorry if this is a re-post, I did not see it come through the list in the almot 24 hours since I sent it. Could someone please help me with this? I am running SER 0.8.14 and Freeradius 1.0.0. They are on sperate servers, but I can use radiusclient on the SER box and succesfully authenticate a test account on the remote radius box. When my sipura spa-200 trys to register to SER, SER does not appear to be making a request to radius. I have followed the ser-radius how-to, and still no good. Below are my configs and debug. Thank you all for the help that you have given me in the past and hopefully someone can help with this question.
Config # ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd) #fork=yes log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo"
alias=**************** alias=*****************
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" loadmodule "/usr/local/lib/ser/modules/uri_radius.so" loadmodule "/usr/local/lib/ser/modules/group_radius.so" loadmodule "/usr/local/lib/ser/modules/pa.so" loadmodule "/usr/local/lib/ser/modules/nathelper.so" loadmodule "/usr/local/lib/ser/modules/msilo.so" # ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 2) modparam("usrloc", "db_url", "sql://ser:*********@***********/ser")
# -- auth radius params -- modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") modparam("auth_radius", "service_type", 15)
# -- URI radius params -- modparam("uri_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") modparam("uri_radius", "service_type", 10)
# -- Group radius params -- modparam("group_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") modparam("group_radius", "use_domain", 0)
# -- Presence params -- modparam("pa", "default_expires", 3600)
# -- Nathelper params -- modparam("nathelper", "natping_interval", 10)
# -- Msilo params -- modparam("msilo", "db_url", "sql://ser:********@*********/ser") modparam("msilo", "db_table", "silo") modparam("msilo", "expire_time", 36000) modparam("msilo", "check_time", 20) modparam("msilo", "clean_period", 3) modparam("msilo", "use_contact", 1)
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; };
# we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route(); # loose-route processing if (loose_route()) { t_relay(); break; };
# if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) # if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication if (!radius_www_authorize("")) { www_challenge("", "0"); # I have also tried 1 in place of 0 # };
save("location"); break; };
# native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; # }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); };
}
SER debug:
6(16294) SIP Request: 6(16294) method: <REGISTER> 6(16294) uri: sip:192.168.1.119 6(16294) version: <SIP/2.0> 6(16294) parse_headers: flags=1 6(16294) Found param type 232, <branch> = <z9hG4bK-5579ff0b>; state=16 6(16294) end of header reached, state=5 6(16294) parse_headers: Via found, flags=1 6(16294) parse_headers: this is the first via 6(16294) After parse_msg... 6(16294) preparing to run routing scripts... 6(16294) DEBUG : is_maxfwd_present: searching for max_forwards header 6(16294) parse_headers: flags=128 6(16294) end of header reached, state=9 6(16294) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119] 6(16294) DEBUG: to body [test sip:test@192.168.1.119 ] 6(16294) get_hdr_field: cseq <CSeq>: <170> <REGISTER> 6(16294) DEBUG: is_maxfwd_present: value = 70 6(16294) DEBUG: add_param: tag=79b50153b98e6976 6(16294) end of header reached, state=29 6(16294) parse_headers: flags=256 6(16294) DEBUG: get_hdr_body : content_length=0 6(16294) found end of header 6(16294) find_first_route(): No Route headers found 6(16294) loose_route(): There is no Route HF 6(16294) check_nonce(): comparing [414c90ab7f933a6b3c06a4bbbca22ce39fbf8012] and [414c90ab7f933a6b3c06a4bbbca22ce39fbf8012] 10(16299) MSILO:clean_silo: cleaning stored messages - 20
Do you have 192.168.1.119 as the domain in freeradius (because this is what the user agent uses).
Jan.
On 19-09 11:13, AJ Grinnell wrote:
Sorry if this is a re-post, I did not see it come through the list in the almot 24 hours since I sent it. Could someone please help me with this? I am running SER 0.8.14 and Freeradius 1.0.0. They are on sperate servers, but I can use radiusclient on the SER box and succesfully authenticate a test account on the remote radius box. When my sipura spa-200 trys to register to SER, SER does not appear to be making a request to radius. I have followed the ser-radius how-to, and still no good. Below are my configs and debug. Thank you all for the help that you have given me in the past and hopefully someone can help with this question.
Config # ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd) #fork=yes log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo"
alias=**************** alias=*****************
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" loadmodule "/usr/local/lib/ser/modules/uri_radius.so" loadmodule "/usr/local/lib/ser/modules/group_radius.so" loadmodule "/usr/local/lib/ser/modules/pa.so" loadmodule "/usr/local/lib/ser/modules/nathelper.so" loadmodule "/usr/local/lib/ser/modules/msilo.so" # ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 2) modparam("usrloc", "db_url", "sql://ser:*********@***********/ser")
# -- auth radius params -- modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") modparam("auth_radius", "service_type", 15)
# -- URI radius params -- modparam("uri_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") modparam("uri_radius", "service_type", 10)
# -- Group radius params -- modparam("group_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") modparam("group_radius", "use_domain", 0)
# -- Presence params -- modparam("pa", "default_expires", 3600)
# -- Nathelper params -- modparam("nathelper", "natping_interval", 10)
# -- Msilo params -- modparam("msilo", "db_url", "sql://ser:********@*********/ser") modparam("msilo", "db_table", "silo") modparam("msilo", "expire_time", 36000) modparam("msilo", "check_time", 20) modparam("msilo", "clean_period", 3) modparam("msilo", "use_contact", 1)
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route(); # loose-route processing if (loose_route()) { t_relay(); break; }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it)# if (uri==myself) {
if (method=="REGISTER") {# Uncomment this if you want to use digest authentication if (!radius_www_authorize("")) { www_challenge("", "0"); # I have also tried 1 in place of 0 # };
save("location"); break; }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; };# }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); };
}
SER debug:
6(16294) SIP Request: 6(16294) method: <REGISTER> 6(16294) uri: sip:192.168.1.119 6(16294) version: <SIP/2.0> 6(16294) parse_headers: flags=1 6(16294) Found param type 232, <branch> = <z9hG4bK-5579ff0b>; state=16 6(16294) end of header reached, state=5 6(16294) parse_headers: Via found, flags=1 6(16294) parse_headers: this is the first via 6(16294) After parse_msg... 6(16294) preparing to run routing scripts... 6(16294) DEBUG : is_maxfwd_present: searching for max_forwards header 6(16294) parse_headers: flags=128 6(16294) end of header reached, state=9 6(16294) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119] 6(16294) DEBUG: to body [test sip:test@192.168.1.119 ] 6(16294) get_hdr_field: cseq <CSeq>: <170> <REGISTER> 6(16294) DEBUG: is_maxfwd_present: value = 70 6(16294) DEBUG: add_param: tag=79b50153b98e6976 6(16294) end of header reached, state=29 6(16294) parse_headers: flags=256 6(16294) DEBUG: get_hdr_body : content_length=0 6(16294) found end of header 6(16294) find_first_route(): No Route headers found 6(16294) loose_route(): There is no Route HF 6(16294) check_nonce(): comparing [414c90ab7f933a6b3c06a4bbbca22ce39fbf8012] and [414c90ab7f933a6b3c06a4bbbca22ce39fbf8012] 10(16299) MSILO:clean_silo: cleaning stored messages - 20
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
I guess this is the big confusion that I have to get past. The UAs will be hitting SER from all over different IP blocks and subnets. Do I need to re-write the source? I am sorry, this is probly very basic, but I am not understanding it right now.
On Mon, 20 Sep 2004 17:51:40 +0200, Jan Janak jan@iptel.org wrote:
Do you have 192.168.1.119 as the domain in freeradius (because this is what the user agent uses).
Jan.
On 19-09 11:13, AJ Grinnell wrote:
Sorry if this is a re-post, I did not see it come through the list in the almot 24 hours since I sent it. Could someone please help me with this? I am running SER 0.8.14 and Freeradius 1.0.0. They are on sperate servers, but I can use radiusclient on the SER box and succesfully authenticate a test account on the remote radius box. When my sipura spa-200 trys to register to SER, SER does not appear to be making a request to radius. I have followed the ser-radius how-to, and still no good. Below are my configs and debug. Thank you all for the help that you have given me in the past and hopefully someone can help with this question.
Config # ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd) #fork=yes log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo"
alias=**************** alias=*****************
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" loadmodule "/usr/local/lib/ser/modules/uri_radius.so" loadmodule "/usr/local/lib/ser/modules/group_radius.so" loadmodule "/usr/local/lib/ser/modules/pa.so" loadmodule "/usr/local/lib/ser/modules/nathelper.so" loadmodule "/usr/local/lib/ser/modules/msilo.so" # ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 2) modparam("usrloc", "db_url", "sql://ser:*********@***********/ser")
# -- auth radius params -- modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") modparam("auth_radius", "service_type", 15)
# -- URI radius params -- modparam("uri_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") modparam("uri_radius", "service_type", 10)
# -- Group radius params -- modparam("group_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") modparam("group_radius", "use_domain", 0)
# -- Presence params -- modparam("pa", "default_expires", 3600)
# -- Nathelper params -- modparam("nathelper", "natping_interval", 10)
# -- Msilo params -- modparam("msilo", "db_url", "sql://ser:********@*********/ser") modparam("msilo", "db_table", "silo") modparam("msilo", "expire_time", 36000) modparam("msilo", "check_time", 20) modparam("msilo", "clean_period", 3) modparam("msilo", "use_contact", 1)
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route(); # loose-route processing if (loose_route()) { t_relay(); break; }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it)# if (uri==myself) {
if (method=="REGISTER") {# Uncomment this if you want to use digest authentication if (!radius_www_authorize("")) { www_challenge("", "0"); # I have also tried 1 in place of 0 # };
save("location"); break; }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; };# }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); };
}
SER debug:
6(16294) SIP Request: 6(16294) method: <REGISTER> 6(16294) uri: sip:192.168.1.119 6(16294) version: <SIP/2.0> 6(16294) parse_headers: flags=1 6(16294) Found param type 232, <branch> = <z9hG4bK-5579ff0b>; state=16 6(16294) end of header reached, state=5 6(16294) parse_headers: Via found, flags=1 6(16294) parse_headers: this is the first via 6(16294) After parse_msg... 6(16294) preparing to run routing scripts... 6(16294) DEBUG : is_maxfwd_present: searching for max_forwards header 6(16294) parse_headers: flags=128 6(16294) end of header reached, state=9 6(16294) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119] 6(16294) DEBUG: to body [test sip:test@192.168.1.119 ] 6(16294) get_hdr_field: cseq <CSeq>: <170> <REGISTER> 6(16294) DEBUG: is_maxfwd_present: value = 70 6(16294) DEBUG: add_param: tag=79b50153b98e6976 6(16294) end of header reached, state=29 6(16294) parse_headers: flags=256 6(16294) DEBUG: get_hdr_body : content_length=0 6(16294) found end of header 6(16294) find_first_route(): No Route headers found 6(16294) loose_route(): There is no Route HF 6(16294) check_nonce(): comparing [414c90ab7f933a6b3c06a4bbbca22ce39fbf8012] and [414c90ab7f933a6b3c06a4bbbca22ce39fbf8012] 10(16299) MSILO:clean_silo: cleaning stored messages - 20
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
I have added 192.168.1.119 as an alias, and still no registration or attempt against radius to register.
On Mon, 20 Sep 2004 12:08:17 -0400, AJ Grinnell ajgrinnell@gmail.com wrote:
I guess this is the big confusion that I have to get past. The UAs will be hitting SER from all over different IP blocks and subnets. Do I need to re-write the source? I am sorry, this is probly very basic, but I am not understanding it right now.
On Mon, 20 Sep 2004 17:51:40 +0200, Jan Janak jan@iptel.org wrote:
Do you have 192.168.1.119 as the domain in freeradius (because this is what the user agent uses).
Jan.
On 19-09 11:13, AJ Grinnell wrote:
Sorry if this is a re-post, I did not see it come through the list in the almot 24 hours since I sent it. Could someone please help me with this? I am running SER 0.8.14 and Freeradius 1.0.0. They are on sperate servers, but I can use radiusclient on the SER box and succesfully authenticate a test account on the remote radius box. When my sipura spa-200 trys to register to SER, SER does not appear to be making a request to radius. I have followed the ser-radius how-to, and still no good. Below are my configs and debug. Thank you all for the help that you have given me in the past and hopefully someone can help with this question.
Config # ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd) #fork=yes log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo"
alias=**************** alias=*****************
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" loadmodule "/usr/local/lib/ser/modules/uri_radius.so" loadmodule "/usr/local/lib/ser/modules/group_radius.so" loadmodule "/usr/local/lib/ser/modules/pa.so" loadmodule "/usr/local/lib/ser/modules/nathelper.so" loadmodule "/usr/local/lib/ser/modules/msilo.so" # ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 2) modparam("usrloc", "db_url", "sql://ser:*********@***********/ser")
# -- auth radius params -- modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") modparam("auth_radius", "service_type", 15)
# -- URI radius params -- modparam("uri_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") modparam("uri_radius", "service_type", 10)
# -- Group radius params -- modparam("group_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") modparam("group_radius", "use_domain", 0)
# -- Presence params -- modparam("pa", "default_expires", 3600)
# -- Nathelper params -- modparam("nathelper", "natping_interval", 10)
# -- Msilo params -- modparam("msilo", "db_url", "sql://ser:********@*********/ser") modparam("msilo", "db_table", "silo") modparam("msilo", "expire_time", 36000) modparam("msilo", "check_time", 20) modparam("msilo", "clean_period", 3) modparam("msilo", "use_contact", 1)
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route(); # loose-route processing if (loose_route()) { t_relay(); break; }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it)# if (uri==myself) {
if (method=="REGISTER") {# Uncomment this if you want to use digest authentication if (!radius_www_authorize("")) { www_challenge("", "0"); # I have also tried 1 in place of 0 # };
save("location"); break; }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; };# }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); };
}
SER debug:
6(16294) SIP Request: 6(16294) method: <REGISTER> 6(16294) uri: sip:192.168.1.119 6(16294) version: <SIP/2.0> 6(16294) parse_headers: flags=1 6(16294) Found param type 232, <branch> = <z9hG4bK-5579ff0b>; state=16 6(16294) end of header reached, state=5 6(16294) parse_headers: Via found, flags=1 6(16294) parse_headers: this is the first via 6(16294) After parse_msg... 6(16294) preparing to run routing scripts... 6(16294) DEBUG : is_maxfwd_present: searching for max_forwards header 6(16294) parse_headers: flags=128 6(16294) end of header reached, state=9 6(16294) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119] 6(16294) DEBUG: to body [test sip:test@192.168.1.119 ] 6(16294) get_hdr_field: cseq <CSeq>: <170> <REGISTER> 6(16294) DEBUG: is_maxfwd_present: value = 70 6(16294) DEBUG: add_param: tag=79b50153b98e6976 6(16294) end of header reached, state=29 6(16294) parse_headers: flags=256 6(16294) DEBUG: get_hdr_body : content_length=0 6(16294) found end of header 6(16294) find_first_route(): No Route headers found 6(16294) loose_route(): There is no Route HF 6(16294) check_nonce(): comparing [414c90ab7f933a6b3c06a4bbbca22ce39fbf8012] and [414c90ab7f933a6b3c06a4bbbca22ce39fbf8012] 10(16299) MSILO:clean_silo: cleaning stored messages - 20
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Please send me the full log of ser, there are missing some lines in the log below. SIP messages would be good as well.
Jan.
On 20-09 12:26, AJ Grinnell wrote:
I have added 192.168.1.119 as an alias, and still no registration or attempt against radius to register.
On Mon, 20 Sep 2004 12:08:17 -0400, AJ Grinnell ajgrinnell@gmail.com wrote:
I guess this is the big confusion that I have to get past. The UAs will be hitting SER from all over different IP blocks and subnets. Do I need to re-write the source? I am sorry, this is probly very basic, but I am not understanding it right now.
On Mon, 20 Sep 2004 17:51:40 +0200, Jan Janak jan@iptel.org wrote:
Do you have 192.168.1.119 as the domain in freeradius (because this is what the user agent uses).
Jan.
On 19-09 11:13, AJ Grinnell wrote:
Sorry if this is a re-post, I did not see it come through the list in the almot 24 hours since I sent it. Could someone please help me with this? I am running SER 0.8.14 and Freeradius 1.0.0. They are on sperate servers, but I can use radiusclient on the SER box and succesfully authenticate a test account on the remote radius box. When my sipura spa-200 trys to register to SER, SER does not appear to be making a request to radius. I have followed the ser-radius how-to, and still no good. Below are my configs and debug. Thank you all for the help that you have given me in the past and hopefully someone can help with this question.
Config # ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd) #fork=yes log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo"
alias=**************** alias=*****************
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" loadmodule "/usr/local/lib/ser/modules/uri_radius.so" loadmodule "/usr/local/lib/ser/modules/group_radius.so" loadmodule "/usr/local/lib/ser/modules/pa.so" loadmodule "/usr/local/lib/ser/modules/nathelper.so" loadmodule "/usr/local/lib/ser/modules/msilo.so" # ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 2) modparam("usrloc", "db_url", "sql://ser:*********@***********/ser")
# -- auth radius params -- modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") modparam("auth_radius", "service_type", 15)
# -- URI radius params -- modparam("uri_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") modparam("uri_radius", "service_type", 10)
# -- Group radius params -- modparam("group_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") modparam("group_radius", "use_domain", 0)
# -- Presence params -- modparam("pa", "default_expires", 3600)
# -- Nathelper params -- modparam("nathelper", "natping_interval", 10)
# -- Msilo params -- modparam("msilo", "db_url", "sql://ser:********@*********/ser") modparam("msilo", "db_table", "silo") modparam("msilo", "expire_time", 36000) modparam("msilo", "check_time", 20) modparam("msilo", "clean_period", 3) modparam("msilo", "use_contact", 1)
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route(); # loose-route processing if (loose_route()) { t_relay(); break; }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it)# if (uri==myself) {
if (method=="REGISTER") {# Uncomment this if you want to use digest authentication if (!radius_www_authorize("")) { www_challenge("", "0"); # I have also tried 1 in place of 0 # };
save("location"); break; }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; };# }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); };
}
SER debug:
6(16294) SIP Request: 6(16294) method: <REGISTER> 6(16294) uri: sip:192.168.1.119 6(16294) version: <SIP/2.0> 6(16294) parse_headers: flags=1 6(16294) Found param type 232, <branch> = <z9hG4bK-5579ff0b>; state=16 6(16294) end of header reached, state=5 6(16294) parse_headers: Via found, flags=1 6(16294) parse_headers: this is the first via 6(16294) After parse_msg... 6(16294) preparing to run routing scripts... 6(16294) DEBUG : is_maxfwd_present: searching for max_forwards header 6(16294) parse_headers: flags=128 6(16294) end of header reached, state=9 6(16294) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119] 6(16294) DEBUG: to body [test sip:test@192.168.1.119 ] 6(16294) get_hdr_field: cseq <CSeq>: <170> <REGISTER> 6(16294) DEBUG: is_maxfwd_present: value = 70 6(16294) DEBUG: add_param: tag=79b50153b98e6976 6(16294) end of header reached, state=29 6(16294) parse_headers: flags=256 6(16294) DEBUG: get_hdr_body : content_length=0 6(16294) found end of header 6(16294) find_first_route(): No Route headers found 6(16294) loose_route(): There is no Route HF 6(16294) check_nonce(): comparing [414c90ab7f933a6b3c06a4bbbca22ce39fbf8012] and [414c90ab7f933a6b3c06a4bbbca22ce39fbf8012] 10(16299) MSILO:clean_silo: cleaning stored messages - 20
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Here is the confg part that I am using for authentication.
# (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication if (!radius_www_authorize('192.168.1.119')) { www_challenge('192.168.1.119', "1"); };
save("location"); break; };
Using Ethereal, I am getting SIP response 401 Unauthorized with the current config, and 407 Proxy Authentication Required when using radius_proxy_authorize. Here is the log from using the above config...
8(26234) check_via_address(192.168.1.122, 192.168.1.122, 0) 8(26234) DEBUG:destroy_avp_list: destroing list (nil) 8(26234) receive_msg: cleaning up 8(26234) SIP Request: 8(26234) method: <REGISTER> 8(26234) uri: sip:192.168.1.119 8(26234) version: <SIP/2.0> 8(26234) parse_headers: flags=1 8(26234) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16 8(26234) end of header reached, state=5 8(26234) parse_headers: Via found, flags=1 8(26234) parse_headers: this is the first via 8(26234) After parse_msg... 8(26234) preparing to run routing scripts... 8(26234) DEBUG : is_maxfwd_present: searching for max_forwards header 8(26234) parse_headers: flags=128 8(26234) end of header reached, state=9 8(26234) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119] 8(26234) DEBUG: to body [test sip:test@192.168.1.119 ] 8(26234) get_hdr_field: cseq <CSeq>: <222> <REGISTER> 8(26234) DEBUG: is_maxfwd_present: value = 70 8(26234) DEBUG: add_param: tag=b6d95f3126a0bea 8(26234) end of header reached, state=29 8(26234) parse_headers: flags=256 8(26234) DEBUG: get_hdr_body : content_length=0 8(26234) found end of header 8(26234) find_first_route(): No Route headers found 8(26234) loose_route(): There is no Route HF 8(26234) check_self - checking if host==us: 13==9 && [192.168.1.119] == [127.0.0.1] 8(26234) check_self - checking if port 5060 matches port 5060 8(26234) check_self - checking if host==us: 13==13 && [192.168.1.119] == [192.168.1.119] 8(26234) check_self - checking if port 5060 matches port 5060 8(26234) check_nonce(): comparing [414f2f30f649651c070ccbebd1e0fa25d84f8844] and [414f2f30f649651c070ccbebd1e0fa25d84f8844] 7(26233) res: 1 7(26233) radius_authorize_sterman(): Failure 7(26233) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.119", nonce="414f303e9ba6002a4a6a52ef0193f6e4a78a9724", qop="auth" ' 7(26233) parse_headers: flags=-1 7(26233) check_via_address(192.168.1.122, 192.168.1.122, 0) 7(26233) DEBUG:destroy_avp_list: destroing list (nil) 7(26233) receive_msg: cleaning up 7(26233) SIP Request: 7(26233) method: <REGISTER> 7(26233) uri: sip:192.168.1.119 7(26233) version: <SIP/2.0> 7(26233) parse_headers: flags=1 7(26233) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16 7(26233) end of header reached, state=5 7(26233) parse_headers: Via found, flags=1 7(26233) parse_headers: this is the first via 7(26233) After parse_msg... 7(26233) preparing to run routing scripts... 7(26233) DEBUG : is_maxfwd_present: searching for max_forwards header 7(26233) parse_headers: flags=128 7(26233) end of header reached, state=9 7(26233) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119] 7(26233) DEBUG: to body [test sip:test@192.168.1.119 ] 7(26233) get_hdr_field: cseq <CSeq>: <222> <REGISTER> 7(26233) DEBUG: is_maxfwd_present: value = 70 7(26233) DEBUG: add_param: tag=b6d95f3126a0bea 7(26233) end of header reached, state=29 7(26233) parse_headers: flags=256 7(26233) DEBUG: get_hdr_body : content_length=0 7(26233) found end of header 7(26233) find_first_route(): No Route headers found 7(26233) loose_route(): There is no Route HF 7(26233) check_self - checking if host==us: 13==9 && [192.168.1.119] == [127.0.0.1] 7(26233) check_self - checking if port 5060 matches port 5060 7(26233) check_self - checking if host==us: 13==13 && [192.168.1.119] == [192.168.1.119] 7(26233) check_self - checking if port 5060 matches port 5060 7(26233) check_nonce(): comparing [414f2f30f649651c070ccbebd1e0fa25d84f8844] and [414f2f30f649651c070ccbebd1e0fa25d84f8844] 5(26231) res: 1 5(26231) radius_authorize_sterman(): Failure 5(26231) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.119", nonce="414f303fbc908446eba362c1478e67eb0c4d8ea1", qop="auth" ' 5(26231) parse_headers: flags=-1 5(26231) check_via_address(192.168.1.122, 192.168.1.122, 0) 5(26231) DEBUG:destroy_avp_list: destroing list (nil) 5(26231) receive_msg: cleaning up 5(26231) SIP Request: 5(26231) method: <REGISTER> 5(26231) uri: sip:192.168.1.119 5(26231) version: <SIP/2.0> 5(26231) parse_headers: flags=1 5(26231) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16 5(26231) end of header reached, state=5 5(26231) parse_headers: Via found, flags=1 5(26231) parse_headers: this is the first via 5(26231) After parse_msg... 5(26231) preparing to run routing scripts... 5(26231) DEBUG : is_maxfwd_present: searching for max_forwards header 5(26231) parse_headers: flags=128 5(26231) end of header reached, state=9 5(26231) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119] 5(26231) DEBUG: to body [test sip:test@192.168.1.119 ] 5(26231) get_hdr_field: cseq <CSeq>: <222> <REGISTER> 5(26231) DEBUG: is_maxfwd_present: value = 70 5(26231) DEBUG: add_param: tag=b6d95f3126a0bea 5(26231) end of header reached, state=29 5(26231) parse_headers: flags=256 5(26231) DEBUG: get_hdr_body : content_length=0 5(26231) found end of header 5(26231) find_first_route(): No Route headers found 5(26231) loose_route(): There is no Route HF 5(26231) check_self - checking if host==us: 13==9 && [192.168.1.119] == [127.0.0.1] 5(26231) check_self - checking if port 5060 matches port 5060 5(26231) check_self - checking if host==us: 13==13 && [192.168.1.119] == [192.168.1.119] 5(26231) check_self - checking if port 5060 matches port 5060 5(26231) check_nonce(): comparing [414f2f30f649651c070ccbebd1e0fa25d84f8844] and [414f2f30f649651c070ccbebd1e0fa25d84f8844] 10(26236) MSILO:clean_silo: cleaning stored messages - 280 6(26232) res: 1 6(26232) radius_authorize_sterman(): Failure 6(26232) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.119", nonce="414f3041a86f22554568df6d3889f6c6d1b005a0", qop="auth" ' 6(26232) parse_headers: flags=-1 6(26232) check_via_address(192.168.1.122, 192.168.1.122, 0) 6(26232) DEBUG:destroy_avp_list: destroing list (nil) 6(26232) receive_msg: cleaning up 6(26232) SIP Request: 6(26232) method: <REGISTER> 6(26232) uri: sip:192.168.1.119 6(26232) version: <SIP/2.0> 6(26232) parse_headers: flags=1 6(26232) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16 6(26232) end of header reached, state=5 6(26232) parse_headers: Via found, flags=1 6(26232) parse_headers: this is the first via 6(26232) After parse_msg... 6(26232) preparing to run routing scripts... 6(26232) DEBUG : is_maxfwd_present: searching for max_forwards header 6(26232) parse_headers: flags=128 6(26232) end of header reached, state=9 6(26232) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119] 6(26232) DEBUG: to body [test sip:test@192.168.1.119 ] 6(26232) get_hdr_field: cseq <CSeq>: <222> <REGISTER> 6(26232) DEBUG: is_maxfwd_present: value = 70 6(26232) DEBUG: add_param: tag=b6d95f3126a0bea 6(26232) end of header reached, state=29 6(26232) parse_headers: flags=256 6(26232) DEBUG: get_hdr_body : content_length=0 6(26232) found end of header 6(26232) find_first_route(): No Route headers found 6(26232) loose_route(): There is no Route HF 6(26232) check_self - checking if host==us: 13==9 && [192.168.1.119] == [127.0.0.1] 6(26232) check_self - checking if port 5060 matches port 5060 6(26232) check_self - checking if host==us: 13==13 && [192.168.1.119] == [192.168.1.119] 6(26232) check_self - checking if port 5060 matches port 5060 6(26232) check_nonce(): comparing [414f2f30f649651c070ccbebd1e0fa25d84f8844] and [414f2f30f649651c070ccbebd1e0fa25d84f8844] 10(26236) MSILO:clean_silo: cleaning stored messages - 300 10(26236) MSILO:clean_silo: cleaning expired messages 10(26236) MSILO:clean_silo: cleaning stored messages - 320 ./serctl stop
Thank you for your help
On Mon, 20 Sep 2004 20:16:14 +0200, Jan Janak jan@iptel.org wrote:
Please send me the full log of ser, there are missing some lines in the log below. SIP messages would be good as well.
Jan.
Anyone have any ideas on this?
On Mon, 20 Sep 2004 15:28:56 -0400, AJ Grinnell ajgrinnell@gmail.com wrote:
Here is the confg part that I am using for authentication.
# (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="REGISTER") {# Uncomment this if you want to use digest authentication if (!radius_www_authorize('192.168.1.119')) { www_challenge('192.168.1.119', "1"); };
save("location"); break; };Using Ethereal, I am getting SIP response 401 Unauthorized with the current config, and 407 Proxy Authentication Required when using radius_proxy_authorize. Here is the log from using the above config...
8(26234) check_via_address(192.168.1.122, 192.168.1.122, 0) 8(26234) DEBUG:destroy_avp_list: destroing list (nil) 8(26234) receive_msg: cleaning up 8(26234) SIP Request: 8(26234) method: <REGISTER> 8(26234) uri: sip:192.168.1.119 8(26234) version: <SIP/2.0> 8(26234) parse_headers: flags=1 8(26234) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16 8(26234) end of header reached, state=5 8(26234) parse_headers: Via found, flags=1 8(26234) parse_headers: this is the first via 8(26234) After parse_msg... 8(26234) preparing to run routing scripts... 8(26234) DEBUG : is_maxfwd_present: searching for max_forwards header 8(26234) parse_headers: flags=128 8(26234) end of header reached, state=9 8(26234) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119] 8(26234) DEBUG: to body [test sip:test@192.168.1.119 ] 8(26234) get_hdr_field: cseq <CSeq>: <222> <REGISTER> 8(26234) DEBUG: is_maxfwd_present: value = 70 8(26234) DEBUG: add_param: tag=b6d95f3126a0bea 8(26234) end of header reached, state=29 8(26234) parse_headers: flags=256 8(26234) DEBUG: get_hdr_body : content_length=0 8(26234) found end of header 8(26234) find_first_route(): No Route headers found 8(26234) loose_route(): There is no Route HF 8(26234) check_self - checking if host==us: 13==9 && [192.168.1.119] == [127.0.0.1] 8(26234) check_self - checking if port 5060 matches port 5060 8(26234) check_self - checking if host==us: 13==13 && [192.168.1.119] == [192.168.1.119] 8(26234) check_self - checking if port 5060 matches port 5060 8(26234) check_nonce(): comparing [414f2f30f649651c070ccbebd1e0fa25d84f8844] and [414f2f30f649651c070ccbebd1e0fa25d84f8844] 7(26233) res: 1 7(26233) radius_authorize_sterman(): Failure 7(26233) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.119", nonce="414f303e9ba6002a4a6a52ef0193f6e4a78a9724", qop="auth" ' 7(26233) parse_headers: flags=-1 7(26233) check_via_address(192.168.1.122, 192.168.1.122, 0) 7(26233) DEBUG:destroy_avp_list: destroing list (nil) 7(26233) receive_msg: cleaning up 7(26233) SIP Request: 7(26233) method: <REGISTER> 7(26233) uri: sip:192.168.1.119 7(26233) version: <SIP/2.0> 7(26233) parse_headers: flags=1 7(26233) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16 7(26233) end of header reached, state=5 7(26233) parse_headers: Via found, flags=1 7(26233) parse_headers: this is the first via 7(26233) After parse_msg... 7(26233) preparing to run routing scripts... 7(26233) DEBUG : is_maxfwd_present: searching for max_forwards header 7(26233) parse_headers: flags=128 7(26233) end of header reached, state=9 7(26233) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119] 7(26233) DEBUG: to body [test sip:test@192.168.1.119 ] 7(26233) get_hdr_field: cseq <CSeq>: <222> <REGISTER> 7(26233) DEBUG: is_maxfwd_present: value = 70 7(26233) DEBUG: add_param: tag=b6d95f3126a0bea 7(26233) end of header reached, state=29 7(26233) parse_headers: flags=256 7(26233) DEBUG: get_hdr_body : content_length=0 7(26233) found end of header 7(26233) find_first_route(): No Route headers found 7(26233) loose_route(): There is no Route HF 7(26233) check_self - checking if host==us: 13==9 && [192.168.1.119] == [127.0.0.1] 7(26233) check_self - checking if port 5060 matches port 5060 7(26233) check_self - checking if host==us: 13==13 && [192.168.1.119] == [192.168.1.119] 7(26233) check_self - checking if port 5060 matches port 5060 7(26233) check_nonce(): comparing [414f2f30f649651c070ccbebd1e0fa25d84f8844] and [414f2f30f649651c070ccbebd1e0fa25d84f8844] 5(26231) res: 1 5(26231) radius_authorize_sterman(): Failure 5(26231) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.119", nonce="414f303fbc908446eba362c1478e67eb0c4d8ea1", qop="auth" ' 5(26231) parse_headers: flags=-1 5(26231) check_via_address(192.168.1.122, 192.168.1.122, 0) 5(26231) DEBUG:destroy_avp_list: destroing list (nil) 5(26231) receive_msg: cleaning up 5(26231) SIP Request: 5(26231) method: <REGISTER> 5(26231) uri: sip:192.168.1.119 5(26231) version: <SIP/2.0> 5(26231) parse_headers: flags=1 5(26231) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16 5(26231) end of header reached, state=5 5(26231) parse_headers: Via found, flags=1 5(26231) parse_headers: this is the first via 5(26231) After parse_msg... 5(26231) preparing to run routing scripts... 5(26231) DEBUG : is_maxfwd_present: searching for max_forwards header 5(26231) parse_headers: flags=128 5(26231) end of header reached, state=9 5(26231) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119] 5(26231) DEBUG: to body [test sip:test@192.168.1.119 ] 5(26231) get_hdr_field: cseq <CSeq>: <222> <REGISTER> 5(26231) DEBUG: is_maxfwd_present: value = 70 5(26231) DEBUG: add_param: tag=b6d95f3126a0bea 5(26231) end of header reached, state=29 5(26231) parse_headers: flags=256 5(26231) DEBUG: get_hdr_body : content_length=0 5(26231) found end of header 5(26231) find_first_route(): No Route headers found 5(26231) loose_route(): There is no Route HF 5(26231) check_self - checking if host==us: 13==9 && [192.168.1.119] == [127.0.0.1] 5(26231) check_self - checking if port 5060 matches port 5060 5(26231) check_self - checking if host==us: 13==13 && [192.168.1.119] == [192.168.1.119] 5(26231) check_self - checking if port 5060 matches port 5060 5(26231) check_nonce(): comparing [414f2f30f649651c070ccbebd1e0fa25d84f8844] and [414f2f30f649651c070ccbebd1e0fa25d84f8844] 10(26236) MSILO:clean_silo: cleaning stored messages - 280 6(26232) res: 1 6(26232) radius_authorize_sterman(): Failure 6(26232) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.119", nonce="414f3041a86f22554568df6d3889f6c6d1b005a0", qop="auth" ' 6(26232) parse_headers: flags=-1 6(26232) check_via_address(192.168.1.122, 192.168.1.122, 0) 6(26232) DEBUG:destroy_avp_list: destroing list (nil) 6(26232) receive_msg: cleaning up 6(26232) SIP Request: 6(26232) method: <REGISTER> 6(26232) uri: sip:192.168.1.119 6(26232) version: <SIP/2.0> 6(26232) parse_headers: flags=1 6(26232) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16 6(26232) end of header reached, state=5 6(26232) parse_headers: Via found, flags=1 6(26232) parse_headers: this is the first via 6(26232) After parse_msg... 6(26232) preparing to run routing scripts... 6(26232) DEBUG : is_maxfwd_present: searching for max_forwards header 6(26232) parse_headers: flags=128 6(26232) end of header reached, state=9 6(26232) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119] 6(26232) DEBUG: to body [test sip:test@192.168.1.119 ] 6(26232) get_hdr_field: cseq <CSeq>: <222> <REGISTER> 6(26232) DEBUG: is_maxfwd_present: value = 70 6(26232) DEBUG: add_param: tag=b6d95f3126a0bea 6(26232) end of header reached, state=29 6(26232) parse_headers: flags=256 6(26232) DEBUG: get_hdr_body : content_length=0 6(26232) found end of header 6(26232) find_first_route(): No Route headers found 6(26232) loose_route(): There is no Route HF 6(26232) check_self - checking if host==us: 13==9 && [192.168.1.119] == [127.0.0.1] 6(26232) check_self - checking if port 5060 matches port 5060 6(26232) check_self - checking if host==us: 13==13 && [192.168.1.119] == [192.168.1.119] 6(26232) check_self - checking if port 5060 matches port 5060 6(26232) check_nonce(): comparing [414f2f30f649651c070ccbebd1e0fa25d84f8844] and [414f2f30f649651c070ccbebd1e0fa25d84f8844] 10(26236) MSILO:clean_silo: cleaning stored messages - 300 10(26236) MSILO:clean_silo: cleaning expired messages 10(26236) MSILO:clean_silo: cleaning stored messages - 320 ./serctl stop
Thank you for your help
On Mon, 20 Sep 2004 20:16:14 +0200, Jan Janak jan@iptel.org wrote:
Please send me the full log of ser, there are missing some lines in the
log below. SIP messages would be good as well.
Jan.
Are you using radiusclient-ng? Did you compile both SER and radiusclient-ng from source. If not, try to do so.
Zeus
-----Original Message----- From: serusers-bounces@lists.iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of AJ Grinnell Sent: Wednesday, 22 September 2004 7:34 AM To: AJ Grinnell; serusers@lists.iptel.org Subject: Re: [Serusers] Radius Authentication help
Anyone have any ideas on this?
On Mon, 20 Sep 2004 15:28:56 -0400, AJ Grinnell ajgrinnell@gmail.com wrote:
Here is the confg part that I am using for authentication.
# (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="REGISTER") {# Uncomment this if you want to use digest authentication if
(!radius_www_authorize('192.168.1.119')) {
www_challenge('192.168.1.119', "1"); }; save("location"); break; };Using Ethereal, I am getting SIP response 401 Unauthorized with the current config, and 407 Proxy Authentication Required when using radius_proxy_authorize. Here is the log from using the
above config...
8(26234) check_via_address(192.168.1.122, 192.168.1.122, 0) 8(26234) DEBUG:destroy_avp_list: destroing list (nil) 8(26234) receive_msg: cleaning up 8(26234) SIP Request: 8(26234) method: <REGISTER> 8(26234) uri: sip:192.168.1.119 8(26234) version: <SIP/2.0> 8(26234) parse_headers: flags=1 8(26234) Found param type 232, <branch> =
<z9hG4bK-d1cbf2f>; state=16
8(26234) end of header reached, state=5 8(26234) parse_headers: Via found, flags=1 8(26234) parse_headers: this is the first via 8(26234) After parse_msg... 8(26234) preparing to run routing scripts... 8(26234) DEBUG : is_maxfwd_present: searching for
max_forwards header
8(26234) parse_headers: flags=128 8(26234) end of header reached, state=9 8(26234) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119] 8(26234) DEBUG: to body [test sip:test@192.168.1.119 ] 8(26234) get_hdr_field: cseq <CSeq>: <222> <REGISTER> 8(26234) DEBUG: is_maxfwd_present: value = 70 8(26234) DEBUG: add_param: tag=b6d95f3126a0bea 8(26234) end of header reached, state=29 8(26234) parse_headers: flags=256 8(26234) DEBUG: get_hdr_body : content_length=0 8(26234) found end of header 8(26234) find_first_route(): No Route headers found 8(26234) loose_route(): There is no Route HF 8(26234) check_self - checking if host==us: 13==9 &&
[192.168.1.119]
== [127.0.0.1] 8(26234) check_self - checking if port 5060 matches port 5060 8(26234) check_self - checking if host==us: 13==13 && [192.168.1.119] == [192.168.1.119] 8(26234) check_self - checking if port 5060 matches port 5060 8(26234) check_nonce(): comparing [414f2f30f649651c070ccbebd1e0fa25d84f8844] and [414f2f30f649651c070ccbebd1e0fa25d84f8844] 7(26233) res: 1 7(26233) radius_authorize_sterman(): Failure 7(26233) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.119", nonce="414f303e9ba6002a4a6a52ef0193f6e4a78a9724", qop="auth" ' 7(26233) parse_headers: flags=-1 7(26233) check_via_address(192.168.1.122, 192.168.1.122, 0) 7(26233) DEBUG:destroy_avp_list: destroing list (nil) 7(26233) receive_msg: cleaning up 7(26233) SIP Request: 7(26233) method: <REGISTER> 7(26233) uri: sip:192.168.1.119 7(26233) version: <SIP/2.0> 7(26233) parse_headers: flags=1 7(26233) Found param type 232, <branch> =
<z9hG4bK-d1cbf2f>; state=16
7(26233) end of header reached, state=5 7(26233) parse_headers: Via found, flags=1 7(26233) parse_headers: this is the first via 7(26233) After parse_msg... 7(26233) preparing to run routing scripts... 7(26233) DEBUG : is_maxfwd_present: searching for
max_forwards header
7(26233) parse_headers: flags=128 7(26233) end of header reached, state=9 7(26233) DEBUG: get_hdr_field: <To> [31];
uri=[sip:test@192.168.1.119]
7(26233) DEBUG: to body [test sip:test@192.168.1.119 ] 7(26233) get_hdr_field: cseq <CSeq>: <222> <REGISTER> 7(26233) DEBUG: is_maxfwd_present: value = 70 7(26233) DEBUG: add_param: tag=b6d95f3126a0bea 7(26233) end of header reached, state=29 7(26233) parse_headers: flags=256 7(26233) DEBUG: get_hdr_body : content_length=0 7(26233) found end of header 7(26233) find_first_route(): No Route headers found 7(26233) loose_route(): There is no Route HF 7(26233) check_self - checking if host==us: 13==9 &&
[192.168.1.119]
== [127.0.0.1] 7(26233) check_self - checking if port 5060 matches port 5060 7(26233) check_self - checking if host==us: 13==13 && [192.168.1.119] == [192.168.1.119] 7(26233) check_self - checking if port 5060 matches port 5060 7(26233) check_nonce(): comparing [414f2f30f649651c070ccbebd1e0fa25d84f8844] and [414f2f30f649651c070ccbebd1e0fa25d84f8844] 5(26231) res: 1 5(26231) radius_authorize_sterman(): Failure 5(26231) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.119", nonce="414f303fbc908446eba362c1478e67eb0c4d8ea1", qop="auth" ' 5(26231) parse_headers: flags=-1 5(26231) check_via_address(192.168.1.122, 192.168.1.122, 0) 5(26231) DEBUG:destroy_avp_list: destroing list (nil) 5(26231) receive_msg: cleaning up 5(26231) SIP Request: 5(26231) method: <REGISTER> 5(26231) uri: sip:192.168.1.119 5(26231) version: <SIP/2.0> 5(26231) parse_headers: flags=1 5(26231) Found param type 232, <branch> =
<z9hG4bK-d1cbf2f>; state=16
5(26231) end of header reached, state=5 5(26231) parse_headers: Via found, flags=1 5(26231) parse_headers: this is the first via 5(26231) After parse_msg... 5(26231) preparing to run routing scripts... 5(26231) DEBUG : is_maxfwd_present: searching for
max_forwards header
5(26231) parse_headers: flags=128 5(26231) end of header reached, state=9 5(26231) DEBUG: get_hdr_field: <To> [31];
uri=[sip:test@192.168.1.119]
5(26231) DEBUG: to body [test sip:test@192.168.1.119 ] 5(26231) get_hdr_field: cseq <CSeq>: <222> <REGISTER> 5(26231) DEBUG: is_maxfwd_present: value = 70 5(26231) DEBUG: add_param: tag=b6d95f3126a0bea 5(26231) end of header reached, state=29 5(26231) parse_headers: flags=256 5(26231) DEBUG: get_hdr_body : content_length=0 5(26231) found end of header 5(26231) find_first_route(): No Route headers found 5(26231) loose_route(): There is no Route HF 5(26231) check_self - checking if host==us: 13==9 &&
[192.168.1.119]
== [127.0.0.1] 5(26231) check_self - checking if port 5060 matches port 5060 5(26231) check_self - checking if host==us: 13==13 && [192.168.1.119] == [192.168.1.119] 5(26231) check_self - checking if port 5060 matches port 5060 5(26231) check_nonce(): comparing [414f2f30f649651c070ccbebd1e0fa25d84f8844] and [414f2f30f649651c070ccbebd1e0fa25d84f8844] 10(26236) MSILO:clean_silo: cleaning stored messages - 280 6(26232) res: 1 6(26232) radius_authorize_sterman(): Failure 6(26232) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.119", nonce="414f3041a86f22554568df6d3889f6c6d1b005a0", qop="auth" ' 6(26232) parse_headers: flags=-1 6(26232) check_via_address(192.168.1.122, 192.168.1.122, 0) 6(26232) DEBUG:destroy_avp_list: destroing list (nil) 6(26232) receive_msg: cleaning up 6(26232) SIP Request: 6(26232) method: <REGISTER> 6(26232) uri: sip:192.168.1.119 6(26232) version: <SIP/2.0> 6(26232) parse_headers: flags=1 6(26232) Found param type 232, <branch> =
<z9hG4bK-d1cbf2f>; state=16
6(26232) end of header reached, state=5 6(26232) parse_headers: Via found, flags=1 6(26232) parse_headers: this is the first via 6(26232) After parse_msg... 6(26232) preparing to run routing scripts... 6(26232) DEBUG : is_maxfwd_present: searching for
max_forwards header
6(26232) parse_headers: flags=128 6(26232) end of header reached, state=9 6(26232) DEBUG: get_hdr_field: <To> [31];
uri=[sip:test@192.168.1.119]
6(26232) DEBUG: to body [test sip:test@192.168.1.119 ] 6(26232) get_hdr_field: cseq <CSeq>: <222> <REGISTER> 6(26232) DEBUG: is_maxfwd_present: value = 70 6(26232) DEBUG: add_param: tag=b6d95f3126a0bea 6(26232) end of header reached, state=29 6(26232) parse_headers: flags=256 6(26232) DEBUG: get_hdr_body : content_length=0 6(26232) found end of header 6(26232) find_first_route(): No Route headers found 6(26232) loose_route(): There is no Route HF 6(26232) check_self - checking if host==us: 13==9 &&
[192.168.1.119]
== [127.0.0.1] 6(26232) check_self - checking if port 5060 matches port 5060 6(26232) check_self - checking if host==us: 13==13 && [192.168.1.119] == [192.168.1.119] 6(26232) check_self - checking if port 5060 matches port 5060 6(26232) check_nonce(): comparing [414f2f30f649651c070ccbebd1e0fa25d84f8844] and [414f2f30f649651c070ccbebd1e0fa25d84f8844] 10(26236) MSILO:clean_silo: cleaning stored messages - 300 10(26236) MSILO:clean_silo: cleaning expired messages 10(26236) MSILO:clean_silo: cleaning stored messages - 320 ./serctl stop
Thank you for your help
On Mon, 20 Sep 2004 20:16:14 +0200, Jan Janak jan@iptel.org wrote:
Please send me the full log of ser, there are missing
some lines in
the
log below. SIP messages would be good as well.
Jan.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
All I can say from the log below is that the freeradius did not authorize the credentials, make sure that you have correct password and that the radius server is configured properly.
Jan.
On 21-09 17:33, AJ Grinnell wrote:
Anyone have any ideas on this?
On Mon, 20 Sep 2004 15:28:56 -0400, AJ Grinnell ajgrinnell@gmail.com wrote:
Here is the confg part that I am using for authentication.
# (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="REGISTER") {# Uncomment this if you want to use digest authentication if (!radius_www_authorize('192.168.1.119')) { www_challenge('192.168.1.119', "1"); };
save("location"); break; };Using Ethereal, I am getting SIP response 401 Unauthorized with the current config, and 407 Proxy Authentication Required when using radius_proxy_authorize. Here is the log from using the above config...
8(26234) check_via_address(192.168.1.122, 192.168.1.122, 0) 8(26234) DEBUG:destroy_avp_list: destroing list (nil) 8(26234) receive_msg: cleaning up 8(26234) SIP Request: 8(26234) method: <REGISTER> 8(26234) uri: sip:192.168.1.119 8(26234) version: <SIP/2.0> 8(26234) parse_headers: flags=1 8(26234) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16 8(26234) end of header reached, state=5 8(26234) parse_headers: Via found, flags=1 8(26234) parse_headers: this is the first via 8(26234) After parse_msg... 8(26234) preparing to run routing scripts... 8(26234) DEBUG : is_maxfwd_present: searching for max_forwards header 8(26234) parse_headers: flags=128 8(26234) end of header reached, state=9 8(26234) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119] 8(26234) DEBUG: to body [test sip:test@192.168.1.119 ] 8(26234) get_hdr_field: cseq <CSeq>: <222> <REGISTER> 8(26234) DEBUG: is_maxfwd_present: value = 70 8(26234) DEBUG: add_param: tag=b6d95f3126a0bea 8(26234) end of header reached, state=29 8(26234) parse_headers: flags=256 8(26234) DEBUG: get_hdr_body : content_length=0 8(26234) found end of header 8(26234) find_first_route(): No Route headers found 8(26234) loose_route(): There is no Route HF 8(26234) check_self - checking if host==us: 13==9 && [192.168.1.119] == [127.0.0.1] 8(26234) check_self - checking if port 5060 matches port 5060 8(26234) check_self - checking if host==us: 13==13 && [192.168.1.119] == [192.168.1.119] 8(26234) check_self - checking if port 5060 matches port 5060 8(26234) check_nonce(): comparing [414f2f30f649651c070ccbebd1e0fa25d84f8844] and [414f2f30f649651c070ccbebd1e0fa25d84f8844] 7(26233) res: 1 7(26233) radius_authorize_sterman(): Failure 7(26233) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.119", nonce="414f303e9ba6002a4a6a52ef0193f6e4a78a9724", qop="auth" ' 7(26233) parse_headers: flags=-1 7(26233) check_via_address(192.168.1.122, 192.168.1.122, 0) 7(26233) DEBUG:destroy_avp_list: destroing list (nil) 7(26233) receive_msg: cleaning up 7(26233) SIP Request: 7(26233) method: <REGISTER> 7(26233) uri: sip:192.168.1.119 7(26233) version: <SIP/2.0> 7(26233) parse_headers: flags=1 7(26233) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16 7(26233) end of header reached, state=5 7(26233) parse_headers: Via found, flags=1 7(26233) parse_headers: this is the first via 7(26233) After parse_msg... 7(26233) preparing to run routing scripts... 7(26233) DEBUG : is_maxfwd_present: searching for max_forwards header 7(26233) parse_headers: flags=128 7(26233) end of header reached, state=9 7(26233) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119] 7(26233) DEBUG: to body [test sip:test@192.168.1.119 ] 7(26233) get_hdr_field: cseq <CSeq>: <222> <REGISTER> 7(26233) DEBUG: is_maxfwd_present: value = 70 7(26233) DEBUG: add_param: tag=b6d95f3126a0bea 7(26233) end of header reached, state=29 7(26233) parse_headers: flags=256 7(26233) DEBUG: get_hdr_body : content_length=0 7(26233) found end of header 7(26233) find_first_route(): No Route headers found 7(26233) loose_route(): There is no Route HF 7(26233) check_self - checking if host==us: 13==9 && [192.168.1.119] == [127.0.0.1] 7(26233) check_self - checking if port 5060 matches port 5060 7(26233) check_self - checking if host==us: 13==13 && [192.168.1.119] == [192.168.1.119] 7(26233) check_self - checking if port 5060 matches port 5060 7(26233) check_nonce(): comparing [414f2f30f649651c070ccbebd1e0fa25d84f8844] and [414f2f30f649651c070ccbebd1e0fa25d84f8844] 5(26231) res: 1 5(26231) radius_authorize_sterman(): Failure 5(26231) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.119", nonce="414f303fbc908446eba362c1478e67eb0c4d8ea1", qop="auth" ' 5(26231) parse_headers: flags=-1 5(26231) check_via_address(192.168.1.122, 192.168.1.122, 0) 5(26231) DEBUG:destroy_avp_list: destroing list (nil) 5(26231) receive_msg: cleaning up 5(26231) SIP Request: 5(26231) method: <REGISTER> 5(26231) uri: sip:192.168.1.119 5(26231) version: <SIP/2.0> 5(26231) parse_headers: flags=1 5(26231) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16 5(26231) end of header reached, state=5 5(26231) parse_headers: Via found, flags=1 5(26231) parse_headers: this is the first via 5(26231) After parse_msg... 5(26231) preparing to run routing scripts... 5(26231) DEBUG : is_maxfwd_present: searching for max_forwards header 5(26231) parse_headers: flags=128 5(26231) end of header reached, state=9 5(26231) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119] 5(26231) DEBUG: to body [test sip:test@192.168.1.119 ] 5(26231) get_hdr_field: cseq <CSeq>: <222> <REGISTER> 5(26231) DEBUG: is_maxfwd_present: value = 70 5(26231) DEBUG: add_param: tag=b6d95f3126a0bea 5(26231) end of header reached, state=29 5(26231) parse_headers: flags=256 5(26231) DEBUG: get_hdr_body : content_length=0 5(26231) found end of header 5(26231) find_first_route(): No Route headers found 5(26231) loose_route(): There is no Route HF 5(26231) check_self - checking if host==us: 13==9 && [192.168.1.119] == [127.0.0.1] 5(26231) check_self - checking if port 5060 matches port 5060 5(26231) check_self - checking if host==us: 13==13 && [192.168.1.119] == [192.168.1.119] 5(26231) check_self - checking if port 5060 matches port 5060 5(26231) check_nonce(): comparing [414f2f30f649651c070ccbebd1e0fa25d84f8844] and [414f2f30f649651c070ccbebd1e0fa25d84f8844] 10(26236) MSILO:clean_silo: cleaning stored messages - 280 6(26232) res: 1 6(26232) radius_authorize_sterman(): Failure 6(26232) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.119", nonce="414f3041a86f22554568df6d3889f6c6d1b005a0", qop="auth" ' 6(26232) parse_headers: flags=-1 6(26232) check_via_address(192.168.1.122, 192.168.1.122, 0) 6(26232) DEBUG:destroy_avp_list: destroing list (nil) 6(26232) receive_msg: cleaning up 6(26232) SIP Request: 6(26232) method: <REGISTER> 6(26232) uri: sip:192.168.1.119 6(26232) version: <SIP/2.0> 6(26232) parse_headers: flags=1 6(26232) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16 6(26232) end of header reached, state=5 6(26232) parse_headers: Via found, flags=1 6(26232) parse_headers: this is the first via 6(26232) After parse_msg... 6(26232) preparing to run routing scripts... 6(26232) DEBUG : is_maxfwd_present: searching for max_forwards header 6(26232) parse_headers: flags=128 6(26232) end of header reached, state=9 6(26232) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119] 6(26232) DEBUG: to body [test sip:test@192.168.1.119 ] 6(26232) get_hdr_field: cseq <CSeq>: <222> <REGISTER> 6(26232) DEBUG: is_maxfwd_present: value = 70 6(26232) DEBUG: add_param: tag=b6d95f3126a0bea 6(26232) end of header reached, state=29 6(26232) parse_headers: flags=256 6(26232) DEBUG: get_hdr_body : content_length=0 6(26232) found end of header 6(26232) find_first_route(): No Route headers found 6(26232) loose_route(): There is no Route HF 6(26232) check_self - checking if host==us: 13==9 && [192.168.1.119] == [127.0.0.1] 6(26232) check_self - checking if port 5060 matches port 5060 6(26232) check_self - checking if host==us: 13==13 && [192.168.1.119] == [192.168.1.119] 6(26232) check_self - checking if port 5060 matches port 5060 6(26232) check_nonce(): comparing [414f2f30f649651c070ccbebd1e0fa25d84f8844] and [414f2f30f649651c070ccbebd1e0fa25d84f8844] 10(26236) MSILO:clean_silo: cleaning stored messages - 300 10(26236) MSILO:clean_silo: cleaning expired messages 10(26236) MSILO:clean_silo: cleaning stored messages - 320 ./serctl stop
Thank you for your help
On Mon, 20 Sep 2004 20:16:14 +0200, Jan Janak jan@iptel.org wrote:
Please send me the full log of ser, there are missing some lines in the
log below. SIP messages would be good as well.
Jan.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
This is the IP of the server, so it does not really matter from where does the user agent access the server. I would recommend you to use the domain name instead.
Jan.
On 20-09 12:08, AJ Grinnell wrote:
I guess this is the big confusion that I have to get past. The UAs will be hitting SER from all over different IP blocks and subnets. Do I need to re-write the source? I am sorry, this is probly very basic, but I am not understanding it right now.
On Mon, 20 Sep 2004 17:51:40 +0200, Jan Janak jan@iptel.org wrote:
Do you have 192.168.1.119 as the domain in freeradius (because this is what the user agent uses).
Jan.
On 19-09 11:13, AJ Grinnell wrote:
Sorry if this is a re-post, I did not see it come through the list in the almot 24 hours since I sent it. Could someone please help me with this? I am running SER 0.8.14 and Freeradius 1.0.0. They are on sperate servers, but I can use radiusclient on the SER box and succesfully authenticate a test account on the remote radius box. When my sipura spa-200 trys to register to SER, SER does not appear to be making a request to radius. I have followed the ser-radius how-to, and still no good. Below are my configs and debug. Thank you all for the help that you have given me in the past and hopefully someone can help with this question.
Config # ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd) #fork=yes log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo"
alias=**************** alias=*****************
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" loadmodule "/usr/local/lib/ser/modules/uri_radius.so" loadmodule "/usr/local/lib/ser/modules/group_radius.so" loadmodule "/usr/local/lib/ser/modules/pa.so" loadmodule "/usr/local/lib/ser/modules/nathelper.so" loadmodule "/usr/local/lib/ser/modules/msilo.so" # ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 2) modparam("usrloc", "db_url", "sql://ser:*********@***********/ser")
# -- auth radius params -- modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") modparam("auth_radius", "service_type", 15)
# -- URI radius params -- modparam("uri_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") modparam("uri_radius", "service_type", 10)
# -- Group radius params -- modparam("group_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") modparam("group_radius", "use_domain", 0)
# -- Presence params -- modparam("pa", "default_expires", 3600)
# -- Nathelper params -- modparam("nathelper", "natping_interval", 10)
# -- Msilo params -- modparam("msilo", "db_url", "sql://ser:********@*********/ser") modparam("msilo", "db_table", "silo") modparam("msilo", "expire_time", 36000) modparam("msilo", "check_time", 20) modparam("msilo", "clean_period", 3) modparam("msilo", "use_contact", 1)
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route(); # loose-route processing if (loose_route()) { t_relay(); break; }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it)# if (uri==myself) {
if (method=="REGISTER") {# Uncomment this if you want to use digest authentication if (!radius_www_authorize("")) { www_challenge("", "0"); # I have also tried 1 in place of 0 # };
save("location"); break; }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; };# }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); };
}
SER debug:
6(16294) SIP Request: 6(16294) method: <REGISTER> 6(16294) uri: sip:192.168.1.119 6(16294) version: <SIP/2.0> 6(16294) parse_headers: flags=1 6(16294) Found param type 232, <branch> = <z9hG4bK-5579ff0b>; state=16 6(16294) end of header reached, state=5 6(16294) parse_headers: Via found, flags=1 6(16294) parse_headers: this is the first via 6(16294) After parse_msg... 6(16294) preparing to run routing scripts... 6(16294) DEBUG : is_maxfwd_present: searching for max_forwards header 6(16294) parse_headers: flags=128 6(16294) end of header reached, state=9 6(16294) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test@192.168.1.119] 6(16294) DEBUG: to body [test sip:test@192.168.1.119 ] 6(16294) get_hdr_field: cseq <CSeq>: <170> <REGISTER> 6(16294) DEBUG: is_maxfwd_present: value = 70 6(16294) DEBUG: add_param: tag=79b50153b98e6976 6(16294) end of header reached, state=29 6(16294) parse_headers: flags=256 6(16294) DEBUG: get_hdr_body : content_length=0 6(16294) found end of header 6(16294) find_first_route(): No Route headers found 6(16294) loose_route(): There is no Route HF 6(16294) check_nonce(): comparing [414c90ab7f933a6b3c06a4bbbca22ce39fbf8012] and [414c90ab7f933a6b3c06a4bbbca22ce39fbf8012] 10(16299) MSILO:clean_silo: cleaning stored messages - 20
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
AJ Grinnell -
Jan Janak -
Zeus Ng