Hi, I am getting following errors as seen in /var/log/message while running openser with radius integration, ***************************************************************************************** Nov 6 20:33:45 lx-dev monit[13565]: 'openser' start: /etc/init.d/openser Nov 6 20:33:45 lx-dev monit[13565]: 'openser' failed to start Nov 6 20:33:45 lx-dev openser: init_tcp: using epoll_lt as the io watch method (auto detected) Nov 6 20:33:45 lx-dev openser: INFO: statistics manager successfully initialized Nov 6 20:33:45 lx-dev openser: StateLess module - initializing Nov 6 20:33:45 lx-dev openser: TM - initializing... Nov 6 20:33:46 lx-dev openser: Maxfwd module- initializing Nov 6 20:33:46 lx-dev openser: AVPops - initializing Nov 6 20:33:46 lx-dev openser: TextOPS - initializing Nov 6 20:33:46 lx-dev openser: ACC - initializing Nov 6 20:33:46 lx-dev openser: AUTH module - initializing Nov 6 20:33:46 lx-dev openser: xl_parse_item: error - bad parameters Nov 6 20:33:46 lx-dev openser: ERROR:avpops:fixup_check_avp: unable to get pseudo-variable in P1 Nov 6 20:33:46 lx-dev openser: ERROR: fix_actions: fixing failed (code=-2) at cfg line 146 Nov 6 20:33:46 lx-dev openser: ERROR: fix_expr : fix_actions error ***************************************************************************************** I am using openser (Version: openser-1.1.0-tls) and radius server (freeradius-1.1.3) along with radiusclient-ng (radiusclient-ng-0.5.2). I exactly followed the following radius integration documentation from openser web site, http://openser.org/docs/openser-radius-1.0.x.html
If I remove the radius integration related part from openser.cfg then my openser server starts fine, I have tested it with kphone SIP UA and it works fine.
One other question is I get parse error for following 2 statements in openser.cfg (I commented them to make forward progress). Please advice the right syntax to use following modparam statements. modparam("acc", "radius_extra", "Sip-Src-IP=$si;Sip-Src-Port=$sp") modparam("avpops", "avp_aliases", "day=i:101;time=i:102")
This is kind of urgent for me and I am clueless at this point so really appreciate all your help.
Thanks, - San P.S. For your reference here is the openser.cfg file that I am using, # # $Id$ # # radius config script #
# ----------- global configuration parameters ------------------------
debug=9 # debug level (cmd line: -dddddddddd) fork=no log_stderror=no # (cmd line: -E)
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 listen=udp:192.168.0.5 alias="192.168.0.5"
#fifo="/tmp/openser_fifo"
# ------------------ module loading ---------------------------------- mpath="/usr/local/lib/openser/modules"
loadmodule "mysql.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "avpops.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "xlog.so" loadmodule "uri.so" loadmodule "acc.so" loadmodule "auth.so" loadmodule "auth_radius.so" loadmodule "group_radius.so" loadmodule "avp_radius.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params -- #modparam("usrloc","db_url","mysql://openser:openserrw@localhost/openser") modparam("usrloc", "db_mode", 2)
# -- acc params -- modparam("acc", "radius_flag", 1) modparam("acc", "radius_missed_flag", 2) modparam("acc", "log_flag", 1) modparam("acc", "log_missed_flag", 1) modparam("acc", "service_type", 15) #modparam("acc", "radius_extra", "Sip-Src-IP=$si;Sip-Src-Port=$sp") modparam("acc|auth_radius|group_radius|avp_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")
# -- group_radius params -- modparam("group_radius", "use_domain", 1)
# -- avpops params -- #modparam("avpops", "avp_aliases", "day=i:101;time=i:102")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; };
if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; };
# check if user is suspended if(is_method("REGISTER|INVITE|MESSAGE|OPTIONS|SUBSCRIBE")) { if (radius_is_user_in("From", "suspended")) { sl_send_reply("403", "Forbidden - suspended"); exit; }; };
# we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route();
# subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); if(is_method("BYE")) { # log it all the time acc_rad_request("200 ok"); acc_log_request("200 ok"); } route(1); };
if(is_method("INVITE") && !has_totag()) { # set the acc flags setflag(1); setflag(2); };
if (!uri==myself) { # check if user is allowed to do voip calls to other domains if(is_method("INVITE|MESSAGE")) { if (!radius_is_user_in("From", "voip")) { sl_send_reply("403", "Forbidden VoIP"); exit; }; }; # mark routing logic in request append_hf("P-hint: outbound\r\n"); route(1); };
# if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { # authenticate registers if (method=="REGISTER") { if (!radius_www_authorize("192.168.0.5")) { www_challenge("192.168.0.5", "0"); exit; };
# check the src ip address if(!avp_check("i:2", "eq/$src_ip/ig")) { sl_send_reply("403", "Forbidden IP"); exit; };
save("location"); exit; };
# calls to pstn if(uri=~"sip:00[1-9][0-9]+@") { if(is_method("INVITE") && !has_totag()) { if (!radius_is_user_in("From", "pstn")) { sl_send_reply("403", "Forbidden PSTN"); exit; }; }; # set gateway address rewritehostport("10.10.10.10:5090"); route(1); };
# load callee's avps if(avp_load_radius("callee")) { # check if user has time filter enabled if(avp_check("i:3", "eq/i:1")) { # print time in an avp avp_printf("i:100", "$Tf"); # extract day avp_subst("i:100/i:101", "/(.{3}) .+/*\1*/"); if(!avp_check("i:6", "fm/$day")) { sl_send_reply("403", "Forbidden - day"); exit; }; # extract 'hours:minutes' avp_subst("i:100/i:102", "/(.{10}) (.{5}):.+/\2/"); if((is_avp_set("i:4") && avp_check("i:4", "gt/$time")) || (is_avp_set("i:5") && avp_check("i:5", "lt/$time"))) { sl_send_reply("403", "Forbidden - time"); exit; }; }; };
# native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { # log to acc as missed call acc_rad_request("404 Not Found"); acc_log_request("404 Not Found"); sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); };
route(1); }
# generic forward route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; exit; } #
-
Sanjeev Manoli