22 Dec
2006
22 Dec
'06
12:35 p.m.
Hi guys,
I am trying to set up radius and avp for ages now, and this time i think i am close to
it. I have a problem and I can't find any information about it.
The thing is, my soft agent (set to uid 101) can't register, and it is getting
"Forbidden IP" even with this in the cfg file (see below) I have set up
freeradius and radiusclient-ng according to the manual on
http://www.openser.org/docs/openser-radius-1.0.x.html. I can't find anything on the
error i am getting in my log. If you need my complete ..cfg or log file, just ask, and I
will send them promptly.
thanks in advance, best regards, Zoran
openser.cfg:
....
xlog("L_ERR","rpid = $avp(s:rpid)");
xlog("L_ERR","adresa = $avp(s:adresa)");
xlog("L_ERR","adresa2 = $avp(s:adresa2)");
# check the src ip address
# avp_load_radius("caller");
if(!avp_check("$adresa", "eq/$adresa/ig"))
{
sl_send_reply("403", "Forbidden IP");
exit;
};
save("location");
exit;
};
....
freeradius/users:
....
101 Auth-Type := Digest, User-Password == "101"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:101",
Sip-Avp += "adresa:10.0.0.157",
Sip-Avp += "adresa2:10.0.0.157"
....
last entries in the log after the rejected register.
....
DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157>
DEBUG:auth_radius:generate_avps: AVP 'adresa'/0='10.0.0.157'/0 has been
added
DEBUG:auth_radius:extract_avp: string is <adresa2:10.0.0.157>
DEBUG:auth_radius:extract_avp: AVP name is <adresa2>
DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157>
DEBUG:auth_radius:generate_avps: AVP 'adresa2'/0='10.0.0.157'/0 has been
added
DEBUG:auth_radius:extract_avp: string is <rpid:101>
DEBUG:auth_radius:extract_avp: AVP name is <rpid>
DEBUG:auth_radius:extract_avp: AVP val is <101>
DEBUG:auth_radius:generate_avps: AVP 'rpid'/0='101'/0 has been added
DEBUG:auth_radius:extract_avp: string is <adresa:10.0.0.157>
DEBUG:auth_radius:extract_avp: AVP name is <adresa>
DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157>
DEBUG:auth_radius:generate_avps: AVP 'adresa'/0='10.0.0.157'/0 has been
added
DEBUG:auth_radius:extract_avp: string is <adresa2:10.0.0.157>
DEBUG:auth_radius:extract_avp: AVP name is <adresa2>
DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157>
DEBUG:auth_radius:generate_avps: AVP 'adresa2'/0='10.0.0.157'/0 has been
added
rpid = 101
adresa = 10.0.0.157
adresa2 = 10.0.0.157
xl_get_spec_value: error - null sp->itf
ERROR:avpops:ops_check_avp: cannot get src value
parse_headers: flags=ffffffffffffffff
check_via_address(192.168.52.145, 192.168.52.145, 0)
DEBUG:destroy_avp_list: destroying list 0x404d9238
receive_msg: cleaning up
22 Dec
22 Dec
12:44 p.m.
Hello,
I guess you are using openser 1.1.0, bu the config is still for the
1.0.x in some cases. See:
http://openser.org/dokuwiki/doku.php/install:1.0.x-to-1.1.x#avpops
If I am right with my assumption, then you have to change: $adresa in
$avp(adresa) in avp_check(). Also, there looks to be a mistake, you
compare the avp it itself.
Cheers,
Daniel
On 12/22/06 13:35, Zoran Milic wrote:
Hi guys,
I am trying to set up radius and avp for ages now, and this time i
think i am close to it. I have a problem and I can't find any
information about it.
The thing is, my soft agent (set to uid 101) can't register, and it
is getting "Forbidden IP" even with this in the cfg file (see below) I
have set up freeradius and radiusclient-ng according to the manual on
http://www..openser.org/docs/openser-radius-1.0.x.html
<http://www.openser.org/docs/openser-radius-1.0.x.html>. I can't find
anything on the error i am getting in my log. If you need my complete
.cfg or log file, just ask, and I will send them promptly.
thanks
in advance, best regards, Zoran
*openser.cfg:*
...
xlog("L_ERR","rpid = $avp(s:rpid)");
xlog("L_ERR","adresa = $avp(s:adresa)");
xlog("L_ERR","adresa2 = $avp(s:adresa2)");
# check the src ip address
# avp_load_radius("caller");
if(!avp_check("$adresa", "eq/$adresa/ig"))
{
sl_send_reply("403", "Forbidden IP");
exit;
};
save("location");
exit;
};
...
*freeradius/users:*
...
101 Auth-Type := Digest, User-Password == "101"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:101",
Sip-Avp += "adresa:10.0.0.157",
Sip-Avp += "adresa2:10.0.0.157"
...
*last entries in the log after the rejected register.
*...
DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157>
DEBUG:auth_radius:generate_avps: AVP 'adresa'/0='10.0.0.157'/0 has
been added
DEBUG:auth_radius:extract_avp: string is <adresa2:10.0.0.157>
DEBUG:auth_radius:extract_avp: AVP name is <adresa2>
DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157>
DEBUG:auth_radius:generate_avps: AVP 'adresa2'/0='10.0.0.157'/0 has
been added
DEBUG:auth_radius:extract_avp: string is <rpid:101>
DEBUG:auth_radius:extract_avp: AVP name is <rpid>
DEBUG:auth_radius:extract_avp: AVP val is <101>
DEBUG:auth_radius:generate_avps: AVP 'rpid'/0='101'/0 has been added
DEBUG:auth_radius:extract_avp: string is <adresa:10.0.0.157>
DEBUG:auth_radius:extract_avp: AVP name is <adresa>
DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157>
DEBUG:auth_radius:generate_avps: AVP 'adresa'/0='10.0.0.157'/0 has
been added
DEBUG:auth_radius:extract_avp: string is <adresa2:10.0.0.157>
DEBUG:auth_radius:extract_avp: AVP name is <adresa2>
DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157>
DEBUG:auth_radius:generate_avps: AVP 'adresa2'/0='10.0.0.157'/0 has
been added
rpid = 101
adresa = 10.0.0.157
adresa2 = 10.0.0.157
xl_get_spec_value: error - null sp->itf
ERROR:avpops:ops_check_avp: cannot get src value
parse_headers: flags=ffffffffffffffff
check_via_address(192.168.52.145, 192.168.52.145, 0)
DEBUG:destroy_avp_list: destroying list 0x404d9238
receive_msg: cleaning up
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
1:04 p.m.
Thanks!!
It realy helped! The right line should be:
if(!avp_check("$avp(s:adresa)", "eq/$avp(s:adresa)/ig"))
best regards, Zoran
P.S.
It was not a mistake, i tried to compare the same avp's to see if it
is comparing or doing something else.
----- Original Message -----
From: "Daniel-Constantin Mierla" <daniel(a)voice-system.ro>
To: "Zoran Milic" <miliczo(a)sezampro.yu>
Cc: <users(a)openser.org>
Sent: Friday, December 22, 2006 12:44 PM
Subject: Re: [Users] help needed on avpops
Hello,
I guess you are using openser 1.1.0, bu the config is still for the 1.0.x
in some cases. See:
http://openser.org/dokuwiki/doku.php/install:1.0.x-to-1.1.x#avpops
If I am right with my assumption, then you have to change: $adresa in
$avp(adresa) in avp_check(). Also, there looks to be a mistake, you
compare the avp it itself.
Cheers,
Daniel
On 12/22/06 13:35, Zoran Milic wrote:
Hi guys,
I am trying to set up radius and avp for ages now, and this time i think
i am close to it. I have a problem and I can't find any information about
it.
The thing is, my soft agent (set to uid 101) can't register, and it is
getting "Forbidden IP" even with this in the cfg file (see below) I have
set up freeradius and radiusclient-ng according to the manual on
http://www..openser.org/docs/openser-radius-1.0.x.html
<http://www.openser.org/docs/openser-radius-1.0.x.html>. I can't find
anything on the error i am getting in my log. If you need my complete
.cfg or log file, just ask, and I will send them promptly.
thanks in advance, best regards, Zoran
*openser.cfg:*
...
xlog("L_ERR","rpid = $avp(s:rpid)");
xlog("L_ERR","adresa = $avp(s:adresa)");
xlog("L_ERR","adresa2 = $avp(s:adresa2)");
# check the src ip address
# avp_load_radius("caller");
if(!avp_check("$adresa", "eq/$adresa/ig"))
{
sl_send_reply("403", "Forbidden IP");
exit;
};
save("location");
exit;
};
...
*freeradius/users:*
...
101 Auth-Type := Digest, User-Password == "101"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:101",
Sip-Avp += "adresa:10.0.0.157",
Sip-Avp += "adresa2:10.0.0.157"
...
*last entries in the log after the rejected register.
*...
DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157>
DEBUG:auth_radius:generate_avps: AVP 'adresa'/0='10.0.0.157'/0 has been
added
DEBUG:auth_radius:extract_avp: string is <adresa2:10.0.0.157>
DEBUG:auth_radius:extract_avp: AVP name is <adresa2>
DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157>
DEBUG:auth_radius:generate_avps: AVP 'adresa2'/0='10.0.0.157'/0 has been
added
DEBUG:auth_radius:extract_avp: string is <rpid:101>
DEBUG:auth_radius:extract_avp: AVP name is <rpid>
DEBUG:auth_radius:extract_avp: AVP val is <101>
DEBUG:auth_radius:generate_avps: AVP 'rpid'/0='101'/0 has been added
DEBUG:auth_radius:extract_avp: string is <adresa:10.0.0.157>
DEBUG:auth_radius:extract_avp: AVP name is <adresa>
DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157>
DEBUG:auth_radius:generate_avps: AVP 'adresa'/0='10.0.0.157'/0 has been
added
DEBUG:auth_radius:extract_avp: string is <adresa2:10.0.0.157>
DEBUG:auth_radius:extract_avp: AVP name is <adresa2>
DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157>
DEBUG:auth_radius:generate_avps: AVP 'adresa2'/0='10.0.0.157'/0 has been
added
rpid = 101
adresa = 10.0.0.157
adresa2 = 10.0.0.157
xl_get_spec_value: error - null sp->itf
ERROR:avpops:ops_check_avp: cannot get src value
parse_headers: flags=ffffffffffffffff
check_via_address(192.168.52.145, 192.168.52.145, 0)
DEBUG:destroy_avp_list: destroying list 0x404d9238
receive_msg: cleaning up
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.432 / Virus Database: 268.15.26/597 - Release Date:
12/21/2006 6:45 PM
6622
days inactive
6622
days old
2 comments
2 participants
participants (2)
-
Daniel-Constantin Mierla -
Zoran Milic