Hi guys,
I am trying to set up radius and avp for ages now, and this time i think i am close to it. I have a problem and I can't find any information about it. The thing is, my soft agent (set to uid 101) can't register, and it is getting "Forbidden IP" even with this in the cfg file (see below) I have set up freeradius and radiusclient-ng according to the manual on http://www.openser.org/docs/openser-radius-1.0.x.html. I can't find anything on the error i am getting in my log. If you need my complete ..cfg or log file, just ask, and I will send them promptly.
thanks in advance, best regards, Zoran
openser.cfg: .... xlog("L_ERR","rpid = $avp(s:rpid)"); xlog("L_ERR","adresa = $avp(s:adresa)"); xlog("L_ERR","adresa2 = $avp(s:adresa2)");
# check the src ip address # avp_load_radius("caller"); if(!avp_check("$adresa", "eq/$adresa/ig")) { sl_send_reply("403", "Forbidden IP"); exit; }; save("location"); exit; }; ....
freeradius/users: .... 101 Auth-Type := Digest, User-Password == "101" Reply-Message = "Authenticated", Sip-Avp += "rpid:101", Sip-Avp += "adresa:10.0.0.157", Sip-Avp += "adresa2:10.0.0.157" ....
last entries in the log after the rejected register. .... DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157> DEBUG:auth_radius:generate_avps: AVP 'adresa'/0='10.0.0.157'/0 has been added DEBUG:auth_radius:extract_avp: string is adresa2:10.0.0.157 DEBUG:auth_radius:extract_avp: AVP name is <adresa2> DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157> DEBUG:auth_radius:generate_avps: AVP 'adresa2'/0='10.0.0.157'/0 has been added DEBUG:auth_radius:extract_avp: string is rpid:101 DEBUG:auth_radius:extract_avp: AVP name is <rpid> DEBUG:auth_radius:extract_avp: AVP val is <101> DEBUG:auth_radius:generate_avps: AVP 'rpid'/0='101'/0 has been added DEBUG:auth_radius:extract_avp: string is adresa:10.0.0.157 DEBUG:auth_radius:extract_avp: AVP name is <adresa> DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157> DEBUG:auth_radius:generate_avps: AVP 'adresa'/0='10.0.0.157'/0 has been added DEBUG:auth_radius:extract_avp: string is adresa2:10.0.0.157 DEBUG:auth_radius:extract_avp: AVP name is <adresa2> DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157> DEBUG:auth_radius:generate_avps: AVP 'adresa2'/0='10.0.0.157'/0 has been added rpid = 101 adresa = 10.0.0.157 adresa2 = 10.0.0.157 xl_get_spec_value: error - null sp->itf ERROR:avpops:ops_check_avp: cannot get src value parse_headers: flags=ffffffffffffffff check_via_address(192.168.52.145, 192.168.52.145, 0) DEBUG:destroy_avp_list: destroying list 0x404d9238 receive_msg: cleaning up
Hello,
I guess you are using openser 1.1.0, bu the config is still for the 1.0.x in some cases. See:
http://openser.org/dokuwiki/doku.php/install:1.0.x-to-1.1.x#avpops
If I am right with my assumption, then you have to change: $adresa in $avp(adresa) in avp_check(). Also, there looks to be a mistake, you compare the avp it itself.
Cheers, Daniel
On 12/22/06 13:35, Zoran Milic wrote:
Hi guys,
I am trying to set up radius and avp for ages now, and this time i think i am close to it. I have a problem and I can't find any information about it. The thing is, my soft agent (set to uid 101) can't register, and it is getting "Forbidden IP" even with this in the cfg file (see below) I have set up freeradius and radiusclient-ng according to the manual on http://www..openser.org/docs/openser-radius-1.0.x.html http://www.openser.org/docs/openser-radius-1.0.x.html. I can't find anything on the error i am getting in my log. If you need my complete .cfg or log file, just ask, and I will send them promptly.
thanksin advance, best regards, Zoran
*openser.cfg:* ... xlog("L_ERR","rpid = $avp(s:rpid)"); xlog("L_ERR","adresa = $avp(s:adresa)"); xlog("L_ERR","adresa2 = $avp(s:adresa2)");
# check the src ip address # avp_load_radius("caller"); if(!avp_check("$adresa", "eq/$adresa/ig")) { sl_send_reply("403", "Forbidden IP"); exit; }; save("location"); exit; }; ...
*freeradius/users:* ... 101 Auth-Type := Digest, User-Password == "101" Reply-Message = "Authenticated", Sip-Avp += "rpid:101", Sip-Avp += "adresa:10.0.0.157", Sip-Avp += "adresa2:10.0.0.157" ...
*last entries in the log after the rejected register. *... DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157> DEBUG:auth_radius:generate_avps: AVP 'adresa'/0='10.0.0.157'/0 has been added DEBUG:auth_radius:extract_avp: string is adresa2:10.0.0.157 DEBUG:auth_radius:extract_avp: AVP name is <adresa2> DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157> DEBUG:auth_radius:generate_avps: AVP 'adresa2'/0='10.0.0.157'/0 has been added DEBUG:auth_radius:extract_avp: string is rpid:101 DEBUG:auth_radius:extract_avp: AVP name is <rpid> DEBUG:auth_radius:extract_avp: AVP val is <101> DEBUG:auth_radius:generate_avps: AVP 'rpid'/0='101'/0 has been added DEBUG:auth_radius:extract_avp: string is adresa:10.0.0.157 DEBUG:auth_radius:extract_avp: AVP name is <adresa> DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157> DEBUG:auth_radius:generate_avps: AVP 'adresa'/0='10.0.0.157'/0 has been added DEBUG:auth_radius:extract_avp: string is adresa2:10.0.0.157 DEBUG:auth_radius:extract_avp: AVP name is <adresa2> DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157> DEBUG:auth_radius:generate_avps: AVP 'adresa2'/0='10.0.0.157'/0 has been added rpid = 101 adresa = 10.0.0.157 adresa2 = 10.0.0.157 xl_get_spec_value: error - null sp->itf ERROR:avpops:ops_check_avp: cannot get src value parse_headers: flags=ffffffffffffffff check_via_address(192.168.52.145, 192.168.52.145, 0) DEBUG:destroy_avp_list: destroying list 0x404d9238 receive_msg: cleaning up
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Thanks!! It realy helped! The right line should be:
if(!avp_check("$avp(s:adresa)", "eq/$avp(s:adresa)/ig"))
best regards, Zoran
P.S. It was not a mistake, i tried to compare the same avp's to see if it is comparing or doing something else.
----- Original Message ----- From: "Daniel-Constantin Mierla" daniel@voice-system.ro To: "Zoran Milic" miliczo@sezampro.yu Cc: users@openser.org Sent: Friday, December 22, 2006 12:44 PM Subject: Re: [Users] help needed on avpops
Hello,
I guess you are using openser 1.1.0, bu the config is still for the 1.0.x in some cases. See:
http://openser.org/dokuwiki/doku.php/install:1.0.x-to-1.1.x#avpops
If I am right with my assumption, then you have to change: $adresa in $avp(adresa) in avp_check(). Also, there looks to be a mistake, you compare the avp it itself.
Cheers, Daniel
On 12/22/06 13:35, Zoran Milic wrote:
Hi guys, I am trying to set up radius and avp for ages now, and this time i think i am close to it. I have a problem and I can't find any information about it. The thing is, my soft agent (set to uid 101) can't register, and it is getting "Forbidden IP" even with this in the cfg file (see below) I have set up freeradius and radiusclient-ng according to the manual on http://www..openser.org/docs/openser-radius-1.0.x.html http://www.openser.org/docs/openser-radius-1.0.x.html. I can't find anything on the error i am getting in my log. If you need my complete .cfg or log file, just ask, and I will send them promptly. thanks in advance, best regards, Zoran *openser.cfg:* ... xlog("L_ERR","rpid = $avp(s:rpid)"); xlog("L_ERR","adresa = $avp(s:adresa)"); xlog("L_ERR","adresa2 = $avp(s:adresa2)"); # check the src ip address # avp_load_radius("caller"); if(!avp_check("$adresa", "eq/$adresa/ig")) { sl_send_reply("403", "Forbidden IP"); exit; }; save("location"); exit; }; ... *freeradius/users:* ... 101 Auth-Type := Digest, User-Password == "101" Reply-Message = "Authenticated", Sip-Avp += "rpid:101", Sip-Avp += "adresa:10.0.0.157", Sip-Avp += "adresa2:10.0.0.157" ...
*last entries in the log after the rejected register. *... DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157> DEBUG:auth_radius:generate_avps: AVP 'adresa'/0='10.0.0.157'/0 has been added DEBUG:auth_radius:extract_avp: string is adresa2:10.0.0.157 DEBUG:auth_radius:extract_avp: AVP name is <adresa2> DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157> DEBUG:auth_radius:generate_avps: AVP 'adresa2'/0='10.0.0.157'/0 has been added DEBUG:auth_radius:extract_avp: string is rpid:101 DEBUG:auth_radius:extract_avp: AVP name is <rpid> DEBUG:auth_radius:extract_avp: AVP val is <101> DEBUG:auth_radius:generate_avps: AVP 'rpid'/0='101'/0 has been added DEBUG:auth_radius:extract_avp: string is adresa:10.0.0.157 DEBUG:auth_radius:extract_avp: AVP name is <adresa> DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157> DEBUG:auth_radius:generate_avps: AVP 'adresa'/0='10.0.0.157'/0 has been added DEBUG:auth_radius:extract_avp: string is adresa2:10.0.0.157 DEBUG:auth_radius:extract_avp: AVP name is <adresa2> DEBUG:auth_radius:extract_avp: AVP val is <10.0.0.157> DEBUG:auth_radius:generate_avps: AVP 'adresa2'/0='10.0.0.157'/0 has been added rpid = 101 adresa = 10.0.0.157 adresa2 = 10.0.0.157 xl_get_spec_value: error - null sp->itf ERROR:avpops:ops_check_avp: cannot get src value parse_headers: flags=ffffffffffffffff check_via_address(192.168.52.145, 192.168.52.145, 0) DEBUG:destroy_avp_list: destroying list 0x404d9238 receive_msg: cleaning up
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.432 / Virus Database: 268.15.26/597 - Release Date: 12/21/2006 6:45 PM
-
Daniel-Constantin Mierla -
Zoran Milic