Hi Dan,
I am running in debug mode, here is the output of FreeRadius which seems fine to me:
rad_recv: Access-Request packet from host 192.168.2.80:35223, id=250, length=232 User-Name = "101@openser.org" Digest-Attributes = 0x0a05313031 Digest-Attributes = 0x010d6f70656e7365722e6f7267 Digest-Attributes = 0x022a34363961626230616465333832613934646432333533636264663264666438336231353933663564 Digest-Attributes = 0x04127369703a3139322e3136382e322e3830 Digest-Attributes = 0x030a5245474953544552 Digest-Attributes = 0x050661757468 Digest-Attributes = 0x090a3030303030303930 Digest-Attributes = 0x081235343038316466316439623562383564 Digest-Response = "d3ff78d09d9b2cefdce0c975b3c6fd26" Service-Type = IAPP-Register X-Ascend-PW-Lifetime = 0x313031 NAS-Port = 5060 NAS-IP-Address = 192.168.2.80 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1124 modcall[authorize]: module "preprocess" returns ok for request 1124 radius_xlat: '/usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716' rlm_detail: /usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716 modcall[authorize]: module "auth_log" returns ok for request 1124 rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok for request 1124 users: Matched entry 101@openser.org at line 53 modcall[authorize]: module "files" returns ok for request 1124 modcall: leaving group authorize (returns ok) for request 1124 rad_check_password: Found Auth-Type DIGEST auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1124 rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "101" Digest-Realm = "openser.org" Digest-Nonce = "469abb0ade382a94dd2353cbdf2dfd83b1593f5d" Digest-URI = "sip:192.168.2.80" Digest-Method = "REGISTER" Digest-QOP = "auth" Digest-Nonce-Count = "00000090" Digest-CNonce = "54081df1d9b5b85d" A1 = 101:openser.org:101 A2 = REGISTER:sip:192.168.2.80 H(A1) = f195c177997cee336c919be9279c5703 H(A2) = 046d0643f281affab19fe62ffc848ab5 KD = f195c177997cee336c919be9279c5703:469abb0ade382a94dd2353cbdf2dfd83b1593f5d:00000090:54081df1d9b5b85d:auth:046d0643f281affab19fe62ffc848ab5 EXPECTED d3ff78d09d9b2cefdce0c975b3c6fd26 RECEIVED d3ff78d09d9b2cefdce0c975b3c6fd26 modcall[authenticate]: module "digest" returns ok for request 1124 modcall: leaving group authenticate (returns ok) for request 1124 Login OK: [101@openser.org/<no User-Password attribute>] (from client 192.168.2.80 port 5060) Sending Access-Accept of id 250 to 192.168.2.80 port 35223 Finished request 1124 Going to the next request Waking up in 6 seconds...
Z2L ----- Original Message ----- From: "Dan-Cristian Bogos" dan.bogos@gmail.com To: openser@zap2link.com Sent: Wednesday, July 18, 2007 1:53:14 PM (GMT+0200) Asia/Jerusalem Subject: Re: [OpenSER-Users] Radius integration issue
Hi,
try running FreeRADIUS in debug mode, this will tell u more info regarding the cause of failure. To run FreeRADIUS in debug start it with -X option.
Let us know about the results.
Cheers, DanB
On 7/18/07, OpenSER ML openser@zap2link.com wrote:
Hi All,
I'm trying to connect OpenSER with FreeRadius. I've managed to get the digest authentication going correctly, having the Radius respond with LOGIN OK for the requests that are in the users file. However, although the authentication process appears to succeed, the IP phone doesn't register to the OpenSER server.
The following can be seen in the debug:
0(17821) SIP Request: 0(17821) method: <REGISTER> 0(17821) uri: sip:192.168.2.80 0(17821) version: <SIP/2.0> 0(17821) parse_headers: flags=2 0(17821) Found param type 232, <branch> = <z9hG4bK4d7202f23b6595fc>; state=16 0(17821) end of header reached, state=5 0(17821) parse_headers: Via found, flags=2 0(17821) parse_headers: this is the first via 0(17821) After parse_msg... 0(17821) preparing to run routing scripts... 0(17821) parse_headers: flags=100 0(17821) DEBUG:parse_to:end of header reached, state=10 0(17821) DBUG:parse_to: display={}, ruri={sip:101@192.168.2.80;user=phone} 0(17821) DEBUG: get_hdr_field: <To> [35]; uri=[sip:101@192.168.2.80;user=phone] 0(17821) DEBUG: to body [sip:101@192.168.2.80;user=phone ] 0(17821) get_hdr_field: cseq <CSeq>: <20048> <REGISTER> 0(17821) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(17821) parse_headers: flags=200 0(17821) DEBUG: get_hdr_body : content_length=0 0(17821) found end of header 0(17821) find_first_route: No Route headers found 0(17821) loose_route: There is no Route HF 0(17821) grep_sock_info - checking if host==us: 12==12 && [192.168.2.80] == [192.168.2.80] 0(17821) grep_sock_info - checking if port 5060 matches port 5060 0(17821) grep_sock_info - checking if host==us: 12==12 && [192.168.2.80] == [192.168.2.80] 0(17821) grep_sock_info - checking if port 5060 matches port 5060 0(17821) check_nonce(): comparing [469aba5f4ff6b78f7b9588ad19fc0ab514e709da] and [469aba5f4ff6b78f7b9588ad19fc0ab514e709da] 0(17821) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed 0(17821) build_auth_hf(): 'WWW-Authenticate: Digest realm="openser.org", nonce="469aba5f4ff6b78f7b9588ad19fc0ab514e709da", qop="auth" ' 0(17821) parse_headers: flags=ffffffffffffffff 0(17821) check_via_address(192.168.2.101, 192.168.2.101, 0) 0(17821) DEBUG:destroy_avp_list: destroying list (nil) 0(17821) receive_msg: cleaning up
As you can surely see, the ERROR is somewhere in the authorization status. Now, I've verified the secret key between the machine, and all seems to be in place - any pointers will be highly appreciated.
Z2L
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Can u post your openser configuration + version also? From the debug u sent it all looks fine except the error.
DanB
On 7/18/07, OpenSER ML openser@zap2link.com wrote:
Hi Dan,
I am running in debug mode, here is the output of FreeRadius which seems fine to me:
rad_recv: Access-Request packet from host 192.168.2.80:35223, id=250, length=232 User-Name = "101@openser.org" Digest-Attributes = 0x0a05313031 Digest-Attributes = 0x010d6f70656e7365722e6f7267 Digest-Attributes = 0x022a34363961626230616465333832613934646432333533636264663264666438336231353933663564 Digest-Attributes = 0x04127369703a3139322e3136382e322e3830 Digest-Attributes = 0x030a5245474953544552 Digest-Attributes = 0x050661757468 Digest-Attributes = 0x090a3030303030303930 Digest-Attributes = 0x081235343038316466316439623562383564 Digest-Response = "d3ff78d09d9b2cefdce0c975b3c6fd26" Service-Type = IAPP-Register X-Ascend-PW-Lifetime = 0x313031 NAS-Port = 5060 NAS-IP-Address = 192.168.2.80 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1124 modcall[authorize]: module "preprocess" returns ok for request 1124 radius_xlat: '/usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716' rlm_detail: /usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716 modcall[authorize]: module "auth_log" returns ok for request 1124 rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok for request 1124 users: Matched entry 101@openser.org at line 53 modcall[authorize]: module "files" returns ok for request 1124 modcall: leaving group authorize (returns ok) for request 1124 rad_check_password: Found Auth-Type DIGEST auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1124 rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "101" Digest-Realm = "openser.org" Digest-Nonce = "469abb0ade382a94dd2353cbdf2dfd83b1593f5d" Digest-URI = "sip:192.168.2.80" Digest-Method = "REGISTER" Digest-QOP = "auth" Digest-Nonce-Count = "00000090" Digest-CNonce = "54081df1d9b5b85d" A1 = 101:openser.org:101 A2 = REGISTER:sip:192.168.2.80 H(A1) = f195c177997cee336c919be9279c5703 H(A2) = 046d0643f281affab19fe62ffc848ab5 KD = f195c177997cee336c919be9279c5703:469abb0ade382a94dd2353cbdf2dfd83b1593f5d:00000090:54081df1d9b5b85d:auth:046d0643f281affab19fe62ffc848ab5 EXPECTED d3ff78d09d9b2cefdce0c975b3c6fd26 RECEIVED d3ff78d09d9b2cefdce0c975b3c6fd26 modcall[authenticate]: module "digest" returns ok for request 1124 modcall: leaving group authenticate (returns ok) for request 1124 Login OK: [101@openser.org/<no User-Password attribute>] (from client 192.168.2.80 port 5060) Sending Access-Accept of id 250 to 192.168.2.80 port 35223 Finished request 1124 Going to the next request Waking up in 6 seconds...
Z2L ----- Original Message ----- From: "Dan-Cristian Bogos" dan.bogos@gmail.com To: openser@zap2link.com Sent: Wednesday, July 18, 2007 1:53:14 PM (GMT+0200) Asia/Jerusalem Subject: Re: [OpenSER-Users] Radius integration issue
Hi,
try running FreeRADIUS in debug mode, this will tell u more info regarding the cause of failure. To run FreeRADIUS in debug start it with -X option.
Let us know about the results.
Cheers, DanB
On 7/18/07, OpenSER ML openser@zap2link.com wrote:
Hi All,
I'm trying to connect OpenSER with FreeRadius. I've managed to get the digest authentication going correctly, having the Radius respond with LOGIN OK for the requests that are in the users file. However, although the authentication process appears to succeed, the IP phone doesn't register to the OpenSER server.
The following can be seen in the debug:
0(17821) SIP Request: 0(17821) method: <REGISTER> 0(17821) uri: sip:192.168.2.80 0(17821) version: <SIP/2.0> 0(17821) parse_headers: flags=2 0(17821) Found param type 232, <branch> = <z9hG4bK4d7202f23b6595fc>; state=16 0(17821) end of header reached, state=5 0(17821) parse_headers: Via found, flags=2 0(17821) parse_headers: this is the first via 0(17821) After parse_msg... 0(17821) preparing to run routing scripts... 0(17821) parse_headers: flags=100 0(17821) DEBUG:parse_to:end of header reached, state=10 0(17821) DBUG:parse_to: display={}, ruri={sip:101@192.168.2.80;user=phone} 0(17821) DEBUG: get_hdr_field: <To> [35]; uri=[sip:101@192.168.2.80;user=phone] 0(17821) DEBUG: to body [sip:101@192.168.2.80;user=phone ] 0(17821) get_hdr_field: cseq <CSeq>: <20048> <REGISTER> 0(17821) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(17821) parse_headers: flags=200 0(17821) DEBUG: get_hdr_body : content_length=0 0(17821) found end of header 0(17821) find_first_route: No Route headers found 0(17821) loose_route: There is no Route HF 0(17821) grep_sock_info - checking if host==us: 12==12 && [192.168.2.80] == [192.168.2.80] 0(17821) grep_sock_info - checking if port 5060 matches port 5060 0(17821) grep_sock_info - checking if host==us: 12==12 && [192.168.2.80] == [192.168.2.80] 0(17821) grep_sock_info - checking if port 5060 matches port 5060 0(17821) check_nonce(): comparing [469aba5f4ff6b78f7b9588ad19fc0ab514e709da] and [469aba5f4ff6b78f7b9588ad19fc0ab514e709da] 0(17821) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed 0(17821) build_auth_hf(): 'WWW-Authenticate: Digest realm="openser.org", nonce="469aba5f4ff6b78f7b9588ad19fc0ab514e709da", qop="auth" ' 0(17821) parse_headers: flags=ffffffffffffffff 0(17821) check_via_address(192.168.2.101, 192.168.2.101, 0) 0(17821) DEBUG:destroy_avp_list: destroying list (nil) 0(17821) receive_msg: cleaning up
As you can surely see, the ERROR is somewhere in the authorization status. Now, I've verified the secret key between the machine, and all seems to be in place - any pointers will be highly appreciated.
Z2L
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Hi Dan,
I modified my config to use a realm called sip.greenfieldtech.net, but the situation remains. Here is the config file:
# # $Id$ # # radius config script #
# ----------- global configuration parameters ------------------------
debug=9 # debug level (cmd line: -dddddddddd) fork=no log_stderror=yes # (cmd line: -E)
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 listen=udp:192.168.2.80 #alias="openser.org"
#fifo="/tmp/openser_fifo"
# ------------------ module loading ---------------------------------- mpath="/usr/local/lib/openser/modules"
loadmodule "mysql.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "avpops.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "xlog.so" loadmodule "uri.so" loadmodule "acc.so" loadmodule "auth.so" loadmodule "auth_radius.so" loadmodule "group_radius.so" loadmodule "avp_radius.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params -- #modparam("usrloc","db_url","mysql://openser:openserrw@localhost/openser") modparam("usrloc", "db_mode", 2)
# -- acc params -- #modparam("acc", "radius_flag", 1) #modparam("acc", "radius_missed_flag", 2) #modparam("acc", "log_flag", 1) #modparam("acc", "log_missed_flag", 1) #modparam("acc", "service_type", 15) #modparam("acc", "radius_extra", "Sip-Src-IP=$si;Sip-Src-Port=$sp") modparam("auth_radius|group_radius|avp_radius", "radius_config","/etc/radiusclient/radiusclient.conf")
# -- group_radius params -- modparam("group_radius", "use_domain", 0)
# -- avpops params -- avp_aliases="day=i:101;time=i:102"
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) modparam("usrloc", "use_domain", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; };
if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; };
# check if user is suspended #if(is_method("REGISTER|INVITE|MESSAGE|OPTIONS|SUBSCRIBE")) #{ # if (radius_is_user_in("From", "suspended")) { # sl_send_reply("403", "Forbidden - suspended"); # exit; # }; #};
# we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route();
# subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); if(is_method("BYE")) { # log it all the time #acc_rad_request("200 ok"); #acc_log_request("200 ok"); } route(1); };
if(is_method("INVITE") && !has_totag()) { # set the acc flags setflag(1); setflag(2); };
if (!uri==myself) { # check if user is allowed to do voip calls to other domains if(is_method("INVITE|MESSAGE")) { if (!radius_is_user_in("From", "voip")) { sl_send_reply("403", "Forbidden VoIP"); exit; }; }; # mark routing logic in request append_hf("P-hint: outbound\r\n"); route(1); };
# if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { # authenticate registers if (method=="REGISTER") { if (!radius_www_authorize("sip.greenfieldtech.net")) { www_challenge("sip.greenfieldtech.net", "1"); exit; }; if (radius_www_authorize("sip.greenfieldtech.net")) { sl_send_reply("200", "ok"); exit; };
# check the src ip address #if(!avp_check("$avp(i:2)", "eq/$src_ip/ig")) #{ # sl_send_reply("403", "Forbidden IP"); # exit; #};
save("location"); exit; };
# calls to pstn if(uri=~"sip:00[1-9][0-9]+@") { if(is_method("INVITE") && !has_totag()) { if (!radius_is_user_in("From", "pstn")) { sl_send_reply("403", "Forbidden PSTN"); exit; }; }; # set gateway address rewritehostport("10.10.10.10:5090"); route(1); };
# load callee's avps if(avp_load_radius("callee")) { # check if user has time filter enabled #if(avp_check($avp("i:3"), $avp("eq/i:1"))) #{ # print time in an avp # avp_printf("i:100", "$Tf"); # extract day # avp_subst("i:100/i:101", "/(.{3}) .+/*\1*/"); # if(!avp_check("i:6", "fm/$day")) { # sl_send_reply("403", "Forbidden - day"); # exit; # }; # # extract 'hours:minutes' # avp_subst("i:100/i:102", "/(.{10}) (.{5}):.+/\2/"); # if((is_avp_set("i:4") && avp_check("i:4", "gt/$time")) # || (is_avp_set("i:5") && avp_check("i:5", "lt/$time"))) { # sl_send_reply("403", "Forbidden - time"); # exit; # }; #}; };
# native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { # log to acc as missed call #acc_rad_request("404 Not Found"); #acc_log_request("404 Not Found"); sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); };
route(1); }
# generic forward route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; exit; } #
Version is 1.2.1
Z2L ----- Original Message ----- From: "Dan-Cristian Bogos" dan.bogos@gmail.com To: openser@zap2link.com Cc: "users" users@openser.org Sent: Wednesday, July 18, 2007 2:02:11 PM (GMT+0200) Asia/Jerusalem Subject: Re: [OpenSER-Users] Radius integration issue
Can u post your openser configuration + version also? From the debug u sent it all looks fine except the error.
DanB
On 7/18/07, OpenSER ML openser@zap2link.com wrote:
Hi Dan,
I am running in debug mode, here is the output of FreeRadius which seems fine to me:
rad_recv: Access-Request packet from host 192.168.2.80:35223, id=250, length=232 User-Name = "101@openser.org" Digest-Attributes = 0x0a05313031 Digest-Attributes = 0x010d6f70656e7365722e6f7267 Digest-Attributes = 0x022a34363961626230616465333832613934646432333533636264663264666438336231353933663564 Digest-Attributes = 0x04127369703a3139322e3136382e322e3830 Digest-Attributes = 0x030a5245474953544552 Digest-Attributes = 0x050661757468 Digest-Attributes = 0x090a3030303030303930 Digest-Attributes = 0x081235343038316466316439623562383564 Digest-Response = "d3ff78d09d9b2cefdce0c975b3c6fd26" Service-Type = IAPP-Register X-Ascend-PW-Lifetime = 0x313031 NAS-Port = 5060 NAS-IP-Address = 192.168.2.80 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1124 modcall[authorize]: module "preprocess" returns ok for request 1124 radius_xlat: '/usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716' rlm_detail: /usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716 modcall[authorize]: module "auth_log" returns ok for request 1124 rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok for request 1124 users: Matched entry 101@openser.org at line 53 modcall[authorize]: module "files" returns ok for request 1124 modcall: leaving group authorize (returns ok) for request 1124 rad_check_password: Found Auth-Type DIGEST auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1124 rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "101" Digest-Realm = "openser.org" Digest-Nonce = "469abb0ade382a94dd2353cbdf2dfd83b1593f5d" Digest-URI = "sip:192.168.2.80" Digest-Method = "REGISTER" Digest-QOP = "auth" Digest-Nonce-Count = "00000090" Digest-CNonce = "54081df1d9b5b85d" A1 = 101:openser.org:101 A2 = REGISTER:sip:192.168.2.80 H(A1) = f195c177997cee336c919be9279c5703 H(A2) = 046d0643f281affab19fe62ffc848ab5 KD = f195c177997cee336c919be9279c5703:469abb0ade382a94dd2353cbdf2dfd83b1593f5d:00000090:54081df1d9b5b85d:auth:046d0643f281affab19fe62ffc848ab5 EXPECTED d3ff78d09d9b2cefdce0c975b3c6fd26 RECEIVED d3ff78d09d9b2cefdce0c975b3c6fd26 modcall[authenticate]: module "digest" returns ok for request 1124 modcall: leaving group authenticate (returns ok) for request 1124 Login OK: [101@openser.org/<no User-Password attribute>] (from client 192.168.2.80 port 5060) Sending Access-Accept of id 250 to 192.168.2.80 port 35223 Finished request 1124 Going to the next request Waking up in 6 seconds...
Z2L ----- Original Message ----- From: "Dan-Cristian Bogos" dan.bogos@gmail.com To: openser@zap2link.com Sent: Wednesday, July 18, 2007 1:53:14 PM (GMT+0200) Asia/Jerusalem Subject: Re: [OpenSER-Users] Radius integration issue
Hi,
try running FreeRADIUS in debug mode, this will tell u more info regarding the cause of failure. To run FreeRADIUS in debug start it with -X option.
Let us know about the results.
Cheers, DanB
On 7/18/07, OpenSER ML openser@zap2link.com wrote:
Hi All,
I'm trying to connect OpenSER with FreeRadius. I've managed to get the digest authentication going correctly, having the Radius respond with LOGIN OK for the requests that are in the users file. However, although the authentication process appears to succeed, the IP phone doesn't register to the OpenSER server.
The following can be seen in the debug:
0(17821) SIP Request: 0(17821) method: <REGISTER> 0(17821) uri: sip:192.168.2.80 0(17821) version: <SIP/2.0> 0(17821) parse_headers: flags=2 0(17821) Found param type 232, <branch> = <z9hG4bK4d7202f23b6595fc>; state=16 0(17821) end of header reached, state=5 0(17821) parse_headers: Via found, flags=2 0(17821) parse_headers: this is the first via 0(17821) After parse_msg... 0(17821) preparing to run routing scripts... 0(17821) parse_headers: flags=100 0(17821) DEBUG:parse_to:end of header reached, state=10 0(17821) DBUG:parse_to: display={}, ruri={sip:101@192.168.2.80;user=phone} 0(17821) DEBUG: get_hdr_field: <To> [35]; uri=[sip:101@192.168.2.80;user=phone] 0(17821) DEBUG: to body [sip:101@192.168.2.80;user=phone ] 0(17821) get_hdr_field: cseq <CSeq>: <20048> <REGISTER> 0(17821) DEBUG:maxfwd:is_maxfwd_present: value = 70 0(17821) parse_headers: flags=200 0(17821) DEBUG: get_hdr_body : content_length=0 0(17821) found end of header 0(17821) find_first_route: No Route headers found 0(17821) loose_route: There is no Route HF 0(17821) grep_sock_info - checking if host==us: 12==12 && [192.168.2.80] == [192.168.2.80] 0(17821) grep_sock_info - checking if port 5060 matches port 5060 0(17821) grep_sock_info - checking if host==us: 12==12 && [192.168.2.80] == [192.168.2.80] 0(17821) grep_sock_info - checking if port 5060 matches port 5060 0(17821) check_nonce(): comparing [469aba5f4ff6b78f7b9588ad19fc0ab514e709da] and [469aba5f4ff6b78f7b9588ad19fc0ab514e709da] 0(17821) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed 0(17821) build_auth_hf(): 'WWW-Authenticate: Digest realm="openser.org", nonce="469aba5f4ff6b78f7b9588ad19fc0ab514e709da", qop="auth" ' 0(17821) parse_headers: flags=ffffffffffffffff 0(17821) check_via_address(192.168.2.101, 192.168.2.101, 0) 0(17821) DEBUG:destroy_avp_list: destroying list (nil) 0(17821) receive_msg: cleaning up
As you can surely see, the ERROR is somewhere in the authorization status. Now, I've verified the secret key between the machine, and all seems to be in place - any pointers will be highly appreciated.
Z2L
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-
Dan-Cristian Bogos -
OpenSER ML