-----Original Message----- From: Zeus Ng [SMTP:zeus.ng@isquare.com.au] Sent: 15 July 2004 11:25 To: 'Sean Lowry' Cc: serusers(a)lists.iptel.org Subject: RE: [Serusers] Radius Authentication Help Look at your /etc/radiusclient/dictionary* files and see if the following line exist. ATTRIBUTE Digest-User-Name 1072 string If not, your are missing the attributes for SIP specific dictionary translation. There are more attributes for sip. The above

of them. Zeus > -----Original Message----- > From: serusers-bounces(a)lists.iptel.org > [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Sean Lowry > Sent: Thursday, 15 July 2004 7:26 PM > To: serusers(a)lists.iptel.org > Subject: [Serusers] Radius Authentication Help > > > running on debian > ser verion = 0.8.12 > ser-radius-module = 0.8.12 > > > Ser.cfg > > # > # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # > # simple quick-start config script > # > > # ----------- global configuration parameters > ------------------------ > > > #debug=4 # debug level (cmd line: -dddddddddd) > #fork=yes > log_stderror=yes # (cmd line: -E) > > /* Uncomment these lines to enter debugging mode > #debug=7 > fork=no > log_stderror=yes > */ > > > > > # ----------------- setting module-specific parameters > --------------- > > # -- usrloc params -- > > #modparam("usrloc", "db_url", "mysql://ser:heslo@hosthost/ser") > modparam("usrloc", "db_mode", 1) > > # Uncomment this if you want to use SQL database > # for persistent storage and comment the previous line > > # -- auth params -- > # Uncomment if you are using auth module > # > #modparam("auth_db", "calculate_ha1", yes) > # > # If you set "calculate_ha1" parameter to yes (which true in > this config), > # uncomment also the following parameter) > # > #modparam("auth_db", "password_column", "password") > > modparam("auth_radius", "radius_config", > "/etc/radiusclient/radiusclient.conf") > #modparam("auth_radius", "service_type", 15) > > > #group radius > modparam("group_radius", "radius_config", > "/etc/radiusclient/radiusclient.conf") > modparam("group_radius", "use_domain", 1) > > > # -- rr params -- > # add value to ;lr param to make some broken UAs happy > modparam("rr", "enable_full_lr", 1) modparam("registrar", > "default_expires", 120) #sets default for expiry if > registrant doesn't specify modparam("registrar", "default_q", > 1000)# sets default q value in registration > > > # ------------------------- request routing logic > ------------------- > > # main routing logic > > > > route{ > > # initial sanity checks -- messages with > # max_forwards==0, or excessively long requests > if (!mf_process_maxfwd_header("10")) { > sl_send_reply("483","Too Many Hops"); > break; > }; > if ( msg:len > max_len ) { > sl_send_reply("513", "Message too big"); > break; > }; > > # we record-route all messages -- to make sure that > # subsequent messages will go through our proxy; that's > # particularly good if upstream and downstream entities > # use different transport protocol > record_route(); > # loose-route processing > if (loose_route()) { > t_relay(); > break; > }; > > # if the request is for other domain use UsrLoc > # (in case, it does not work, use the following command > # with proper names and addresses in it) > if (uri==myself) { > > if (method=="REGISTER") { > > if (search("^(Contact|m): > .*@(--private--information)")) { > log("LOG: alert: someone trying to set > aor==contact\n"); > sl_send_reply("476", "No Server Address > in Contacts Allowed" ); > break; > }; > > # Uncomment this if you want to use digest > authentication > > log(1, "REGISTER: Authenticating user\n"); > > if (!radius_www_authorize("")) { > log(1, "REGISTER: challenging user\n"); > www_challenge("", "1"); > break; > }; > > save("location"); > break; > }; > > if (uri=~"^sip:71[0-9]{2}@.*") > { > #xlog("L_ERR", "LOG - method<%rm> uri<%ru> > from<%fu> to<%tu>\n"); > rewritehostport("192.168.1.252"); > forward(uri:host, uri:port); > xlog("L_ERR", "LOG - method<%rm> uri<%ru> > from<%fu> to<%tu>\n"); > break; > }; > > > # native SIP destinations are handled using > our USRLOC DB > if (!lookup("location")) { > sl_send_reply("404", "Not Found"); > break; > }; > }; > # forward to current uri now; use stateful

> # works reliably even if we forward from TCP to UDP > if (!t_relay()) { > sl_reply_error(); > }; > > } > > > > > Error when running this configuration > > stateless - initializing > Maxfwd module- initializing > . > sip:/etc/ser# acc - initializing > exec - initializing > print - initializing > textops - initializing > voicemail - initializing > 5(14802) REGISTER: Authenticating user > 5(14802) REGISTER: challenging user > 6(14806) REGISTER: Authenticating user > 6(14806) sterman(): Unable to add PW_DIGEST_USER_NAME attribute > 6(14806) REGISTER: challenging user > 5(14802) REGISTER: Authenticating user > 5(14802) sterman(): Unable to add PW_DIGEST_USER_NAME attribute > 5(14802) REGISTER: challenging user > 6(14806) REGISTER: Authenticating user > 6(14806) sterman(): Unable to add PW_DIGEST_USER_NAME attribute > 6(14806) REGISTER: challenging user > > > now if i uncomment out the radius service type > > #modparam("auth_radius", "service_type", 15) > > > sip:/etc/ser# stateless - initializing > Maxfwd module- initializing > acc - initializing > exec - initializing > print - initializing > textops - initializing > voicemail - initializing > 7(14958) REGISTER: Authenticating user > 7(14958) REGISTER: challenging user > 8(14959) REGISTER: Authenticating user > 8(14959) sterman(): Unable to add PW_USER_NAME attribute > 8(14959) REGISTER: challenging user > 7(14958) REGISTER: Authenticating user > 7(14958) sterman(): Unable to add PW_USER_NAME attribute > 7(14958) REGISTER: challenging user > 8(14959) REGISTER: Authenticating user > 8(14959) sterman(): Unable to add PW_USER_NAME attribute > 8(14959) REGISTER: challenging user > 7(14958) REGISTER: Authenticating user > 7(14958) sterman(): Unable to add PW_USER_NAME attribute > 7(14958) REGISTER: challenging user > 8(14959) REGISTER: Authenticating user > 8(14959) sterman(): Unable to add PW_USER_NAME attribute > 8(14959) REGISTER: challenging user > > > > now i have freeradius running in debug so i can see if > anything it talking to it and i see nothing at all from

> > sip:/home/sean# freeradius -x > Starting - reading configuration files ... > Using deprecated naslist file. Support for this will go away > soon. Using deprecated clients file. Support for this will > go away soon. Using deprecated realms file. Support for this > will go away soon. > Module: Loaded expr > Module: Instantiated expr (expr) > Module: Loaded PAP > Module: Instantiated pap (pap) > Module: Loaded CHAP > Module: Instantiated chap (chap) > Module: Loaded MS-CHAP > Module: Instantiated mschap (mschap) > Module: Loaded DIGEST > Module: Instantiated digest (digest) > Module: Loaded System > Module: Instantiated unix (unix) > Module: Loaded eap > rlm_eap: Loaded and initialized the type md5 > rlm_eap: Loaded and initialized the type leap > Module: Instantiated eap (eap) > Module: Loaded preprocess > Module: Instantiated preprocess (preprocess) > Module: Loaded realm > Module: Instantiated realm (suffix) > Module: Loaded SQL > rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) > loaded and linked rlm_sql (sql): Attempting to connect to > radius@localhost:/radius rlm_sql (sql): starting 0 rlm_sql > (sql): Attempting to connect rlm_sql_mysql #0 > rlm_sql_mysql: Starting connect to MySQL server for #0 > rlm_sql (sql): Connected new DB handle, #0 > rlm_sql (sql): starting 1 > rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 > rlm_sql_mysql: Starting connect to MySQL server for #1 > rlm_sql (sql): Connected new DB handle, #1 > rlm_sql (sql): starting 2 > rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 > rlm_sql_mysql: Starting connect to MySQL server for #2 > rlm_sql (sql): Connected new DB handle, #2 > rlm_sql (sql): starting 3 > rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 > rlm_sql_mysql: Starting connect to MySQL server for #3 > rlm_sql (sql): Connected new DB handle, #3 > rlm_sql (sql): starting 4 > rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 > rlm_sql_mysql: Starting connect to MySQL server for #4 > rlm_sql (sql): Connected new DB handle, #4 > Module: Instantiated sql (sql) > Module: Loaded Acct-Unique-Session-Id > Module: Instantiated acct_unique (acct_unique) > Module: Loaded detail > Module: Instantiated detail (detail) > Module: Loaded radutmp > Module: Instantiated radutmp (radutmp) > Initializing the thread pool... > Listening on IP address *, ports 1812/udp and 1813/udp, with > proxy on 1814/udp. Ready to process requests. > > > > > i have tested the raidus server to see if it's authenticating. > > > Sending Access-Request of id 7 to 127.0.0.1:1812 > User-Name = "bob" > User-Password = "bob" > NAS-IP-Address = ~~~changed private~~~ > NAS-Port = 1814 > rad_recv: Access-Accept packet from host 127.0.0.1:1812, > id=7, length=20 > > > everything is working as you would expect does anyone have > any ideas at all as to where i'm going wrong. > > > Thanks in advance > > Sean > > _______________________________________________ > Serusers mailing list > serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers >