Hi,
I have built ser and modules from the tar.gz file available on CVS. Authentication using auth_db works fine, but auth_radius results in a segmentation fault when I try to register.
The debug log (with debug=9) says:
Mar 22 16:21:32 voip ser: SIP Request: Mar 22 16:21:32 voip ser: method: <REGISTER> Mar 22 16:21:32 voip ser: uri: sip:voip.pdn.ac.lk Mar 22 16:21:32 voip ser: version: <SIP/2.0> Mar 22 16:21:32 voip ser: parse_headers: flags=1 Mar 22 16:21:32 voip ser: Found param type 232, <branch> = <z9hG4bK3378053857>; state=16 Mar 22 16:21:32 voip ser: end of header reached, state=5 Mar 22 16:21:32 voip ser: parse_headers: Via found, flags=1 Mar 22 16:21:32 voip ser: parse_headers: this is the first via Mar 22 16:21:32 voip ser: After parse_msg... Mar 22 16:21:32 voip ser: preparing to run routing scripts... Mar 22 16:21:32 voip ser: DEBUG : is_maxfwd_present: searching for max_forwards header Mar 22 16:21:32 voip ser: parse_headers: flags=128 Mar 22 16:21:32 voip ser: DEBUG: add_param: tag=2520454554 Mar 22 16:21:32 voip ser: end of header reached, state=29 Mar 22 16:21:32 voip ser: DEBUG: get_hdr_field: <To> [44]; uri=[sip:nimalr@voip.pdn.ac.lk] Mar 22 16:21:32 voip ser: DEBUG: to body [sip:nimalr@voip.pdn.ac.lk] Mar 22 16:21:32 voip ser: get_hdr_field: cseq <CSeq>: <0> <REGISTER> Mar 22 16:21:32 voip ser: DEBUG: is_maxfwd_present: value = 10 Mar 22 16:21:32 voip ser: parse_headers: flags=4096 Mar 22 16:21:32 voip ser: DEBUG: get_hdr_body : content_length=0 Mar 22 16:21:32 voip ser: found end of header Mar 22 16:21:32 voip ser: pre_auth(): Credentials with given realm not found Mar 22 16:21:32 voip ser: ERROR: fifo_server fgets failed: Illegal seek Mar 22 16:21:33 voip last message repeated 3 times Mar 22 16:21:33 voip ser: INFO: signal 15 received Mar 22 16:21:33 voip ser: INFO: signal 15 received
My configuration is : ......... ......... # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" .......... .......... if (uri=~"voip.pdn.ac.lk") { if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication if (!radius_www_authorize("voip.pdn.ac.lk")) { # if (!www_authorize("voip.pdn.ac.lk","subscriber")) { www_challenge("voip.pdn.ac.lk", "0"); break; };
save("location"); break; }; ........ ........
Any help for solving the problem would be appreciated. Thanks.
Nimal R.
Hello,
I fixed the problem. Please download the latest cvs code and try again.
Jan.
On 22-03 16:31, Nimal Ratnayake wrote:
Hi,
I have built ser and modules from the tar.gz file available on CVS. Authentication using auth_db works fine, but auth_radius results in a segmentation fault when I try to register.
The debug log (with debug=9) says:
Mar 22 16:21:32 voip ser: SIP Request: Mar 22 16:21:32 voip ser: method: <REGISTER> Mar 22 16:21:32 voip ser: uri: sip:voip.pdn.ac.lk Mar 22 16:21:32 voip ser: version: <SIP/2.0> Mar 22 16:21:32 voip ser: parse_headers: flags=1 Mar 22 16:21:32 voip ser: Found param type 232, <branch> = <z9hG4bK3378053857>; state=16 Mar 22 16:21:32 voip ser: end of header reached, state=5 Mar 22 16:21:32 voip ser: parse_headers: Via found, flags=1 Mar 22 16:21:32 voip ser: parse_headers: this is the first via Mar 22 16:21:32 voip ser: After parse_msg... Mar 22 16:21:32 voip ser: preparing to run routing scripts... Mar 22 16:21:32 voip ser: DEBUG : is_maxfwd_present: searching for max_forwards header Mar 22 16:21:32 voip ser: parse_headers: flags=128 Mar 22 16:21:32 voip ser: DEBUG: add_param: tag=2520454554 Mar 22 16:21:32 voip ser: end of header reached, state=29 Mar 22 16:21:32 voip ser: DEBUG: get_hdr_field: <To> [44]; uri=[sip:nimalr@voip.pdn.ac.lk] Mar 22 16:21:32 voip ser: DEBUG: to body [sip:nimalr@voip.pdn.ac.lk] Mar 22 16:21:32 voip ser: get_hdr_field: cseq <CSeq>: <0> <REGISTER> Mar 22 16:21:32 voip ser: DEBUG: is_maxfwd_present: value = 10 Mar 22 16:21:32 voip ser: parse_headers: flags=4096 Mar 22 16:21:32 voip ser: DEBUG: get_hdr_body : content_length=0 Mar 22 16:21:32 voip ser: found end of header Mar 22 16:21:32 voip ser: pre_auth(): Credentials with given realm not found Mar 22 16:21:32 voip ser: ERROR: fifo_server fgets failed: Illegal seek Mar 22 16:21:33 voip last message repeated 3 times Mar 22 16:21:33 voip ser: INFO: signal 15 received Mar 22 16:21:33 voip ser: INFO: signal 15 received
My configuration is : ......... ......... # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" .......... .......... if (uri=~"voip.pdn.ac.lk") { if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication if (!radius_www_authorize("voip.pdn.ac.lk")) { # if (!www_authorize("voip.pdn.ac.lk","subscriber")) { www_challenge("voip.pdn.ac.lk", "0"); break; };
save("location"); break; };........ ........
Any help for solving the problem would be appreciated. Thanks.
Nimal R.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hi Jan,
Thanks for the updates. The segmentation fault is fixed, but the problem is not completely solved yet.
First, the following error appeared in the log.
rc_avpair_new: unknown attribute 1072
Modifying the radiusclient dictionary and the radius server dictionary solved that problem. Now it appears that the password is not sent to the radius server, according to the log on the radius server:
Sat Mar 22 23:01:48 2003 : Auth: rlm_unix: Attribute "User-Password" is required for authentication. Sat Mar 22 23:01:48 2003 : Auth: Login incorrect: [nimalr@voip.pdn.ac.lk] (from client voip port 5060)
I am using radiusclient 0.3.2 (on RedHat Linux 8.0) and freeradius 0.8.1 (on FreeBSD 4.3).
Nimal R.
Jan Janak wrote:
Hello,
I fixed the problem. Please download the latest cvs code and try again.
Jan.
On 22-03 16:31, Nimal Ratnayake wrote:
Hi,
I have built ser and modules from the tar.gz file available on CVS. Authentication using auth_db works fine, but auth_radius results in a segmentation fault when I try to register.
The debug log (with debug=9) says:
Mar 22 16:21:32 voip ser: SIP Request: Mar 22 16:21:32 voip ser: method: <REGISTER> Mar 22 16:21:32 voip ser: uri: sip:voip.pdn.ac.lk Mar 22 16:21:32 voip ser: version: <SIP/2.0> Mar 22 16:21:32 voip ser: parse_headers: flags=1 Mar 22 16:21:32 voip ser: Found param type 232, <branch> = <z9hG4bK3378053857>; state=16 Mar 22 16:21:32 voip ser: end of header reached, state=5 Mar 22 16:21:32 voip ser: parse_headers: Via found, flags=1 Mar 22 16:21:32 voip ser: parse_headers: this is the first via Mar 22 16:21:32 voip ser: After parse_msg... Mar 22 16:21:32 voip ser: preparing to run routing scripts... Mar 22 16:21:32 voip ser: DEBUG : is_maxfwd_present: searching for max_forwards header Mar 22 16:21:32 voip ser: parse_headers: flags=128 Mar 22 16:21:32 voip ser: DEBUG: add_param: tag=2520454554 Mar 22 16:21:32 voip ser: end of header reached, state=29 Mar 22 16:21:32 voip ser: DEBUG: get_hdr_field: <To> [44]; uri=[sip:nimalr@voip.pdn.ac.lk] Mar 22 16:21:32 voip ser: DEBUG: to body [sip:nimalr@voip.pdn.ac.lk] Mar 22 16:21:32 voip ser: get_hdr_field: cseq <CSeq>: <0> <REGISTER> Mar 22 16:21:32 voip ser: DEBUG: is_maxfwd_present: value = 10 Mar 22 16:21:32 voip ser: parse_headers: flags=4096 Mar 22 16:21:32 voip ser: DEBUG: get_hdr_body : content_length=0 Mar 22 16:21:32 voip ser: found end of header Mar 22 16:21:32 voip ser: pre_auth(): Credentials with given realm not found Mar 22 16:21:32 voip ser: ERROR: fifo_server fgets failed: Illegal seek Mar 22 16:21:33 voip last message repeated 3 times Mar 22 16:21:33 voip ser: INFO: signal 15 received Mar 22 16:21:33 voip ser: INFO: signal 15 received
My configuration is : ......... ......... # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" .......... .......... if (uri=~"voip.pdn.ac.lk") { if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication if (!radius_www_authorize("voip.pdn.ac.lk")) { # if (!www_authorize("voip.pdn.ac.lk","subscriber")) { www_challenge("voip.pdn.ac.lk", "0"); break; };
save("location"); break; };........ ........
Any help for solving the problem would be appreciated. Thanks.
Nimal R.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/seruser
Nimal,
On 22-03 23:23, Nimal Ratnayake wrote:
Hi Jan,
Thanks for the updates. The segmentation fault is fixed, but the problem is not completely solved yet.
First, the following error appeared in the log.
rc_avpair_new: unknown attribute 1072
Modifying the radiusclient dictionary and the radius server dictionary solved that problem.
OK.
Now it appears that the password is not sent to the radius server, according to the log on the radius server:
Sat Mar 22 23:01:48 2003 : Auth: rlm_unix: Attribute "User-Password" is required for authentication. Sat Mar 22 23:01:48 2003 : Auth: Login incorrect: [nimalr@voip.pdn.ac.lk] (from client voip port 5060)
I am using radiusclient 0.3.2 (on RedHat Linux 8.0) and freeradius 0.8.1 (on FreeBSD 4.3).
SER sends no User-Password attribute, digest authentication is used and you will have to enable it in freeradius. SER sends all the attributes found in digest response from client and there is no plaintext password.
Jan.
Hi Jan,
SER sends no User-Password attribute, digest authentication is used and you will have to enable it in freeradius. SER sends all the attributes found in digest response from client and there is no plaintext password.
Jan.
Thanks. I enabled digest authentication on freeradius. But authentication is still not working. Running radius server on the same host running ser also does not help.
The client I am using is linphone 0.10.0. Has it been tested with ser and freeradius?
This is the log from radius server (localhost):
rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "nimalr" Digest-Realm = "voip.pdn.ac.lk" Digest-Nonce = "3e7d33c5a4fb00856d61af746afbd1faf3c6d57a" Digest-URI = "sip:voip.pdn.ac.lk" Digest-Method = "REGISTER" modcall[authorize]: module "digest" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type Digest auth: type "DIGEST" modcall: entering group authenticate A1 = nimalr:voip.pdn.ac.lk:test A2 = REGISTER:sip:voip.pdn.ac.lk KD = a4e3306ab05d72936ff94e490e3eb355:3e7d33c5a4fb00856d61af746afbd1faf3c6d57a:db290fad9043f2aee3dd5329eccbc2c1
rlm_digest: FAILED authentication
Nimal R.
Hello,
do you have nimalr@voip.pdn.ac.lk as username in your users file ?
Jan.
On 23-03 10:39, Nimal Ratnayake wrote:
Hi Jan,
SER sends no User-Password attribute, digest authentication is used and you will have to enable it in freeradius. SER sends all the attributes found in digest response from client and there is no plaintext password.
Jan.
Thanks. I enabled digest authentication on freeradius. But authentication is still not working. Running radius server on the same host running ser also does not help.
The client I am using is linphone 0.10.0. Has it been tested with ser and freeradius?
This is the log from radius server (localhost):
rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "nimalr" Digest-Realm = "voip.pdn.ac.lk" Digest-Nonce = "3e7d33c5a4fb00856d61af746afbd1faf3c6d57a" Digest-URI = "sip:voip.pdn.ac.lk" Digest-Method = "REGISTER" modcall[authorize]: module "digest" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type Digest auth: type "DIGEST" modcall: entering group authenticate A1 = nimalr:voip.pdn.ac.lk:test A2 = REGISTER:sip:voip.pdn.ac.lk KD = a4e3306ab05d72936ff94e490e3eb355:3e7d33c5a4fb00856d61af746afbd1faf3c6d57a:db290fad9043f2aee3dd5329eccbc2c1
rlm_digest: FAILED authentication
Nimal R.
Hi Jan,
do you have nimalr@voip.pdn.ac.lk as username in your users file ?
Yes I do. I have the user nimalr in the local password file, and nimalr@voip.pdn.ac.lk in the users file. I have tried testing with username "nr" with both "nr@voip.pdn.ac.lk" and "nr" entries in the users file - but no success.
It looks like the problem is with freeradius, and not ser. I will try to seek help from the freeradius community as well.
Thanks for all the help.
Nimal R.
Hi Jan,
do you have nimalr@voip.pdn.ac.lk as username in your users file ?
I didn't know that the Radius server needs to know the clear text password for digest authentication. I had only the Crypt-Password in the configuration file. After I put the cleartext password in the configuration file it worked fine.
Thanks for all the help.
Nimal R.
-
Jan Janak -
Nimal Ratnayake