Hi all
I am using SER-0.9.3 with radiusclient-ng-0.5.1 but
unable to get thrrough radius Digest Authentication i
am getting Noisy feedback tells and no request to
Radius
----------------------------------------------------
192.168.0.1:10411 -> 192.168.0.3:5060
REGISTER sip:192.168.0.3 SIP/2.0..To:
2000<sip:2000@192.168.0.3>..From: 2000<sip:2000@212.
36.71.78>;tag=68a232bb..Via: SIP/2.0/UDP
192.168.1.236:10411;branch=z9hG4bK-d87543-788469354
-1--d87543-;rport..Call-ID: 726b328158a24912..CSeq:
2 REGISTER..Contact: <sip:2000@192.168.1
.236:10411>..Expires: 60..Max-Forwards: 70..Allow:
INVITE, ACK, CANCEL, OPTIONS, BYE, REFER,
NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent:
eyeBeam release 3005x stamp 17288..Authorizat
ion: Digest
username="2000",realm="192.168.0.3",nonce="438142b95bb202f9f7b35267264fa3cdf240
c34c",uri="sip:192.168.0.3",response="587553ab1fdd8979c16dd5619ea1f3f1",algorithm=MD5..Cont
ent-Length: 0....
#
U 192.168.0.3:5060 -> 192.168.0.1:10411
SIP/2.0 100 Trying..To:
2000<sip:2000@192.168.0.3>..From:
2000<sip:2000@192.168.0.3>;tag=6
8a232bb..Via: SIP/2.0/UDP
192.168.1.236:10411;branch=z9hG4bK-d87543-788469354-1--d87543-;rpo
rt=10411;received=192.168.0.1..Call-ID:
726b328158a24912..CSeq: 2 REGISTER..Server: OpenSer
(0.9.5 (i386/linux))..Content-Length: 0..Warning:
392 192.168.0.3:5060 "Noisy feedback tel
ls: pid=27853 req_src_ip=192.168.0.1
req_src_port=10411 in_uri=sip:192.168.0.3 out_uri=si
p:192.168.0.3 via_cnt==1"....
#
U 192.168.0.3:5060 -> 192.168.0.1:10411
SIP/2.0 401 Unauthorized..To:
2000<sip:2000@192.168.0.3>;tag=236419814c1d6cbca250c821be3316
c3.97c8..From:
2000<sip:2000@192.168.0.3>;tag=68a232bb..Via:
SIP/2.0/UDP 192.168.1.236:1041
1;branch=z9hG4bK-d87543-788469354-1--d87543-;rport=10411;received=192.168.0.1..Call-ID:
726
b328158a24912..CSeq: 2 REGISTER..WWW-Authenticate:
Digest realm="192.168.0.3",
nonce="7264fa3cdf240c34c"..Server: OpenSer (0.9.5
(i386/linux))..Content-Length:
0..Warning: 392 192.168.0.3:5060 "Noisy feedback
tells: pid=27853 req_src_ip=192.168.0.1
req_src_port=10411 in_uri=sip:192.168.0.3
out_uri=sip:192.168.0.3 via_cnt==1"....
------------------------------------------------------------------------
why i am getting these
-------------------------------------------------------
0(27853) radius_authorize_sterman(): Failure
0(27853) build_auth_hf(): 'WWW-Authenticate: Digest
realm="192.168.0.3,
nonce="43814271015d7812e9f068467d0c352ceb679d70"
'
0(27853) parse_headers: flags=-1
0(27853) check_via_address(192.168.0.1, 192.168.0.1,
0)
0(27853) DEBUG:destroy_avp_list: destroying list
0x4043dee0
0(27853) receive_msg: cleaning up
ser.cfg
-----------------------
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/uri.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/ser/modules/auth.so"
modparam("usrloc", "db_mode", 0)
modparam("auth_radius","radius_config","/usr/local/etc/radiusclient-ng/radiusclient.conf")
modparam("auth_radius","service_type",15)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
#modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
#modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which
true in this config),
# uncomment also the following parameter)
#
#modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "rtpproxy_sock",
"unix:/var/run/rtpproxy.sock")
#modparam("usrloc", "db_mode", 2)
modparam("registrar", "nat_flag", 6)
modparam("rr", "enable_full_lr", 1)
#############################################################################
modparam("tm", "fr_timer", 40)
modparam("tm", "fr_inv_timer", 35)
modparam("tm", "wt_timer", 5)
modparam("tm", "fr_inv_timer_avp", "inv_timeout")
###########################################################################
# ------------------------- request routing logic
-------------------
# main routing logic
route{
# max_forwards==0, or excessively long
requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if (msg:len >= max_len ) {
sl_send_reply("513", "Message too
big");
break;
};
if (!method=="REGISTER") {
record_route();
}
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
break;
};
if (!uri==myself) {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
route(1);
break;
};
if (method=="BYE" || method=="CANCEL") {
unforce_rtp_proxy();
}
if (loose_route()) {
if (has_totag() && (method=="INVITE"
|| method=="ACK")) {
if (nat_uac_test("19")) {
setflag(6);
force_rport();
fix_nated_contact();
};
# force_rtp_proxy("l");
force_rtp_proxy();
};
route(1);
break;
};
# if the request is for other domain use
UsrLoc
# (in case, it does not work, use the
following command
if (uri==myself) {
if (method=="INVITE") {
route(3);
break;
};
};
append_hf("P-hint: usrloc applied\r\n");
route(1);
}
route[1]
{
#
-----------------------------------------------------------------
# Default Message Handler
#
-----------------------------------------------------------------
t_on_reply("1");
if (!t_relay()) {
if (method=="INVITE" && isflagset(6))
{
unforce_rtp_proxy();
};
sl_reply_error();
};
}
route[2] {
#
-----------------------------------------------------------------
# REGISTER Message Handler
#
----------------------------------------------------------------
if (!search("^Contact:\ +\*") &&
nat_uac_test("19")) {
setflag(6);
fix_nated_register();
force_rport();
};
sl_send_reply("100", "Trying");
if (!radius_www_authorize("")) {
www_challenge("","0");
break;
};
consume_credentials();
if (!save("location")) {
sl_reply_error();
};
}
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com