Re: [Users] SIP Clients Can't REGISTER - sr-users

19 Jun 2006

      Hello,
On 06/19/06 14:38, Hamid Ali Asgari wrote:
...
Hi,
Thanks for the reply.
I commented out the entry you mentioned:
#101@mydomain.com Auth-Type := Accept, Sip-Group == "suspended", 
#Service-Type == "Group-Check"
What happens now is that the radius will check for a group named SUSPENDED
and will reject because it won't match the 101 user:
...
From RADIUS debug:
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 255

Users:152: DEFAULT Auth-Type = System
        Fall-Through = 1
Users:255: DEFAULT Auth-Type := Reject, Service-Type == "Group-Check"
Any thoughts?
this is ok, it is the response that the user is not in the suspended 
group. The processing should go further in openser configuration script. 
Do you encounter other issues with calls/registrations?
Cheers,
Daniel
...
Hamid
-----Original Message-----
From: Daniel-Constantin Mierla [mailto:daniel@voice-system.ro] 
Sent: Monday, June 19, 2006 12:54 PM
To: Hamid Ali Asgari
Cc: 'Edson'; users@openser.org
Subject: Re: [Users] SIP Clients Can't REGISTER
If look carefully in the configuration file of the tutorial, it checks 
for users belonging to "suspended" group. As you have in 'users' file:
101@mydomain.com Auth-Type := Accept, Sip-Group == "suspended", 
Service-Type == "Group-Check"
Reply-Message = "Authorized"
means that user 101 is in suspended group and it is not allowed to 
register or initiate calls. So remove this line for your 'users' file.
Also, when you test, just watch the network traffic on you sip server, 
it will reveal the reply code so you can spot easily which statement was 
hit in the config file: ngrep -d any port 5060
Cheers,
Daniel
On 06/18/06 12:23, Hamid Ali Asgari wrote:
...
Hi,
I get the following:
[root@localhost radiusclient-ng]# radiusclient -f 
/usr/local/etc/radiusclient-ng/radiusclient.conf 
'User-Name=101@mydomain.com' 'Password=101';echo $?
Reply-Message = 'Authenticated'
1
I guess the radiusclient is working fine since I am receiving the 
RADIUS packets on the freeradius debugs.
I suspect the following entries in the debug:
rad_recv: Access-Request packet from host 127.0.0.1:32901, id=197, 
length=64
User-Name = "101@mydomain"
Sip-Group = "*suspended*"
Service-Type = Group-Check
NAS-Port = 0
NAS-IP-Address = 127.0.0.1
Why is openser setting the group to SUSPENDED???? Since there is no 
group named _suspended_ on the radius that may be the reason the 
radius is rejecting:
RADIUS Users file:
### --- avps ---
101@mydomain.com Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
Sip-Avp += "#3#1",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Fri"
102@mydomain.com Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
Sip-Avp += "#3#1",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Free"
DEFAULT Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
### --- group checking ---
### --- user 101 ---
101@mydomain.com Auth-Type := Accept, Sip-Group == "voip", 
Service-Type == "Group-Check"
Reply-Message = "Authorized"
101@mydomain.com Auth-Type := Accept, Sip-Group == "suspended", 
Service-Type == "Group-Check"
Reply-Message = "Authorized"
101@mydomain.com Auth-Type := Accept, Sip-Group == "pstn", 
Service-Type == "Group-Check"
Reply-Message = "Authorized"
### --- user 102 ---
102@mydomain.com Auth-Type := Accept, Sip-Group == "voip", 
Service-Type == "Group-Check"
Reply-Message = "Authorized"
DEFAULT Auth-Type := Reject, Service-Type == "Group-Check"
### --- user authentication ---
101@mydomain.com Auth-Type := Digest, User-Password == "101"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:101",
Sip-Avp += "#2:192.168.10.17",
# Sip-Avp += "#2:192.168.2.11"
102@mydomain.com Auth-Type := Digest, User-Password == "102"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:102",
# Sip-Avp += "#2:192.168.2.12"

*From:* Edson [mailto:4lists@gmail.com]
*Sent:* Thursday, June 15, 2006 4:19 PM
*To:* 'Hamid Ali Asgari'; users@openser.org
*Subject:* RE: [Users] SIP Clients Can't REGISTER
Take a look on the user credentials on Radius DB. Radius is rejecting 
the authentication, so there should be some mismatch between Your 
login credentials and what Radius has in its DB.
Try to run this command and see what's the result (linux version):
radiusclient -f <conf-dir-of-radiusclient-ng>/radiusclient.conf -p 123 
'User-Name=some@valid.user' 'Password=Guess';echo $?
It should return:
Reply-Message = 'Authenticated'
Edson.

Users mailing list
Users@openser.org
http://openser.org/cgi-bin/mailman/listinfo/users