Hamid
-----Original Message-----
From: Daniel-Constantin Mierla [mailto:daniel@voice-system.ro]
Sent: Monday, June 19, 2006 12:54 PM
To: Hamid Ali Asgari
Cc: 'Edson'; users(a)openser.org
Subject: Re: [Users] SIP Clients Can't REGISTER
If look carefully in the configuration file of the tutorial, it checks
for users belonging to "suspended" group. As you have in 'users' file:
101(a)mydomain.com Auth-Type := Accept, Sip-Group == "suspended",
Service-Type == "Group-Check"
Reply-Message = "Authorized"
means that user 101 is in suspended group and it is not allowed to
register or initiate calls. So remove this line for your 'users' file.
Also, when you test, just watch the network traffic on you sip server,
it will reveal the reply code so you can spot easily which statement was
hit in the config file: ngrep -d any port 5060
Cheers,
Daniel
On 06/18/06 12:23, Hamid Ali Asgari wrote:
Hi,
I get the following:
[root@localhost radiusclient-ng]# radiusclient -f
/usr/local/etc/radiusclient-ng/radiusclient.conf
'User-Name=101(a)mydomain.com' 'Password=101';echo $?
Reply-Message = 'Authenticated'
1
I guess the radiusclient is working fine since I am receiving the
RADIUS packets on the freeradius debugs.
I suspect the following entries in the debug:
rad_recv: Access-Request packet from host 127.0.0.1:32901, id=197,
length=64
User-Name = "101@mydomain"
Sip-Group = "*suspended*"
Service-Type = Group-Check
NAS-Port = 0
NAS-IP-Address = 127.0.0.1
Why is openser setting the group to SUSPENDED???? Since there is no
group named _suspended_ on the radius that may be the reason the
radius is rejecting:
RADIUS Users file:
### --- avps ---
101(a)mydomain.com Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
Sip-Avp += "#3#1",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Fri"
102(a)mydomain.com Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
Sip-Avp += "#3#1",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Free"
DEFAULT Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
### --- group checking ---
### --- user 101 ---
101(a)mydomain.com Auth-Type := Accept, Sip-Group == "voip",
Service-Type == "Group-Check"
Reply-Message = "Authorized"
101(a)mydomain.com Auth-Type := Accept, Sip-Group == "suspended",
Service-Type == "Group-Check"
Reply-Message = "Authorized"
101(a)mydomain.com Auth-Type := Accept, Sip-Group == "pstn",
Service-Type == "Group-Check"
Reply-Message = "Authorized"
### --- user 102 ---
102(a)mydomain.com Auth-Type := Accept, Sip-Group == "voip",
Service-Type == "Group-Check"
Reply-Message = "Authorized"
DEFAULT Auth-Type := Reject, Service-Type == "Group-Check"
### --- user authentication ---
101(a)mydomain.com Auth-Type := Digest, User-Password == "101"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:101",
Sip-Avp += "#2:192.168.10.17",
# Sip-Avp += "#2:192.168.2.11"
102(a)mydomain.com Auth-Type := Digest, User-Password == "102"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:102",
# Sip-Avp += "#2:192.168.2.12"
------------------------------------------------------------------------
*From:* Edson [mailto:4lists@gmail.com]
*Sent:* Thursday, June 15, 2006 4:19 PM
*To:* 'Hamid Ali Asgari'; users(a)openser.org
*Subject:* RE: [Users] SIP Clients Can't REGISTER
Take a look on the user credentials on Radius DB. Radius is rejecting
the authentication, so there should be some mismatch between Your
login credentials and what Radius has in its DB.
Try to run this command and see what's the result (linux version):
radiusclient -f <conf-dir-of-radiusclient-ng>/radiusclient.conf -p 123
'User-Name=some(a)valid.user' 'Password=Guess';echo $?
It should return:
Reply-Message = 'Authenticated'
Edson.
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users