[Serusers] radius error

Madan madan.r at net4india.net
Fri Aug 8 11:22:29 CEST 2003 

Hi Daniel
Yes- I have configured freeradius to use rlm_digest and as per your 
advice i did nt load the auth_db module and also auth module was placed 
before auth_radius

Yes- my raddb/users file contains Auth-Type for Digest

test    Auth-Type := Digest, User-Password = "test"
       Reply-Message = "Hello, test with digest"


but this does nt seems to help me

regards,
Madan

I forgot to tell you -- for each user you want to authenticate with 
digest the Auth-Type must be set to DIGEST (in users database of radius 
server).

Daniel

Daniel-Constantin Mierla wrote:

> Hello,
> have you set up FreeRADIUS to load digest authentication module 
> (rlm_digest)? You should have uncommented some lines in radiusd.conf 
> (see comments in that file).
>
> If you use RADIUS authentication module the auth_db may be useless and 
> is better to load auth module prior to auth_radius.
>
> Daniel
>
> Madan wrote:
>
>> hi
>> i have installed ser with  acc/mysql/radius module
>> while registering a user 'm getting the following error message
>>
>> can somebody please point me as to what is wrong and where
>>
>> rad_recv: Access-Request packet from host myhost:33532, id=69, 
>> length=294
>> Thread 3 assigned request 2
>> Waking up in 2 seconds...
>> Thread 3 handling request 2, (1 handled so far)
>>        User-Name = "sip:test at myhost"
>>        Digest-Attributes = "\n\034sip:test at myhost"
>>        Digest-Attributes = "\001\023myhost"
>>        Digest-Attributes = 
>> "\002*3f338410ec3d4e634e2883b85928416ef3c364e5"
>>        Digest-Attributes = "\004\027sip:myhost"
>>        Digest-Attributes = "\003\nREGISTER"
>>        Digest-Attributes = "\005\006auth"
>>        Digest-Attributes = "\t\n00000001"
>>        Digest-Attributes = "\010"34555301336645129540719731434531"
>>        Digest-Response = "acdd6400b4c16da2a04f85334d871415"
>>        Service-Type = IAPP-Register
>>        SIP-URI-User = "test"
>>        NAS-IP-Address = 127.0.0.1
>>        NAS-Port = 5060
>> auth: No authenticate method (Auth-Type) configuration found for the 
>> request: Rejecting the user
>> auth: Failed to validate the user.
>> Delaying request 2 for 1 seconds
>> Finished request 2
>>
>> FYI-
>> OS- RH 7.2
>> SER- latest from cvs with acc/mysql and radius
>> RADIUS- freeradius
>> ------------------------------------ser.cfg--------------------------------- 
>>
>> #
>> # $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $
>> #
>> # simple quick-start config script
>> #
>>
>> # ----------- global configuration parameters ------------------------
>>
>> debug=3         # debug level (cmd line: -dddddddddd)
>> fork=no
>> log_stderror=yes        # (cmd line: -E)
>>
>> /* Uncomment these lines to enter debugging mode
>> debug=7
>> fork=no
>> log_stderror=yes
>> */
>>
>> check_via=no    # (cmd. line: -v)
>> dns=no           # (cmd. line: -r)
>> rev_dns=no      # (cmd. line: -R)
>> port=5060
>> children=4
>> fifo="/tmp/ser_fifo"
>> mhomed=yes
>> listen=myhost
>> # ------------------ module loading ----------------------------------
>>
>> # Uncomment this if you want to use SQL database
>>
>> loadmodule "/usr/local/lib/ser/modules/mysql.so"
>> loadmodule "/usr/local/lib/ser/modules/sl.so"
>> loadmodule "/usr/local/lib/ser/modules/tm.so"
>> loadmodule "/usr/local/lib/ser/modules/rr.so"
>> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
>> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
>> loadmodule "/usr/local/lib/ser/modules/registrar.so"
>> loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
>> loadmodule "/usr/local/lib/ser/modules/uri.so"
>> loadmodule "/usr/local/lib/ser/modules/auth.so"
>> loadmodule "/usr/local/lib/ser/modules/auth_db.so"
>> loadmodule "/usr/local/lib/ser/modules/acc.so"
>>
>> modparam("usrloc", "db_mode", 1)
>> modparam("auth_radius", 
>> "radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
>>
>> # -- rr params --
>> # add value to ;lr param to make some broken UAs happy
>> modparam("rr", "enable_full_lr", 1)
>> modparam("acc", "log_level", 1)
>> modparam("acc", "radius_flag", 1)
>> # -------------------------  request routing logic -------------------
>>
>> # main routing logic
>> alias=myhost
>> route{
>>
>>        # initial sanity checks -- messages with
>>        # max_forwards==0, or excessively long requests
>>
>>        if (!mf_process_maxfwd_header("10")) {
>>                sl_send_reply("483","Too Many Hops");
>>                break;
>>        };
>>        if (len_gt( max_len )) {
>>                sl_send_reply("513", "Message too big");
>>                break;
>>        };
>>
>>        # we record-route all messages -- to make sure that
>>        # subsequent messages will go through our proxy; that's
>>        # particularly good if upstream and downstream entities
>>        # use different transport protocol
>>
>>
>>        record_route();
>> #       if (loose_route()) {
>> #               t_relay();
>> #               break;
>> #       };
>> #
>>        # if the request is for other domain use UsrLoc
>>        # (in case, it does not work, use the following command
>>        # with proper names and addresses in it)
>>        if (uri=~"myhost") {
>>
>> if (method=="REGISTER") {
>> log(1, "REGISTER: Authenticating user\n");
>>
>>                if (!radius_www_authorize("")) {
>>                        log(1, "REGISTER: challenging user\n");
>>                        www_challenge("", "1");
>>                        break;
>>                };
>>                save("location");
>>                break;
>>        };
>>
>>
>>
>>        if (method=="INVITE") {
>>
>>                log(1, "INVITE\n");
>>                setflag(1); /* set for accounting (the same value as in
>>        log_flag!) */
>>        };
>>
>>        if (method=="MESSAGE") {
>>                log(1, "MESSAGE\n");
>>                setflag(1); /* set for accounting (the same value as in
>>        log_flag!) */
>>        };
>>
>>        if (method=="BYE" || method=="CANCEL") {
>>                log (1, "BYE or CANCEL\n");
>>                setflag(1);
>>
>>
>>        };
>>
>>                # native SIP destinations are handled using our USRLOC DB
>>                if (!lookup("location")) {
>>                        sl_send_reply("404", "Not Found");
>>                        break;
>>                };
>>        #};
>>        # forward to current uri now; use stateful forwarding; that
>>        # works reliably even if we forward from TCP to UDP
>>        if (!t_relay()) {
>>                sl_reply_error();
>>        };
>>
>> };
>> }
>> -------------------------------------------end---------------------------------------------------------- 
>>
>>
>> i dunno what is wrong here..if you need any other config files to 
>> help me out please let me know
>> regards,
>> Madan
>>
>> _______________________________________________
>> Serusers mailing list
>> serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
>>
>
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>



.

More information about the sr-users mailing list