[Serusers] radius error

Madan madan.r at net4india.net
Fri Aug 8 11:51:58 CEST 2003


i already have that part in my radiusd.conf

i believe the following radius message is something to do with 
dictionary part

"No authenticate method (Auth-Type) configuration found for the request: 
Rejecting the user"

i would really appreciate if you can help me getting this up and running

regards,
Madan



Daniel-Constantin Mierla wrote:

> hello,
> try to put in radiusd.conf in authenticate section:
>
> Auth-Type DIGEST {
>        digest
> }
>
> instead of "digest" if you didn't try it already.
>
> Daniel
>
>
> Madan wrote:
>
>> Hi Daniel
>> Yes- I have configured freeradius to use rlm_digest and as per your 
>> advice i did nt load the auth_db module and also auth module was 
>> placed before auth_radius
>>
>> Yes- my raddb/users file contains Auth-Type for Digest
>>
>> test    Auth-Type := Digest, User-Password = "test"
>>       Reply-Message = "Hello, test with digest"
>>
>>
>> but this does nt seems to help me
>>
>> regards,
>> Madan
>>
>> I forgot to tell you -- for each user you want to authenticate with 
>> digest the Auth-Type must be set to DIGEST (in users database of 
>> radius server).
>>
>> Daniel
>>
>> Daniel-Constantin Mierla wrote:
>>
>>> Hello,
>>> have you set up FreeRADIUS to load digest authentication module 
>>> (rlm_digest)? You should have uncommented some lines in radiusd.conf 
>>> (see comments in that file).
>>>
>>> If you use RADIUS authentication module the auth_db may be useless 
>>> and is better to load auth module prior to auth_radius.
>>>
>>> Daniel
>>>
>>> Madan wrote:
>>>
>>>> hi
>>>> i have installed ser with  acc/mysql/radius module
>>>> while registering a user 'm getting the following error message
>>>>
>>>> can somebody please point me as to what is wrong and where
>>>>
>>>> rad_recv: Access-Request packet from host myhost:33532, id=69, 
>>>> length=294
>>>> Thread 3 assigned request 2
>>>> Waking up in 2 seconds...
>>>> Thread 3 handling request 2, (1 handled so far)
>>>>        User-Name = "sip:test at myhost"
>>>>        Digest-Attributes = "\n\034sip:test at myhost"
>>>>        Digest-Attributes = "\001\023myhost"
>>>>        Digest-Attributes = 
>>>> "\002*3f338410ec3d4e634e2883b85928416ef3c364e5"
>>>>        Digest-Attributes = "\004\027sip:myhost"
>>>>        Digest-Attributes = "\003\nREGISTER"
>>>>        Digest-Attributes = "\005\006auth"
>>>>        Digest-Attributes = "\t\n00000001"
>>>>        Digest-Attributes = "\010"34555301336645129540719731434531"
>>>>        Digest-Response = "acdd6400b4c16da2a04f85334d871415"
>>>>        Service-Type = IAPP-Register
>>>>        SIP-URI-User = "test"
>>>>        NAS-IP-Address = 127.0.0.1
>>>>        NAS-Port = 5060
>>>> auth: No authenticate method (Auth-Type) configuration found for 
>>>> the request: Rejecting the user
>>>> auth: Failed to validate the user.
>>>> Delaying request 2 for 1 seconds
>>>> Finished request 2
>>>>
>>>> FYI-
>>>> OS- RH 7.2
>>>> SER- latest from cvs with acc/mysql and radius
>>>> RADIUS- freeradius
>>>> ------------------------------------ser.cfg--------------------------------- 
>>>>
>>>> #
>>>> # $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $
>>>> #
>>>> # simple quick-start config script
>>>> #
>>>>
>>>> # ----------- global configuration parameters ------------------------
>>>>
>>>> debug=3         # debug level (cmd line: -dddddddddd)
>>>> fork=no
>>>> log_stderror=yes        # (cmd line: -E)
>>>>
>>>> /* Uncomment these lines to enter debugging mode
>>>> debug=7
>>>> fork=no
>>>> log_stderror=yes
>>>> */
>>>>
>>>> check_via=no    # (cmd. line: -v)
>>>> dns=no           # (cmd. line: -r)
>>>> rev_dns=no      # (cmd. line: -R)
>>>> port=5060
>>>> children=4
>>>> fifo="/tmp/ser_fifo"
>>>> mhomed=yes
>>>> listen=myhost
>>>> # ------------------ module loading ----------------------------------
>>>>
>>>> # Uncomment this if you want to use SQL database
>>>>
>>>> loadmodule "/usr/local/lib/ser/modules/mysql.so"
>>>> loadmodule "/usr/local/lib/ser/modules/sl.so"
>>>> loadmodule "/usr/local/lib/ser/modules/tm.so"
>>>> loadmodule "/usr/local/lib/ser/modules/rr.so"
>>>> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
>>>> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
>>>> loadmodule "/usr/local/lib/ser/modules/registrar.so"
>>>> loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
>>>> loadmodule "/usr/local/lib/ser/modules/uri.so"
>>>> loadmodule "/usr/local/lib/ser/modules/auth.so"
>>>> loadmodule "/usr/local/lib/ser/modules/auth_db.so"
>>>> loadmodule "/usr/local/lib/ser/modules/acc.so"
>>>>
>>>> modparam("usrloc", "db_mode", 1)
>>>> modparam("auth_radius", 
>>>> "radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
>>>>
>>>> # -- rr params --
>>>> # add value to ;lr param to make some broken UAs happy
>>>> modparam("rr", "enable_full_lr", 1)
>>>> modparam("acc", "log_level", 1)
>>>> modparam("acc", "radius_flag", 1)
>>>> # -------------------------  request routing logic -------------------
>>>>
>>>> # main routing logic
>>>> alias=myhost
>>>> route{
>>>>
>>>>        # initial sanity checks -- messages with
>>>>        # max_forwards==0, or excessively long requests
>>>>
>>>>        if (!mf_process_maxfwd_header("10")) {
>>>>                sl_send_reply("483","Too Many Hops");
>>>>                break;
>>>>        };
>>>>        if (len_gt( max_len )) {
>>>>                sl_send_reply("513", "Message too big");
>>>>                break;
>>>>        };
>>>>
>>>>        # we record-route all messages -- to make sure that
>>>>        # subsequent messages will go through our proxy; that's
>>>>        # particularly good if upstream and downstream entities
>>>>        # use different transport protocol
>>>>
>>>>
>>>>        record_route();
>>>> #       if (loose_route()) {
>>>> #               t_relay();
>>>> #               break;
>>>> #       };
>>>> #
>>>>        # if the request is for other domain use UsrLoc
>>>>        # (in case, it does not work, use the following command
>>>>        # with proper names and addresses in it)
>>>>        if (uri=~"myhost") {
>>>>
>>>> if (method=="REGISTER") {
>>>> log(1, "REGISTER: Authenticating user\n");
>>>>
>>>>                if (!radius_www_authorize("")) {
>>>>                        log(1, "REGISTER: challenging user\n");
>>>>                        www_challenge("", "1");
>>>>                        break;
>>>>                };
>>>>                save("location");
>>>>                break;
>>>>        };
>>>>
>>>>
>>>>
>>>>        if (method=="INVITE") {
>>>>
>>>>                log(1, "INVITE\n");
>>>>                setflag(1); /* set for accounting (the same value as in
>>>>        log_flag!) */
>>>>        };
>>>>
>>>>        if (method=="MESSAGE") {
>>>>                log(1, "MESSAGE\n");
>>>>                setflag(1); /* set for accounting (the same value as in
>>>>        log_flag!) */
>>>>        };
>>>>
>>>>        if (method=="BYE" || method=="CANCEL") {
>>>>                log (1, "BYE or CANCEL\n");
>>>>                setflag(1);
>>>>
>>>>
>>>>        };
>>>>
>>>>                # native SIP destinations are handled using our 
>>>> USRLOC DB
>>>>                if (!lookup("location")) {
>>>>                        sl_send_reply("404", "Not Found");
>>>>                        break;
>>>>                };
>>>>        #};
>>>>        # forward to current uri now; use stateful forwarding; that
>>>>        # works reliably even if we forward from TCP to UDP
>>>>        if (!t_relay()) {
>>>>                sl_reply_error();
>>>>        };
>>>>
>>>> };
>>>> }
>>>> -------------------------------------------end---------------------------------------------------------- 
>>>>
>>>>
>>>> i dunno what is wrong here..if you need any other config files to 
>>>> help me out please let me know
>>>> regards,
>>>> Madan
>>>>
>>>> _______________________________________________
>>>> Serusers mailing list
>>>> serusers at lists.iptel.org
>>>> http://lists.iptel.org/mailman/listinfo/serusers
>>>>
>>>
>>>
>>> _______________________________________________
>>> Serusers mailing list
>>> serusers at lists.iptel.org
>>> http://lists.iptel.org/mailman/listinfo/serusers
>>>
>>
>>
>>
>> .
>>
>>
>>
>> _______________________________________________
>> Serusers mailing list
>> serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
>>
>
>
>
> .
>





More information about the sr-users mailing list