[Serusers] radius error
Daniel-Constantin Mierla
Daniel-Constantin.Mierla at fokus.fraunhofer.de
Fri Aug 8 12:04:16 CEST 2003
Unfortunately I haven't played too much with atuh_radius and FreeRADIUS
with digest authentication. Seems that what I could help you already know.
Try to add next line in dictionary file (if you didn't):
VALUE Auth-Type DIGEST 1050
(or any other value instead of 1050 if it isn't already used).
That's all I can say ... maybe someone else on the list can tell more.
.Daniel
Madan wrote:
> i already have that part in my radiusd.conf
>
> i believe the following radius message is something to do with
> dictionary part
>
> "No authenticate method (Auth-Type) configuration found for the
> request: Rejecting the user"
>
> i would really appreciate if you can help me getting this up and running
>
> regards,
> Madan
>
>
>
> Daniel-Constantin Mierla wrote:
>
>> hello,
>> try to put in radiusd.conf in authenticate section:
>>
>> Auth-Type DIGEST {
>> digest
>> }
>>
>> instead of "digest" if you didn't try it already.
>>
>> Daniel
>>
>>
>> Madan wrote:
>>
>>> Hi Daniel
>>> Yes- I have configured freeradius to use rlm_digest and as per your
>>> advice i did nt load the auth_db module and also auth module was
>>> placed before auth_radius
>>>
>>> Yes- my raddb/users file contains Auth-Type for Digest
>>>
>>> test Auth-Type := Digest, User-Password = "test"
>>> Reply-Message = "Hello, test with digest"
>>>
>>>
>>> but this does nt seems to help me
>>>
>>> regards,
>>> Madan
>>>
>>> I forgot to tell you -- for each user you want to authenticate with
>>> digest the Auth-Type must be set to DIGEST (in users database of
>>> radius server).
>>>
>>> Daniel
>>>
>>> Daniel-Constantin Mierla wrote:
>>>
>>>> Hello,
>>>> have you set up FreeRADIUS to load digest authentication module
>>>> (rlm_digest)? You should have uncommented some lines in
>>>> radiusd.conf (see comments in that file).
>>>>
>>>> If you use RADIUS authentication module the auth_db may be useless
>>>> and is better to load auth module prior to auth_radius.
>>>>
>>>> Daniel
>>>>
>>>> Madan wrote:
>>>>
>>>>> hi
>>>>> i have installed ser with acc/mysql/radius module
>>>>> while registering a user 'm getting the following error message
>>>>>
>>>>> can somebody please point me as to what is wrong and where
>>>>>
>>>>> rad_recv: Access-Request packet from host myhost:33532, id=69,
>>>>> length=294
>>>>> Thread 3 assigned request 2
>>>>> Waking up in 2 seconds...
>>>>> Thread 3 handling request 2, (1 handled so far)
>>>>> User-Name = "sip:test at myhost"
>>>>> Digest-Attributes = "\n\034sip:test at myhost"
>>>>> Digest-Attributes = "\001\023myhost"
>>>>> Digest-Attributes =
>>>>> "\002*3f338410ec3d4e634e2883b85928416ef3c364e5"
>>>>> Digest-Attributes = "\004\027sip:myhost"
>>>>> Digest-Attributes = "\003\nREGISTER"
>>>>> Digest-Attributes = "\005\006auth"
>>>>> Digest-Attributes = "\t\n00000001"
>>>>> Digest-Attributes = "\010"34555301336645129540719731434531"
>>>>> Digest-Response = "acdd6400b4c16da2a04f85334d871415"
>>>>> Service-Type = IAPP-Register
>>>>> SIP-URI-User = "test"
>>>>> NAS-IP-Address = 127.0.0.1
>>>>> NAS-Port = 5060
>>>>> auth: No authenticate method (Auth-Type) configuration found for
>>>>> the request: Rejecting the user
>>>>> auth: Failed to validate the user.
>>>>> Delaying request 2 for 1 seconds
>>>>> Finished request 2
>>>>>
>>>>> FYI-
>>>>> OS- RH 7.2
>>>>> SER- latest from cvs with acc/mysql and radius
>>>>> RADIUS- freeradius
>>>>> ------------------------------------ser.cfg---------------------------------
>>>>>
>>>>> #
>>>>> # $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $
>>>>> #
>>>>> # simple quick-start config script
>>>>> #
>>>>>
>>>>> # ----------- global configuration parameters
>>>>> ------------------------
>>>>>
>>>>> debug=3 # debug level (cmd line: -dddddddddd)
>>>>> fork=no
>>>>> log_stderror=yes # (cmd line: -E)
>>>>>
>>>>> /* Uncomment these lines to enter debugging mode
>>>>> debug=7
>>>>> fork=no
>>>>> log_stderror=yes
>>>>> */
>>>>>
>>>>> check_via=no # (cmd. line: -v)
>>>>> dns=no # (cmd. line: -r)
>>>>> rev_dns=no # (cmd. line: -R)
>>>>> port=5060
>>>>> children=4
>>>>> fifo="/tmp/ser_fifo"
>>>>> mhomed=yes
>>>>> listen=myhost
>>>>> # ------------------ module loading
>>>>> ----------------------------------
>>>>>
>>>>> # Uncomment this if you want to use SQL database
>>>>>
>>>>> loadmodule "/usr/local/lib/ser/modules/mysql.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/sl.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/tm.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/rr.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/registrar.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/uri.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/auth.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/auth_db.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/acc.so"
>>>>>
>>>>> modparam("usrloc", "db_mode", 1)
>>>>> modparam("auth_radius",
>>>>> "radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
>>>>>
>>>>> # -- rr params --
>>>>> # add value to ;lr param to make some broken UAs happy
>>>>> modparam("rr", "enable_full_lr", 1)
>>>>> modparam("acc", "log_level", 1)
>>>>> modparam("acc", "radius_flag", 1)
>>>>> # ------------------------- request routing logic
>>>>> -------------------
>>>>>
>>>>> # main routing logic
>>>>> alias=myhost
>>>>> route{
>>>>>
>>>>> # initial sanity checks -- messages with
>>>>> # max_forwards==0, or excessively long requests
>>>>>
>>>>> if (!mf_process_maxfwd_header("10")) {
>>>>> sl_send_reply("483","Too Many Hops");
>>>>> break;
>>>>> };
>>>>> if (len_gt( max_len )) {
>>>>> sl_send_reply("513", "Message too big");
>>>>> break;
>>>>> };
>>>>>
>>>>> # we record-route all messages -- to make sure that
>>>>> # subsequent messages will go through our proxy; that's
>>>>> # particularly good if upstream and downstream entities
>>>>> # use different transport protocol
>>>>>
>>>>>
>>>>> record_route();
>>>>> # if (loose_route()) {
>>>>> # t_relay();
>>>>> # break;
>>>>> # };
>>>>> #
>>>>> # if the request is for other domain use UsrLoc
>>>>> # (in case, it does not work, use the following command
>>>>> # with proper names and addresses in it)
>>>>> if (uri=~"myhost") {
>>>>>
>>>>> if (method=="REGISTER") {
>>>>> log(1, "REGISTER: Authenticating user\n");
>>>>>
>>>>> if (!radius_www_authorize("")) {
>>>>> log(1, "REGISTER: challenging user\n");
>>>>> www_challenge("", "1");
>>>>> break;
>>>>> };
>>>>> save("location");
>>>>> break;
>>>>> };
>>>>>
>>>>>
>>>>>
>>>>> if (method=="INVITE") {
>>>>>
>>>>> log(1, "INVITE\n");
>>>>> setflag(1); /* set for accounting (the same value
>>>>> as in
>>>>> log_flag!) */
>>>>> };
>>>>>
>>>>> if (method=="MESSAGE") {
>>>>> log(1, "MESSAGE\n");
>>>>> setflag(1); /* set for accounting (the same value
>>>>> as in
>>>>> log_flag!) */
>>>>> };
>>>>>
>>>>> if (method=="BYE" || method=="CANCEL") {
>>>>> log (1, "BYE or CANCEL\n");
>>>>> setflag(1);
>>>>>
>>>>>
>>>>> };
>>>>>
>>>>> # native SIP destinations are handled using our
>>>>> USRLOC DB
>>>>> if (!lookup("location")) {
>>>>> sl_send_reply("404", "Not Found");
>>>>> break;
>>>>> };
>>>>> #};
>>>>> # forward to current uri now; use stateful forwarding; that
>>>>> # works reliably even if we forward from TCP to UDP
>>>>> if (!t_relay()) {
>>>>> sl_reply_error();
>>>>> };
>>>>>
>>>>> };
>>>>> }
>>>>> -------------------------------------------end----------------------------------------------------------
>>>>>
>>>>>
>>>>> i dunno what is wrong here..if you need any other config files to
>>>>> help me out please let me know
>>>>> regards,
>>>>> Madan
>>>>>
>>>>> _______________________________________________
>>>>> Serusers mailing list
>>>>> serusers at lists.iptel.org
>>>>> http://lists.iptel.org/mailman/listinfo/serusers
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Serusers mailing list
>>>> serusers at lists.iptel.org
>>>> http://lists.iptel.org/mailman/listinfo/serusers
>>>>
>>>
>>>
>>>
>>> .
>>>
>>>
>>>
>>> _______________________________________________
>>> Serusers mailing list
>>> serusers at lists.iptel.org
>>> http://lists.iptel.org/mailman/listinfo/serusers
>>>
>>
>>
>>
>> .
>>
>
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
More information about the sr-users
mailing list