[Serusers] radius error

Daniel-Constantin Mierla Daniel-Constantin.Mierla at fokus.fraunhofer.de
Fri Aug 8 12:04:16 CEST 2003


Unfortunately I haven't played too much with atuh_radius and FreeRADIUS 
with digest authentication. Seems that what I could help you already know.

Try to add next line in dictionary file (if you didn't):

VALUE   Auth-Type  DIGEST  1050

(or any other value instead of 1050 if it isn't already used).
That's all I can say ... maybe someone else on the list can tell more.

.Daniel

Madan wrote:

> i already have that part in my radiusd.conf
>
> i believe the following radius message is something to do with 
> dictionary part
>
> "No authenticate method (Auth-Type) configuration found for the 
> request: Rejecting the user"
>
> i would really appreciate if you can help me getting this up and running
>
> regards,
> Madan
>
>
>
> Daniel-Constantin Mierla wrote:
>
>> hello,
>> try to put in radiusd.conf in authenticate section:
>>
>> Auth-Type DIGEST {
>>        digest
>> }
>>
>> instead of "digest" if you didn't try it already.
>>
>> Daniel
>>
>>
>> Madan wrote:
>>
>>> Hi Daniel
>>> Yes- I have configured freeradius to use rlm_digest and as per your 
>>> advice i did nt load the auth_db module and also auth module was 
>>> placed before auth_radius
>>>
>>> Yes- my raddb/users file contains Auth-Type for Digest
>>>
>>> test    Auth-Type := Digest, User-Password = "test"
>>>       Reply-Message = "Hello, test with digest"
>>>
>>>
>>> but this does nt seems to help me
>>>
>>> regards,
>>> Madan
>>>
>>> I forgot to tell you -- for each user you want to authenticate with 
>>> digest the Auth-Type must be set to DIGEST (in users database of 
>>> radius server).
>>>
>>> Daniel
>>>
>>> Daniel-Constantin Mierla wrote:
>>>
>>>> Hello,
>>>> have you set up FreeRADIUS to load digest authentication module 
>>>> (rlm_digest)? You should have uncommented some lines in 
>>>> radiusd.conf (see comments in that file).
>>>>
>>>> If you use RADIUS authentication module the auth_db may be useless 
>>>> and is better to load auth module prior to auth_radius.
>>>>
>>>> Daniel
>>>>
>>>> Madan wrote:
>>>>
>>>>> hi
>>>>> i have installed ser with  acc/mysql/radius module
>>>>> while registering a user 'm getting the following error message
>>>>>
>>>>> can somebody please point me as to what is wrong and where
>>>>>
>>>>> rad_recv: Access-Request packet from host myhost:33532, id=69, 
>>>>> length=294
>>>>> Thread 3 assigned request 2
>>>>> Waking up in 2 seconds...
>>>>> Thread 3 handling request 2, (1 handled so far)
>>>>>        User-Name = "sip:test at myhost"
>>>>>        Digest-Attributes = "\n\034sip:test at myhost"
>>>>>        Digest-Attributes = "\001\023myhost"
>>>>>        Digest-Attributes = 
>>>>> "\002*3f338410ec3d4e634e2883b85928416ef3c364e5"
>>>>>        Digest-Attributes = "\004\027sip:myhost"
>>>>>        Digest-Attributes = "\003\nREGISTER"
>>>>>        Digest-Attributes = "\005\006auth"
>>>>>        Digest-Attributes = "\t\n00000001"
>>>>>        Digest-Attributes = "\010"34555301336645129540719731434531"
>>>>>        Digest-Response = "acdd6400b4c16da2a04f85334d871415"
>>>>>        Service-Type = IAPP-Register
>>>>>        SIP-URI-User = "test"
>>>>>        NAS-IP-Address = 127.0.0.1
>>>>>        NAS-Port = 5060
>>>>> auth: No authenticate method (Auth-Type) configuration found for 
>>>>> the request: Rejecting the user
>>>>> auth: Failed to validate the user.
>>>>> Delaying request 2 for 1 seconds
>>>>> Finished request 2
>>>>>
>>>>> FYI-
>>>>> OS- RH 7.2
>>>>> SER- latest from cvs with acc/mysql and radius
>>>>> RADIUS- freeradius
>>>>> ------------------------------------ser.cfg--------------------------------- 
>>>>>
>>>>> #
>>>>> # $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $
>>>>> #
>>>>> # simple quick-start config script
>>>>> #
>>>>>
>>>>> # ----------- global configuration parameters 
>>>>> ------------------------
>>>>>
>>>>> debug=3         # debug level (cmd line: -dddddddddd)
>>>>> fork=no
>>>>> log_stderror=yes        # (cmd line: -E)
>>>>>
>>>>> /* Uncomment these lines to enter debugging mode
>>>>> debug=7
>>>>> fork=no
>>>>> log_stderror=yes
>>>>> */
>>>>>
>>>>> check_via=no    # (cmd. line: -v)
>>>>> dns=no           # (cmd. line: -r)
>>>>> rev_dns=no      # (cmd. line: -R)
>>>>> port=5060
>>>>> children=4
>>>>> fifo="/tmp/ser_fifo"
>>>>> mhomed=yes
>>>>> listen=myhost
>>>>> # ------------------ module loading 
>>>>> ----------------------------------
>>>>>
>>>>> # Uncomment this if you want to use SQL database
>>>>>
>>>>> loadmodule "/usr/local/lib/ser/modules/mysql.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/sl.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/tm.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/rr.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/registrar.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/uri.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/auth.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/auth_db.so"
>>>>> loadmodule "/usr/local/lib/ser/modules/acc.so"
>>>>>
>>>>> modparam("usrloc", "db_mode", 1)
>>>>> modparam("auth_radius", 
>>>>> "radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
>>>>>
>>>>> # -- rr params --
>>>>> # add value to ;lr param to make some broken UAs happy
>>>>> modparam("rr", "enable_full_lr", 1)
>>>>> modparam("acc", "log_level", 1)
>>>>> modparam("acc", "radius_flag", 1)
>>>>> # -------------------------  request routing logic 
>>>>> -------------------
>>>>>
>>>>> # main routing logic
>>>>> alias=myhost
>>>>> route{
>>>>>
>>>>>        # initial sanity checks -- messages with
>>>>>        # max_forwards==0, or excessively long requests
>>>>>
>>>>>        if (!mf_process_maxfwd_header("10")) {
>>>>>                sl_send_reply("483","Too Many Hops");
>>>>>                break;
>>>>>        };
>>>>>        if (len_gt( max_len )) {
>>>>>                sl_send_reply("513", "Message too big");
>>>>>                break;
>>>>>        };
>>>>>
>>>>>        # we record-route all messages -- to make sure that
>>>>>        # subsequent messages will go through our proxy; that's
>>>>>        # particularly good if upstream and downstream entities
>>>>>        # use different transport protocol
>>>>>
>>>>>
>>>>>        record_route();
>>>>> #       if (loose_route()) {
>>>>> #               t_relay();
>>>>> #               break;
>>>>> #       };
>>>>> #
>>>>>        # if the request is for other domain use UsrLoc
>>>>>        # (in case, it does not work, use the following command
>>>>>        # with proper names and addresses in it)
>>>>>        if (uri=~"myhost") {
>>>>>
>>>>> if (method=="REGISTER") {
>>>>> log(1, "REGISTER: Authenticating user\n");
>>>>>
>>>>>                if (!radius_www_authorize("")) {
>>>>>                        log(1, "REGISTER: challenging user\n");
>>>>>                        www_challenge("", "1");
>>>>>                        break;
>>>>>                };
>>>>>                save("location");
>>>>>                break;
>>>>>        };
>>>>>
>>>>>
>>>>>
>>>>>        if (method=="INVITE") {
>>>>>
>>>>>                log(1, "INVITE\n");
>>>>>                setflag(1); /* set for accounting (the same value 
>>>>> as in
>>>>>        log_flag!) */
>>>>>        };
>>>>>
>>>>>        if (method=="MESSAGE") {
>>>>>                log(1, "MESSAGE\n");
>>>>>                setflag(1); /* set for accounting (the same value 
>>>>> as in
>>>>>        log_flag!) */
>>>>>        };
>>>>>
>>>>>        if (method=="BYE" || method=="CANCEL") {
>>>>>                log (1, "BYE or CANCEL\n");
>>>>>                setflag(1);
>>>>>
>>>>>
>>>>>        };
>>>>>
>>>>>                # native SIP destinations are handled using our 
>>>>> USRLOC DB
>>>>>                if (!lookup("location")) {
>>>>>                        sl_send_reply("404", "Not Found");
>>>>>                        break;
>>>>>                };
>>>>>        #};
>>>>>        # forward to current uri now; use stateful forwarding; that
>>>>>        # works reliably even if we forward from TCP to UDP
>>>>>        if (!t_relay()) {
>>>>>                sl_reply_error();
>>>>>        };
>>>>>
>>>>> };
>>>>> }
>>>>> -------------------------------------------end---------------------------------------------------------- 
>>>>>
>>>>>
>>>>> i dunno what is wrong here..if you need any other config files to 
>>>>> help me out please let me know
>>>>> regards,
>>>>> Madan
>>>>>
>>>>> _______________________________________________
>>>>> Serusers mailing list
>>>>> serusers at lists.iptel.org
>>>>> http://lists.iptel.org/mailman/listinfo/serusers
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Serusers mailing list
>>>> serusers at lists.iptel.org
>>>> http://lists.iptel.org/mailman/listinfo/serusers
>>>>
>>>
>>>
>>>
>>> .
>>>
>>>
>>>
>>> _______________________________________________
>>> Serusers mailing list
>>> serusers at lists.iptel.org
>>> http://lists.iptel.org/mailman/listinfo/serusers
>>>
>>
>>
>>
>> .
>>
>
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>





More information about the sr-users mailing list