[Serusers] radius logon problems

Jan Janak jan at iptel.org
Wed Oct 8 19:28:37 CEST 2003


Does ser send any radius message when you try to authenticate ?

 Jan.

On 08-10 17:20, Floris Roset wrote:
> Hello Jan,
> 
> Here are the logs and config.
> 
> I followed radius howto to configure everything. When
> I use radclient to test it, freeradius server works
> fine. It seems a problem with SER finding credentials
> for the realm. There is no connection between ser and
> freeradius.
> 
> I am running ser and freeradius on the same machine. I
> have compiled ser with the last version of sterman.c
> as I saw some email saying to do that.  
> 
> thanks a lot,
> 
> =========================
> LOG FREERADIUS
> 
> Module: Instantiated radutmp (radutmp)
> Listening on IP address 10.0.0.32, ports 1812/udp and
> 1813/udp, with proxy on 18
> 14/udp.
> Ready to process requests.
> 
> 
> =========================
> ngrep 
> 
> U 10.0.0.32:5060 -> 10.0.0.33:5060
>   SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
> 10.0.0.33..CSeq: 2017 REGISTER..To: "Floris"
> <sip:test at pildo.com>;tag=2f8a75b
>   015520947f50ab939181a7caf.46af..From: "Floris"
> <sip:test at pildo.com>..Call-ID:
> 789921619 at 10.0.0.33..WWW-Authenticate: Dig
>   est realm="pildo.com",
> nonce="3f8484d3c58cba0a3540edd7c338d99284aa37ab"..Server:
> Sip EXpress router (0.8.11 (i386/linux)
>   )..Content-Length: 0..Warning: 392 10.0.0.32:5060
> "Noisy feedback tells:  pid=2315 req_src_ip=10.0.0.33
> req_src_port=328
>   01 in_uri=sip:pildo.com out_uri=sip:pildo.com
> via_cnt==1"....
> #
> U 10.0.0.33:32801 -> 10.0.0.32:5060
>   REGISTER sip:pildo.com SIP/2.0..Via: SIP/2.0/UDP
> 10.0.0.33..CSeq: 2018 REGISTER..To: "Floris"
> <sip:test at pildo.com>..Auth
>   orization: Digest username="test",
> realm="pildo.com",
> nonce="3f8484d3c58cba0a3540edd7c338d99284aa37ab",
> uri="sip:10.0.0.
>   32", cnonce="abcdefghi", nc=00000001,
> response="89fc4a2cfb0076a1a385104ae299f1f2",
> opaque=""..Expires: 900..From: "Flori
>   s" <sip:test at pildo.com>..Call-ID:
> 789921619 at 10.0.0.33..Content-Length: 0..User-Agent:
> KPhone/3.12..Event: registration..
>   Allow-Events: presence..Contact: "root"
> <sip:root at 10.0.0.33;transport=udp>;q=0.0;methods="INVITE,
> MESSAGE, INFO, SUBSCRI
>   BE, OPTIONS, BYE, CANCEL, NOTIFY, ACK"....
> #
> U 10.0.0.32:5060 -> 10.0.0.33:5060
>   SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
> 10.0.0.33..CSeq: 2018 REGISTER..To: "Floris"
> <sip:test at pildo.com>;tag=2f8a75b
>   015520947f50ab939181a7caf.46af..From: "Floris"
> <sip:test at pildo.com>..Call-ID:
> 789921619 at 10.0.0.33..WWW-Authenticate: Dig
>   est realm="pildo.com",
> nonce="3f8484d7858c9c70569404a8a5a087ab8501e663"..Server:
> Sip EXpress router (0.8.11 (i386/linux)
>   )..Content-Length: 0..Warning: 392 10.0.0.32:5060
> "Noisy feedback tells:  pid=2315 req_src_ip=10.0.0.33
> req_src_port=328
>   01 in_uri=sip:pildo.com out_uri=sip:pildo.com
> via_cnt==1"....
> 
> ===============================
> 
>  --- Jan Janak <jan at iptel.org> wrote: > Hello,
> > 
> > check out radius howto --
> > http://iptel.org/ser/ser_radius.html
> > 
> > If that doesn't help to fix your problems then
> > please send us complete
> > description, possibly including message dumps and
> > your config file.
> >   
> >   Jan.
> > 
> > On 08-10 15:19, Floris Roset wrote:
> > > Hi,
> > >  
> > > I wonder if there has been an answer to the email
> > below. I do have the same problem.
> > >  
> > > thanks
> > > _______________________________________________
> > >  
> > > Radius logon problems
> > >  
> > > Jiri Kuthan jiri at iptel.org 
> > > Sat Sep 6 11:40:03 CEST 2003 
> > > 
> > > 
> > >    Previous message: [Serusers] Radius logon
> > problems 
> > >    Next message: [Serusers] sip_msg_cloner 
> > >    Messages sorted by: [ date ] [ thread ] [
> > subject ] [ author ] 
> > > 
> > > ---------------------------------
> > > 
> > > Joseph, can you send us perhaps the SIP messages
> > (ngrepped, etc.)?It is hard to guess what happens
> > otherwise.-jiriAt 08:33 AM 9/6/2003, Jan Janak
> > wrote:>Hello,>>On 06-09 00:25, Jiri Kuthan wrote:>> 
> > From these logs:>> >> 10(28016) pre_auth():
> > Credentials with given realm not found>> 10(28016)
> > REGISTER: challenging user>> 10(28016)
> > build_auth_hf(): 'WWW-Authenticate: Digest
> > realm="ford.com",
> > nonce="3f578eaee00b29a57d6fb234024d112ecf485627">> 
> > "Credentials with given realm not found" means that
> > the server received>  a SIP message that contained
> > no credentials with given realm (ford.com>  in this
> > case). >  >> I infer that the radius database
> > includes no user identified by>> the username in
> > question and domain "ford.com".>>  No, it didn't
> > make any request to the radius server in this case> 
> > because it was unable to find proper credentials in
> > the SIP message.>>  
> >
> Jan.>>_______________________________________________>Serusers
> > mailing list>Serusers at
> > > 
> >
> iptel.org>http://lists.iptel.org/mailman/listinfo/serusers--Jiri
> > Kuthan            http://iptel.org/~jiri/ 
> > > 
> > > 
> > > 
> > > 
> > > ---------------------------------
> > > Want to chat instantly with your online
> > friends? Get the FREE Yahoo!Messenger
> > > _______________________________________________
> > > Serusers mailing list
> > > serusers at lists.iptel.org
> > > http://lists.iptel.org/mailman/listinfo/serusers
> >  
> 
> ________________________________________________________________________
> Want to chat instantly with your online friends?  Get the FREE Yahoo!
> Messenger http://mail.messenger.yahoo.co.uk
Content-Description: log-kphone.txt
> SipClient: Listening UDP on port: 5060
> SipClient: Our address: 10.0.0.33
>                                                                                 
> [root at justino root]# kphone
> Found 2 interfaces.
> SipClient: Listening UDP on port: 5060
> SipClient: Our address: 10.0.0.33
> SipRegister: Auth is '(null)'
> SipRegister: Proxy Auth is '(null)'
>                                                                                 
> SipClient: Sending: 17:39:20.210
> --------------------------------
> REGISTER sip:pildo.com SIP/2.0
> Via: SIP/2.0/UDP 10.0.0.33
> CSeq: 2017 REGISTER
> To: "Floris" <sip:test at pildo.com>
> Expires: 900
> From: "Floris" <sip:test at pildo.com>
> Call-ID: 789921619 at 10.0.0.33
> Content-Length: 0
> User-Agent: KPhone/3.12
> Event: registration
> Allow-Events: presence
> Contact: "root" <sip:root at 10.0.0.33;transport=udp>;q=0.0;methods="INVITE, MESSAGE, INFO, SUBSCRIBE, OPTIONS, BYE, CANCEL, NOTIFY, ACK"
>  
>  
> SipClient: Sending to '10.0.0.32:5060'
> SipClient: Receiving message...
>  
> SipClient: Received: 17:39:20.214
> ---------------------------------
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/UDP 10.0.0.33
> CSeq: 2017 REGISTER
> To: "Floris" <sip:test at pildo.com>;tag=2f8a75b015520947f50ab939181a7caf.46af
> From: "Floris" <sip:test at pildo.com>
> Call-ID: 789921619 at 10.0.0.33
> WWW-Authenticate: Digest realm="pildo.com", nonce="3f8484d3c58cba0a3540edd7c338d99284aa37ab"
> Server: Sip EXpress router (0.8.11 (i386/linux))
> Content-Length: 0
> Warning: 392 10.0.0.32:5060 "Noisy feedback tells:  pid=2315 req_src_ip=10.0.0.33 req_src_port=32801 in_uri=sip:pildo.com out_uri=sip:pildo.com via_cnt==1"
>  
>  
> SipCall: Incoming response
> SipTransaction: Incoming Response
> SipRegister: Authentication required
> WL: SipProtocol: HA1=ec19d9ff5db78198c7c75da0e41527af (test:pildo.com)
> SipProtocol: Digest calculated.
> SipRegister: Auth is 'Digest username="test", realm="pildo.com", nonce="3f8484d3c58cba0a3540edd7c338d99284aa37ab", uri="sip:10.0.0.32", cnonce="abcdefghi", nc=00000001, response="89fc4a2cfb0076a1a385104ae299f1f2", opaque=""'
> SipRegister: Proxy Auth is '(null)'
>  
> SipClient: Sending: 17:39:24.332
> --------------------------------
> REGISTER sip:pildo.com SIP/2.0
> Via: SIP/2.0/UDP 10.0.0.33
> CSeq: 2018 REGISTER
> To: "Floris" <sip:test at pildo.com>
> Authorization: Digest username="test", realm="pildo.com", nonce="3f8484d3c58cba0a3540edd7c338d99284aa37ab", uri="sip:10.0.0.32", cnonce="abcdefghi", nc=00000001, response="89fc4a2cfb0076a1a385104ae299f1f2", opaque=""
> Expires: 900
> From: "Floris" <sip:test at pildo.com>
> Call-ID: 789921619 at 10.0.0.33
> Content-Length: 0
> User-Agent: KPhone/3.12
> Event: registration
> Allow-Events: presence
> Contact: "root" <sip:root at 10.0.0.33;transport=udp>;q=0.0;methods="INVITE, MESSAGE, INFO, SUBSCRIBE, OPTIONS, BYE, CANCEL, NOTIFY, ACK"
>  
>  
> SipClient: Sending to '10.0.0.32:5060'
> SipClient: Receiving message...
>  
> SipClient: Received: 17:39:24.336
> ---------------------------------
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/UDP 10.0.0.33
> CSeq: 2018 REGISTER
> To: "Floris" <sip:test at pildo.com>;tag=2f8a75b015520947f50ab939181a7caf.46af
> From: "Floris" <sip:test at pildo.com>
> Call-ID: 789921619 at 10.0.0.33
> WWW-Authenticate: Digest realm="pildo.com", nonce="3f8484d7858c9c70569404a8a5a087ab8501e663"
> Server: Sip EXpress router (0.8.11 (i386/linux))
> Content-Length: 0
> Warning: 392 10.0.0.32:5060 "Noisy feedback tells:  pid=2315 req_src_ip=10.0.0.33 req_src_port=32801 in_uri=sip:pildo.com out_uri=sip:pildo.com via_cnt==1"
>  
>  
> SipCall: Incoming response
> SipTransaction: Incoming Response
>  
> 

Content-Description: log-ser.txt
> Listening on
>               10.0.0.32 [10.0.0.32]:5060
> WARNING: no fork mode
>  0(2315) DEBUG: init_mod: sl_module
> stateless - initializing
>  0(2315) DEBUG: register_fifo_cmd: new command (sl_stats) registered
>  0(2315) DEBUG: MD5 calculated: 2f8a75b015520947f50ab939181a7caf
>  0(2315) DEBUG: init_mod: tm
>  0(2315) TM - initializing...
>  0(2315) Call-ID initialization: '657fe6a7'
>  0(2315) DEBUG: register_fifo_cmd: new command (t_uac_dlg) registered
>  0(2315) DEBUG: register_fifo_cmd: new command (t_hash) registered
>  0(2315) DEBUG: lock_initialize: lock initialization started
>  0(2315) DEBUG: register_fifo_cmd: new command (t_stats) registered
>  0(2315) DEBUG: MD5 calculated: 614ce9f04536daa2eb03c7dbafc221ee
>  0(2315) DEBUG: MD5 calculated: f3105287012fae1d6536f5ac2d7e85bc
>  0(2315) DEBUG: init_mod: rr
>  0(2315) rr - initializing
>  0(2315) DEBUG: init_mod: maxfwd_module
> Maxfwd module- initializing
>  0(2315) DEBUG: init_mod: usrloc
>  0(2315) usrloc - initializing
>  0(2315) DEBUG: register_fifo_cmd: new command (ul_stats) registered
>  0(2315) DEBUG: register_fifo_cmd: new command (ul_rm) registered
>  0(2315) DEBUG: register_fifo_cmd: new command (ul_rm_contact) registered
>  0(2315) DEBUG: register_fifo_cmd: new command (ul_dump) registered
>  0(2315) DEBUG: register_fifo_cmd: new command (ul_flush) registered
>  0(2315) DEBUG: register_fifo_cmd: new command (ul_add) registered
>  0(2315) DEBUG: register_fifo_cmd: new command (ul_show_contact) registered
>  0(2315) DEBUG: init_mod: registrar
>  0(2315) registrar - initializing
>  0(2315) find_export: found <sl_send_reply> in module sl_module [/usr/local/lib/ser/modules/sl.so]
>  0(2315) find_export: found <~ul_register_udomain> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
>  0(2315) find_export: found <~ul_insert_urecord> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
>  0(2315) find_export: found <~ul_delete_urecord> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
>  0(2315) find_export: found <~ul_get_urecord> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
>  0(2315) find_export: found <~ul_lock_udomain> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
>  0(2315) find_export: found <~ul_unlock_udomain> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
>  0(2315) find_export: found <~ul_release_urecord> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
>  0(2315) find_export: found <~ul_insert_ucontact> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
>  0(2315) find_export: found <~ul_delete_ucontact> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
>  0(2315) find_export: found <~ul_get_ucontact> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
>  0(2315) find_export: found <~ul_update_ucontact> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
>  0(2315) DEBUG: init_mod: auth
>  0(2315) auth module - initializing
>  0(2315) find_export: found <sl_send_reply> in module sl_module [/usr/local/lib/ser/modules/sl.so]
>  0(2315) DEBUG: init_mod: auth_radius
>  0(2315) auth_radius - Initializing
>  0(2315) find_export: found <pre_auth> in module auth [/usr/local/lib/ser/modules/auth.so]
>  0(2315) find_export: found <post_auth> in module auth [/usr/local/lib/ser/modules/auth.so]
>  0(0) fixing /usr/local/lib/ser/modules/maxfwd.so mf_process_maxfwd_header
>  0(0) fixing /usr/local/lib/ser/modules/sl.so sl_send_reply
>  0(0) fixing /usr/local/lib/ser/modules/sl.so sl_send_reply
>  0(0) fixing /usr/local/lib/ser/modules/rr.so record_route
>  0(0) fixing /usr/local/lib/ser/modules/rr.so loose_route
>  0(0) fixing /usr/local/lib/ser/modules/tm.so t_relay
>  0(0) fixing /usr/local/lib/ser/modules/auth_radius.so radius_www_authorize
>  0(0) fixing /usr/local/lib/ser/modules/auth.so www_challenge
>  0(0) fixing /usr/local/lib/ser/modules/registrar.so save
>  0(0) fixing /usr/local/lib/ser/modules/registrar.so lookup
>  0(0) fixing /usr/local/lib/ser/modules/sl.so sl_send_reply
>  0(0) fixing /usr/local/lib/ser/modules/tm.so t_relay
>  0(0) fixing /usr/local/lib/ser/modules/sl.so sl_reply_error
>  0(0) INFO: udp_init: SO_RCVBUF is initially 65535
>  0(0) DEBUG: udp_init: trying SO_RCVBUF: 131070
>  0(0) DEBUG: setting SO_RCVBUF; set=131070,verify=131070
>  0(0) DEBUG: udp_init: trying SO_RCVBUF: 262140
>  0(0) DEBUG: setting SO_RCVBUF; set=262140,verify=131070
>  0(0) DEBUG: setting SO_RCVBUF has no effect
>  0(0) DEBUG: udp_init: trying SO_RCVBUF: 133118
>  0(0) DEBUG: setting SO_RCVBUF; set=133118,verify=131070
>  0(0) DEBUG: setting SO_RCVBUF has no effect
>  0(0) INFO: udp_init: SO_RCVBUF is finally 131070
>  1(0) DEBUG: init_mod_child (-1): tm
>  1(0) DEBUG: callid: '657fe6a7-0 at 10.0.0.32'
>  1(0) DEBUG: init_mod_child (-1): usrloc
>  1(2316) DBG: open_uac_fifo: opening fifo...
>  1(2316) DEBUG: fifo /tmp/ser_fifo opened, mode=438
>  2(0) INFO: fifo process starting: 2317
>  2(0) DEBUG: init_mod_child (-2): tm
>  2(0) DEBUG: callid: '657fe6a7-0 at 10.0.0.32'
>  2(0) DEBUG: init_mod_child (-2): usrloc
>  0(2315) DEBUG: init_mod_child (1): tm
>  0(2315) DEBUG: callid: '657fe6a7-2315 at 10.0.0.32'
>  0(2315) DEBUG: init_mod_child (1): usrloc
>  2(2317) SER: open_uac_fifo: fifo server up at /tmp/ser_fifo...
>  0(2315) SIP Request:
>  0(2315)  method:  <REGISTER>
>  0(2315)  uri:     <sip:pildo.com>
>  0(2315)  version: <SIP/2.0>
>  0(2315) parse_headers: flags=1
>  0(2315) end of header reached, state=2
>  0(2315) parse_headers: Via found, flags=1
>  0(2315) parse_headers: this is the first via
>  0(2315) After parse_msg...
>  0(2315) preparing to run routing scripts...
>  0(2315) DEBUG : is_maxfwd_present: searching for max_forwards header
>  0(2315) parse_headers: flags=128
>  0(2315) get_hdr_field: cseq <CSeq>: <2017> <REGISTER>
>  0(2315) end of header reached, state=9
>  0(2315) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test at pildo.com]
>  0(2315) DEBUG: to body ["Floris" <sip:test at pildo.com>
> ]
>  0(2315) DEBUG: get_hdr_body : content_length=0
>  0(2315) found end of header
>  0(2315) DEBUG: is_maxfwd_present: max_forwards header not found!
>  0(2315) end of header reached, state=9
>  0(2315) parse_headers: flags=256
>  0(2315) find_first_route(): No Route headers found
>  0(2315) loose_route(): There is no Route HF
>  0(2315) check_self - checking if host==us: 9==9 &&  [pildo.com] == [10.0.0.32]
>  0(2315) parse_headers: flags=4096
>  0(2315) pre_auth(): Credentials with given realm not found
>  0(2315) build_auth_hf(): 'WWW-Authenticate: Digest realm="pildo.com", nonce="3f8484d3c58cba0a3540edd7c338d99284aa37ab"
> '
>  0(2315) parse_headers: flags=-1
>  0(2315) check_via_address(10.0.0.33, 10.0.0.33, 0)
>  0(2315) receive_msg: cleaning up
>  0(2315) SIP Request:
>  0(2315)  method:  <REGISTER>
>  0(2315)  uri:     <sip:pildo.com>
>  0(2315)  version: <SIP/2.0>
>  0(2315) parse_headers: flags=1
>  0(2315) end of header reached, state=2
>  0(2315) parse_headers: Via found, flags=1
>  0(2315) parse_headers: this is the first via
>  0(2315) After parse_msg...
>  0(2315) preparing to run routing scripts...
>  0(2315) DEBUG : is_maxfwd_present: searching for max_forwards header
>  0(2315) parse_headers: flags=128
>  0(2315) get_hdr_field: cseq <CSeq>: <2018> <REGISTER>
>  0(2315) end of header reached, state=9
>  0(2315) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test at pildo.com]
>  0(2315) DEBUG: to body ["Floris" <sip:test at pildo.com>
> ]
>  0(2315) DEBUG: get_hdr_body : content_length=0
>  0(2315) found end of header
>  0(2315) DEBUG: is_maxfwd_present: max_forwards header not found!
>  0(2315) end of header reached, state=9
>  0(2315) parse_headers: flags=256
>  0(2315) find_first_route(): No Route headers found
>  0(2315) loose_route(): There is no Route HF
>  0(2315) check_self - checking if host==us: 9==9 &&  [pildo.com] == [10.0.0.32]
>  0(2315) check_nonce(): comparing [3f8484d3c58cba0a3540edd7c338d99284aa37ab] and [3f8484d3c58cba0a3540edd7c338d99284aa37ab]
>  0(2315) res: -1
>  0(2315) radius_authorize_sterman(): Failure
>  0(2315) build_auth_hf(): 'WWW-Authenticate: Digest realm="pildo.com", nonce="3f8484d7858c9c70569404a8a5a087ab8501e663"
> '
>  0(2315) parse_headers: flags=-1
>  0(2315) check_via_address(10.0.0.33, 10.0.0.33, 0)
>  0(2315) receive_msg: cleaning up
> 





More information about the sr-users mailing list