[Serusers] radius logon problems

Jan Janak jan at iptel.org
Wed Oct 8 22:26:06 CEST 2003


In that case you didn't configure the radius client library properly,
make sure that you did all the steps described in the howto.

  Jan.

On 08-10 19:34, Floris Roset wrote:
> no, nothing at all.
>  
> Floris.
> 
> Jan Janak <jan at iptel.org> wrote:
> Does ser send any radius message when you try to authenticate ?
> 
> Jan.
> 
> On 08-10 17:20, Floris Roset wrote:
> > Hello Jan,
> > 
> > Here are the logs and config.
> > 
> > I followed radius howto to configure everything. When
> > I use radclient to test it, freeradius server works
> > fine. It seems a problem with SER finding credentials
> > for the realm. There is no connection between ser and
> > freeradius.
> > 
> > I am running ser and freeradius on the same machine. I
> > have compiled ser with the last version of sterman.c
> > as I saw some email saying to do that. 
> > 
> > thanks a lot,
> > 
> > =========================
> > LOG FREERADIUS
> > 
> > Module: Instantiated radutmp (radutmp)
> > Listening on IP address 10.0.0.32, ports 1812/udp and
> > 1813/udp, with proxy on 18
> > 14/udp.
> > Ready to process requests.
> > 
> > 
> > =========================
> > ngrep 
> > 
> > U 10.0.0.32:5060 -> 10.0.0.33:5060
> > SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
> > 10.0.0.33..CSeq: 2017 REGISTER..To: "Floris"
> > ;tag=2f8a75b
> > 015520947f50ab939181a7caf.46af..From: "Floris"
> > ..Call-ID:
> > 789921619 at 10.0.0.33..WWW-Authenticate: Dig
> > est realm="pildo.com",
> > nonce="3f8484d3c58cba0a3540edd7c338d99284aa37ab"..Server:
> > Sip EXpress router (0.8.11 (i386/linux)
> > )..Content-Length: 0..Warning: 392 10.0.0.32:5060
> > "Noisy feedback tells: pid=2315 req_src_ip=10.0.0.33
> > req_src_port=328
> > 01 in_uri=sip:pildo.com out_uri=sip:pildo.com
> > via_cnt==1"....
> > #
> > U 10.0.0.33:32801 -> 10.0.0.32:5060
> > REGISTER sip:pildo.com SIP/2.0..Via: SIP/2.0/UDP
> > 10.0.0.33..CSeq: 2018 REGISTER..To: "Floris"
> > ..Auth
> > orization: Digest username="test",
> > realm="pildo.com",
> > nonce="3f8484d3c58cba0a3540edd7c338d99284aa37ab",
> > uri="sip:10.0.0.
> > 32", cnonce="abcdefghi", nc=00000001,
> > response="89fc4a2cfb0076a1a385104ae299f1f2",
> > opaque=""..Expires: 900..From: "Flori
> > s" ..Call-ID:
> > 789921619 at 10.0.0.33..Content-Length: 0..User-Agent:
> > KPhone/3.12..Event: registration..
> > Allow-Events: presence..Contact: "root"
> > ;q=0.0;methods="INVITE,
> > MESSAGE, INFO, SUBSCRI
> > BE, OPTIONS, BYE, CANCEL, NOTIFY, ACK"....
> > #
> > U 10.0.0.32:5060 -> 10.0.0.33:5060
> > SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
> > 10.0.0.33..CSeq: 2018 REGISTER..To: "Floris"
> > ;tag=2f8a75b
> > 015520947f50ab939181a7caf.46af..From: "Floris"
> > ..Call-ID:
> > 789921619 at 10.0.0.33..WWW-Authenticate: Dig
> > est realm="pildo.com",
> > nonce="3f8484d7858c9c70569404a8a5a087ab8501e663"..Server:
> > Sip EXpress router (0.8.11 (i386/linux)
> > )..Content-Length: 0..Warning: 392 10.0.0.32:5060
> > "Noisy feedback tells: pid=2315 req_src_ip=10.0.0.33
> > req_src_port=328
> > 01 in_uri=sip:pildo.com out_uri=sip:pildo.com
> > via_cnt==1"....
> > 
> > ===============================
> > 
> > --- Jan Janak wrote: > Hello,
> > > 
> > > check out radius howto --
> > > http://iptel.org/ser/ser_radius.html
> > > 
> > > If that doesn't help to fix your problems then
> > > please send us complete
> > > description, possibly including message dumps and
> > > your config file.
> > > 
> > > Jan.
> > > 
> > > On 08-10 15:19, Floris Roset wrote:
> > > > Hi,
> > > > 
> > > > I wonder if there has been an answer to the email
> > > below. I do have the same problem.
> > > > 
> > > > thanks
> > > > _______________________________________________
> > > > 
> > > > Radius logon problems
> > > > 
> > > > Jiri Kuthan jiri at iptel.org 
> > > > Sat Sep 6 11:40:03 CEST 2003 
> > > > 
> > > > 
> > > > Previous message: [Serusers] Radius logon
> > > problems 
> > > > Next message: [Serusers] sip_msg_cloner 
> > > > Messages sorted by: [ date ] [ thread ] [
> > > subject ] [ author ] 
> > > > 
> > > > ---------------------------------
> > > > 
> > > > Joseph, can you send us perhaps the SIP messages
> > > (ngrepped, etc.)?It is hard to guess what happens
> > > otherwise.-jiriAt 08:33 AM 9/6/2003, Jan Janak
> > > wrote:>Hello,>>On 06-09 00:25, Jiri Kuthan wrote:>> 
> > > From these logs:>> >> 10(28016) pre_auth():
> > > Credentials with given realm not found>> 10(28016)
> > > REGISTER: challenging user>> 10(28016)
> > > build_auth_hf(): 'WWW-Authenticate: Digest
> > > realm="ford.com",
> > > nonce="3f578eaee00b29a57d6fb234024d112ecf485627">> 
> > > "Credentials with given realm not found" means that
> > > the server received> a SIP message that contained
> > > no credentials with given realm (ford.com> in this
> > > case). > >> I infer that the radius database
> > > includes no user identified by>> the username in
> > > question and domain "ford.com".>> No, it didn't
> > > make any request to the radius server in this case> 
> > > because it was unable to find proper credentials in
> > > the SIP message.>> 
> > >
> > Jan.>>_______________________________________________>Serusers
> > > mailing list>Serusers at
> > > > 
> > >
> > iptel.org>http://lists.iptel.org/mailman/listinfo/serusers--Jiri
> > > Kuthan http://iptel.org/~jiri/ 
> > > > 
> > > > 
> > > > 
> > > > 
> > > > ---------------------------------
> > > > Want to chat instantly with your online
> > > friends? Get the FREE Yahoo!Messenger
> > > > _______________________________________________
> > > > Serusers mailing list
> > > > serusers at lists.iptel.org
> > > > http://lists.iptel.org/mailman/listinfo/serusers
> > > 
> > 
> > ________________________________________________________________________
> > Want to chat instantly with your online friends? Get the FREE Yahoo!
> > Messenger http://mail.messenger.yahoo.co.uk
> Content-Description: log-kphone.txt
> > SipClient: Listening UDP on port: 5060
> > SipClient: Our address: 10.0.0.33
> > 
> > [root at justino root]# kphone
> > Found 2 interfaces.
> > SipClient: Listening UDP on port: 5060
> > SipClient: Our address: 10.0.0.33
> > SipRegister: Auth is '(null)'
> > SipRegister: Proxy Auth is '(null)'
> > 
> > SipClient: Sending: 17:39:20.210
> > --------------------------------
> > REGISTER sip:pildo.com SIP/2.0
> > Via: SIP/2.0/UDP 10.0.0.33
> > CSeq: 2017 REGISTER
> > To: "Floris" 
> > Expires: 900
> > From: "Floris" 
> > Call-ID: 789921619 at 10.0.0.33
> > Content-Length: 0
> > User-Agent: KPhone/3.12
> > Event: registration
> > Allow-Events: presence
> > Contact: "root" ;q=0.0;methods="INVITE, MESSAGE, INFO, SUBSCRIBE, OPTIONS, BYE, CANCEL, NOTIFY, ACK"
> > 
> > 
> > SipClient: Sending to '10.0.0.32:5060'
> > SipClient: Receiving message...
> > 
> > SipClient: Received: 17:39:20.214
> > ---------------------------------
> > SIP/2.0 401 Unauthorized
> > Via: SIP/2.0/UDP 10.0.0.33
> > CSeq: 2017 REGISTER
> > To: "Floris" ;tag=2f8a75b015520947f50ab939181a7caf.46af
> > From: "Floris" 
> > Call-ID: 789921619 at 10.0.0.33
> > WWW-Authenticate: Digest realm="pildo.com", nonce="3f8484d3c58cba0a3540edd7c338d99284aa37ab"
> > Server: Sip EXpress router (0.8.11 (i386/linux))
> > Content-Length: 0
> > Warning: 392 10.0.0.32:5060 "Noisy feedback tells: pid=2315 req_src_ip=10.0.0.33 req_src_port=32801 in_uri=sip:pildo.com out_uri=sip:pildo.com via_cnt==1"
> > 
> > 
> > SipCall: Incoming response
> > SipTransaction: Incoming Response
> > SipRegister: Authentication required
> > WL: SipProtocol: HA1=ec19d9ff5db78198c7c75da0e41527af (test:pildo.com)
> > SipProtocol: Digest calculated.
> > SipRegister: Auth is 'Digest username="test", realm="pildo.com", nonce="3f8484d3c58cba0a3540edd7c338d99284aa37ab", uri="sip:10.0.0.32", cnonce="abcdefghi", nc=00000001, response="89fc4a2cfb0076a1a385104ae299f1f2", opaque=""'
> > SipRegister: Proxy Auth is '(null)'
> > 
> > SipClient: Sending: 17:39:24.332
> > --------------------------------
> > REGISTER sip:pildo.com SIP/2.0
> > Via: SIP/2.0/UDP 10.0.0.33
> > CSeq: 2018 REGISTER
> > To: "Floris" 
> > Authorization: Digest username="test", realm="pildo.com", nonce="3f8484d3c58cba0a3540edd7c338d99284aa37ab", uri="sip:10.0.0.32", cnonce="abcdefghi", nc=00000001, response="89fc4a2cfb0076a1a385104ae299f1f2", opaque=""
> > Expires: 900
> > From: "Floris" 
> > Call-ID: 789921619 at 10.0.0.33
> > Content-Length: 0
> > User-Agent: KPhone/3.12
> > Event: registration
> > Allow-Events: presence
> > Contact: "root" ;q=0.0;methods="INVITE, MESSAGE, INFO, SUBSCRIBE, OPTIONS, BYE, CANCEL, NOTIFY, ACK"
> > 
> > 
> > SipClient: Sending to '10.0.0.32:5060'
> > SipClient: Receiving message...
> > 
> > SipClient: Received: 17:39:24.336
> > ---------------------------------
> > SIP/2.0 401 Unauthorized
> > Via: SIP/2.0/UDP 10.0.0.33
> > CSeq: 2018 REGISTER
> > To: "Floris" ;tag=2f8a75b015520947f50ab939181a7caf.46af
> > From: "Floris" 
> > Call-ID: 789921619 at 10.0.0.33
> > WWW-Authenticate: Digest realm="pildo.com", nonce="3f8484d7858c9c70569404a8a5a087ab8501e663"
> > Server: Sip EXpress router (0.8.11 (i386/linux))
> > Content-Length: 0
> > Warning: 392 10.0.0.32:5060 "Noisy feedback tells: pid=2315 req_src_ip=10.0.0.33 req_src_port=32801 in_uri=sip:pildo.com out_uri=sip:pildo.com via_cnt==1"
> > 
> > 
> > SipCall: Incoming response
> > SipTransaction: Incoming Response
> > 
> > 
> 
> Content-Description: log-ser.txt
> > Listening on
> > 10.0.0.32 [10.0.0.32]:5060
> > WARNING: no fork mode
> > 0(2315) DEBUG: init_mod: sl_module
> > stateless - initializing
> > 0(2315) DEBUG: register_fifo_cmd: new command (sl_stats) registered
> > 0(2315) DEBUG: MD5 calculated: 2f8a75b015520947f50ab939181a7caf
> > 0(2315) DEBUG: init_mod: tm
> > 0(2315) TM - initializing...
> > 0(2315) Call-ID initialization: '657fe6a7'
> > 0(2315) DEBUG: register_fifo_cmd: new command (t_uac_dlg) registered
> > 0(2315) DEBUG: register_fifo_cmd: new command (t_hash) registered
> > 0(2315) DEBUG: lock_initialize: lock initialization started
> > 0(2315) DEBUG: register_fifo_cmd: new command (t_stats) registered
> > 0(2315) DEBUG: MD5 calculated: 614ce9f04536daa2eb03c7dbafc221ee
> > 0(2315) DEBUG: MD5 calculated: f3105287012fae1d6536f5ac2d7e85bc
> > 0(2315) DEBUG: init_mod: rr
> > 0(2315) rr - initializing
> > 0(2315) DEBUG: init_mod: maxfwd_module
> > Maxfwd module- initializing
> > 0(2315) DEBUG: init_mod: usrloc
> > 0(2315) usrloc - initializing
> > 0(2315) DEBUG: register_fifo_cmd: new command (ul_stats) registered
> > 0(2315) DEBUG: register_fifo_cmd: new command (ul_rm) registered
> > 0(2315) DEBUG: register_fifo_cmd: new command (ul_rm_contact) registered
> > 0(2315) DEBUG: register_fifo_cmd: new command (ul_dump) registered
> > 0(2315) DEBUG: register_fifo_cmd: new command (ul_flush) registered
> > 0(2315) DEBUG: register_fifo_cmd: new command (ul_add) registered
> > 0(2315) DEBUG: register_fifo_cmd: new command (ul_show_contact) registered
> > 0(2315) DEBUG: init_mod: registrar
> > 0(2315) registrar - initializing
> > 0(2315) find_export: found in module sl_module [/usr/local/lib/ser/modules/sl.so]
> > 0(2315) find_export: found <~ul_register_udomain> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
> > 0(2315) find_export: found <~ul_insert_urecord> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
> > 0(2315) find_export: found <~ul_delete_urecord> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
> > 0(2315) find_export: found <~ul_get_urecord> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
> > 0(2315) find_export: found <~ul_lock_udomain> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
> > 0(2315) find_export: found <~ul_unlock_udomain> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
> > 0(2315) find_export: found <~ul_release_urecord> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
> > 0(2315) find_export: found <~ul_insert_ucontact> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
> > 0(2315) find_export: found <~ul_delete_ucontact> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
> > 0(2315) find_export: found <~ul_get_ucontact> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
> > 0(2315) find_export: found <~ul_update_ucontact> in module usrloc [/usr/local/lib/ser/modules/usrloc.so]
> > 0(2315) DEBUG: init_mod: auth
> > 0(2315) auth module - initializing
> > 0(2315) find_export: found in module sl_module [/usr/local/lib/ser/modules/sl.so]
> > 0(2315) DEBUG: init_mod: auth_radius
> > 0(2315) auth_radius - Initializing
> > 0(2315) find_export: found 
> in module auth [/usr/local/lib/ser/modules/auth.so]
> > 0(2315) find_export: found 
> in module auth [/usr/local/lib/ser/modules/auth.so]
> > 0(0) fixing /usr/local/lib/ser/modules/maxfwd.so mf_process_maxfwd_header
> > 0(0) fixing /usr/local/lib/ser/modules/sl.so sl_send_reply
> > 0(0) fixing /usr/local/lib/ser/modules/sl.so sl_send_reply
> > 0(0) fixing /usr/local/lib/ser/modules/rr.so record_route
> > 0(0) fixing /usr/local/lib/ser/modules/rr.so loose_route
> > 0(0) fixing /usr/local/lib/ser/modules/tm.so t_relay
> > 0(0) fixing /usr/local/lib/ser/modules/auth_radius.so radius_www_authorize
> > 0(0) fixing /usr/local/lib/ser/modules/auth.so www_challenge
> > 0(0) fixing /usr/local/lib/ser/modules/registrar.so save
> > 0(0) fixing /usr/local/lib/ser/modules/registrar.so lookup
> > 0(0) fixing /usr/local/lib/ser/modules/sl.so sl_send_reply
> > 0(0) fixing /usr/local/lib/ser/modules/tm.so t_relay
> > 0(0) fixing /usr/local/lib/ser/modules/sl.so sl_reply_error
> > 0(0) INFO: udp_init: SO_RCVBUF is initially 65535
> > 0(0) DEBUG: udp_init: trying SO_RCVBUF: 131070
> > 0(0) DEBUG: setting SO_RCVBUF; set=131070,verify=131070
> > 0(0) DEBUG: udp_init: trying SO_RCVBUF: 262140
> > 0(0) DEBUG: setting SO_RCVBUF; set=262140,verify=131070
> > 0(0) DEBUG: setting SO_RCVBUF has no effect
> > 0(0) DEBUG: udp_init: trying SO_RCVBUF: 133118
> > 0(0) DEBUG: setting SO_RCVBUF; set=133118,verify=131070
> > 0(0) DEBUG: setting SO_RCVBUF has no effect
> > 0(0) INFO: udp_init: SO_RCVBUF is finally 131070
> > 1(0) DEBUG: init_mod_child (-1): tm
> > 1(0) DEBUG: callid: '657fe6a7-0 at 10.0.0.32'
> > 1(0) DEBUG: init_mod_child (-1): usrloc
> > 1(2316) DBG: open_uac_fifo: opening fifo...
> > 1(2316) DEBUG: fifo /tmp/ser_fifo opened, mode=438
> > 2(0) INFO: fifo process starting: 2317
> > 2(0) DEBUG: init_mod_child (-2): tm
> > 2(0) DEBUG: callid: '657fe6a7-0 at 10.0.0.32'
> > 2(0) DEBUG: init_mod_child (-2): usrloc
> > 0(2315) DEBUG: init_mod_child (1): tm
> > 0(2315) DEBUG: callid: '657fe6a7-2315 at 10.0.0.32'
> > 0(2315) DEBUG: init_mod_child (1): usrloc
> > 2(2317) SER: open_uac_fifo: fifo server up at /tmp/ser_fifo...
> > 0(2315) SIP Request:
> > 0(2315) method: 
> > 0(2315) uri: 
> > 0(2315) version: 
> > 0(2315) parse_headers: flags=1
> > 0(2315) end of header reached, state=2
> > 0(2315) parse_headers: Via found, flags=1
> > 0(2315) parse_headers: this is the first via
> > 0(2315) After parse_msg...
> > 0(2315) preparing to run routing scripts...
> > 0(2315) DEBUG : is_maxfwd_present: searching for max_forwards header
> > 0(2315) parse_headers: flags=128
> > 0(2315) get_hdr_field: cseq : <2017> 
> > 0(2315) end of header reached, state=9
> > 0(2315) DEBUG: get_hdr_field: [31]; uri=[sip:test at pildo.com]
> > 0(2315) DEBUG: to body ["Floris" 
> > ]
> > 0(2315) DEBUG: get_hdr_body : content_length=0
> > 0(2315) found end of header
> > 0(2315) DEBUG: is_maxfwd_present: max_forwards header not found!
> > 0(2315) end of header reached, state=9
> > 0(2315) parse_headers: flags=256
> > 0(2315) find_first_route(): No Route headers found
> > 0(2315) loose_route(): There is no Route HF
> > 0(2315) check_self - checking if host==us: 9==9 && [pildo.com] == [10.0.0.32]
> > 0(2315) parse_headers: flags=4096
> > 0(2315) pre_auth(): Credentials with given realm not found
> > 0(2315) build_auth_hf(): 'WWW-Authenticate: Digest realm="pildo.com", nonce="3f8484d3c58cba0a3540edd7c338d99284aa37ab"
> > '
> > 0(2315) parse_headers: flags=-1
> > 0(2315) check_via_address(10.0.0.33, 10.0.0.33, 0)
> > 0(2315) receive_msg: cleaning up
> > 0(2315) SIP Request:
> > 0(2315) method: 
> > 0(2315) uri: 
> > 0(2315) version: 
> > 0(2315) parse_headers: flags=1
> > 0(2315) end of header reached, state=2
> > 0(2315) parse_headers: Via found, flags=1
> > 0(2315) parse_headers: this is the first via
> > 0(2315) After parse_msg...
> > 0(2315) preparing to run routing scripts...
> > 0(2315) DEBUG : is_maxfwd_present: searching for max_forwards header
> > 0(2315) parse_headers: flags=128
> > 0(2315) get_hdr_field: cseq : <2018> 
> > 0(2315) end of header reached, state=9
> > 0(2315) DEBUG: get_hdr_field: [31]; uri=[sip:test at pildo.com]
> > 0(2315) DEBUG: to body ["Floris" 
> > ]
> > 0(2315) DEBUG: get_hdr_body : content_length=0
> > 0(2315) found end of header
> > 0(2315) DEBUG: is_maxfwd_present: max_forwards header not found!
> > 0(2315) end of header reached, state=9
> > 0(2315) parse_headers: flags=256
> > 0(2315) find_first_route(): No Route headers found
> > 0(2315) loose_route(): There is no Route HF
> > 0(2315) check_self - checking if host==us: 9==9 && [pildo.com] == [10.0.0.32]
> > 0(2315) check_nonce(): comparing [3f8484d3c58cba0a3540edd7c338d99284aa37ab] and [3f8484d3c58cba0a3540edd7c338d99284aa37ab]
> > 0(2315) res: -1
> > 0(2315) radius_authorize_sterman(): Failure
> > 0(2315) build_auth_hf(): 'WWW-Authenticate: Digest realm="pildo.com", nonce="3f8484d7858c9c70569404a8a5a087ab8501e663"
> > '
> > 0(2315) parse_headers: flags=-1
> > 0(2315) check_via_address(10.0.0.33, 10.0.0.33, 0)
> > 0(2315) receive_msg: cleaning up
> > 
> 
> 
> 
> ---------------------------------
> Want to chat instantly with your online friends? Get the FREE Yahoo!Messenger




More information about the sr-users mailing list