[Serusers] Troubles setting up radius authentication

Jan Janak jan at iptel.org
Tue Sep 23 18:40:34 CEST 2003


Hello,

this should be recent enough. Try to look for messages like this:

sterman(): Unable to add PW_DIGEST_REALM attribute

(see sip_router/modules/auth_radius/sterman.c for more details).

The file contains functions that build and send radius messages.

 Jan.

On 23-09 11:39, Steve Dolloff wrote:
> This is my current info.
> 
> ser -V
> version: ser 0.8.12dev-t16 (i386/linux)
> flags: STATS:Off, USE_IPV6, USE_TCP, DISABLE_NAGLE, DNS_IP_HACK,
> SHM_MEM, SHM_MMAP, PKG_MALLOC, DBG_QM_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
> MAX_URI_SIZE 1024, BUF_SIZE 65535
> @(#) $Id: main.c,v 1.167 2003/07/07 14:08:26 jiri Exp $
> main.c compiled on 10:02:36 Sep 11 2003 with gcc 3.2
> 
> this was built from source off of CVS.  If there is a newer version that
> would give more info, I will recompile.
> 
> Stephen
> 
> 
> Hello,
> 
> >From the information below I can't say where the problem is, but I would
> say some attribute definitions are missing.
> 
> Unfortunatelly the stable version of auth_radius module doesn't print
> much debugging messages when something goes wrong.
> 
> Did you compile your server from sources or do you use binary packages ?
> You can try unstable version branch from the CVS, that should tell you
> where the problem is, or I can send you a patch to stable version if you
> can apply it and compile from sources.
> 
>   Jan.
> 
> On 23-09 11:24, Steve Dolloff wrote:
> > Yes, I have added the SIP definitions to the radiusclient library.  It
> > is the dictionary file defined in the radiusclient.conf file as
> > /etc/sip_dictionary.  It was created using the dictionary file from
> > radiusclient and adding the information from the link that you refered
> > to.
> > 
> > -----------------------
> > 
> > Hello,
> > 
> > if there is no radius traffic then radiusclient library has some
> > problems when buiding the request. Did you extend your radius
> dictionary
> > as described in http://iptel.org/ser/ser_radius.html ?
> > 
> >   Jan.
> > 
> > On 23-09 10:38, Steve Dolloff wrote:
> > > I am trying to switch from database authentication to radius
> > > authentication.
> > > 
> > > I have compiled and installed the module.
> > > 
> > > I have added the following to my ser.cfg
> > > 
> > > modparam("auth_radius", "radius_config",
> "/etc/ser/radiusclient.conf")
> > > modparam("auth_radius", "service_type",15)
> > > 
> > >                         if (method=="REGISTER") {
> > >                                 log(1,"authenticating");
> > >                                 if
> (!radius_www_authorize("test.net"))
> > {
> > >                                         log(1,"radius auth
> failure");
> > >                                         www_challenge("test.net",
> > "0");
> > >                                         break;
> > >                                 };
> > > 
> > > I have configured the following in /etc/ser/radiusclient.conf
> > > authserver      radius1.test.net:1812
> > > authserver      radius2.test.net:1812
> > > servers         /etc/servers
> > > dictionary      /etc/sip_dictionary
> > > 
> > > I have configured the following in /etc/servers
> > > 
> > > Radius1.test.net	secret
> > > Radius2.test.net	secret2
> > > 
> > > I get the following in my messages log.
> > > 
> > > Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: authenticating
> > > Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: radius auth failure
> > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: authenticating
> > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: radius auth failure
> > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: authenticating
> > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: radius auth failure
> > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: authenticating
> > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: radius auth failure
> > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: authenticating
> > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: radius auth failure
> > > 
> > > And ngrep port 1812 shows no traffic at all.  Where are these auth
> > > request going?  How can I get more debug info?
> > > 
> > > Thanks for your help.
> > > 
> > > Stephen
> > > 
> > > 
> > > _______________________________________________
> > > Serusers mailing list
> > > serusers at lists.iptel.org
> > > http://lists.iptel.org/mailman/listinfo/serusers
> > 
> > _______________________________________________
> > Serusers mailing list
> > serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers




More information about the sr-users mailing list