[Serusers] Making SER to work with Cisco RADIUS
Jan Janak
jan at iptel.org
Sun Apr 18 19:00:55 CEST 2004
Make sure that both -- the radius server and libradiusclient have configured
the same secrect (this problem seems to happen often). Also make sure
that both side have all entries in dictionaries.
Jan.
On 15-04 19:36, Ilya Pekshev wrote:
> Hi,
>
> i'm pretty new to ser and I'd love to know has anybody came across
> making SER to work with Cisco ACS RADIUS server?
>
> So far I can see they talking to each other, but Cisco loggs an error :
> "Bad Request from NAS". I can see that username is passed
> to the RADIUS server but SER shows an error:
>
> 5(15475) receive_msg: cleaning up
> 5(15475) tcp_read_req: content-length= 0
> 5(15475) SIP Request:
> 5(15475) method: <REGISTER>
> 5(15475) uri: <sip:sip.fns.ru>
> 5(15475) version: <SIP/2.0>
> 5(15475) parse_headers: flags=1
> 5(15475) end of header reached, state=5
> 5(15475) parse_headers: Via found, flags=1
> 5(15475) parse_headers: this is the first via
> 5(15475) After parse_msg...
> 5(15475) preparing to run routing scripts...
> 5(15475) DEBUG : is_maxfwd_present: searching for max_forwards header
> 5(15475) parse_headers: flags=128
> 5(15475) DEBUG: is_maxfwd_present: value = 70
> 5(15475) parse_headers: flags=8
> 5(15475) DEBUG: add_param: tag=3de46d9fa4774112b66632d744e28ea5
> 5(15475) DEBUG: add_param: epid=442289156c
> 5(15475) end of header reached, state=29
> 5(15475) parse_headers: flags=256
> 5(15475) end of header reached, state=9
> 5(15475) DEBUG: get_hdr_field: <To> [25]; uri=[sip:222333 at sip.fns.ru]
> 5(15475) DEBUG: to body [<sip:222333 at sip.fns.ru>
> ]
> 5(15475) get_hdr_field: cseq <CSeq>: <2> <REGISTER>
> 5(15475) DEBUG: get_hdr_body : content_length=0
> 5(15475) found end of header
> 5(15475) find_first_route(): No Route headers found
> 5(15475) loose_route(): There is no Route HF
> 5(15475) check_self - checking if host==us: 10==13 && [sip.fns.ru] ==
> [192.168.14.18]
> 5(15475) check_self - checking if port 5060 matches port 5060
> 5(15475) check_self - checking if host==us: 10==9 && [sip.fns.ru] ==
> [127.0.0.1]
> 5(15475) check_self - checking if port 5060 matches port 5060
> 5(15475) check_nonce(): comparing
> [407f0b2e50ed56354282e03c50b13d45299cf105] and
> [407f0b2e50ed56354282e03c50b13d45299cf105]
> 5(15475) res: -2
> 5(15475) radius_authorize_sterman(): Failure
> 5(15475) build_auth_hf(): 'WWW-Authenticate: Digest realm="sip.fns.ru",
> nonce="407f0b2e50ed56354282e03c50b13d45299cf105"
> '
> 5(15475) parse_headers: flags=-1
> 5(15475) check_via_address(192.168.14.20, 192.168.14.20, 0)
> 5(15475) tcp_send: tcp connection found (0x2832fde8), acquiring fd
> 6(15476) tcp_main_loop: read response= 2832fde8, 1 from 5 (15475)
> 5(15475) tcp_send, c= 0x2832fde8, n=8
> 5(15475) tcp_send: after receive_fd: c= 0x2832fde8 n=4 fd=16
> 5(15475) tcp_send: sending...
> 5(15475) tcp_send: after write: c= 0x2832fde8 n=638 fd=16
> 5(15475) tcp_send: buf=
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/TCP 192.168.14.20:13032
> From:
> <sip:222333 at sip.fns.ru>;tag=3de46d9fa4774112b66632d744e28ea5;epid=442289
> 156c
> To: <sip:222333 at sip.fns.ru>;tag=ec4c46ea134bd13f46d10e4005923970.4590
> Call-ID: 3b6cf7a1117541f38ed499a4b2c6b815 at 192.168.14.20
> CSeq: 2 REGISTER
> WWW-Authenticate: Digest realm="sip.fns.ru",
> nonce="407f0b2e50ed56354282e03c50b13d45299cf105"
> Server: Sip EXpress router ACS Build(0.8.12 (i386/freebsd))
> Content-Length: 0
> Warning: 392 192.168.14.18:5060 "Noisy feedback tells: pid=15475
> req_src_ip=192.168.14.20 req_src_port=2004 in_uri=sip:sip.fns.ru
> out_uri=sip:sip.fns.ru via_cnt==1"
> 5(15475) receive_msg: cleaning up
> 5(15475) tcp_read: EOF on 0x2832fde8, FD 12
> 5(15475) tcp_read_req: EOF
> 5(15475) releasing con 0x2832fde8, state -1, fd=12, id=1
> 5(15475) extra_data 0x0
> 6(15476) tcp_main_loop: reader response= 2832fde8, -1 from 0
> 6(15476) tcp_main_loop: destroying connection
>
>
> Any help will be greatly appreciated!
>
> Thanks,
> Ilya
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list