[Serusers] Making SER to work with Cisco RADIUS

Jan Janak jan at iptel.org
Sun Apr 18 19:00:55 CEST 2004


Make sure that both -- the radius server and libradiusclient have configured
the same secrect (this problem seems to happen often). Also make sure
that both side have all entries in dictionaries.

  Jan.

On 15-04 19:36, Ilya Pekshev wrote:
> Hi,
>  
> i'm pretty new to ser and I'd love to know has anybody came across
> making SER to work with Cisco ACS RADIUS server?
>  
> So far I can see they talking to each other, but Cisco loggs an error :
> "Bad Request from NAS". I can see that username is passed
> to the RADIUS server but SER shows an error:
>  
>  5(15475) receive_msg: cleaning up
>  5(15475) tcp_read_req: content-length= 0
>  5(15475) SIP Request:
>  5(15475)  method:  <REGISTER>
>  5(15475)  uri:     <sip:sip.fns.ru>
>  5(15475)  version: <SIP/2.0>
>  5(15475) parse_headers: flags=1
>  5(15475) end of header reached, state=5
>  5(15475) parse_headers: Via found, flags=1
>  5(15475) parse_headers: this is the first via
>  5(15475) After parse_msg...
>  5(15475) preparing to run routing scripts...
>  5(15475) DEBUG : is_maxfwd_present: searching for max_forwards header
>  5(15475) parse_headers: flags=128
>  5(15475) DEBUG: is_maxfwd_present: value = 70 
>  5(15475) parse_headers: flags=8
>  5(15475) DEBUG: add_param: tag=3de46d9fa4774112b66632d744e28ea5
>  5(15475) DEBUG: add_param: epid=442289156c
>  5(15475) end of header reached, state=29
>  5(15475) parse_headers: flags=256
>  5(15475) end of header reached, state=9
>  5(15475) DEBUG: get_hdr_field: <To> [25]; uri=[sip:222333 at sip.fns.ru] 
>  5(15475) DEBUG: to body [<sip:222333 at sip.fns.ru>
> ]
>  5(15475) get_hdr_field: cseq <CSeq>: <2> <REGISTER>
>  5(15475) DEBUG: get_hdr_body : content_length=0
>  5(15475) found end of header
>  5(15475) find_first_route(): No Route headers found
>  5(15475) loose_route(): There is no Route HF
>  5(15475) check_self - checking if host==us: 10==13 &&  [sip.fns.ru] ==
> [192.168.14.18]
>  5(15475) check_self - checking if port 5060 matches port 5060
>  5(15475) check_self - checking if host==us: 10==9 &&  [sip.fns.ru] ==
> [127.0.0.1]
>  5(15475) check_self - checking if port 5060 matches port 5060
>  5(15475) check_nonce(): comparing
> [407f0b2e50ed56354282e03c50b13d45299cf105] and
> [407f0b2e50ed56354282e03c50b13d45299cf105]
>  5(15475) res: -2
>  5(15475) radius_authorize_sterman(): Failure
>  5(15475) build_auth_hf(): 'WWW-Authenticate: Digest realm="sip.fns.ru",
> nonce="407f0b2e50ed56354282e03c50b13d45299cf105"
> '
>  5(15475) parse_headers: flags=-1
>  5(15475) check_via_address(192.168.14.20, 192.168.14.20, 0)
>  5(15475) tcp_send: tcp connection found (0x2832fde8), acquiring fd
>  6(15476) tcp_main_loop: read response= 2832fde8, 1 from 5 (15475)
>  5(15475) tcp_send, c= 0x2832fde8, n=8
>  5(15475) tcp_send: after receive_fd: c= 0x2832fde8 n=4 fd=16
>  5(15475) tcp_send: sending...
>  5(15475) tcp_send: after write: c= 0x2832fde8 n=638 fd=16
>  5(15475) tcp_send: buf=
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/TCP 192.168.14.20:13032
> From:
> <sip:222333 at sip.fns.ru>;tag=3de46d9fa4774112b66632d744e28ea5;epid=442289
> 156c
> To: <sip:222333 at sip.fns.ru>;tag=ec4c46ea134bd13f46d10e4005923970.4590
> Call-ID: 3b6cf7a1117541f38ed499a4b2c6b815 at 192.168.14.20
> CSeq: 2 REGISTER
> WWW-Authenticate: Digest realm="sip.fns.ru",
> nonce="407f0b2e50ed56354282e03c50b13d45299cf105"
> Server: Sip EXpress router ACS Build(0.8.12 (i386/freebsd))
> Content-Length: 0
> Warning: 392 192.168.14.18:5060 "Noisy feedback tells:  pid=15475
> req_src_ip=192.168.14.20 req_src_port=2004 in_uri=sip:sip.fns.ru
> out_uri=sip:sip.fns.ru via_cnt==1"
>  5(15475) receive_msg: cleaning up
>  5(15475) tcp_read: EOF on 0x2832fde8, FD 12
>  5(15475) tcp_read_req: EOF
>  5(15475) releasing con 0x2832fde8, state -1, fd=12, id=1
>  5(15475)  extra_data 0x0
>  6(15476) tcp_main_loop: reader response= 2832fde8, -1 from 0 
>  6(15476) tcp_main_loop: destroying connection
> 
>  
> Any help will be greatly appreciated!
>  
> Thanks,
> Ilya

> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers




More information about the sr-users mailing list