[Serusers] radius_authorize_sterman(): Failure

Jan Janak jan at iptel.org
Tue Jan 27 10:07:15 CET 2004 

Either you have incorrect shared secret (so the radiusclient library and
radius server are using different shared secrets) or you forgot to
extend the radiusclient dictionary.

See http://iptel.org/ser/ser_radius.html for more details.

  Jan.

On 26-01 20:19, Gregory D. Burns wrote:
> Guys,
> 
> 
> I’m trying to setup radius Authenticate but can’t figure out why I keep
> getting the below error. I have SER 0.12 and freeradius 0.9.3 installed on
> the same server. What could I be missing?
> 
> Freeradius has this config in the user file:
> greg Auth-Type := Digest, User-Password == "xxxxx"
>      Reply-Message = "Authenticated"
> 
> Debug:
> 
> 0(6147) SIP Request:
>  0(6147)  method:  <REGISTER>
>  0(6147)  uri:     <sip:64.81.88.148>
>  0(6147)  version: <SIP/2.0>
>  0(6147) parse_headers: flags=1
>  0(6147) end of header reached, state=5
>  0(6147) parse_headers: Via found, flags=1
>  0(6147) parse_headers: this is the first via
>  0(6147) After parse_msg...
>  0(6147) preparing to run routing scripts...
>  0(6147) logging so message came in 0(6147) DEBUG : is_maxfwd_present:
> searching for max_forwards header
>  0(6147) parse_headers: flags=128
>  0(6147) end of header reached, state=9
>  0(6147) DEBUG: get_hdr_field: <To> [36];
> uri=[sip:2012 at 64.81.88.148;user=phone]
>  0(6147) DEBUG: to body [<sip:2012 at 64.81.88.148;user=phone>
> ]
>  0(6147) get_hdr_field: cseq <CSeq>: <12> <REGISTER>
>  0(6147) DEBUG: get_hdr_body : content_length=0
>  0(6147) found end of header
>  0(6147) DEBUG: is_maxfwd_present: max_forwards header not found!
>  0(6147) DEBUG: add_param: tag=2161114233
>  0(6147) end of header reached, state=29
>  0(6147) parse_headers: flags=256
>  0(6147) find_first_route(): No Route headers found
>  0(6147) loose_route(): There is no Route HF
>  0(6147) check_nonce(): comparing [4015e5a000c7aec015d8da7e158f8720532f4d22]
> and [4015e5a000c7aec015d8da7e158f8720532f4d22]
>  0(6147) res: -2
>  0(6147) radius_authorize_sterman(): Failure
>  0(6147) build_auth_hf(): 'WWW-Authenticate: Digest realm="64.81.88.148",
> nonce="4015e5a1ed5da080d2f74b1e0a65e54e4b4bae8f", qop="auth"
> '
> 
> It looks like the radius server is working ok :
> 
> rlm_digest: Converting Digest-Attributes to something sane...
>         Digest-User-Name = "greg"
>         Digest-Realm = "64.81.88.148"
>         Digest-Nonce = "4015e5a000c7aec015d8da7e158f8720532f4d22"
>         Digest-Uri = "sip:64.81.88.148"
>         Digest-Method = "REGISTER"
>         Digest-Qop = "auth"
>         Digest-Nonce-Count = "00000001"
>         Digest-Cnonce = "05efa56c"
>   modcall[authorize]: module "digest" returns ok for request 108
>     rlm_realm: Proxy reply, or no User-Name.  Ignoring.
>   modcall[authorize]: module "suffix" returns noop for request 108
>     users: Matched DEFAULT at 152
>     users: Matched greg at 214
>   modcall[authorize]: module "files" returns ok for request 108
>   modcall[authorize]: module "mschap" returns noop for request 108
> modcall: group authorize returns ok for request 108
>   rad_check_password:  Found Auth-Type Digest
>   rad_check_password: Auth-Type = Accept, accepting the user
> radius_xlat:  'Authenticated'
> Sending Access-Accept of id 25 to 127.0.0.1:4720
>         Reply-Message = "Authenticated"
> Finished request 108
> 


> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list