[Serusers] Radius Authentication Help
Sean Lowry
Sean.Lowry at keycom.co.uk
Thu Jul 15 11:36:23 CEST 2004
Hi martin,
i tried changing the config in raidus client to the below but still no
change i still get the error
6(15162) sterman(): Unable to add PW_USER_NAME attribute
when a try and register a client with the ser server.
Sean
> -----Original Message-----
> From: Martin Koenig [SMTP:martin.koenig at toplink-plannet.de]
> Sent: 15 July 2004 10:38
> To: Sean Lowry; serusers at lists.iptel.org
> Subject: Re: [Serusers] Radius Authentication Help
>
> Try to set your radius server in radiusclient.conf with portnumber.
>
> I.e.:
>
> authserver localhost:1645
>
> Greetings,
> Martin
>
> Sean Lowry wrote:
> > running on debian
> > ser verion = 0.8.12
> > ser-radius-module = 0.8.12
> >
> >
> > Ser.cfg
> >
> > #
> > # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
> > #
> > # simple quick-start config script
> > #
> >
> > # ----------- global configuration parameters ------------------------
> >
> >
> > #debug=4 # debug level (cmd line: -dddddddddd)
> > #fork=yes
> > log_stderror=yes # (cmd line: -E)
> >
> > /* Uncomment these lines to enter debugging mode
> > #debug=7
> > fork=no
> > log_stderror=yes
> > */
> >
> >
> >
> >
> > # ----------------- setting module-specific parameters ---------------
> >
> > # -- usrloc params --
> >
> > #modparam("usrloc", "db_url", "mysql://ser:heslo@hosthost/ser")
> > modparam("usrloc", "db_mode", 1)
> >
> > # Uncomment this if you want to use SQL database
> > # for persistent storage and comment the previous line
> >
> > # -- auth params --
> > # Uncomment if you are using auth module
> > #
> > #modparam("auth_db", "calculate_ha1", yes)
> > #
> > # If you set "calculate_ha1" parameter to yes (which true in this
> config),
> > # uncomment also the following parameter)
> > #
> > #modparam("auth_db", "password_column", "password")
> >
> > modparam("auth_radius", "radius_config",
> > "/etc/radiusclient/radiusclient.conf")
> > #modparam("auth_radius", "service_type", 15)
> >
> >
> > #group radius
> > modparam("group_radius", "radius_config",
> > "/etc/radiusclient/radiusclient.conf")
> > modparam("group_radius", "use_domain", 1)
> >
> >
> > # -- rr params --
> > # add value to ;lr param to make some broken UAs happy
> > modparam("rr", "enable_full_lr", 1)
> > modparam("registrar", "default_expires", 120) #sets default for expiry
> if
> > registrant doesn't specify
> > modparam("registrar", "default_q", 1000)# sets default q value in
> > registration
> >
> >
> > # ------------------------- request routing logic -------------------
> >
> > # main routing logic
> >
> >
> >
> > route{
> >
> > # initial sanity checks -- messages with
> > # max_forwards==0, or excessively long requests
> > if (!mf_process_maxfwd_header("10")) {
> > sl_send_reply("483","Too Many Hops");
> > break;
> > };
> > if ( msg:len > max_len ) {
> > sl_send_reply("513", "Message too big");
> > break;
> > };
> >
> > # we record-route all messages -- to make sure that
> > # subsequent messages will go through our proxy; that's
> > # particularly good if upstream and downstream entities
> > # use different transport protocol
> > record_route();
> > # loose-route processing
> > if (loose_route()) {
> > t_relay();
> > break;
> > };
> >
> > # if the request is for other domain use UsrLoc
> > # (in case, it does not work, use the following command
> > # with proper names and addresses in it)
> > if (uri==myself) {
> >
> > if (method=="REGISTER") {
> >
> > if (search("^(Contact|m):
> > .*@(--private--information)")) {
> > log("LOG: alert: someone trying to set
> > aor==contact\n");
> > sl_send_reply("476", "No Server Address in
> Contacts
> > Allowed" );
> > break;
> > };
> >
> > # Uncomment this if you want to use digest
> authentication
> >
> > log(1, "REGISTER: Authenticating user\n");
> >
> > if (!radius_www_authorize("")) {
> > log(1, "REGISTER: challenging user\n");
> > www_challenge("", "1");
> > break;
> > };
> >
> > save("location");
> > break;
> > };
> >
> > if (uri=~"^sip:71[0-9]{2}@.*")
> > {
> > #xlog("L_ERR", "LOG - method<%rm> uri<%ru> from<%fu>
> > to<%tu>\n");
> > rewritehostport("192.168.1.252");
> > forward(uri:host, uri:port);
> > xlog("L_ERR", "LOG - method<%rm> uri<%ru> from<%fu>
> > to<%tu>\n");
> > break;
> > };
> >
> >
> > # native SIP destinations are handled using our USRLOC
> DB
> > if (!lookup("location")) {
> > sl_send_reply("404", "Not Found");
> > break;
> > };
> > };
> > # forward to current uri now; use stateful forwarding; that
> > # works reliably even if we forward from TCP to UDP
> > if (!t_relay()) {
> > sl_reply_error();
> > };
> >
> > }
> >
> >
> >
> >
> > Error when running this configuration
> >
> > stateless - initializing
> > Maxfwd module- initializing
> > .
> > sip:/etc/ser# acc - initializing
> > exec - initializing
> > print - initializing
> > textops - initializing
> > voicemail - initializing
> > 5(14802) REGISTER: Authenticating user
> > 5(14802) REGISTER: challenging user
> > 6(14806) REGISTER: Authenticating user
> > 6(14806) sterman(): Unable to add PW_DIGEST_USER_NAME attribute
> > 6(14806) REGISTER: challenging user
> > 5(14802) REGISTER: Authenticating user
> > 5(14802) sterman(): Unable to add PW_DIGEST_USER_NAME attribute
> > 5(14802) REGISTER: challenging user
> > 6(14806) REGISTER: Authenticating user
> > 6(14806) sterman(): Unable to add PW_DIGEST_USER_NAME attribute
> > 6(14806) REGISTER: challenging user
> >
> >
> > now if i uncomment out the radius service type
> >
> > #modparam("auth_radius", "service_type", 15)
> >
> >
> > sip:/etc/ser# stateless - initializing
> > Maxfwd module- initializing
> > acc - initializing
> > exec - initializing
> > print - initializing
> > textops - initializing
> > voicemail - initializing
> > 7(14958) REGISTER: Authenticating user
> > 7(14958) REGISTER: challenging user
> > 8(14959) REGISTER: Authenticating user
> > 8(14959) sterman(): Unable to add PW_USER_NAME attribute
> > 8(14959) REGISTER: challenging user
> > 7(14958) REGISTER: Authenticating user
> > 7(14958) sterman(): Unable to add PW_USER_NAME attribute
> > 7(14958) REGISTER: challenging user
> > 8(14959) REGISTER: Authenticating user
> > 8(14959) sterman(): Unable to add PW_USER_NAME attribute
> > 8(14959) REGISTER: challenging user
> > 7(14958) REGISTER: Authenticating user
> > 7(14958) sterman(): Unable to add PW_USER_NAME attribute
> > 7(14958) REGISTER: challenging user
> > 8(14959) REGISTER: Authenticating user
> > 8(14959) sterman(): Unable to add PW_USER_NAME attribute
> > 8(14959) REGISTER: challenging user
> >
> >
> >
> > now i have freeradius running in debug so i can see if anything it
> talking
> > to it and i see nothing at all from freeradius.
> >
> > sip:/home/sean# freeradius -x
> > Starting - reading configuration files ...
> > Using deprecated naslist file. Support for this will go away soon.
> > Using deprecated clients file. Support for this will go away soon.
> > Using deprecated realms file. Support for this will go away soon.
> > Module: Loaded expr
> > Module: Instantiated expr (expr)
> > Module: Loaded PAP
> > Module: Instantiated pap (pap)
> > Module: Loaded CHAP
> > Module: Instantiated chap (chap)
> > Module: Loaded MS-CHAP
> > Module: Instantiated mschap (mschap)
> > Module: Loaded DIGEST
> > Module: Instantiated digest (digest)
> > Module: Loaded System
> > Module: Instantiated unix (unix)
> > Module: Loaded eap
> > rlm_eap: Loaded and initialized the type md5
> > rlm_eap: Loaded and initialized the type leap
> > Module: Instantiated eap (eap)
> > Module: Loaded preprocess
> > Module: Instantiated preprocess (preprocess)
> > Module: Loaded realm
> > Module: Instantiated realm (suffix)
> > Module: Loaded SQL
> > rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
> linked
> > rlm_sql (sql): Attempting to connect to radius at localhost:/radius
> > rlm_sql (sql): starting 0
> > rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
> > rlm_sql_mysql: Starting connect to MySQL server for #0
> > rlm_sql (sql): Connected new DB handle, #0
> > rlm_sql (sql): starting 1
> > rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
> > rlm_sql_mysql: Starting connect to MySQL server for #1
> > rlm_sql (sql): Connected new DB handle, #1
> > rlm_sql (sql): starting 2
> > rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
> > rlm_sql_mysql: Starting connect to MySQL server for #2
> > rlm_sql (sql): Connected new DB handle, #2
> > rlm_sql (sql): starting 3
> > rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
> > rlm_sql_mysql: Starting connect to MySQL server for #3
> > rlm_sql (sql): Connected new DB handle, #3
> > rlm_sql (sql): starting 4
> > rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
> > rlm_sql_mysql: Starting connect to MySQL server for #4
> > rlm_sql (sql): Connected new DB handle, #4
> > Module: Instantiated sql (sql)
> > Module: Loaded Acct-Unique-Session-Id
> > Module: Instantiated acct_unique (acct_unique)
> > Module: Loaded detail
> > Module: Instantiated detail (detail)
> > Module: Loaded radutmp
> > Module: Instantiated radutmp (radutmp)
> > Initializing the thread pool...
> > Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
> > 1814/udp.
> > Ready to process requests.
> >
> >
> >
> >
> > i have tested the raidus server to see if it's authenticating.
> >
> >
> > Sending Access-Request of id 7 to 127.0.0.1:1812
> > User-Name = "bob"
> > User-Password = "bob"
> > NAS-IP-Address = ~~~changed private~~~
> > NAS-Port = 1814
> > rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=7, length=20
> >
> >
> > everything is working as you would expect does anyone have any ideas at
> all
> > as to where i'm going wrong.
> >
> >
> > Thanks in advance
> >
> > Sean
> >
> > _______________________________________________
> > Serusers mailing list
> > serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list