[Serusers] help with radius installation

Klaus Darilion klaus.mailinglists at pernau.at
Wed Jun 2 11:06:45 CEST 2004 

> it says error in reading the file
> usr/loca/freeradius/dictionary
> 
> could not able to open
> /usr/local/radiusclien/dictionray.ser
> 
> so what may be the problem
> 

typos in your paths?

I've tried ser+radius once, and it worked fine with me!

Here is the step-by-step tutorial how I did it!

regards,
klaus

19.4.2004: ser+radius installation on mandrake 10.0; klaus darilion
Note: This installation uses unstable ser, therefore the new 
radiusclient library is necessary (radiusclient-ng).
ser 0.8.12 stable still requires the original radius library from: 
http://www.mcs.de/~lf/radius

In this setup, radius is only used for authentication, not for accounting!

1. get ser:
mkdir ser
cd ser/
export CVSROOT=:pserver:anonymous at cvs.berlios.de:/cvsroot/ser
cvs login
cvs co sip_router
cd ..

2. get the new radiusclient
mkdir radiusclient-ng
cd radiusclient-ng/
export CVSROOT=:pserver:anonymous at cvs.berlios.de:/cvsroot/radiusclient-ng
cvs login
cvs co radiusclient-ng
cd ..

3. compile and install the radius client
cd radiusclient-ng/radiusclient-ng
./configure
./make
su
./make install
exit
cd ../..

4. compile and install ser
cd ser/sip_router
make all
make modules modules=modules/auth_radius
su
make install
cp modules/auth_radius/auth_radius.so /usr/local/lib/ser/modules/
cp rpm/ser.init /etc/init.d/ser
vi /etc/init.d/ser
-> change ser=/usr/sbin/ser to ser=/usr/local/sbin/ser, save and exit
-> check if ser starts!
/etc/init.d/ser start
ps -A
--> there should be plenty of ser processes
/etc/init.d/ser stop
ps -A
--> all the ser processes should be stopped
exit
cd ../..

5. configure radius client
--> if the radius server is on another machine, edit 
/usr/local/etc/radiusclient/radiusclient.conf and set authserver and 
acctserver to the proper machine.
--> configure the shared secret for your radius server in 
/usr/local/etc/radiusclient/servers, e.g. I used: localhost testsecret
--> add ser's sip dictionary (dictionary.ser ) to the dictionary of the 
radius client:
cd ser/sip_router
su
cp etc/dictionary.ser /usr/local/etc/radiusclient/
cat /usr/local/etc/radiusclient/dictionary.ser 
 >>/usr/local/etc/radiusclient/dictionary
exit
cd ../..

6. installing a radius server, in this case freeradius
-->get freeradius
mkdir freeradius
cd freeradius
wget ftp://ftp.freeradius.org/pub/radius/freeradius-0.9.3.tar.gz
tar -xvzf freeradius-0.9.3.tar.gz
cd freeradius-0.9.3
./configure
make
su
make install
vi /usr/local/etc/raddb/clients.conf
--> set the shared secret in clients.conf, in my case: testsecret for 
127.0.0.1
vi /usr/local/etc/raddb/dictionary
--> add the following at the end the dictionary file: $INCLUDE 
/usr/local/etc/radiusclient/dictionary.ser
vi /usr/local/etc/raddb/radiusd.conf
-->uncomment the word "digest" in the "authorize" and "authenticate" section
vi /usr/local/etc/raddb/users
-->insert a testuser:
	test Auth-Type := Digest, User-Password == "test"
		Reply-Message = "Hello, test with digest"

7. test the radius server
--> start freeradus in debug mode
radiusd -X
--> create a file called "digest" with the following content (everything 
in one line)
User-Name = "test", Digest-Response = 
"631d6d73147add2f9e437f59bbc3aeb7", Digest-Realm = "testrealm", 
Digest-Nonce = "1234abcd" , Digest-Method = "INVITE", Digest-URI = 
"sip:5555551212 at example.com", Digest-Algorithm = "MD5", Digest-User-Name 
= "test"
--> send the request to the server
radclient -f digest localhost auth testsecret
-->this sould return:
Received response ID 160, code 2, length = 45
         Reply-Message = "Hello, test with digest"

8. reconfigure ser for radius things
--> RADIUS-related modules are not compiled by default. To compile them, 
edit Makefile, find variable exclude_modules and you should see 
"auth_radius", "group_radius", and "uri_radius" among excluded modules. 
Simply remove the three modules from the list.
-->If you need RADIUS accounting then edit also 
sip_router/modules/acc/Makefile and uncomment lines containing:
DEFS+=-DRAD_ACC
LIBS=-L$(LOCALBASE)/lib -lradiusclient

9. add radiusclient library to library path
vi /etc/ld.so.conf
--> add /usr/local/lib to the conf file
ldconfig -v

10. edit ser.cfg
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
-------------------------
modparam("auth_radius", "radius_config", 
"/usr/local/etc/radiusclient/radiusclient.conf")
modparam("auth_radius", "service_type", 15)
-------------------------
# Uncomment this if you want to use digest authentication
                         if (!radius_www_authorize("")) {
                                 www_challenge("", "0");
                                 break;
                         };

11. run ser

More information about the sr-users mailing list