[Serusers] help with radius installation
Klaus Darilion
klaus.mailinglists at pernau.at
Wed Jun 2 13:28:29 CEST 2004
Sorry, I 've no glue. Are the access permissons sent correctly?
regards,
klaus
varala ramakanth wrote:
> thanks klaus,
>
> i followed your steps from 1 to 6 successfully
>
> when executing the 7th step
>
> i get the err as
>
>
> Errors reading dictionary: dict_init:
> /usr/local/etc/raddb/dictionary[22]: Couldn't open
> dictionary "
> /usr/local/etc/radiusclient/dictionary.ser": No such
> file or directory
> Errors reading radiusd.conf
>
>
> i kept in another location i.e in /usr/local/share
>
> and checked with that path also
>
> still the same message so please tell me
>
> where iam going wrong
>
>
> thanks in advance
>
>
> one more doubt can we run the ser with the gdb
> debugger
>
> so that we can trace back step by step
>
> with regards
> rama kanth varala
>
>
> --- Klaus Darilion <klaus.mailinglists at pernau.at>
> wrote:
>
>>>it says error in reading the file
>>>usr/loca/freeradius/dictionary
>>>
>>>could not able to open
>>>/usr/local/radiusclien/dictionray.ser
>>>
>>>so what may be the problem
>>>
>>
>>typos in your paths?
>>
>>I've tried ser+radius once, and it worked fine with
>>me!
>>
>>Here is the step-by-step tutorial how I did it!
>>
>>regards,
>>klaus
>>
>>19.4.2004: ser+radius installation on mandrake 10.0;
>>klaus darilion
>>Note: This installation uses unstable ser, therefore
>>the new
>>radiusclient library is necessary (radiusclient-ng).
>>ser 0.8.12 stable still requires the original radius
>>library from:
>>http://www.mcs.de/~lf/radius
>>
>>In this setup, radius is only used for
>>authentication, not for accounting!
>>
>>1. get ser:
>>mkdir ser
>>cd ser/
>>export
>>
>
> CVSROOT=:pserver:anonymous at cvs.berlios.de:/cvsroot/ser
>
>>cvs login
>>cvs co sip_router
>>cd ..
>>
>>2. get the new radiusclient
>>mkdir radiusclient-ng
>>cd radiusclient-ng/
>>export
>>
>
> CVSROOT=:pserver:anonymous at cvs.berlios.de:/cvsroot/radiusclient-ng
>
>>cvs login
>>cvs co radiusclient-ng
>>cd ..
>>
>>3. compile and install the radius client
>>cd radiusclient-ng/radiusclient-ng
>>./configure
>>./make
>>su
>>./make install
>>exit
>>cd ../..
>>
>>4. compile and install ser
>>cd ser/sip_router
>>make all
>>make modules modules=modules/auth_radius
>>su
>>make install
>>cp modules/auth_radius/auth_radius.so
>>/usr/local/lib/ser/modules/
>>cp rpm/ser.init /etc/init.d/ser
>>vi /etc/init.d/ser
>>-> change ser=/usr/sbin/ser to
>>ser=/usr/local/sbin/ser, save and exit
>>-> check if ser starts!
>>/etc/init.d/ser start
>>ps -A
>>--> there should be plenty of ser processes
>>/etc/init.d/ser stop
>>ps -A
>>--> all the ser processes should be stopped
>>exit
>>cd ../..
>>
>>5. configure radius client
>>--> if the radius server is on another machine, edit
>>
>>/usr/local/etc/radiusclient/radiusclient.conf and
>>set authserver and
>>acctserver to the proper machine.
>>--> configure the shared secret for your radius
>>server in
>>/usr/local/etc/radiusclient/servers, e.g. I used:
>>localhost testsecret
>>--> add ser's sip dictionary (dictionary.ser ) to
>>the dictionary of the
>>radius client:
>>cd ser/sip_router
>>su
>>cp etc/dictionary.ser /usr/local/etc/radiusclient/
>>cat /usr/local/etc/radiusclient/dictionary.ser
>> >>/usr/local/etc/radiusclient/dictionary
>>exit
>>cd ../..
>>
>>6. installing a radius server, in this case
>>freeradius
>>-->get freeradius
>>mkdir freeradius
>>cd freeradius
>>wget
>>
>
> ftp://ftp.freeradius.org/pub/radius/freeradius-0.9.3.tar.gz
>
>>tar -xvzf freeradius-0.9.3.tar.gz
>>cd freeradius-0.9.3
>>./configure
>>make
>>su
>>make install
>>vi /usr/local/etc/raddb/clients.conf
>>--> set the shared secret in clients.conf, in my
>>case: testsecret for
>>127.0.0.1
>>vi /usr/local/etc/raddb/dictionary
>>--> add the following at the end the dictionary
>>file: $INCLUDE
>>/usr/local/etc/radiusclient/dictionary.ser
>>vi /usr/local/etc/raddb/radiusd.conf
>>-->uncomment the word "digest" in the "authorize"
>>and "authenticate" section
>>vi /usr/local/etc/raddb/users
>>-->insert a testuser:
>> test Auth-Type := Digest, User-Password == "test"
>> Reply-Message = "Hello, test with digest"
>>
>>7. test the radius server
>>--> start freeradus in debug mode
>>radiusd -X
>>--> create a file called "digest" with the following
>>content (everything
>>in one line)
>>User-Name = "test", Digest-Response =
>>"631d6d73147add2f9e437f59bbc3aeb7", Digest-Realm =
>>"testrealm",
>>Digest-Nonce = "1234abcd" , Digest-Method =
>>"INVITE", Digest-URI =
>>"sip:5555551212 at example.com", Digest-Algorithm =
>>"MD5", Digest-User-Name
>>= "test"
>>--> send the request to the server
>>radclient -f digest localhost auth testsecret
>>-->this sould return:
>>Received response ID 160, code 2, length = 45
>> Reply-Message = "Hello, test with digest"
>>
>>8. reconfigure ser for radius things
>>--> RADIUS-related modules are not compiled by
>>default. To compile them,
>>edit Makefile, find variable exclude_modules and you
>>should see
>>"auth_radius", "group_radius", and "uri_radius"
>>among excluded modules.
>>Simply remove the three modules from the list.
>>-->If you need RADIUS accounting then edit also
>>sip_router/modules/acc/Makefile and uncomment lines
>>containing:
>>DEFS+=-DRAD_ACC
>>LIBS=-L$(LOCALBASE)/lib -lradiusclient
>>
>>9. add radiusclient library to library path
>>vi /etc/ld.so.conf
>>--> add /usr/local/lib to the conf file
>>ldconfig -v
>>
>>10. edit ser.cfg
>>loadmodule "/usr/local/lib/ser/modules/auth.so"
>>loadmodule
>>"/usr/local/lib/ser/modules/auth_radius.so"
>>-------------------------
>>modparam("auth_radius", "radius_config",
>>"/usr/local/etc/radiusclient/radiusclient.conf")
>>modparam("auth_radius", "service_type", 15)
>>-------------------------
>># Uncomment this if you want to use digest
>>authentication
>> if
>>(!radius_www_authorize("")) {
>> www_challenge("",
>>"0");
>> break;
>> };
>>
>>11. run ser
>>
>>
>
>
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Friends. Fun. Try the all-new Yahoo! Messenger.
> http://messenger.yahoo.com/
>
>
More information about the sr-users
mailing list