[Serusers] radius issue
Morris, Scott
MorrisS at orau.gov
Tue Mar 30 14:56:17 CEST 2004
I am using the Microsoft radius server, but it isn't getting that far yet.
I asked our MS sysadmin, and he is not seeing anythin in the logs.
I didn't provide enough info below as I thought I did. The client I am
using is MS Messenger 4.7. When I start SER on the server, it shows
listening for the following:
Listening on
127.0.0.1 [127.0.0.1]:5060
10.0.2.1 [10.0.2.1]:5060
Aliases: comm01.orau.gov:5060 localhost:5060 localhost.localdomain:5060
comm01:5060
I did a capture using ethereal, and what comes back is an icmp packet, which
usually indicates SER is not running. But, ps shows instances of SER
running.
Do you see any issues with the ser.cfg file?
Scott Morris
Enterprise Network Engineer
DOE - ORAU / ORISE
865-576-4672
-----Original Message-----
From: Daniel-Constantin Mierla [mailto:daniel at iptel.org]
Sent: Tuesday, March 30, 2004 4:19 AM
To: Morris, Scott
Cc: serusers at lists.iptel.org
Subject: Re: [Serusers] radius issue
Have you followed http://iptel.org/ser/doc/ser_radius/ser_radius.html?
What radius server are you using?
.Daniel
On 03/30/04 00:08, Morris, Scott wrote:
> Present Configuration OS - Redhat ES 3
> SER - 8.12 (installed from rpm)
> SER radius (installed from rpm)
> radius client - 3.25 i586 -
> installed from rpmfind.net
>
> SER starts, but I receive the message that my signin failed because
> the service is not running. SER is running, I id a ps and it show
> sintances of SER running. I beleive it is my ser.cfg file. I am not
> sure where authhentication configuration items begin and end with what
> I am doing. I am not using mysql, but want to use radius
> authentication. I have my ser.cfg below.
>
>
> *Scott Morris*
> Enterprise Network Engineer
> DOE - ORAU / ORISE
> 865-576-4672
>
>
>
> #
> # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
> #
> # simple quick-start config script
> #
>
> # ----------- global configuration parameters
> ------------------------
>
> #debug=3 # debug level (cmd line: -dddddddddd)
> #fork=yes
> #log_stderror=no # (cmd line: -E)
>
> /* Uncomment these lines to enter debugging mode
> debug=7
> fork=no
> log_stderror=yes
> */
> debug=7
> # fork=no
> # log_stderror=yes
>
>
>
>
> check_via=no # (cmd. line: -v)
> dns=no # (cmd. line: -r)
> rev_dns=no # (cmd. line: -R)
> port=5060
> children=4
> fifo="/tmp/ser_fifo"
> # alias=orau.gov
>
>
> # ------------------ module loading
> ----------------------------------
>
> # Uncomment this if you want to use SQL database
> #loadmodule "/usr/lib/ser/modules/mysql.so"
>
> loadmodule "/usr/lib/ser/modules/sl.so"
> loadmodule "/usr/lib/ser/modules/tm.so"
> loadmodule "/usr/lib/ser/modules/rr.so"
> loadmodule "/usr/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/lib/ser/modules/usrloc.so"
> loadmodule "/usr/lib/ser/modules/registrar.so"
>
> # Uncomment this if you want digest authentication
> # mysql.so must be loaded !
> #loadmodule "/usr/lib/ser/modules/auth.so"
> #loadmodule "/usr/lib/ser/modules/auth_db.so"
> loadmodule "/usr/lib/ser/modules/auth.so"
> loadmodule "/usr/lib/ser/modules/auth_db.so"
> loadmodule "/usr/lib/ser/modules/auth_radius.so"
> # ----------------- setting module-specific parameters
> ---------------
>
> # -- usrloc params --
>
> modparam("usrloc", "db_mode", 0)
>
> # Uncomment this if you want to use SQL database
> # for persistent storage and comment the previous line
> #modparam("usrloc", "db_mode", 2)
>
> # -- auth params --
> # Uncomment if you are using auth module
> #
> modparam("auth_db", "calculate_ha1", yes)
> #
> # If you set "calculate_ha1" parameter to yes (which true in this
> config),
> # uncomment also the following parameter)
> #
> modparam("auth_db", "password_column", "password")
>
> # -- rr params --
> # add value to ;lr param to make some broken UAs happy
> modparam("rr", "enable_full_lr", 1)
>
> # --auth_radius params
> modparam("auth_radius", "radius_config",
> "/etc/radiusclient/radiusclient.conf")
> modparam("auth_radius", "service_type", 15)
> # ------------------------- request routing logic
> -------------------
>
> # main routing logic
>
> route{
>
> # initial sanity checks -- messages with
> # max_forwards==0, or excessively long requests
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> break;
> };
> if ( msg:len > max_len ) {
> sl_send_reply("513", "Message too big");
> break;
> };
>
> # we record-route all messages -- to make sure that
> # subsequent messages will go through our proxy; that's
> # particularly good if upstream and downstream entities
> # use different transport protocol
> record_route();
> # loose-route processing
> if (loose_route()) {
> t_relay();
> break;
> };
>
> # if the request is for other domain use UsrLoc
> # (in case, it does not work, use the following command
> # with proper names and addresses in it)
> if (uri==myself) {
>
> if (method=="REGISTER") {
>
> # Uncomment this if you want to use digest authentication
> if (!radius_www_authorize("iptel.org")) {
> www_challenge("iptel.org", "0");
>
>
> break;
> };
>
>
>
>
> save("location");
> break;
> };
>
> # native SIP destinations are handled using our
> USRLOC DB
> if (!lookup("location")) {
> sl_send_reply("404", "Not Found");
> break;
> };
> };
> # forward to current uri now; use stateful forwarding; that
> # works reliably even if we forward from TCP to UDP
> if (!t_relay()) {
> sl_reply_error();
> };
>
> }
>
>
>-----------------------------------------------------------------------
>-
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
>
More information about the sr-users
mailing list