[Serusers] Radius Authentication help
Jan Janak
jan at iptel.org
Mon Oct 4 03:03:18 CEST 2004
All I can say from the log below is that the freeradius did not
authorize the credentials, make sure that you have correct password and
that the radius server is configured properly.
Jan.
On 21-09 17:33, AJ Grinnell wrote:
> Anyone have any ideas on this?
>
>
> On Mon, 20 Sep 2004 15:28:56 -0400, AJ Grinnell <ajgrinnell at gmail.com> wrote:
> > Here is the confg part that I am using for authentication.
> >
> > # (in case, it does not work, use the following command
> > # with proper names and addresses in it)
> > if (uri==myself) {
> >
> > if (method=="REGISTER") {
> >
> > # Uncomment this if you want to use digest authentication
> > if (!radius_www_authorize('192.168.1.119')) {
> > www_challenge('192.168.1.119', "1");
> > };
> >
> > save("location");
> > break;
> > };
> >
> > Using Ethereal, I am getting SIP response 401 Unauthorized with the
> > current config, and 407 Proxy Authentication Required when using
> > radius_proxy_authorize. Here is the log from using the above config...
> >
> > 8(26234) check_via_address(192.168.1.122, 192.168.1.122, 0)
> > 8(26234) DEBUG:destroy_avp_list: destroing list (nil)
> > 8(26234) receive_msg: cleaning up
> > 8(26234) SIP Request:
> > 8(26234) method: <REGISTER>
> > 8(26234) uri: <sip:192.168.1.119>
> > 8(26234) version: <SIP/2.0>
> > 8(26234) parse_headers: flags=1
> > 8(26234) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16
> > 8(26234) end of header reached, state=5
> > 8(26234) parse_headers: Via found, flags=1
> > 8(26234) parse_headers: this is the first via
> > 8(26234) After parse_msg...
> > 8(26234) preparing to run routing scripts...
> > 8(26234) DEBUG : is_maxfwd_present: searching for max_forwards header
> > 8(26234) parse_headers: flags=128
> > 8(26234) end of header reached, state=9
> > 8(26234) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test at 192.168.1.119]
> > 8(26234) DEBUG: to body [test <sip:test at 192.168.1.119>
> > ]
> > 8(26234) get_hdr_field: cseq <CSeq>: <222> <REGISTER>
> > 8(26234) DEBUG: is_maxfwd_present: value = 70
> > 8(26234) DEBUG: add_param: tag=b6d95f3126a0bea
> > 8(26234) end of header reached, state=29
> > 8(26234) parse_headers: flags=256
> > 8(26234) DEBUG: get_hdr_body : content_length=0
> > 8(26234) found end of header
> > 8(26234) find_first_route(): No Route headers found
> > 8(26234) loose_route(): There is no Route HF
> > 8(26234) check_self - checking if host==us: 13==9 && [192.168.1.119]
> > == [127.0.0.1]
> > 8(26234) check_self - checking if port 5060 matches port 5060
> > 8(26234) check_self - checking if host==us: 13==13 &&
> > [192.168.1.119] == [192.168.1.119]
> > 8(26234) check_self - checking if port 5060 matches port 5060
> > 8(26234) check_nonce(): comparing
> > [414f2f30f649651c070ccbebd1e0fa25d84f8844] and
> > [414f2f30f649651c070ccbebd1e0fa25d84f8844]
> > 7(26233) res: 1
> > 7(26233) radius_authorize_sterman(): Failure
> > 7(26233) build_auth_hf(): 'WWW-Authenticate: Digest
> > realm="192.168.1.119",
> > nonce="414f303e9ba6002a4a6a52ef0193f6e4a78a9724", qop="auth"
> > '
> > 7(26233) parse_headers: flags=-1
> > 7(26233) check_via_address(192.168.1.122, 192.168.1.122, 0)
> > 7(26233) DEBUG:destroy_avp_list: destroing list (nil)
> > 7(26233) receive_msg: cleaning up
> > 7(26233) SIP Request:
> > 7(26233) method: <REGISTER>
> > 7(26233) uri: <sip:192.168.1.119>
> > 7(26233) version: <SIP/2.0>
> > 7(26233) parse_headers: flags=1
> > 7(26233) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16
> > 7(26233) end of header reached, state=5
> > 7(26233) parse_headers: Via found, flags=1
> > 7(26233) parse_headers: this is the first via
> > 7(26233) After parse_msg...
> > 7(26233) preparing to run routing scripts...
> > 7(26233) DEBUG : is_maxfwd_present: searching for max_forwards header
> > 7(26233) parse_headers: flags=128
> > 7(26233) end of header reached, state=9
> > 7(26233) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test at 192.168.1.119]
> > 7(26233) DEBUG: to body [test <sip:test at 192.168.1.119>
> > ]
> > 7(26233) get_hdr_field: cseq <CSeq>: <222> <REGISTER>
> > 7(26233) DEBUG: is_maxfwd_present: value = 70
> > 7(26233) DEBUG: add_param: tag=b6d95f3126a0bea
> > 7(26233) end of header reached, state=29
> > 7(26233) parse_headers: flags=256
> > 7(26233) DEBUG: get_hdr_body : content_length=0
> > 7(26233) found end of header
> > 7(26233) find_first_route(): No Route headers found
> > 7(26233) loose_route(): There is no Route HF
> > 7(26233) check_self - checking if host==us: 13==9 && [192.168.1.119]
> > == [127.0.0.1]
> > 7(26233) check_self - checking if port 5060 matches port 5060
> > 7(26233) check_self - checking if host==us: 13==13 &&
> > [192.168.1.119] == [192.168.1.119]
> > 7(26233) check_self - checking if port 5060 matches port 5060
> > 7(26233) check_nonce(): comparing
> > [414f2f30f649651c070ccbebd1e0fa25d84f8844] and
> > [414f2f30f649651c070ccbebd1e0fa25d84f8844]
> > 5(26231) res: 1
> > 5(26231) radius_authorize_sterman(): Failure
> > 5(26231) build_auth_hf(): 'WWW-Authenticate: Digest
> > realm="192.168.1.119",
> > nonce="414f303fbc908446eba362c1478e67eb0c4d8ea1", qop="auth"
> > '
> > 5(26231) parse_headers: flags=-1
> > 5(26231) check_via_address(192.168.1.122, 192.168.1.122, 0)
> > 5(26231) DEBUG:destroy_avp_list: destroing list (nil)
> > 5(26231) receive_msg: cleaning up
> > 5(26231) SIP Request:
> > 5(26231) method: <REGISTER>
> > 5(26231) uri: <sip:192.168.1.119>
> > 5(26231) version: <SIP/2.0>
> > 5(26231) parse_headers: flags=1
> > 5(26231) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16
> > 5(26231) end of header reached, state=5
> > 5(26231) parse_headers: Via found, flags=1
> > 5(26231) parse_headers: this is the first via
> > 5(26231) After parse_msg...
> > 5(26231) preparing to run routing scripts...
> > 5(26231) DEBUG : is_maxfwd_present: searching for max_forwards header
> > 5(26231) parse_headers: flags=128
> > 5(26231) end of header reached, state=9
> > 5(26231) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test at 192.168.1.119]
> > 5(26231) DEBUG: to body [test <sip:test at 192.168.1.119>
> > ]
> > 5(26231) get_hdr_field: cseq <CSeq>: <222> <REGISTER>
> > 5(26231) DEBUG: is_maxfwd_present: value = 70
> > 5(26231) DEBUG: add_param: tag=b6d95f3126a0bea
> > 5(26231) end of header reached, state=29
> > 5(26231) parse_headers: flags=256
> > 5(26231) DEBUG: get_hdr_body : content_length=0
> > 5(26231) found end of header
> > 5(26231) find_first_route(): No Route headers found
> > 5(26231) loose_route(): There is no Route HF
> > 5(26231) check_self - checking if host==us: 13==9 && [192.168.1.119]
> > == [127.0.0.1]
> > 5(26231) check_self - checking if port 5060 matches port 5060
> > 5(26231) check_self - checking if host==us: 13==13 &&
> > [192.168.1.119] == [192.168.1.119]
> > 5(26231) check_self - checking if port 5060 matches port 5060
> > 5(26231) check_nonce(): comparing
> > [414f2f30f649651c070ccbebd1e0fa25d84f8844] and
> > [414f2f30f649651c070ccbebd1e0fa25d84f8844]
> > 10(26236) MSILO:clean_silo: cleaning stored messages - 280
> > 6(26232) res: 1
> > 6(26232) radius_authorize_sterman(): Failure
> > 6(26232) build_auth_hf(): 'WWW-Authenticate: Digest
> > realm="192.168.1.119",
> > nonce="414f3041a86f22554568df6d3889f6c6d1b005a0", qop="auth"
> > '
> > 6(26232) parse_headers: flags=-1
> > 6(26232) check_via_address(192.168.1.122, 192.168.1.122, 0)
> > 6(26232) DEBUG:destroy_avp_list: destroing list (nil)
> > 6(26232) receive_msg: cleaning up
> > 6(26232) SIP Request:
> > 6(26232) method: <REGISTER>
> > 6(26232) uri: <sip:192.168.1.119>
> > 6(26232) version: <SIP/2.0>
> > 6(26232) parse_headers: flags=1
> > 6(26232) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16
> > 6(26232) end of header reached, state=5
> > 6(26232) parse_headers: Via found, flags=1
> > 6(26232) parse_headers: this is the first via
> > 6(26232) After parse_msg...
> > 6(26232) preparing to run routing scripts...
> > 6(26232) DEBUG : is_maxfwd_present: searching for max_forwards header
> > 6(26232) parse_headers: flags=128
> > 6(26232) end of header reached, state=9
> > 6(26232) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test at 192.168.1.119]
> > 6(26232) DEBUG: to body [test <sip:test at 192.168.1.119>
> > ]
> > 6(26232) get_hdr_field: cseq <CSeq>: <222> <REGISTER>
> > 6(26232) DEBUG: is_maxfwd_present: value = 70
> > 6(26232) DEBUG: add_param: tag=b6d95f3126a0bea
> > 6(26232) end of header reached, state=29
> > 6(26232) parse_headers: flags=256
> > 6(26232) DEBUG: get_hdr_body : content_length=0
> > 6(26232) found end of header
> > 6(26232) find_first_route(): No Route headers found
> > 6(26232) loose_route(): There is no Route HF
> > 6(26232) check_self - checking if host==us: 13==9 && [192.168.1.119]
> > == [127.0.0.1]
> > 6(26232) check_self - checking if port 5060 matches port 5060
> > 6(26232) check_self - checking if host==us: 13==13 &&
> > [192.168.1.119] == [192.168.1.119]
> > 6(26232) check_self - checking if port 5060 matches port 5060
> > 6(26232) check_nonce(): comparing
> > [414f2f30f649651c070ccbebd1e0fa25d84f8844] and
> > [414f2f30f649651c070ccbebd1e0fa25d84f8844]
> > 10(26236) MSILO:clean_silo: cleaning stored messages - 300
> > 10(26236) MSILO:clean_silo: cleaning expired messages
> > 10(26236) MSILO:clean_silo: cleaning stored messages - 320
> > ./serctl stop
> >
> > Thank you for your help
> >
> >
> > On Mon, 20 Sep 2004 20:16:14 +0200, Jan Janak <jan at iptel.org> wrote:
> > > Please send me the full log of ser, there are missing some lines in the
> >
> >
> > > log below. SIP messages would be good as well.
> > >
> > > Jan.
> > >
> >
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list