[Serusers] Radius Authentication help

AJ Grinnell ajgrinnell at gmail.com
Sun Sep 19 17:13:43 CEST 2004


Sorry if this is a re-post, I did not see it come through the list in
the almot 24 hours since I sent it. Could someone please help me with
this? I am running SER 0.8.14 and
Freeradius 1.0.0. They are on sperate servers, but I can use
radiusclient on the SER box and succesfully authenticate a test
account on the remote radius box. When my sipura spa-200 trys to
register to SER, SER does not appear to be making a request to radius.
I have followed the ser-radius how-to, and still no good. Below are my
configs and debug. Thank you all for the help that you have given me
in the past and hopefully someone can help with this question.

Config
# ----------- global configuration parameters ------------------------

debug=7         # debug level (cmd line: -dddddddddd)
#fork=yes
log_stderror=yes        # (cmd line: -E)

/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/

check_via=no    # (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"

alias=****************
alias=*****************

# ------------------ module loading ----------------------------------

loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
loadmodule "/usr/local/lib/ser/modules/uri_radius.so"
loadmodule "/usr/local/lib/ser/modules/group_radius.so"
loadmodule "/usr/local/lib/ser/modules/pa.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/msilo.so"
# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

modparam("usrloc", "db_mode", 2)
modparam("usrloc", "db_url", "sql://ser:*********@***********/ser")

# -- auth  radius params --
modparam("auth_radius", "radius_config",
"/usr/local/etc/radiusclient/radiusclient.conf")
modparam("auth_radius", "service_type", 15)

# -- URI radius params --
modparam("uri_radius", "radius_config",
"/usr/local/etc/radiusclient/radiusclient.conf")
modparam("uri_radius", "service_type", 10)

# -- Group radius params --
modparam("group_radius", "radius_config",
"/usr/local/etc/radiusclient/radiusclient.conf")
modparam("group_radius", "use_domain", 0)

# -- Presence params --
modparam("pa", "default_expires", 3600)

# -- Nathelper params --
modparam("nathelper", "natping_interval", 10)

# -- Msilo params --
modparam("msilo", "db_url", "sql://ser:********@*********/ser")
modparam("msilo", "db_table", "silo")
modparam("msilo", "expire_time", 36000)
modparam("msilo", "check_time", 20)
modparam("msilo", "clean_period", 3)
modparam("msilo", "use_contact", 1)

# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)

# -------------------------  request routing logic -------------------

# main routing logic

route{

       # initial sanity checks -- messages with
       # max_forwards==0, or excessively long requests
       if (!mf_process_maxfwd_header("10")) {
               sl_send_reply("483","Too Many Hops");
               break;
       };
       if ( msg:len > max_len ) {
               sl_send_reply("513", "Message too big");
               break;
       };

       # we record-route all messages -- to make sure that
       # subsequent messages will go through our proxy; that's
       # particularly good if upstream and downstream entities
       # use different transport protocol
       record_route();
       # loose-route processing
       if (loose_route()) {
               t_relay();
               break;
       };

       # if the request is for other domain use UsrLoc
       # (in case, it does not work, use the following command
       # with proper names and addresses in it)
#       if (uri==myself) {

               if (method=="REGISTER") {

# Uncomment this if you want to use digest authentication
                       if (!radius_www_authorize("")) {
                               www_challenge("", "0");  # I have also
tried 1 in place of 0 #
                       };

                       save("location");
                       break;
               };

               # native SIP destinations are handled using our USRLOC DB
               if (!lookup("location")) {
                       sl_send_reply("404", "Not Found");
                       break;
               };
#       };
       # forward to current uri now; use stateful forwarding; that
       # works reliably even if we forward from TCP to UDP
       if (!t_relay()) {
               sl_reply_error();
       };

}

SER debug:

 6(16294) SIP Request:
6(16294)  method:  <REGISTER>
6(16294)  uri:     <sip:192.168.1.119>
6(16294)  version: <SIP/2.0>
6(16294) parse_headers: flags=1
6(16294) Found param type 232, <branch> = <z9hG4bK-5579ff0b>; state=16
6(16294) end of header reached, state=5
6(16294) parse_headers: Via found, flags=1
6(16294) parse_headers: this is the first via
6(16294) After parse_msg...
6(16294) preparing to run routing scripts...
6(16294) DEBUG : is_maxfwd_present: searching for max_forwards header
6(16294) parse_headers: flags=128
6(16294) end of header reached, state=9
6(16294) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test at 192.168.1.119]
6(16294) DEBUG: to body [test <sip:test at 192.168.1.119>
]
6(16294) get_hdr_field: cseq <CSeq>: <170> <REGISTER>
6(16294) DEBUG: is_maxfwd_present: value = 70
6(16294) DEBUG: add_param: tag=79b50153b98e6976
6(16294) end of header reached, state=29
6(16294) parse_headers: flags=256
6(16294) DEBUG: get_hdr_body : content_length=0
6(16294) found end of header
6(16294) find_first_route(): No Route headers found
6(16294) loose_route(): There is no Route HF
6(16294) check_nonce(): comparing
[414c90ab7f933a6b3c06a4bbbca22ce39fbf8012] and
[414c90ab7f933a6b3c06a4bbbca22ce39fbf8012]
10(16299) MSILO:clean_silo: cleaning stored messages - 20




More information about the sr-users mailing list