[Serusers] Radius Authentication help

Jan Janak jan at iptel.org
Mon Sep 20 17:51:40 CEST 2004 

Do you have 192.168.1.119 as the domain in freeradius (because this is
what the user agent uses).
  
  Jan.

On 19-09 11:13, AJ Grinnell wrote:
> Sorry if this is a re-post, I did not see it come through the list in
> the almot 24 hours since I sent it. Could someone please help me with
> this? I am running SER 0.8.14 and
> Freeradius 1.0.0. They are on sperate servers, but I can use
> radiusclient on the SER box and succesfully authenticate a test
> account on the remote radius box. When my sipura spa-200 trys to
> register to SER, SER does not appear to be making a request to radius.
> I have followed the ser-radius how-to, and still no good. Below are my
> configs and debug. Thank you all for the help that you have given me
> in the past and hopefully someone can help with this question.
> 
> Config
> # ----------- global configuration parameters ------------------------
> 
> debug=7         # debug level (cmd line: -dddddddddd)
> #fork=yes
> log_stderror=yes        # (cmd line: -E)
> 
> /* Uncomment these lines to enter debugging mode
> debug=7
> fork=no
> log_stderror=yes
> */
> 
> check_via=no    # (cmd. line: -v)
> dns=no           # (cmd. line: -r)
> rev_dns=no      # (cmd. line: -R)
> port=5060
> children=4
> fifo="/tmp/ser_fifo"
> 
> alias=****************
> alias=*****************
> 
> # ------------------ module loading ----------------------------------
> 
> loadmodule "/usr/local/lib/ser/modules/mysql.so"
> loadmodule "/usr/local/lib/ser/modules/sl.so"
> loadmodule "/usr/local/lib/ser/modules/tm.so"
> loadmodule "/usr/local/lib/ser/modules/rr.so"
> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> loadmodule "/usr/local/lib/ser/modules/registrar.so"
> loadmodule "/usr/local/lib/ser/modules/auth.so"
> loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
> loadmodule "/usr/local/lib/ser/modules/uri_radius.so"
> loadmodule "/usr/local/lib/ser/modules/group_radius.so"
> loadmodule "/usr/local/lib/ser/modules/pa.so"
> loadmodule "/usr/local/lib/ser/modules/nathelper.so"
> loadmodule "/usr/local/lib/ser/modules/msilo.so"
> # ----------------- setting module-specific parameters ---------------
> 
> # -- usrloc params --
> 
> modparam("usrloc", "db_mode", 2)
> modparam("usrloc", "db_url", "sql://ser:*********@***********/ser")
> 
> # -- auth  radius params --
> modparam("auth_radius", "radius_config",
> "/usr/local/etc/radiusclient/radiusclient.conf")
> modparam("auth_radius", "service_type", 15)
> 
> # -- URI radius params --
> modparam("uri_radius", "radius_config",
> "/usr/local/etc/radiusclient/radiusclient.conf")
> modparam("uri_radius", "service_type", 10)
> 
> # -- Group radius params --
> modparam("group_radius", "radius_config",
> "/usr/local/etc/radiusclient/radiusclient.conf")
> modparam("group_radius", "use_domain", 0)
> 
> # -- Presence params --
> modparam("pa", "default_expires", 3600)
> 
> # -- Nathelper params --
> modparam("nathelper", "natping_interval", 10)
> 
> # -- Msilo params --
> modparam("msilo", "db_url", "sql://ser:********@*********/ser")
> modparam("msilo", "db_table", "silo")
> modparam("msilo", "expire_time", 36000)
> modparam("msilo", "check_time", 20)
> modparam("msilo", "clean_period", 3)
> modparam("msilo", "use_contact", 1)
> 
> # -- rr params --
> # add value to ;lr param to make some broken UAs happy
> modparam("rr", "enable_full_lr", 1)
> 
> # -------------------------  request routing logic -------------------
> 
> # main routing logic
> 
> route{
> 
>        # initial sanity checks -- messages with
>        # max_forwards==0, or excessively long requests
>        if (!mf_process_maxfwd_header("10")) {
>                sl_send_reply("483","Too Many Hops");
>                break;
>        };
>        if ( msg:len > max_len ) {
>                sl_send_reply("513", "Message too big");
>                break;
>        };
> 
>        # we record-route all messages -- to make sure that
>        # subsequent messages will go through our proxy; that's
>        # particularly good if upstream and downstream entities
>        # use different transport protocol
>        record_route();
>        # loose-route processing
>        if (loose_route()) {
>                t_relay();
>                break;
>        };
> 
>        # if the request is for other domain use UsrLoc
>        # (in case, it does not work, use the following command
>        # with proper names and addresses in it)
> #       if (uri==myself) {
> 
>                if (method=="REGISTER") {
> 
> # Uncomment this if you want to use digest authentication
>                        if (!radius_www_authorize("")) {
>                                www_challenge("", "0");  # I have also
> tried 1 in place of 0 #
>                        };
> 
>                        save("location");
>                        break;
>                };
> 
>                # native SIP destinations are handled using our USRLOC DB
>                if (!lookup("location")) {
>                        sl_send_reply("404", "Not Found");
>                        break;
>                };
> #       };
>        # forward to current uri now; use stateful forwarding; that
>        # works reliably even if we forward from TCP to UDP
>        if (!t_relay()) {
>                sl_reply_error();
>        };
> 
> }
> 
> SER debug:
> 
>  6(16294) SIP Request:
> 6(16294)  method:  <REGISTER>
> 6(16294)  uri:     <sip:192.168.1.119>
> 6(16294)  version: <SIP/2.0>
> 6(16294) parse_headers: flags=1
> 6(16294) Found param type 232, <branch> = <z9hG4bK-5579ff0b>; state=16
> 6(16294) end of header reached, state=5
> 6(16294) parse_headers: Via found, flags=1
> 6(16294) parse_headers: this is the first via
> 6(16294) After parse_msg...
> 6(16294) preparing to run routing scripts...
> 6(16294) DEBUG : is_maxfwd_present: searching for max_forwards header
> 6(16294) parse_headers: flags=128
> 6(16294) end of header reached, state=9
> 6(16294) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test at 192.168.1.119]
> 6(16294) DEBUG: to body [test <sip:test at 192.168.1.119>
> ]
> 6(16294) get_hdr_field: cseq <CSeq>: <170> <REGISTER>
> 6(16294) DEBUG: is_maxfwd_present: value = 70
> 6(16294) DEBUG: add_param: tag=79b50153b98e6976
> 6(16294) end of header reached, state=29
> 6(16294) parse_headers: flags=256
> 6(16294) DEBUG: get_hdr_body : content_length=0
> 6(16294) found end of header
> 6(16294) find_first_route(): No Route headers found
> 6(16294) loose_route(): There is no Route HF
> 6(16294) check_nonce(): comparing
> [414c90ab7f933a6b3c06a4bbbca22ce39fbf8012] and
> [414c90ab7f933a6b3c06a4bbbca22ce39fbf8012]
> 10(16299) MSILO:clean_silo: cleaning stored messages - 20
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list