[Serusers] Radius Authentication help
Jan Janak
jan at iptel.org
Mon Sep 20 20:15:21 CEST 2004
This is the IP of the server, so it does not really matter from where
does the user agent access the server. I would recommend you to use the
domain name instead.
Jan.
On 20-09 12:08, AJ Grinnell wrote:
> I guess this is the big confusion that I have to get past. The UAs
> will be hitting SER from all over different IP blocks and subnets. Do
> I need to re-write the source? I am sorry, this is probly very basic,
> but I am not understanding it right now.
>
>
> On Mon, 20 Sep 2004 17:51:40 +0200, Jan Janak <jan at iptel.org> wrote:
> > Do you have 192.168.1.119 as the domain in freeradius (because this is
> > what the user agent uses).
> >
> > Jan.
> >
> >
> >
> > On 19-09 11:13, AJ Grinnell wrote:
> > > Sorry if this is a re-post, I did not see it come through the list in
> > > the almot 24 hours since I sent it. Could someone please help me with
> > > this? I am running SER 0.8.14 and
> > > Freeradius 1.0.0. They are on sperate servers, but I can use
> > > radiusclient on the SER box and succesfully authenticate a test
> > > account on the remote radius box. When my sipura spa-200 trys to
> > > register to SER, SER does not appear to be making a request to radius.
> > > I have followed the ser-radius how-to, and still no good. Below are my
> > > configs and debug. Thank you all for the help that you have given me
> > > in the past and hopefully someone can help with this question.
> > >
> > > Config
> > > # ----------- global configuration parameters ------------------------
> > >
> > > debug=7 # debug level (cmd line: -dddddddddd)
> > > #fork=yes
> > > log_stderror=yes # (cmd line: -E)
> > >
> > > /* Uncomment these lines to enter debugging mode
> > > debug=7
> > > fork=no
> > > log_stderror=yes
> > > */
> > >
> > > check_via=no # (cmd. line: -v)
> > > dns=no # (cmd. line: -r)
> > > rev_dns=no # (cmd. line: -R)
> > > port=5060
> > > children=4
> > > fifo="/tmp/ser_fifo"
> > >
> > > alias=****************
> > > alias=*****************
> > >
> > > # ------------------ module loading ----------------------------------
> > >
> > > loadmodule "/usr/local/lib/ser/modules/mysql.so"
> > > loadmodule "/usr/local/lib/ser/modules/sl.so"
> > > loadmodule "/usr/local/lib/ser/modules/tm.so"
> > > loadmodule "/usr/local/lib/ser/modules/rr.so"
> > > loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> > > loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> > > loadmodule "/usr/local/lib/ser/modules/registrar.so"
> > > loadmodule "/usr/local/lib/ser/modules/auth.so"
> > > loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
> > > loadmodule "/usr/local/lib/ser/modules/uri_radius.so"
> > > loadmodule "/usr/local/lib/ser/modules/group_radius.so"
> > > loadmodule "/usr/local/lib/ser/modules/pa.so"
> > > loadmodule "/usr/local/lib/ser/modules/nathelper.so"
> > > loadmodule "/usr/local/lib/ser/modules/msilo.so"
> > > # ----------------- setting module-specific parameters ---------------
> > >
> > > # -- usrloc params --
> > >
> > > modparam("usrloc", "db_mode", 2)
> > > modparam("usrloc", "db_url", "sql://ser:*********@***********/ser")
> > >
> > > # -- auth radius params --
> > > modparam("auth_radius", "radius_config",
> > > "/usr/local/etc/radiusclient/radiusclient.conf")
> > > modparam("auth_radius", "service_type", 15)
> > >
> > > # -- URI radius params --
> > > modparam("uri_radius", "radius_config",
> > > "/usr/local/etc/radiusclient/radiusclient.conf")
> > > modparam("uri_radius", "service_type", 10)
> > >
> > > # -- Group radius params --
> > > modparam("group_radius", "radius_config",
> > > "/usr/local/etc/radiusclient/radiusclient.conf")
> > > modparam("group_radius", "use_domain", 0)
> > >
> > > # -- Presence params --
> > > modparam("pa", "default_expires", 3600)
> > >
> > > # -- Nathelper params --
> > > modparam("nathelper", "natping_interval", 10)
> > >
> > > # -- Msilo params --
> > > modparam("msilo", "db_url", "sql://ser:********@*********/ser")
> > > modparam("msilo", "db_table", "silo")
> > > modparam("msilo", "expire_time", 36000)
> > > modparam("msilo", "check_time", 20)
> > > modparam("msilo", "clean_period", 3)
> > > modparam("msilo", "use_contact", 1)
> > >
> > > # -- rr params --
> > > # add value to ;lr param to make some broken UAs happy
> > > modparam("rr", "enable_full_lr", 1)
> > >
> > > # ------------------------- request routing logic -------------------
> > >
> > > # main routing logic
> > >
> > > route{
> > >
> > > # initial sanity checks -- messages with
> > > # max_forwards==0, or excessively long requests
> > > if (!mf_process_maxfwd_header("10")) {
> > > sl_send_reply("483","Too Many Hops");
> > > break;
> > > };
> > > if ( msg:len > max_len ) {
> > > sl_send_reply("513", "Message too big");
> > > break;
> > > };
> > >
> > > # we record-route all messages -- to make sure that
> > > # subsequent messages will go through our proxy; that's
> > > # particularly good if upstream and downstream entities
> > > # use different transport protocol
> > > record_route();
> > > # loose-route processing
> > > if (loose_route()) {
> > > t_relay();
> > > break;
> > > };
> > >
> > > # if the request is for other domain use UsrLoc
> > > # (in case, it does not work, use the following command
> > > # with proper names and addresses in it)
> > > # if (uri==myself) {
> > >
> > > if (method=="REGISTER") {
> > >
> > > # Uncomment this if you want to use digest authentication
> > > if (!radius_www_authorize("")) {
> > > www_challenge("", "0"); # I have also
> > > tried 1 in place of 0 #
> > > };
> > >
> > > save("location");
> > > break;
> > > };
> > >
> > > # native SIP destinations are handled using our USRLOC DB
> > > if (!lookup("location")) {
> > > sl_send_reply("404", "Not Found");
> > > break;
> > > };
> > > # };
> > > # forward to current uri now; use stateful forwarding; that
> > > # works reliably even if we forward from TCP to UDP
> > > if (!t_relay()) {
> > > sl_reply_error();
> > > };
> > >
> > > }
> > >
> > > SER debug:
> > >
> > > 6(16294) SIP Request:
> > > 6(16294) method: <REGISTER>
> > > 6(16294) uri: <sip:192.168.1.119>
> > > 6(16294) version: <SIP/2.0>
> > > 6(16294) parse_headers: flags=1
> > > 6(16294) Found param type 232, <branch> = <z9hG4bK-5579ff0b>; state=16
> > > 6(16294) end of header reached, state=5
> > > 6(16294) parse_headers: Via found, flags=1
> > > 6(16294) parse_headers: this is the first via
> > > 6(16294) After parse_msg...
> > > 6(16294) preparing to run routing scripts...
> > > 6(16294) DEBUG : is_maxfwd_present: searching for max_forwards header
> > > 6(16294) parse_headers: flags=128
> > > 6(16294) end of header reached, state=9
> > > 6(16294) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test at 192.168.1.119]
> > > 6(16294) DEBUG: to body [test <sip:test at 192.168.1.119>
> > > ]
> > > 6(16294) get_hdr_field: cseq <CSeq>: <170> <REGISTER>
> > > 6(16294) DEBUG: is_maxfwd_present: value = 70
> > > 6(16294) DEBUG: add_param: tag=79b50153b98e6976
> > > 6(16294) end of header reached, state=29
> > > 6(16294) parse_headers: flags=256
> > > 6(16294) DEBUG: get_hdr_body : content_length=0
> > > 6(16294) found end of header
> > > 6(16294) find_first_route(): No Route headers found
> > > 6(16294) loose_route(): There is no Route HF
> > > 6(16294) check_nonce(): comparing
> > > [414c90ab7f933a6b3c06a4bbbca22ce39fbf8012] and
> > > [414c90ab7f933a6b3c06a4bbbca22ce39fbf8012]
> > > 10(16299) MSILO:clean_silo: cleaning stored messages - 20
> > >
> > > _______________________________________________
> > > Serusers mailing list
> > > serusers at lists.iptel.org
> > > http://lists.iptel.org/mailman/listinfo/serusers
> >
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list