[Serusers] Radius Authentication help

AJ Grinnell ajgrinnell at gmail.com
Mon Sep 20 21:28:56 CEST 2004 

Here is the confg part that I am using for authentication.  

    # (in case, it does not work, use the following command
        # with proper names and addresses in it)
        if (uri==myself) {

                if (method=="REGISTER") {

# Uncomment this if you want to use digest authentication
                        if (!radius_www_authorize('192.168.1.119')) {
                                www_challenge('192.168.1.119', "1");
                        };

                        save("location");
                        break;
                };


Using Ethereal, I am getting SIP response 401 Unauthorized with the
current config, and 407 Proxy Authentication Required when using
radius_proxy_authorize. Here is the log from using the above config...

8(26234) check_via_address(192.168.1.122, 192.168.1.122, 0)
 8(26234) DEBUG:destroy_avp_list: destroing list (nil)
 8(26234) receive_msg: cleaning up
 8(26234) SIP Request:
 8(26234)  method:  <REGISTER>
 8(26234)  uri:     <sip:192.168.1.119>
 8(26234)  version: <SIP/2.0>
 8(26234) parse_headers: flags=1
 8(26234) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16
 8(26234) end of header reached, state=5
 8(26234) parse_headers: Via found, flags=1
 8(26234) parse_headers: this is the first via
 8(26234) After parse_msg...
 8(26234) preparing to run routing scripts...
 8(26234) DEBUG : is_maxfwd_present: searching for max_forwards header
 8(26234) parse_headers: flags=128
 8(26234) end of header reached, state=9
 8(26234) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test at 192.168.1.119]
 8(26234) DEBUG: to body [test <sip:test at 192.168.1.119>
]
 8(26234) get_hdr_field: cseq <CSeq>: <222> <REGISTER>
 8(26234) DEBUG: is_maxfwd_present: value = 70
 8(26234) DEBUG: add_param: tag=b6d95f3126a0bea
 8(26234) end of header reached, state=29
 8(26234) parse_headers: flags=256
 8(26234) DEBUG: get_hdr_body : content_length=0
 8(26234) found end of header
 8(26234) find_first_route(): No Route headers found
 8(26234) loose_route(): There is no Route HF
 8(26234) check_self - checking if host==us: 13==9 &&  [192.168.1.119]
== [127.0.0.1]
 8(26234) check_self - checking if port 5060 matches port 5060
 8(26234) check_self - checking if host==us: 13==13 && 
[192.168.1.119] == [192.168.1.119]
 8(26234) check_self - checking if port 5060 matches port 5060
 8(26234) check_nonce(): comparing
[414f2f30f649651c070ccbebd1e0fa25d84f8844] and
[414f2f30f649651c070ccbebd1e0fa25d84f8844]
 7(26233) res: 1
 7(26233) radius_authorize_sterman(): Failure
 7(26233) build_auth_hf(): 'WWW-Authenticate: Digest
realm="192.168.1.119",
nonce="414f303e9ba6002a4a6a52ef0193f6e4a78a9724", qop="auth"
'
 7(26233) parse_headers: flags=-1
 7(26233) check_via_address(192.168.1.122, 192.168.1.122, 0)
 7(26233) DEBUG:destroy_avp_list: destroing list (nil)
 7(26233) receive_msg: cleaning up
 7(26233) SIP Request:
 7(26233)  method:  <REGISTER>
 7(26233)  uri:     <sip:192.168.1.119>
 7(26233)  version: <SIP/2.0>
 7(26233) parse_headers: flags=1
 7(26233) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16
 7(26233) end of header reached, state=5
 7(26233) parse_headers: Via found, flags=1
 7(26233) parse_headers: this is the first via
 7(26233) After parse_msg...
 7(26233) preparing to run routing scripts...
 7(26233) DEBUG : is_maxfwd_present: searching for max_forwards header
 7(26233) parse_headers: flags=128
 7(26233) end of header reached, state=9
 7(26233) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test at 192.168.1.119]
 7(26233) DEBUG: to body [test <sip:test at 192.168.1.119>
]
 7(26233) get_hdr_field: cseq <CSeq>: <222> <REGISTER>
 7(26233) DEBUG: is_maxfwd_present: value = 70
 7(26233) DEBUG: add_param: tag=b6d95f3126a0bea
 7(26233) end of header reached, state=29
 7(26233) parse_headers: flags=256
 7(26233) DEBUG: get_hdr_body : content_length=0
 7(26233) found end of header
 7(26233) find_first_route(): No Route headers found
 7(26233) loose_route(): There is no Route HF
 7(26233) check_self - checking if host==us: 13==9 &&  [192.168.1.119]
== [127.0.0.1]
 7(26233) check_self - checking if port 5060 matches port 5060
 7(26233) check_self - checking if host==us: 13==13 && 
[192.168.1.119] == [192.168.1.119]
 7(26233) check_self - checking if port 5060 matches port 5060
 7(26233) check_nonce(): comparing
[414f2f30f649651c070ccbebd1e0fa25d84f8844] and
[414f2f30f649651c070ccbebd1e0fa25d84f8844]
 5(26231) res: 1
 5(26231) radius_authorize_sterman(): Failure
 5(26231) build_auth_hf(): 'WWW-Authenticate: Digest
realm="192.168.1.119",
nonce="414f303fbc908446eba362c1478e67eb0c4d8ea1", qop="auth"
'
 5(26231) parse_headers: flags=-1
 5(26231) check_via_address(192.168.1.122, 192.168.1.122, 0)
 5(26231) DEBUG:destroy_avp_list: destroing list (nil)
 5(26231) receive_msg: cleaning up
 5(26231) SIP Request:
 5(26231)  method:  <REGISTER>
 5(26231)  uri:     <sip:192.168.1.119>
 5(26231)  version: <SIP/2.0>
 5(26231) parse_headers: flags=1
 5(26231) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16
 5(26231) end of header reached, state=5
 5(26231) parse_headers: Via found, flags=1
 5(26231) parse_headers: this is the first via
 5(26231) After parse_msg...
 5(26231) preparing to run routing scripts...
 5(26231) DEBUG : is_maxfwd_present: searching for max_forwards header
 5(26231) parse_headers: flags=128
 5(26231) end of header reached, state=9
 5(26231) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test at 192.168.1.119]
 5(26231) DEBUG: to body [test <sip:test at 192.168.1.119>
]
 5(26231) get_hdr_field: cseq <CSeq>: <222> <REGISTER>
 5(26231) DEBUG: is_maxfwd_present: value = 70
 5(26231) DEBUG: add_param: tag=b6d95f3126a0bea
 5(26231) end of header reached, state=29
 5(26231) parse_headers: flags=256
 5(26231) DEBUG: get_hdr_body : content_length=0
 5(26231) found end of header
 5(26231) find_first_route(): No Route headers found
 5(26231) loose_route(): There is no Route HF
 5(26231) check_self - checking if host==us: 13==9 &&  [192.168.1.119]
== [127.0.0.1]
 5(26231) check_self - checking if port 5060 matches port 5060
 5(26231) check_self - checking if host==us: 13==13 && 
[192.168.1.119] == [192.168.1.119]
 5(26231) check_self - checking if port 5060 matches port 5060
 5(26231) check_nonce(): comparing
[414f2f30f649651c070ccbebd1e0fa25d84f8844] and
[414f2f30f649651c070ccbebd1e0fa25d84f8844]
10(26236) MSILO:clean_silo: cleaning stored messages - 280
 6(26232) res: 1
 6(26232) radius_authorize_sterman(): Failure
 6(26232) build_auth_hf(): 'WWW-Authenticate: Digest
realm="192.168.1.119",
nonce="414f3041a86f22554568df6d3889f6c6d1b005a0", qop="auth"
'
 6(26232) parse_headers: flags=-1
 6(26232) check_via_address(192.168.1.122, 192.168.1.122, 0)
 6(26232) DEBUG:destroy_avp_list: destroing list (nil)
 6(26232) receive_msg: cleaning up
 6(26232) SIP Request:
 6(26232)  method:  <REGISTER>
 6(26232)  uri:     <sip:192.168.1.119>
 6(26232)  version: <SIP/2.0>
 6(26232) parse_headers: flags=1
 6(26232) Found param type 232, <branch> = <z9hG4bK-d1cbf2f>; state=16
 6(26232) end of header reached, state=5
 6(26232) parse_headers: Via found, flags=1
 6(26232) parse_headers: this is the first via
 6(26232) After parse_msg...
 6(26232) preparing to run routing scripts...
 6(26232) DEBUG : is_maxfwd_present: searching for max_forwards header
 6(26232) parse_headers: flags=128
 6(26232) end of header reached, state=9
 6(26232) DEBUG: get_hdr_field: <To> [31]; uri=[sip:test at 192.168.1.119]
 6(26232) DEBUG: to body [test <sip:test at 192.168.1.119>
]
 6(26232) get_hdr_field: cseq <CSeq>: <222> <REGISTER>
 6(26232) DEBUG: is_maxfwd_present: value = 70
 6(26232) DEBUG: add_param: tag=b6d95f3126a0bea
 6(26232) end of header reached, state=29
 6(26232) parse_headers: flags=256
 6(26232) DEBUG: get_hdr_body : content_length=0
 6(26232) found end of header
 6(26232) find_first_route(): No Route headers found
 6(26232) loose_route(): There is no Route HF
 6(26232) check_self - checking if host==us: 13==9 &&  [192.168.1.119]
== [127.0.0.1]
 6(26232) check_self - checking if port 5060 matches port 5060
 6(26232) check_self - checking if host==us: 13==13 && 
[192.168.1.119] == [192.168.1.119]
 6(26232) check_self - checking if port 5060 matches port 5060
 6(26232) check_nonce(): comparing
[414f2f30f649651c070ccbebd1e0fa25d84f8844] and
[414f2f30f649651c070ccbebd1e0fa25d84f8844]
10(26236) MSILO:clean_silo: cleaning stored messages - 300
10(26236) MSILO:clean_silo: cleaning expired messages
10(26236) MSILO:clean_silo: cleaning stored messages - 320
./serctl stop


Thank you for your help



On Mon, 20 Sep 2004 20:16:14 +0200, Jan Janak <jan at iptel.org> wrote:
> Please send me the full log of ser, there are missing some lines in the
> log below. SIP messages would be good as well.
> 
>  Jan.
>

More information about the sr-users mailing list