[Serusers] Radius Authentication help
Zeus Ng
zeus.ng at isquare.com.au
Wed Sep 22 02:16:11 CEST 2004
Are you using radiusclient-ng? Did you compile both SER and radiusclient-ng
from source. If not, try to do so.
Zeus
> -----Original Message-----
> From: serusers-bounces at lists.iptel.org
> [mailto:serusers-bounces at lists.iptel.org] On Behalf Of AJ Grinnell
> Sent: Wednesday, 22 September 2004 7:34 AM
> To: AJ Grinnell; serusers at lists.iptel.org
> Subject: Re: [Serusers] Radius Authentication help
>
>
> Anyone have any ideas on this?
>
>
> On Mon, 20 Sep 2004 15:28:56 -0400, AJ Grinnell
> <ajgrinnell at gmail.com> wrote:
> > Here is the confg part that I am using for authentication.
> >
> > # (in case, it does not work, use the following command
> > # with proper names and addresses in it)
> > if (uri==myself) {
> >
> > if (method=="REGISTER") {
> >
> > # Uncomment this if you want to use digest authentication
> > if
> (!radius_www_authorize('192.168.1.119')) {
> > www_challenge('192.168.1.119', "1");
> > };
> >
> > save("location");
> > break;
> > };
> >
> > Using Ethereal, I am getting SIP response 401 Unauthorized with the
> > current config, and 407 Proxy Authentication Required when using
> > radius_proxy_authorize. Here is the log from using the
> above config...
> >
> > 8(26234) check_via_address(192.168.1.122, 192.168.1.122, 0)
> > 8(26234) DEBUG:destroy_avp_list: destroing list (nil)
> > 8(26234) receive_msg: cleaning up
> > 8(26234) SIP Request:
> > 8(26234) method: <REGISTER>
> > 8(26234) uri: <sip:192.168.1.119>
> > 8(26234) version: <SIP/2.0>
> > 8(26234) parse_headers: flags=1
> > 8(26234) Found param type 232, <branch> =
> <z9hG4bK-d1cbf2f>; state=16
> > 8(26234) end of header reached, state=5
> > 8(26234) parse_headers: Via found, flags=1
> > 8(26234) parse_headers: this is the first via
> > 8(26234) After parse_msg...
> > 8(26234) preparing to run routing scripts...
> > 8(26234) DEBUG : is_maxfwd_present: searching for
> max_forwards header
> > 8(26234) parse_headers: flags=128
> > 8(26234) end of header reached, state=9
> > 8(26234) DEBUG: get_hdr_field: <To> [31];
> > uri=[sip:test at 192.168.1.119]
> > 8(26234) DEBUG: to body [test <sip:test at 192.168.1.119>
> > ]
> > 8(26234) get_hdr_field: cseq <CSeq>: <222> <REGISTER>
> > 8(26234) DEBUG: is_maxfwd_present: value = 70
> > 8(26234) DEBUG: add_param: tag=b6d95f3126a0bea
> > 8(26234) end of header reached, state=29
> > 8(26234) parse_headers: flags=256
> > 8(26234) DEBUG: get_hdr_body : content_length=0
> > 8(26234) found end of header
> > 8(26234) find_first_route(): No Route headers found
> > 8(26234) loose_route(): There is no Route HF
> > 8(26234) check_self - checking if host==us: 13==9 &&
> [192.168.1.119]
> > == [127.0.0.1]
> > 8(26234) check_self - checking if port 5060 matches port 5060
> > 8(26234) check_self - checking if host==us: 13==13 &&
> > [192.168.1.119] == [192.168.1.119]
> > 8(26234) check_self - checking if port 5060 matches port 5060
> > 8(26234) check_nonce(): comparing
> > [414f2f30f649651c070ccbebd1e0fa25d84f8844] and
> > [414f2f30f649651c070ccbebd1e0fa25d84f8844]
> > 7(26233) res: 1
> > 7(26233) radius_authorize_sterman(): Failure
> > 7(26233) build_auth_hf(): 'WWW-Authenticate: Digest
> > realm="192.168.1.119",
> > nonce="414f303e9ba6002a4a6a52ef0193f6e4a78a9724", qop="auth"
> > '
> > 7(26233) parse_headers: flags=-1
> > 7(26233) check_via_address(192.168.1.122, 192.168.1.122, 0)
> > 7(26233) DEBUG:destroy_avp_list: destroing list (nil)
> > 7(26233) receive_msg: cleaning up
> > 7(26233) SIP Request:
> > 7(26233) method: <REGISTER>
> > 7(26233) uri: <sip:192.168.1.119>
> > 7(26233) version: <SIP/2.0>
> > 7(26233) parse_headers: flags=1
> > 7(26233) Found param type 232, <branch> =
> <z9hG4bK-d1cbf2f>; state=16
> > 7(26233) end of header reached, state=5
> > 7(26233) parse_headers: Via found, flags=1
> > 7(26233) parse_headers: this is the first via
> > 7(26233) After parse_msg...
> > 7(26233) preparing to run routing scripts...
> > 7(26233) DEBUG : is_maxfwd_present: searching for
> max_forwards header
> > 7(26233) parse_headers: flags=128
> > 7(26233) end of header reached, state=9
> > 7(26233) DEBUG: get_hdr_field: <To> [31];
> uri=[sip:test at 192.168.1.119]
> > 7(26233) DEBUG: to body [test <sip:test at 192.168.1.119>
> > ]
> > 7(26233) get_hdr_field: cseq <CSeq>: <222> <REGISTER>
> > 7(26233) DEBUG: is_maxfwd_present: value = 70
> > 7(26233) DEBUG: add_param: tag=b6d95f3126a0bea
> > 7(26233) end of header reached, state=29
> > 7(26233) parse_headers: flags=256
> > 7(26233) DEBUG: get_hdr_body : content_length=0
> > 7(26233) found end of header
> > 7(26233) find_first_route(): No Route headers found
> > 7(26233) loose_route(): There is no Route HF
> > 7(26233) check_self - checking if host==us: 13==9 &&
> [192.168.1.119]
> > == [127.0.0.1]
> > 7(26233) check_self - checking if port 5060 matches port 5060
> > 7(26233) check_self - checking if host==us: 13==13 &&
> > [192.168.1.119] == [192.168.1.119]
> > 7(26233) check_self - checking if port 5060 matches port 5060
> > 7(26233) check_nonce(): comparing
> > [414f2f30f649651c070ccbebd1e0fa25d84f8844] and
> > [414f2f30f649651c070ccbebd1e0fa25d84f8844]
> > 5(26231) res: 1
> > 5(26231) radius_authorize_sterman(): Failure
> > 5(26231) build_auth_hf(): 'WWW-Authenticate: Digest
> > realm="192.168.1.119",
> > nonce="414f303fbc908446eba362c1478e67eb0c4d8ea1", qop="auth"
> > '
> > 5(26231) parse_headers: flags=-1
> > 5(26231) check_via_address(192.168.1.122, 192.168.1.122, 0)
> > 5(26231) DEBUG:destroy_avp_list: destroing list (nil)
> > 5(26231) receive_msg: cleaning up
> > 5(26231) SIP Request:
> > 5(26231) method: <REGISTER>
> > 5(26231) uri: <sip:192.168.1.119>
> > 5(26231) version: <SIP/2.0>
> > 5(26231) parse_headers: flags=1
> > 5(26231) Found param type 232, <branch> =
> <z9hG4bK-d1cbf2f>; state=16
> > 5(26231) end of header reached, state=5
> > 5(26231) parse_headers: Via found, flags=1
> > 5(26231) parse_headers: this is the first via
> > 5(26231) After parse_msg...
> > 5(26231) preparing to run routing scripts...
> > 5(26231) DEBUG : is_maxfwd_present: searching for
> max_forwards header
> > 5(26231) parse_headers: flags=128
> > 5(26231) end of header reached, state=9
> > 5(26231) DEBUG: get_hdr_field: <To> [31];
> uri=[sip:test at 192.168.1.119]
> > 5(26231) DEBUG: to body [test <sip:test at 192.168.1.119>
> > ]
> > 5(26231) get_hdr_field: cseq <CSeq>: <222> <REGISTER>
> > 5(26231) DEBUG: is_maxfwd_present: value = 70
> > 5(26231) DEBUG: add_param: tag=b6d95f3126a0bea
> > 5(26231) end of header reached, state=29
> > 5(26231) parse_headers: flags=256
> > 5(26231) DEBUG: get_hdr_body : content_length=0
> > 5(26231) found end of header
> > 5(26231) find_first_route(): No Route headers found
> > 5(26231) loose_route(): There is no Route HF
> > 5(26231) check_self - checking if host==us: 13==9 &&
> [192.168.1.119]
> > == [127.0.0.1]
> > 5(26231) check_self - checking if port 5060 matches port 5060
> > 5(26231) check_self - checking if host==us: 13==13 &&
> > [192.168.1.119] == [192.168.1.119]
> > 5(26231) check_self - checking if port 5060 matches port 5060
> > 5(26231) check_nonce(): comparing
> > [414f2f30f649651c070ccbebd1e0fa25d84f8844] and
> > [414f2f30f649651c070ccbebd1e0fa25d84f8844]
> > 10(26236) MSILO:clean_silo: cleaning stored messages - 280
> > 6(26232) res: 1
> > 6(26232) radius_authorize_sterman(): Failure
> > 6(26232) build_auth_hf(): 'WWW-Authenticate: Digest
> > realm="192.168.1.119",
> > nonce="414f3041a86f22554568df6d3889f6c6d1b005a0", qop="auth"
> > '
> > 6(26232) parse_headers: flags=-1
> > 6(26232) check_via_address(192.168.1.122, 192.168.1.122, 0)
> > 6(26232) DEBUG:destroy_avp_list: destroing list (nil)
> > 6(26232) receive_msg: cleaning up
> > 6(26232) SIP Request:
> > 6(26232) method: <REGISTER>
> > 6(26232) uri: <sip:192.168.1.119>
> > 6(26232) version: <SIP/2.0>
> > 6(26232) parse_headers: flags=1
> > 6(26232) Found param type 232, <branch> =
> <z9hG4bK-d1cbf2f>; state=16
> > 6(26232) end of header reached, state=5
> > 6(26232) parse_headers: Via found, flags=1
> > 6(26232) parse_headers: this is the first via
> > 6(26232) After parse_msg...
> > 6(26232) preparing to run routing scripts...
> > 6(26232) DEBUG : is_maxfwd_present: searching for
> max_forwards header
> > 6(26232) parse_headers: flags=128
> > 6(26232) end of header reached, state=9
> > 6(26232) DEBUG: get_hdr_field: <To> [31];
> uri=[sip:test at 192.168.1.119]
> > 6(26232) DEBUG: to body [test <sip:test at 192.168.1.119>
> > ]
> > 6(26232) get_hdr_field: cseq <CSeq>: <222> <REGISTER>
> > 6(26232) DEBUG: is_maxfwd_present: value = 70
> > 6(26232) DEBUG: add_param: tag=b6d95f3126a0bea
> > 6(26232) end of header reached, state=29
> > 6(26232) parse_headers: flags=256
> > 6(26232) DEBUG: get_hdr_body : content_length=0
> > 6(26232) found end of header
> > 6(26232) find_first_route(): No Route headers found
> > 6(26232) loose_route(): There is no Route HF
> > 6(26232) check_self - checking if host==us: 13==9 &&
> [192.168.1.119]
> > == [127.0.0.1]
> > 6(26232) check_self - checking if port 5060 matches port 5060
> > 6(26232) check_self - checking if host==us: 13==13 &&
> > [192.168.1.119] == [192.168.1.119]
> > 6(26232) check_self - checking if port 5060 matches port 5060
> > 6(26232) check_nonce(): comparing
> > [414f2f30f649651c070ccbebd1e0fa25d84f8844] and
> > [414f2f30f649651c070ccbebd1e0fa25d84f8844]
> > 10(26236) MSILO:clean_silo: cleaning stored messages - 300
> > 10(26236) MSILO:clean_silo: cleaning expired messages
> > 10(26236) MSILO:clean_silo: cleaning stored messages - 320
> > ./serctl stop
> >
> > Thank you for your help
> >
> >
> > On Mon, 20 Sep 2004 20:16:14 +0200, Jan Janak <jan at iptel.org> wrote:
> > > Please send me the full log of ser, there are missing
> some lines in
> > > the
> >
> >
> > > log below. SIP messages would be good as well.
> > >
> > > Jan.
> > >
> >
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
>
More information about the sr-users
mailing list