[Serusers] Register authentication with ser.

Alex alexandergav at gmail.com
Thu Apr 14 08:23:08 CEST 2005 

I am running freeradius on the same host. 
authserver  localhost
acctserver  localhost

the secret is correct.
I checked the radius configuration with radclient (radclient -f digest
localhost auth <secret>) and it's working fine, i see the process in
the logs.
but it's like the the ser not talking to the radius. (BTW i tried to
change the localhost in radiusclient.conf to my ip address of the NIC
- and it's the same nothing happens in the radius when the register
request coming)

here some debug maybe it can help.
----------------------------------------------------------
14(1036) parse_headers: flags=-1
14(1036) check_via_address(62.219.158.191, 62.219.158.191, 1)
14(1036) DEBUG:destroy_avp_list: destroing list (nil)
14(1036) receive_msg: cleaning up
9(1012) SIP Request:
9(1012)  method:  <REGISTER>
9(1012)  uri:     <sip:xxx.xxx.xxx.xxx>
9(1012)  version: <SIP/2.0>
9(1012) parse_headers: flags=1
9(1012) Found param type 232, <branch> = <z9hG4bKfc5751413c832e6d>; 
state=16
9(1012) end of header reached, state=5
9(1012) parse_headers: Via found, flags=1
9(1012) parse_headers: this is the first via
9(1012) After parse_msg...
9(1012) preparing to run routing scripts...
9(1012) REGISTER: Authenticating user
9(1012) parse_headers: flags=4
9(1012) end of header reached, state=9
9(1012) DEBUG: get_hdr_field: <To> [45];
uri=[sip:phonenumber at xxx.xxx.xxx.xxx;user=phone]
9(1012) DEBUG: to body [<sip:phonenumber at xxx.xxx.xxx.xxx;user=phone>
]

9(1012) parse_headers: flags=4096
9(1012) get_hdr_field: cseq <CSeq>: <103> <REGISTER>
9(1012) DEBUG: get_hdr_body : content_length=0
9(1012) found end of header
9(1012) pre_auth(): Credentials with given realm not found
9(1012) REGISTER: challenging user
9(1012) build_auth_hf(): 'WWW-Authenticate: Digest
realm="xxx.xxx.xxx.xxx",
nonce="425e063022afc1142ed6730d46da41692ff3ed57"

Thanks for any help.


On 4/14/05, Rod Bacon <rod.bacon at empoweredcomms.com.au> wrote:
> Double-check all your RADIUS config files. Make sure that your authserver
> and accserver are set correctly in the radiusclient.conf (especially if the
> RADIUS server is on a different machine). Also check the server.conf in
> radiusclient-ng and clients.conf in freeredius to make sure that
> server/client definitions (including shared key) are correct. The thing that
> got me (I run RADIUS on a different server) was the bindaddr parameter in
> radiusclient.conf. By default, it only sends RADIUS packets via localhost
> (127.0.0.1). I had to set this paramater to the IP address of my NIC.
> 
> 
> ----- Original Message -----
> From: "Alex" <alexandergav at gmail.com>
> To: <serusers at lists.iptel.org>
> Sent: Thursday, April 14, 2005 3:16 PM
> Subject: [Serusers] Register authentication with ser.
> 
> Hi all
> 
> I need a little help with that.
> I have installation of ser-0.8.14 and freeradius1.02.
> 
> I am checking my register requests with ngrep and it's coming on port
> 5060 with no problem. The problem is authentication, I can't
> authenticate users through radius, freeradius working properly i
> checked that with radiusclient, but the register request is not going
> through authentication in the radius.( I don't see anything happens in
> the radius logs)
> 
> If there any way to debug the ser ( i have debug=9 inside ser.cfg). In
> order to see what's happening when the request is coming, and if it's
> going to the radius or not.
> 
> ser.cfg
> -----------------------------------
> loadmodule "/usr/local/lib/ser/modules/auth.so"
> loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
> --------------------
> modparamd"auth_radius",
> "radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
> modparam("auth_radius", "service_type", 15)
> ----------------------
> 
> if (method=="REGISTER") {
>                log(1, "REGISTER: Authenticating user\n");
>                if (!radius_www_authorize("")) {
>                        log(1, "REGISTER: challenging user\n");
>                        www_challenge("", "0");
>                        break;
>                };
>                        setflag(1);
>                        save("location");
>                        sl_send_reply("200","ok");
>                        break;
>                };
> 
> ------------------------
> 
> Thanks for any help.
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>

More information about the sr-users mailing list