[Serusers] Register authentication with ser.

Greger V. Teigre greger at teigre.com
Thu Apr 14 08:38:42 CEST 2005 

Alex,
If that's all the debug output you got, ser has just sent the challenge to 
yuor client, but it never answers. It's only on the answer to the challenge 
that the request is sent to RADIUS.
g-)

Alex wrote:
> I am running freeradius on the same host.
> authserver  localhost
> acctserver  localhost
>
> the secret is correct.
> I checked the radius configuration with radclient (radclient -f digest
> localhost auth <secret>) and it's working fine, i see the process in
> the logs.
> but it's like the the ser not talking to the radius. (BTW i tried to
> change the localhost in radiusclient.conf to my ip address of the NIC
> - and it's the same nothing happens in the radius when the register
> request coming)
>
> here some debug maybe it can help.
> ----------------------------------------------------------
> 14(1036) parse_headers: flags=-1
> 14(1036) check_via_address(62.219.158.191, 62.219.158.191, 1)
> 14(1036) DEBUG:destroy_avp_list: destroing list (nil)
> 14(1036) receive_msg: cleaning up
> 9(1012) SIP Request:
> 9(1012)  method:  <REGISTER>
> 9(1012)  uri:     <sip:xxx.xxx.xxx.xxx>
> 9(1012)  version: <SIP/2.0>
> 9(1012) parse_headers: flags=1
> 9(1012) Found param type 232, <branch> = <z9hG4bKfc5751413c832e6d>;
> state=16
> 9(1012) end of header reached, state=5
> 9(1012) parse_headers: Via found, flags=1
> 9(1012) parse_headers: this is the first via
> 9(1012) After parse_msg...
> 9(1012) preparing to run routing scripts...
> 9(1012) REGISTER: Authenticating user
> 9(1012) parse_headers: flags=4
> 9(1012) end of header reached, state=9
> 9(1012) DEBUG: get_hdr_field: <To> [45];
> uri=[sip:phonenumber at xxx.xxx.xxx.xxx;user=phone]
> 9(1012) DEBUG: to body [<sip:phonenumber at xxx.xxx.xxx.xxx;user=phone>
> ]
>
> 9(1012) parse_headers: flags=4096
> 9(1012) get_hdr_field: cseq <CSeq>: <103> <REGISTER>
> 9(1012) DEBUG: get_hdr_body : content_length=0
> 9(1012) found end of header
> 9(1012) pre_auth(): Credentials with given realm not found
> 9(1012) REGISTER: challenging user
> 9(1012) build_auth_hf(): 'WWW-Authenticate: Digest
> realm="xxx.xxx.xxx.xxx",
> nonce="425e063022afc1142ed6730d46da41692ff3ed57"
>
> Thanks for any help.
>
>
> On 4/14/05, Rod Bacon <rod.bacon at empoweredcomms.com.au> wrote:
>> Double-check all your RADIUS config files. Make sure that your
>> authserver and accserver are set correctly in the radiusclient.conf
>> (especially if the RADIUS server is on a different machine). Also
>> check the server.conf in radiusclient-ng and clients.conf in
>> freeredius to make sure that server/client definitions (including
>> shared key) are correct. The thing that got me (I run RADIUS on a
>> different server) was the bindaddr parameter in radiusclient.conf.
>> By default, it only sends RADIUS packets via localhost (127.0.0.1).
>> I had to set this paramater to the IP address of my NIC.
>>
>>
>> ----- Original Message -----
>> From: "Alex" <alexandergav at gmail.com>
>> To: <serusers at lists.iptel.org>
>> Sent: Thursday, April 14, 2005 3:16 PM
>> Subject: [Serusers] Register authentication with ser.
>>
>> Hi all
>>
>> I need a little help with that.
>> I have installation of ser-0.8.14 and freeradius1.02.
>>
>> I am checking my register requests with ngrep and it's coming on port
>> 5060 with no problem. The problem is authentication, I can't
>> authenticate users through radius, freeradius working properly i
>> checked that with radiusclient, but the register request is not going
>> through authentication in the radius.( I don't see anything happens
>> in
>> the radius logs)
>>
>> If there any way to debug the ser ( i have debug=9 inside ser.cfg).
>> In order to see what's happening when the request is coming, and if
>> it's
>> going to the radius or not.
>>
>> ser.cfg
>> -----------------------------------
>> loadmodule "/usr/local/lib/ser/modules/auth.so"
>> loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
>> --------------------
>> modparamd"auth_radius",
>> "radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
>> modparam("auth_radius", "service_type", 15)
>> ----------------------
>>
>> if (method=="REGISTER") {
>>                log(1, "REGISTER: Authenticating user\n");
>>                if (!radius_www_authorize("")) {
>>                        log(1, "REGISTER: challenging user\n");
>>                        www_challenge("", "0");
>>                        break;
>>                };
>>                        setflag(1);
>>                        save("location");
>>                        sl_send_reply("200","ok");
>>                        break;
>>                };
>>
>> ------------------------
>>
>> Thanks for any help.
>>
>> _______________________________________________
>> Serusers mailing list
>> serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
>>
>> _______________________________________________
>> Serusers mailing list
>> serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
>>
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list