[Serusers] Register authentication with ser.

Alex alexandergav at gmail.com
Thu Apr 14 08:51:02 CEST 2005 

you wrote:
Also check the server.conf in
radiusclient-ng

i didn't install radiusclient-ng , i have the radiusclient-4.8  so i
checked the radiusclient.conf and the servers files, and it's seems to
be ok.
inside servers :

localhost                 testing123
myip                       testing123

so it's should be ok .

here is complete package in the debug mode:
----------------------------------------------------------------
11(1423) SIP Request:
11(1423)  method:  <REGISTER>
11(1423)  uri:     <sip:xxx.xxx.xxx.xxx>
11(1423)  version: <SIP/2.0>
11(1423) parse_headers: flags=1
11(1423) Found param type 232, <branch> = <z9hG4bK27c3a8b5c5f359db>; state=16
11(1423) end of header reached, state=5
11(1423) parse_headers: Via found, flags=1
11(1423) parse_headers: this is the first via
11(1423) After parse_msg...
11(1423) preparing to run routing scripts...
11(1423) REGISTER: Authenticating user
11(1423) parse_headers: flags=4
11(1423) end of header reached, state=9
11(1423) DEBUG: get_hdr_field: <To> [45];
uri=[sip:phone at xxx.xxx.xxx.xxx;user=phone]
11(1423) DEBUG: to body [<sip:phone at xxx.xxx.xxx.xxx;user=phone>
]
11(1423) parse_headers: flags=4096
11(1423) get_hdr_field: cseq <CSeq>: <103> <REGISTER>
11(1423) DEBUG: get_hdr_body : content_length=0
11(1423) found end of header
11(1423) pre_auth(): Credentials with given realm not found
11(1423) REGISTER: challenging user
11(1423) build_auth_hf(): 'WWW-Authenticate: Digest
realm="xxx.xxx.xxx.xxx",
nonce="425e12fd95d65923d13f0b1524cae6f6347f53c4"
'
11(1423) parse_headers: flags=-1
11(1423) check_via_address(62.219.158.191, 62.219.158.191, 1)
11(1423) DEBUG:destroy_avp_list: destroing list (nil)
11(1423) receive_msg: cleaning up

On 4/14/05, Greger V. Teigre <greger at teigre.com> wrote:
> Alex,
> If that's all the debug output you got, ser has just sent the challenge to
> yuor client, but it never answers. It's only on the answer to the challenge
> that the request is sent to RADIUS.
> g-)
> 
> Alex wrote:
> > I am running freeradius on the same host.
> > authserver  localhost
> > acctserver  localhost
> >
> > the secret is correct.
> > I checked the radius configuration with radclient (radclient -f digest
> > localhost auth <secret>) and it's working fine, i see the process in
> > the logs.
> > but it's like the the ser not talking to the radius. (BTW i tried to
> > change the localhost in radiusclient.conf to my ip address of the NIC
> > - and it's the same nothing happens in the radius when the register
> > request coming)
> >
> > here some debug maybe it can help.
> > ----------------------------------------------------------
> > 14(1036) parse_headers: flags=-1
> > 14(1036) check_via_address(62.219.158.191, 62.219.158.191, 1)
> > 14(1036) DEBUG:destroy_avp_list: destroing list (nil)
> > 14(1036) receive_msg: cleaning up
> > 9(1012) SIP Request:
> > 9(1012)  method:  <REGISTER>
> > 9(1012)  uri:     <sip:xxx.xxx.xxx.xxx>
> > 9(1012)  version: <SIP/2.0>
> > 9(1012) parse_headers: flags=1
> > 9(1012) Found param type 232, <branch> = <z9hG4bKfc5751413c832e6d>;
> > state=16
> > 9(1012) end of header reached, state=5
> > 9(1012) parse_headers: Via found, flags=1
> > 9(1012) parse_headers: this is the first via
> > 9(1012) After parse_msg...
> > 9(1012) preparing to run routing scripts...
> > 9(1012) REGISTER: Authenticating user
> > 9(1012) parse_headers: flags=4
> > 9(1012) end of header reached, state=9
> > 9(1012) DEBUG: get_hdr_field: <To> [45];
> > uri=[sip:phonenumber at xxx.xxx.xxx.xxx;user=phone]
> > 9(1012) DEBUG: to body [<sip:phonenumber at xxx.xxx.xxx.xxx;user=phone>
> > ]
> >
> > 9(1012) parse_headers: flags=4096
> > 9(1012) get_hdr_field: cseq <CSeq>: <103> <REGISTER>
> > 9(1012) DEBUG: get_hdr_body : content_length=0
> > 9(1012) found end of header
> > 9(1012) pre_auth(): Credentials with given realm not found
> > 9(1012) REGISTER: challenging user
> > 9(1012) build_auth_hf(): 'WWW-Authenticate: Digest
> > realm="xxx.xxx.xxx.xxx",
> > nonce="425e063022afc1142ed6730d46da41692ff3ed57"
> >
> > Thanks for any help.
> >
> >
> > On 4/14/05, Rod Bacon <rod.bacon at empoweredcomms.com.au> wrote:
> >> Double-check all your RADIUS config files. Make sure that your
> >> authserver and accserver are set correctly in the radiusclient.conf
> >> (especially if the RADIUS server is on a different machine). Also
> >> check the server.conf in radiusclient-ng and clients.conf in
> >> freeredius to make sure that server/client definitions (including
> >> shared key) are correct. The thing that got me (I run RADIUS on a
> >> different server) was the bindaddr parameter in radiusclient.conf.
> >> By default, it only sends RADIUS packets via localhost (127.0.0.1).
> >> I had to set this paramater to the IP address of my NIC.
> >>
> >>
> >> ----- Original Message -----
> >> From: "Alex" <alexandergav at gmail.com>
> >> To: <serusers at lists.iptel.org>
> >> Sent: Thursday, April 14, 2005 3:16 PM
> >> Subject: [Serusers] Register authentication with ser.
> >>
> >> Hi all
> >>
> >> I need a little help with that.
> >> I have installation of ser-0.8.14 and freeradius1.02.
> >>
> >> I am checking my register requests with ngrep and it's coming on port
> >> 5060 with no problem. The problem is authentication, I can't
> >> authenticate users through radius, freeradius working properly i
> >> checked that with radiusclient, but the register request is not going
> >> through authentication in the radius.( I don't see anything happens
> >> in
> >> the radius logs)
> >>
> >> If there any way to debug the ser ( i have debug=9 inside ser.cfg).
> >> In order to see what's happening when the request is coming, and if
> >> it's
> >> going to the radius or not.
> >>
> >> ser.cfg
> >> -----------------------------------
> >> loadmodule "/usr/local/lib/ser/modules/auth.so"
> >> loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
> >> --------------------
> >> modparamd"auth_radius",
> >> "radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
> >> modparam("auth_radius", "service_type", 15)
> >> ----------------------
> >>
> >> if (method=="REGISTER") {
> >>                log(1, "REGISTER: Authenticating user\n");
> >>                if (!radius_www_authorize("")) {
> >>                        log(1, "REGISTER: challenging user\n");
> >>                        www_challenge("", "0");
> >>                        break;
> >>                };
> >>                        setflag(1);
> >>                        save("location");
> >>                        sl_send_reply("200","ok");
> >>                        break;
> >>                };
> >>
> >> ------------------------
> >>
> >> Thanks for any help.
> >>
> >> _______________________________________________
> >> Serusers mailing list
> >> serusers at lists.iptel.org
> >> http://lists.iptel.org/mailman/listinfo/serusers
> >>
> >> _______________________________________________
> >> Serusers mailing list
> >> serusers at lists.iptel.org
> >> http://lists.iptel.org/mailman/listinfo/serusers
> >>
> >
> > _______________________________________________
> > Serusers mailing list
> > serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
> 
>

More information about the sr-users mailing list