[Serusers] radius auth, can't login with a linksys pap2-na
Simone Cittadini
mymailforlists at gmail.com
Mon Aug 8 14:26:20 CEST 2005
I can't have the lines of a linksys pap authenticate on ser, but only if
the backend is radius,
seems it doesn't like the
uri: <sip:172.18.1.12>
part of the SIP request, with Xlite that part reads
uri: <sip:2klab.net>
and radius authenticates ok.
with a mysql backend for auth both uri authenticates well, so I think
I'm missing something in radius configuration.
(I've followed the RADIUS_howto on iptel.org)
from ser.cfg :
if (uri==myself) {
if (method=="REGISTER") {
if (!radius_www_authorize("2klab.net")) {
www_challenge("2klab.net", "0");
break;
};
save("location");
break;
};
lookup("aliases");
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
This is the log for a succesful register with mysql auth backend :
6(1885) SIP Request:
6(1885) method: <REGISTER>
6(1885) uri: <sip:172.18.1.12>
6(1885) version: <SIP/2.0>
6(1885) parse_headers: flags=1
6(1885) Found param type 232, <branch> = <z9hG4bK-1741b415>; state=16
6(1885) end of header reached, state=5
6(1885) parse_headers: Via found, flags=1
6(1885) parse_headers: this is the first via
6(1885) After parse_msg...
6(1885) preparing to run routing scripts...
6(1885) parse_headers: flags=128
6(1885) end of header reached, state=9
6(1885) DEBUG: get_hdr_field: <To> [29]; uri=[sip:2002 at 172.18.1.12]
6(1885) DEBUG: to body [2002 <sip:2002 at 172.18.1.12>
6(1885) get_hdr_field: cseq <CSeq>: <2> <REGISTER>
6(1885) DEBUG:maxfwd:is_maxfwd_present: value = 70
6(1885) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
6(1885) grep_sock_info - checking if host==us: 11==11 && [172.18.1.12]
== [172.18.1.12]
6(1885) grep_sock_info - checking if port 5060 matches port 5060
6(1885) parse_headers: flags=4096
6(1885) check_nonce(): comparing
[42f6ef654b9c6efc04d7e468746d818f8e1633ab] and
[42f6ef654b9c6efc04d7e468746d818f8e1633ab]
6(1885) HA1 string calculated: 9b7a9697157ad673ed341c1aca7c12c5
6(1885) check_response(): Our result = '1f77523c69a80ae921d5e05d8a5e0fcd'
6(1885) check_response(): Authorization is OK
6(1885) save_rpid(): rpid value is ''
6(1885) parse_headers: flags=-1
6(1885) DEBUG: get_hdr_body : content_length=0
6(1885) found end of header
6(1885) parse_headers: flags=33554432
6(1885) build_contact(): Created Contact HF: Contact:
<sip:2002 at 172.18.1.13:5061>;expires=3600
6(1885) parse_headers: flags=-1
6(1885) check_via_address(172.18.1.13, 172.18.1.13, 0)
6(1885) DEBUG:destroy_avp_list: destroying list (nil)
6(1885) receive_msg: cleaning up
And this one for an unsuccesful register from the same pap client, but
radius backend :
9(2042) SIP Request:
9(2042) method: <REGISTER>
9(2042) uri: <sip:172.18.1.12>
9(2042) version: <SIP/2.0>
9(2042) parse_headers: flags=1
9(2042) Found param type 232, <branch> = <z9hG4bK-80868dab>; state=16
9(2042) end of header reached, state=5
9(2042) parse_headers: Via found, flags=1
9(2042) parse_headers: this is the first via
9(2042) After parse_msg...
9(2042) preparing to run routing scripts...
9(2042) parse_headers: flags=128
9(2042) end of header reached, state=9
9(2042) DEBUG: get_hdr_field: <To> [29]; uri=[sip:2002 at 172.18.1.12]
9(2042) DEBUG: to body [2002 <sip:2002 at 172.18.1.12>
9(2042) get_hdr_field: cseq <CSeq>: <3> <REGISTER>
9(2042) DEBUG:maxfwd:is_maxfwd_present: value = 70
9(2042) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
9(2042) grep_sock_info - checking if host==us: 11==11 && [172.18.1.12]
== [172.18.1.12]
9(2042) grep_sock_info - checking if port 5060 matches port 5060
9(2042) parse_headers: flags=4096
9(2042) check_nonce(): comparing
[42f6f2f3e9dd51cad68be2927d5863727cd3798a] and
[42f6f2f3e9dd51cad68be2927d5863727cd3798a]
9(2042) authorize(): Credentials realm and URI host do not match
9(2042) build_auth_hf(): 'WWW-Authenticate: Digest realm="2klab.net",
nonce="42f6f2f3e9dd51cad68be2927d5863727cd3798a"
9(2042) parse_headers: flags=-1
9(2042) DEBUG: get_hdr_body : content_length=0
9(2042) found end of header
9(2042) check_via_address(172.18.1.13, 172.18.1.13, 0)
9(2042) DEBUG:destroy_avp_list: destroying list (nil)
9(2042) receive_msg: cleaning up
seems Xlite sends my domain as uri, and radius likes it :
4(2034) SIP Request:
4(2034) method: <REGISTER>
4(2034) uri: <sip:2klab.net>
4(2034) version: <SIP/2.0>
4(2034) parse_headers: flags=1
4(2034) Found param type 235, <rport> = <n/a>; state=6
4(2034) Found param type 232, <branch> =
<z9hG4bK461FD1B046D3D5FB1FE0012188DF1BB8>; state=16
4(2034) end of header reached, state=5
4(2034) parse_headers: Via found, flags=1
4(2034) parse_headers: this is the first via
4(2034) After parse_msg...
4(2034) preparing to run routing scripts...
4(2034) parse_headers: flags=128
4(2034) end of header reached, state=9
4(2034) DEBUG: get_hdr_field: <To> [29]; uri=[sip:user1 at 2klab.net]
4(2034) DEBUG: to body [user1 <sip:user1 at 2klab.net>
4(2034) get_hdr_field: cseq <CSeq>: <2352> <REGISTER>
4(2034) DEBUG:maxfwd:is_maxfwd_present: value = 70
4(2034) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
4(2034) grep_sock_info - checking if host==us: 9==11 && [2klab.net] ==
[172.18.1.12]
4(2034) grep_sock_info - checking if port 5060 matches port 5060
4(2034) grep_sock_info - checking if host==us: 9==11 && [2klab.net] ==
[172.18.1.12]
4(2034) grep_sock_info - checking if port 5060 matches port 5060
4(2034) check_nonce(): comparing
[42f6f204483c60785f0ffd667859ed55b34fad23] and
[42f6f204483c60785f0ffd667859ed55b34fad23]
4(2034) radius_authorize_sterman(): Success
4(2034) save_rpid(): rpid value is ''
4(2034) parse_headers: flags=-1
4(2034) DEBUG: get_hdr_body : content_length=0
4(2034) found end of header
4(2034) parse_headers: flags=33554432
4(2034) build_contact(): Created Contact HF: Contact:
<sip:user1 at 172.18.1.10:5060>;expires=1800
4(2034) parse_headers: flags=-1
4(2034) check_via_address(172.18.1.10, 172.18.1.10, 0)
4(2034) DEBUG:destroy_avp_list: destroying list (nil)
4(2034) receive_msg: cleaning up
More information about the sr-users
mailing list