[Serusers] SER and NavisRadius not working
Greger V. Teigre
greger at teigre.com
Thu May 12 10:09:39 CEST 2005
This seems to be a NavisRadius problem. You should ask on a list for that software.
However, this:
<plugin.AuthHttpDigest.checkDigest> FAILURE -- No check.password
tells you that the radius server cannot find a password that can be used with the AuthHttpDigest algorithm. How you set it, I don't know for NavisRadius.
g-)
---- Original Message ----
From: davor jovanovic
To: serusers at lists.iptel.org
Sent: Wednesday, May 11, 2005 02:25 PM
Subject: [Serusers] SER and NavisRadius not working
> Hi all,
>
> I'm trying to configure SER 0.8.14 to use authentication with
> NavisRadius 4.5.0.
> On my X-Lite (X-Lite v2.0 Build 1103m) client I'm getting "Login
> Failed! Contact Network Admin."
>
> I'm getting following message from NavisRadius. Why? => Reply-Message
> = "No check.password"
>
> I would be very grateful if someone could look at my ser.cfg and
> output from NavisRadius.
>
> Best regards
>
> *****************************************************************************
> This is what I get on RADIUS server (different from SER machine)
>
> Client:
> Client-Class = "#default"
> Nas_Port_Normalization = off
> Radius_Remove_Trailing_Nul = TRUE
> Radius_Append_Trailing_Nul = FALSE
> Auto_Remove_Check_Items = TRUE
> Check_Authenticators = TRUE
> Session_Time_From_Time_Of_Day = FALSE
> Radius_Charset = "UTF8"
> Client-Class = "video"
> Client-Dictionary = "draft_ietf_radext_digest_auth_01"
> **** dictionary of radiusclient on SER machine is adjusted to
> dictionary of RADIUS, and RADIUS can recognize attributes - except if
> I MUST run sterman_aaa_sip_00 on NavisRadius???? I attached
> dictionary in radiusclient to this message ****
> Client-Secret = <hidden>
>
> Request:
> User-Name = "djovanov.srce"
> Digest-Username = "djovanov.srce"
> Digest-Realm = "srce.hr"
> Digest-Nonce = "427b5aa983df858da94c50d1f8132a69e3e703ad"
> Digest-URI = "sip:srce.hr"
> Digest-Method = "REGISTER"
> Digest-Response = "ca6202fe55c51501295a9bc6ab325420"
> Service-Type = IAPP-Register
> Anonymous = v0-a208-646A6F76616E6F7669632E73726365
> **** RADIUS doesn't recognize code 208, which is Sip-Uri-User ****
> ****Am I missing Digest-Algorithm? Why SER doesn't send this
> attribute?****
> NAS-IP-Address = 161.53.0.131
> NAS-Port = 5060
>
> Packet:
> Client-Name = "161.53.0.131"
> Packet-Type = Access-Request
> Packet-Identifier = 213
> Packet-Length = 197
> Packet-Authenticator = 2B25D6D4934B930EB21F8E1B6AEFFE50
> Source-Address = 161.53.0.131
> Source-Port = 33159
> Destination-Address = 0.0.0.0
> Destination-Port = 1812
> Receipt-Time = "2005/05/06 13:44:32"
> Full-User-Name = "djovanov.srce"
> Base-User-Name = "djovanov.srce"
> Normalized-Nas-Port = 5060
>
>
> 19 <engine.worker.0> -> checkDigest[AuthHttpDigest]
> 19 <plugin.AuthHttpDigest.checkDigest> FAILURE -- No check.password
> 20 <engine.worker.0> Variable group trace
>
> Reply:
> Reply-Message = "No check.password"
> **** this is message is which I get from NavisRadius ****
>
>
> ****************************************************************************************
> This is my ser.cfg
>
> fifo_db_url="mysql://ser:heslo@localhost/ser"
>
> # ------------------ module loading ----------------------------------
>
> loadmodule "/usr/local/lib/ser/modules/mysql.so"
> loadmodule "/usr/local/lib/ser/modules/sl.so"
> loadmodule "/usr/local/lib/ser/modules/tm.so"
> loadmodule "/usr/local/lib/ser/modules/rr.so"
> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> loadmodule "/usr/local/lib/ser/modules/registrar.so"
> loadmodule "/usr/local/lib/ser/modules/textops.so"
> loadmodule "/usr/local/lib/ser/modules/auth.so"
> loadmodule "/usr/local/lib/ser/modules/group.so"
> loadmodule "/usr/local/lib/ser/modules/uri.so"
> loadmodule "/usr/local/lib/ser/modules/uri_radius.so"
> loadmodule "/usr/local/lib/ser/modules/group_radius.so"
> loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
>
> loadmodule "/usr/local/lib/ser/modules/msilo.so"
>
>
> modparam("usrloc", "db_url", "mysql://ser:heslo@localhost/ser")
> modparam("usrloc", "db_mode", 2)
> modparam("usrloc", "timer_interval", 10)
>
> modparam("rr", "enable_full_lr", 1)
>
> modparam("auth_radius", "radius_config",
> "/usr/local/etc/radiusclient-ng/radiusclient.conf")
> modparam("auth_radius", "service_type", 15)
> modparam("group_radius", "use_domain", 0)
>
>
> if (uri==myself) {
>
> if (method=="REGISTER") {
>
> # Uncomment this if you want to use digest authentication
> if (!radius_www_authorize("")) {
> www_challenge("", "0");
> break;
> };
>
> save("location");
> break;
> };
>
> lookup("aliases");
> if (!uri==myself) {
> append_hf("P-hint: outbound alias\r\n");
> route(1);
> break;
> };
>
> # native SIP destinations are handled using our
> USRLOC DB
> if (!lookup("location")) {
> sl_send_reply("404", "Not Found");
> break;
> };
> };
>
>
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20050512/544e0683/attachment.htm>
More information about the sr-users
mailing list