[Serusers] SER and NavisRadius not working

Greger V. Teigre greger at teigre.com
Thu May 12 10:09:39 CEST 2005 

This seems to be a NavisRadius problem.  You should ask on a list for that software. 
However, this:
<plugin.AuthHttpDigest.checkDigest> FAILURE -- No check.password

tells you that the radius server cannot find a password that can be used with the AuthHttpDigest algorithm.  How you set it, I don't know for NavisRadius.
g-)

---- Original Message ----
From: davor jovanovic
To: serusers at lists.iptel.org
Sent: Wednesday, May 11, 2005 02:25 PM
Subject: [Serusers] SER and NavisRadius not working

> Hi all,
> 
> I'm trying to configure SER 0.8.14 to use authentication with
> NavisRadius 4.5.0. 
> On my X-Lite (X-Lite v2.0 Build 1103m) client I'm getting "Login
> Failed! Contact Network Admin." 
> 
> I'm getting following message from NavisRadius. Why? => Reply-Message
> = "No check.password" 
> 
> I would be very grateful if someone could look at my ser.cfg and
> output from NavisRadius. 
> 
> Best regards
> 
> *****************************************************************************
> This is what I get on RADIUS server (different from SER machine)
> 
> Client:
> Client-Class = "#default"
> Nas_Port_Normalization = off
> Radius_Remove_Trailing_Nul = TRUE
> Radius_Append_Trailing_Nul = FALSE
> Auto_Remove_Check_Items = TRUE
> Check_Authenticators = TRUE
> Session_Time_From_Time_Of_Day = FALSE
> Radius_Charset = "UTF8"
> Client-Class = "video"
> Client-Dictionary = "draft_ietf_radext_digest_auth_01"
> **** dictionary of radiusclient on SER machine is adjusted to
> dictionary of RADIUS, and RADIUS can recognize attributes - except if
> I MUST run sterman_aaa_sip_00 on NavisRadius???? I attached
> dictionary in radiusclient to this message ****   
> Client-Secret = <hidden>
> 
> Request:
> User-Name = "djovanov.srce"
> Digest-Username = "djovanov.srce"
> Digest-Realm = "srce.hr"
> Digest-Nonce = "427b5aa983df858da94c50d1f8132a69e3e703ad"
> Digest-URI = "sip:srce.hr"
> Digest-Method = "REGISTER"
> Digest-Response = "ca6202fe55c51501295a9bc6ab325420"
> Service-Type = IAPP-Register
> Anonymous = v0-a208-646A6F76616E6F7669632E73726365
> **** RADIUS doesn't recognize code 208, which is Sip-Uri-User ****
> ****Am I missing Digest-Algorithm? Why SER doesn't send this
> attribute?**** 
> NAS-IP-Address = 161.53.0.131
> NAS-Port = 5060
> 
> Packet:
> Client-Name = "161.53.0.131"
> Packet-Type = Access-Request
> Packet-Identifier = 213
> Packet-Length = 197
> Packet-Authenticator = 2B25D6D4934B930EB21F8E1B6AEFFE50
> Source-Address = 161.53.0.131
> Source-Port = 33159
> Destination-Address = 0.0.0.0
> Destination-Port = 1812
> Receipt-Time = "2005/05/06 13:44:32"
> Full-User-Name = "djovanov.srce"
> Base-User-Name = "djovanov.srce"
> Normalized-Nas-Port = 5060
> 
> 
> 19  <engine.worker.0> -> checkDigest[AuthHttpDigest]
> 19  <plugin.AuthHttpDigest.checkDigest> FAILURE -- No check.password
> 20  <engine.worker.0> Variable group trace
> 
> Reply:
> Reply-Message = "No check.password"
> **** this is message is which I get from NavisRadius ****
> 
> 
> ****************************************************************************************
> This is my ser.cfg
> 
> fifo_db_url="mysql://ser:heslo@localhost/ser"
> 
> # ------------------ module loading ----------------------------------
> 
> loadmodule "/usr/local/lib/ser/modules/mysql.so"
> loadmodule "/usr/local/lib/ser/modules/sl.so"
> loadmodule "/usr/local/lib/ser/modules/tm.so"
> loadmodule "/usr/local/lib/ser/modules/rr.so"
> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> loadmodule "/usr/local/lib/ser/modules/registrar.so"
> loadmodule "/usr/local/lib/ser/modules/textops.so"
> loadmodule "/usr/local/lib/ser/modules/auth.so"
> loadmodule "/usr/local/lib/ser/modules/group.so"
> loadmodule "/usr/local/lib/ser/modules/uri.so"
> loadmodule "/usr/local/lib/ser/modules/uri_radius.so"
> loadmodule "/usr/local/lib/ser/modules/group_radius.so"
> loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
> 
> loadmodule "/usr/local/lib/ser/modules/msilo.so"
> 
> 
> modparam("usrloc", "db_url", "mysql://ser:heslo@localhost/ser")
> modparam("usrloc", "db_mode", 2)
> modparam("usrloc", "timer_interval", 10)
> 
> modparam("rr", "enable_full_lr", 1)
> 
> modparam("auth_radius", "radius_config",
> "/usr/local/etc/radiusclient-ng/radiusclient.conf") 
> modparam("auth_radius", "service_type", 15)
> modparam("group_radius", "use_domain", 0)
> 
> 
> if (uri==myself) {
> 
>                 if (method=="REGISTER") {
> 
>         # Uncomment this if you want to use digest authentication
>                         if (!radius_www_authorize("")) {
>                                 www_challenge("", "0");
>                                 break;
>                         };
> 
>                         save("location");
>                         break;
>                 };
> 
>                 lookup("aliases");
>                 if (!uri==myself) {
>                         append_hf("P-hint: outbound alias\r\n");
>                         route(1);
>                         break;
>                 };
> 
>                 # native SIP destinations are handled using our
> USRLOC DB 
>                 if (!lookup("location")) {
>                         sl_send_reply("404", "Not Found");
>                         break;
>                 };
>         };
> 
> 
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20050512/544e0683/attachment.htm>

More information about the sr-users mailing list