[Serusers] SER and NavisRadius not working

davor jovanovic davor.jovanovic at srce.hr
Fri May 6 15:29:01 CEST 2005


Hi all,

 

I'm trying to configure SER 0.8.14 to use authentication with NavisRadius
4.5.0. 

On my X-Lite (X-Lite v2.0 Build 1103m) client I'm getting "Login Failed!
Contact Network Admin."

 

I'm getting following message from NavisRadius. Why? => Reply-Message = "No
check.password" 

 

I would be very grateful if someone could look at my ser.cfg and output from
NavisRadius.

 

Best regards

 

****************************************************************************
*

This is what I get on RADIUS server (different from SER machine)

 

Client:

Client-Class = "#default"

Nas_Port_Normalization = off

Radius_Remove_Trailing_Nul = TRUE

Radius_Append_Trailing_Nul = FALSE

Auto_Remove_Check_Items = TRUE

Check_Authenticators = TRUE

Session_Time_From_Time_Of_Day = FALSE

Radius_Charset = "UTF8"

Client-Class = "video"

Client-Dictionary = "draft_ietf_radext_digest_auth_01" 

**** dictionary of radiusclient on SER machine is adjusted to dictionary of
RADIUS, and RADIUS can recognize attributes - except if I MUST run
sterman_aaa_sip_00 on NavisRadius???? I attached dictionary in radiusclient
to this message ****

Client-Secret = <hidden>

 

Request:

User-Name = "djovanov.srce"

Digest-Username = "djovanov.srce"

Digest-Realm = "srce.hr"

Digest-Nonce = "427b5aa983df858da94c50d1f8132a69e3e703ad"

Digest-URI = "sip:srce.hr"

Digest-Method = "REGISTER"

Digest-Response = "ca6202fe55c51501295a9bc6ab325420"

Service-Type = IAPP-Register

Anonymous = v0-a208-646A6F76616E6F7669632E73726365

**** RADIUS doesn't recognize code 208, which is Sip-Uri-User ****

****Am I missing Digest-Algorithm? Why SER doesn't send this attribute?****

NAS-IP-Address = 161.53.0.131

NAS-Port = 5060

 

Packet:

Client-Name = "161.53.0.131"

Packet-Type = Access-Request

Packet-Identifier = 213

Packet-Length = 197

Packet-Authenticator = 2B25D6D4934B930EB21F8E1B6AEFFE50

Source-Address = 161.53.0.131

Source-Port = 33159

Destination-Address = 0.0.0.0

Destination-Port = 1812

Receipt-Time = "2005/05/06 13:44:32"

Full-User-Name = "djovanov.srce"

Base-User-Name = "djovanov.srce"

Normalized-Nas-Port = 5060

 

 

19  <engine.worker.0> -> checkDigest[AuthHttpDigest]

19  <plugin.AuthHttpDigest.checkDigest> FAILURE -- No check.password

20  <engine.worker.0> Variable group trace

 

Reply:

Reply-Message = "No check.password" 

**** this is message is which I get from NavisRadius ****

 

 

****************************************************************************
************

This is my ser.cfg

 

fifo_db_url="mysql://ser:heslo@localhost/ser"

 

# ------------------ module loading ----------------------------------

 

loadmodule "/usr/local/lib/ser/modules/mysql.so"

loadmodule "/usr/local/lib/ser/modules/sl.so"

loadmodule "/usr/local/lib/ser/modules/tm.so"

loadmodule "/usr/local/lib/ser/modules/rr.so"

loadmodule "/usr/local/lib/ser/modules/maxfwd.so"

loadmodule "/usr/local/lib/ser/modules/usrloc.so"

loadmodule "/usr/local/lib/ser/modules/registrar.so"

loadmodule "/usr/local/lib/ser/modules/textops.so"

loadmodule "/usr/local/lib/ser/modules/auth.so"

loadmodule "/usr/local/lib/ser/modules/group.so"

loadmodule "/usr/local/lib/ser/modules/uri.so"

loadmodule "/usr/local/lib/ser/modules/uri_radius.so"

loadmodule "/usr/local/lib/ser/modules/group_radius.so"

loadmodule "/usr/local/lib/ser/modules/auth_radius.so"

 

loadmodule "/usr/local/lib/ser/modules/msilo.so"

 

 

modparam("usrloc", "db_url", "mysql://ser:heslo@localhost/ser")

modparam("usrloc", "db_mode", 2)

modparam("usrloc", "timer_interval", 10)

 

modparam("rr", "enable_full_lr", 1)

 

modparam("auth_radius", "radius_config",
"/usr/local/etc/radiusclient-ng/radiusclient.conf")

modparam("auth_radius", "service_type", 15)

modparam("group_radius", "use_domain", 0)

 

 

if (uri==myself) {

 

                if (method=="REGISTER") {

 

        # Uncomment this if you want to use digest authentication

                        if (!radius_www_authorize("")) {

                                www_challenge("", "0");

                                break;

                        };

 

                        save("location");

                        break;

                };

 

                lookup("aliases");

                if (!uri==myself) {

                        append_hf("P-hint: outbound alias\r\n");

                        route(1);

                        break;

                };

 

                # native SIP destinations are handled using our USRLOC DB

                if (!lookup("location")) {

                        sl_send_reply("404", "Not Found");

                        break;

                };

        };

 

****************************************************************************
************

This is output from XLite client

 

SEND TIME: 367959953

SEND >> 161.53.0.131:5060

REGISTER sip:srce.hr SIP/2.0

Via: SIP/2.0/UDP
161.53.0.112:5060;rport;branch=z9hG4bK5F06B40648DE4583908CA9F59275C8AC

From: djovanov.srce <sip:djovanov.srce at srce.hr>;tag=1082157231

To: djovanov.srce <sip:djovanov.srce at srce.hr>

Contact: "djovanov.srce" <sip:djovanov.srce at 161.53.0.112:5060>

Call-ID: 9AE1D3A885904642B6446C443007BA11 at srce.hr

CSeq: 6774 REGISTER

Expires: 1800

Authorization: Digest
username="djovanov.srce",realm="srce.hr",nonce="427b6e9134acf8132394741bae95
d74a5994cb67",response="e6f6d76db22b74c6c0746d2cff9b34f8",uri="sip:srce.hr"

Max-Forwards: 70

User-Agent: X-Lite release 1103m

Content-Length: 0

 

 

RECEIVE TIME: 367959968

RECEIVE << 161.53.0.131:5060

SIP/2.0 401 Unauthorized

Via: SIP/2.0/UDP
161.53.0.112:5060;rport=5060;branch=z9hG4bK5F06B40648DE4583908CA9F59275C8AC

From: djovanov.srce <sip:djovanov.srce at srce.hr>;tag=1082157231

To: djovanov.srce
<sip:djovanov.srce at srce.hr>;tag=06b273b7ac7b46f473f32e25d8adc515.da4f

Call-ID: 9AE1D3A885904642B6446C443007BA11 at srce.hr

CSeq: 6774 REGISTER

WWW-Authenticate: Digest realm="srce.hr",
nonce="427b6e9134acf8132394741bae95d74a5994cb67"

Server: Sip EXpress router (0.10.99-dev0 (i386/linux))

Content-Length: 0

Warning: 392 161.53.0.131:5060 "Noisy feedback tells:  pid=14777
req_src_ip=161.53.0.112 req_src_port=5060 in_uri=sip:srce.hr
out_uri=sip:srce.hr via_cnt==1"

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20050506/d21a5f91/attachment.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dictionary.txt
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20050506/d21a5f91/attachment.txt>


More information about the sr-users mailing list