[Users] How can I send radius authentication packet with openser

Arda Tekin arda at nicivr.com
Sat Nov 26 11:13:24 CET 2005


First, is there any difference between  1.0.x and 1.1.x according to radius
functionality?
I have checked this module but I couldn't get enough information.
OpenSER starts successfully but can not send any radius packet. Is there
something missing?
I want to share my conf files:

-------------------
radiusclient.conf
-------------------
auth_order radius,local
login_tries 4
login_timeout 60
nologin /etc/nologin
issue /usr/local/etc/radiusclient-ng/issue

# RADIUS settings
authserver  192.168.1.3
acctserver  192.168.1.3
servers  /usr/local/etc/radiusclient-ng/servers

# dictionary of allowed attributes and values
# just like in the normal RADIUS distributions
dictionary      /usr/local/etc/radiusclient-ng/dictionary
dictionary      /usr/local/etc/radiusclient-ng/dictionary.sip
dictionary      /usr/local/etc/radiusclient-ng/dictionary.ascend
dictionary      /usr/local/etc/radiusclient-ng/dictionary.compat
dictionary      /usr/local/etc/radiusclient-ng/dictionary.merit
dictionary      /usr/local/etc/openser/dictionary.radius

login_radius /usr/local/sbin/login.radius
seqfile  /var/run/radius.seq
mapfile  /usr/local/etc/radiusclient-ng/port-id-map
default_realm
radius_timeout 10
radius_retries 3
bindaddr localhost
login_local /bin/login
------------------------------------
--------------
openser.cfg
--------------
debug=9            # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=yes    # (cmd line: -E)

check_via=no # (cmd. line: -v)
dns=no          # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/openser_fifo"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/openser/modules/mysql.so"
loadmodule "/usr/local/lib/openser/modules/sl.so"
loadmodule "/usr/local/lib/openser/modules/tm.so"
loadmodule "/usr/local/lib/openser/modules/rr.so"
loadmodule "/usr/local/lib/openser/modules/maxfwd.so"
loadmodule "/usr/local/lib/openser/modules/usrloc.so"
loadmodule "/usr/local/lib/openser/modules/registrar.so"
loadmodule "/usr/local/lib/openser/modules/textops.so"
#loadmodule "/usr/local/lib/openser/modules/domain.so"
#loadmodule "/usr/local/lib/openser/modules/mediaproxy.so"
#loadmodule "/usr/local/lib/openser/modules/group.so"

# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/openser/modules/auth.so"
loadmodule "/usr/local/lib/openser/modules/auth_db.so"
loadmodule "/usr/local/lib/openser/modules/auth_radius.so"

modparam("auth_radius",
"radius_config","/usr/local/etc/radiusclient-ng/radiusclient.conf")
modparam("auth_radius", "service_type", 15)
# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

modparam("usrloc", "db_mode", 2)
modparam("auth_db", "calculate_ha1", yes)
#modparam("auth_db", "password_column", "password")

modparam("rr", "enable_full_lr", 1)

modparam("registrar", "nat_flag", 2)
#modparam("auth_db", "use_domain", 1)

modparam("usrloc", "db_url", "mysql://openser:openserrw@localhost/openser")
modparam("usrloc", "user_column", "username")
modparam("usrloc", "contact_column", "contact")
modparam("usrloc", "expires_column", "expires")
modparam("usrloc", "q_column", "q")
modparam("usrloc", "callid_column", "callid")
modparam("usrloc", "cseq_column", "cseq")
modparam("usrloc", "method_column", "method")
modparam("usrloc", "user_agent_column", "user_agent")
modparam("usrloc", "timer_interval", 30)

modparam("usrloc", "use_domain", 1)
modparam("usrloc", "domain_column", "domain")
modparam("registrar", "use_domain", 1)

# -------------------------  request routing logic -------------------

# main routing logic

route{
 if (!mf_process_maxfwd_header("10")) {
  sl_send_reply("483","Too Many Hops");
  exit;
 };

 if (msg:len >=  2048 ) {
  sl_send_reply("513", "Message too big");
  exit;
 };

  if (!method=="REGISTER")
  record_route();

 if (loose_route()) {
  # mark routing logic in request
  append_hf("P-hint: rr-enforced\r\n");
  route(1);
 };

 if (!uri==myself) {
  # mark routing logic in request
  append_hf("P-hint: outbound\r\n");
  route(1);
 };

 if (uri==myself) {
  if (method=="REGISTER") {

   if (!radius_www_authorize("")) {
    log(1, "REGISTER: challenging user2\n");
    www_challenge("","0");
    exit;
   };

   save("location");
   exit;
  };

  lookup("aliases");
  if (!uri==myself) {
   append_hf("P-hint: outbound alias\r\n");
   route(1);
  };

  # native SIP destinations are handled using our USRLOC DB
  if (!lookup("location")) {
   sl_send_reply("404", "Not Found");
   exit;
  };
  append_hf("P-hint: usrloc applied\r\n");
 };

 route(1);
}

route[1] {
 # send it out now; use stateful forwarding as it works reliably
 # even for UDP2TCP
 if (!t_relay()) {
  sl_reply_error();
 };
 exit;
}
---------------------------------------

--------------------------------------
/usr/local/etc/openser/dictionary.radius
--------------------------------------
#### Attributes ###
ATTRIBUTE User-Name           1  string     # RFC2865, acc, auth_radius, 
avp_radius, group_radius, uri_radius
ATTRIBUTE Service-Type           6  integer    # RFC2865, acc, auth_radius, 
avp_radius, group_radius, uri_radius
ATTRIBUTE Called-Station-Id             30  string     # RFC2865, acc
ATTRIBUTE Calling-Station-Id            31  string     # RFC2865, acc
ATTRIBUTE Acct-Status-Type              40  integer    # RFC2865, acc
ATTRIBUTE Acct-Session-Id               44  string     # RFC2865, acc
ATTRIBUTE Sip-Method                   101  integer    # Schulzrinne, acc
ATTRIBUTE Sip-Response-Code            102  integer    # Schulzrinne, acc
ATTRIBUTE Sip-Cseq                     103  string     # Schulzrinne, acc
ATTRIBUTE Sip-To-Tag                   104  string     # Schulzrinne, acc
ATTRIBUTE Sip-From-Tag                 105  string     # Schulzrinne, acc
ATTRIBUTE Sip-Translated-Request-URI   107  string     # Proprietary, acc
ATTRIBUTE Digest-Response              206  string     # Sterman, 
auth_radius
ATTRIBUTE Sip-Uri-User                 208  string     # Proprietary, 
auth_radius
ATTRIBUTE Sip-Group                    211  string     # Proprietary, 
group_radius
ATTRIBUTE Sip-Rpid                     213  string     # Proprietary, 
auth_radius
ATTRIBUTE SIP-AVP                      225  string     # Proprietary, 
avp_radius
ATTRIBUTE Digest-Realm                1063  string     # Sterman, 
auth_radius
ATTRIBUTE Digest-Nonce                1064  string     # Sterman, 
auth_radius
ATTRIBUTE Digest-Method               1065  string     # Sterman, 
auth_radius
ATTRIBUTE Digest-URI                  1066  string     # Sterman, 
auth_radius
ATTRIBUTE Digest-QOP                  1067  string     # Sterman, 
auth_radius
ATTRIBUTE Digest-Algorithm            1068  string     # Sterman, 
auth_radius
ATTRIBUTE Digest-Body-Digest          1069  string     # Sterman, 
auth_radius
ATTRIBUTE Digest-CNonce               1070  string     # Sterman, 
auth_radius
ATTRIBUTE Digest-Nonce-Count          1071  string     # Sterman, 
auth_radius
ATTRIBUTE Digest-User-Name            1072  string     # Sterman, 
auth_radius
ATTRIBUTE Digest-User-Password        1073  string     # Arda_ADD -> 
http://openser.org/dokuwiki/doku.php?id=radius

### CISCO Vendor Specific Attributes ###
VENDOR Cisco              9
ATTRIBUTE Cisco-AVPair    1   string   Cisco           # VSA, auth_radius

### Acct-Status-Type Values ###
VALUE Acct-Status-Type     Start             1         # RFC2866, acc
VALUE Acct-Status-Type     Stop              2         # RFC2866, acc
VALUE Acct-Status-Type     Failed           15         # RFC2866, acc

### Service-Type Values ###
VALUE Service-Type         Call-Check       10         # RFC2865, uri_radius
VALUE Service-Type         Group-Check      12         # Proprietary, 
group_radius
VALUE Service-Type         Sip-Session      15         # Schulzrinne, acc, 
auth_radius
VALUE Service-Type         SIP-Caller-AVPs  30         # Proprietary, 
avp_radius
VALUE Service-Type         SIP-Callee-AVPs  31         # Proprietary, 
avp_radius

-------------------------------------------------------------------------------------

Help please

Thanks in advance
Arda





----- Original Message ----- 
From: "Bogdan-Andrei Iancu" <bogdan at voice-system.ro>
To: "Arda Tekin" <arda at nicivr.com>
Cc: <users at openser.org>
Sent: Friday, November 25, 2005 5:00 PM
Subject: Re: [Users] How can I send radius authentication packet with 
openser


> Hi Arda,
>
> you need to use auth_radius for this purpose. See:
>    http://www.openser.org/docs/modules/1.1.x/auth_radius.html
>
> regards,
> bogdan
>
> Arda Tekin wrote:
>
>> Hi,
>>  I have installed openser, mysql, radiusclient-ng-0.5.2 successfully on 
>> REL3.0. openser works well with mysql. I need to send a radius 
>> authentication packet to a radius server(according to RFC2865).
>> Packet contains base params:
>>
>> User-name                    (attr.1)                    $Username
>>
>> Password                      (attr.2)                    $Password
>>
>> NAS-Identifier                (attr.4) 
>> (auto-generated)
>>
>> NAS-Port                      (attr.5)                    $uref
>>
>> State                            (attr.24)                  0
>>
>> Client-Port-DNIS            (attr.30)                  NONE
>>
>> Caller-Id                        (attr.31)                  $calling
>>
>>  I can not find a clear sample about radius. Which module is used for 
>> this purpose?
>>  Regards
>>  Arda
>>
>>------------------------------------------------------------------------
>>
>>_______________________________________________
>>Users mailing list
>>Users at openser.org
>>http://openser.org/cgi-bin/mailman/listinfo/users
>>
> 





More information about the sr-users mailing list