[Users] How can I send radius authentication packet with openser
Arda Tekin
arda at nicivr.com
Sat Nov 26 11:13:24 CET 2005
First, is there any difference between 1.0.x and 1.1.x according to radius
functionality?
I have checked this module but I couldn't get enough information.
OpenSER starts successfully but can not send any radius packet. Is there
something missing?
I want to share my conf files:
-------------------
radiusclient.conf
-------------------
auth_order radius,local
login_tries 4
login_timeout 60
nologin /etc/nologin
issue /usr/local/etc/radiusclient-ng/issue
# RADIUS settings
authserver 192.168.1.3
acctserver 192.168.1.3
servers /usr/local/etc/radiusclient-ng/servers
# dictionary of allowed attributes and values
# just like in the normal RADIUS distributions
dictionary /usr/local/etc/radiusclient-ng/dictionary
dictionary /usr/local/etc/radiusclient-ng/dictionary.sip
dictionary /usr/local/etc/radiusclient-ng/dictionary.ascend
dictionary /usr/local/etc/radiusclient-ng/dictionary.compat
dictionary /usr/local/etc/radiusclient-ng/dictionary.merit
dictionary /usr/local/etc/openser/dictionary.radius
login_radius /usr/local/sbin/login.radius
seqfile /var/run/radius.seq
mapfile /usr/local/etc/radiusclient-ng/port-id-map
default_realm
radius_timeout 10
radius_retries 3
bindaddr localhost
login_local /bin/login
------------------------------------
--------------
openser.cfg
--------------
debug=9 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=yes # (cmd line: -E)
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/openser_fifo"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/openser/modules/mysql.so"
loadmodule "/usr/local/lib/openser/modules/sl.so"
loadmodule "/usr/local/lib/openser/modules/tm.so"
loadmodule "/usr/local/lib/openser/modules/rr.so"
loadmodule "/usr/local/lib/openser/modules/maxfwd.so"
loadmodule "/usr/local/lib/openser/modules/usrloc.so"
loadmodule "/usr/local/lib/openser/modules/registrar.so"
loadmodule "/usr/local/lib/openser/modules/textops.so"
#loadmodule "/usr/local/lib/openser/modules/domain.so"
#loadmodule "/usr/local/lib/openser/modules/mediaproxy.so"
#loadmodule "/usr/local/lib/openser/modules/group.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/openser/modules/auth.so"
loadmodule "/usr/local/lib/openser/modules/auth_db.so"
loadmodule "/usr/local/lib/openser/modules/auth_radius.so"
modparam("auth_radius",
"radius_config","/usr/local/etc/radiusclient-ng/radiusclient.conf")
modparam("auth_radius", "service_type", 15)
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 2)
modparam("auth_db", "calculate_ha1", yes)
#modparam("auth_db", "password_column", "password")
modparam("rr", "enable_full_lr", 1)
modparam("registrar", "nat_flag", 2)
#modparam("auth_db", "use_domain", 1)
modparam("usrloc", "db_url", "mysql://openser:openserrw@localhost/openser")
modparam("usrloc", "user_column", "username")
modparam("usrloc", "contact_column", "contact")
modparam("usrloc", "expires_column", "expires")
modparam("usrloc", "q_column", "q")
modparam("usrloc", "callid_column", "callid")
modparam("usrloc", "cseq_column", "cseq")
modparam("usrloc", "method_column", "method")
modparam("usrloc", "user_agent_column", "user_agent")
modparam("usrloc", "timer_interval", 30)
modparam("usrloc", "use_domain", 1)
modparam("usrloc", "domain_column", "domain")
modparam("registrar", "use_domain", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
if (!method=="REGISTER")
record_route();
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
};
if (!uri==myself) {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
route(1);
};
if (uri==myself) {
if (method=="REGISTER") {
if (!radius_www_authorize("")) {
log(1, "REGISTER: challenging user2\n");
www_challenge("","0");
exit;
};
save("location");
exit;
};
lookup("aliases");
if (!uri==myself) {
append_hf("P-hint: outbound alias\r\n");
route(1);
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
exit;
};
append_hf("P-hint: usrloc applied\r\n");
};
route(1);
}
route[1] {
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
exit;
}
---------------------------------------
--------------------------------------
/usr/local/etc/openser/dictionary.radius
--------------------------------------
#### Attributes ###
ATTRIBUTE User-Name 1 string # RFC2865, acc, auth_radius,
avp_radius, group_radius, uri_radius
ATTRIBUTE Service-Type 6 integer # RFC2865, acc, auth_radius,
avp_radius, group_radius, uri_radius
ATTRIBUTE Called-Station-Id 30 string # RFC2865, acc
ATTRIBUTE Calling-Station-Id 31 string # RFC2865, acc
ATTRIBUTE Acct-Status-Type 40 integer # RFC2865, acc
ATTRIBUTE Acct-Session-Id 44 string # RFC2865, acc
ATTRIBUTE Sip-Method 101 integer # Schulzrinne, acc
ATTRIBUTE Sip-Response-Code 102 integer # Schulzrinne, acc
ATTRIBUTE Sip-Cseq 103 string # Schulzrinne, acc
ATTRIBUTE Sip-To-Tag 104 string # Schulzrinne, acc
ATTRIBUTE Sip-From-Tag 105 string # Schulzrinne, acc
ATTRIBUTE Sip-Translated-Request-URI 107 string # Proprietary, acc
ATTRIBUTE Digest-Response 206 string # Sterman,
auth_radius
ATTRIBUTE Sip-Uri-User 208 string # Proprietary,
auth_radius
ATTRIBUTE Sip-Group 211 string # Proprietary,
group_radius
ATTRIBUTE Sip-Rpid 213 string # Proprietary,
auth_radius
ATTRIBUTE SIP-AVP 225 string # Proprietary,
avp_radius
ATTRIBUTE Digest-Realm 1063 string # Sterman,
auth_radius
ATTRIBUTE Digest-Nonce 1064 string # Sterman,
auth_radius
ATTRIBUTE Digest-Method 1065 string # Sterman,
auth_radius
ATTRIBUTE Digest-URI 1066 string # Sterman,
auth_radius
ATTRIBUTE Digest-QOP 1067 string # Sterman,
auth_radius
ATTRIBUTE Digest-Algorithm 1068 string # Sterman,
auth_radius
ATTRIBUTE Digest-Body-Digest 1069 string # Sterman,
auth_radius
ATTRIBUTE Digest-CNonce 1070 string # Sterman,
auth_radius
ATTRIBUTE Digest-Nonce-Count 1071 string # Sterman,
auth_radius
ATTRIBUTE Digest-User-Name 1072 string # Sterman,
auth_radius
ATTRIBUTE Digest-User-Password 1073 string # Arda_ADD ->
http://openser.org/dokuwiki/doku.php?id=radius
### CISCO Vendor Specific Attributes ###
VENDOR Cisco 9
ATTRIBUTE Cisco-AVPair 1 string Cisco # VSA, auth_radius
### Acct-Status-Type Values ###
VALUE Acct-Status-Type Start 1 # RFC2866, acc
VALUE Acct-Status-Type Stop 2 # RFC2866, acc
VALUE Acct-Status-Type Failed 15 # RFC2866, acc
### Service-Type Values ###
VALUE Service-Type Call-Check 10 # RFC2865, uri_radius
VALUE Service-Type Group-Check 12 # Proprietary,
group_radius
VALUE Service-Type Sip-Session 15 # Schulzrinne, acc,
auth_radius
VALUE Service-Type SIP-Caller-AVPs 30 # Proprietary,
avp_radius
VALUE Service-Type SIP-Callee-AVPs 31 # Proprietary,
avp_radius
-------------------------------------------------------------------------------------
Help please
Thanks in advance
Arda
----- Original Message -----
From: "Bogdan-Andrei Iancu" <bogdan at voice-system.ro>
To: "Arda Tekin" <arda at nicivr.com>
Cc: <users at openser.org>
Sent: Friday, November 25, 2005 5:00 PM
Subject: Re: [Users] How can I send radius authentication packet with
openser
> Hi Arda,
>
> you need to use auth_radius for this purpose. See:
> http://www.openser.org/docs/modules/1.1.x/auth_radius.html
>
> regards,
> bogdan
>
> Arda Tekin wrote:
>
>> Hi,
>> I have installed openser, mysql, radiusclient-ng-0.5.2 successfully on
>> REL3.0. openser works well with mysql. I need to send a radius
>> authentication packet to a radius server(according to RFC2865).
>> Packet contains base params:
>>
>> User-name (attr.1) $Username
>>
>> Password (attr.2) $Password
>>
>> NAS-Identifier (attr.4)
>> (auto-generated)
>>
>> NAS-Port (attr.5) $uref
>>
>> State (attr.24) 0
>>
>> Client-Port-DNIS (attr.30) NONE
>>
>> Caller-Id (attr.31) $calling
>>
>> I can not find a clear sample about radius. Which module is used for
>> this purpose?
>> Regards
>> Arda
>>
>>------------------------------------------------------------------------
>>
>>_______________________________________________
>>Users mailing list
>>Users at openser.org
>>http://openser.org/cgi-bin/mailman/listinfo/users
>>
>
More information about the sr-users
mailing list