[Users] How can I send radius authentication packet with openser

Arda Tekin arda at nicivr.com
Sat Nov 26 13:40:13 CET 2005


I have also compiled "avp_radius" module and load it in openser.cfg. Nothing
changed.

Sip Client IP: 192.168.1.2
OpenSER: 192.168.1.5
Radius Server: 192.168.1.3

Here is the openser debug log:
------------------------------------
[root at localhost openser]#  6(2884) SIP Request:
 6(2884)  method:  <REGISTER>
 6(2884)  uri:     <sip:192.168.1.5>
 6(2884)  version: <SIP/2.0>
 6(2884) parse_headers: flags=2
 6(2884) DEBUG:parse_to:end of header reached, state=9
 6(2884) DEBUG: get_hdr_field: <To> [36]; uri=[sip:arda at 192.168.1.5]
 6(2884) DEBUG: to body [arda_eyebeam<sip:arda at 192.168.1.5>
]
 6(2884) Found param type 232, <branch> = 
<z9hG4bK-d87543-622802375-1--d87543->; state=6
 6(2884) Found param type 235, <rport> = <n/a>; state=17
 6(2884) end of header reached, state=5
 6(2884) parse_headers: Via found, flags=2
 6(2884) parse_headers: this is the first via
 6(2884) After parse_msg...
 6(2884) preparing to run routing scripts...
 6(2884) parse_headers: flags=100
 6(2884) get_hdr_field: cseq <CSeq>: <1> <REGISTER>
 6(2884) DEBUG:maxfwd:is_maxfwd_present: value = 70
 6(2884) parse_headers: flags=200
 6(2884) DEBUG: get_hdr_body : content_length=0
 6(2884) found end of header
 6(2884) find_first_route: No Route headers found
 6(2884) loose_route: There is no Route HF
 6(2884) grep_sock_info - checking if host==us: 11==9 &&  [192.168.1.5] == 
[127.0.0.1]
 6(2884) grep_sock_info - checking if port 5060 matches port 5060
 6(2884) grep_sock_info - checking if host==us: 11==11 &&  [192.168.1.5] == 
[192.168.1.5]
 6(2884) grep_sock_info - checking if port 5060 matches port 5060
 6(2884) grep_sock_info - checking if host==us: 11==9 &&  [192.168.1.5] == 
[127.0.0.1]
 6(2884) grep_sock_info - checking if port 5060 matches port 5060
 6(2884) grep_sock_info - checking if host==us: 11==11 &&  [192.168.1.5] == 
[192.168.1.5]
 6(2884) grep_sock_info - checking if port 5060 matches port 5060
 6(2884) parse_headers: flags=2000
 6(2884) pre_auth(): Credentials with given realm not found
 6(2884) REGISTER: challenging user2
 6(2884) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.5", 
nonce="438222d8c7aac499351c46bad60c32a2c03eb751"
'
 6(2884) parse_headers: flags=ffffffffffffffff
 6(2884) check_via_address(192.168.1.2, 192.168.1.2, 0)
 6(2884) DEBUG:destroy_avp_list: destroying list (nil)
 6(2884) receive_msg: cleaning up
 6(2884) SIP Request:
 6(2884)  method:  <REGISTER>
 6(2884)  uri:     <sip:192.168.1.5>
 6(2884)  version: <SIP/2.0>
 6(2884) parse_headers: flags=2
 6(2884) DEBUG:parse_to:end of header reached, state=9
 6(2884) DEBUG: get_hdr_field: <To> [36]; uri=[sip:arda at 192.168.1.5]
 6(2884) DEBUG: to body [arda_eyebeam<sip:arda at 192.168.1.5>
]
 6(2884) Found param type 232, <branch> = 
<z9hG4bK-d87543-907902613-1--d87543->; state=6
 6(2884) Found param type 235, <rport> = <n/a>; state=17
 6(2884) end of header reached, state=5
 6(2884) parse_headers: Via found, flags=2
 6(2884) parse_headers: this is the first via
 6(2884) After parse_msg...
 6(2884) preparing to run routing scripts...
 6(2884) parse_headers: flags=100
 6(2884) get_hdr_field: cseq <CSeq>: <2> <REGISTER>
 6(2884) DEBUG:maxfwd:is_maxfwd_present: value = 70
 6(2884) parse_headers: flags=200
 6(2884) DEBUG: get_hdr_body : content_length=0
 6(2884) found end of header
 6(2884) find_first_route: No Route headers found
 6(2884) loose_route: There is no Route HF
 6(2884) grep_sock_info - checking if host==us: 11==9 &&  [192.168.1.5] == 
[127.0.0.1]
 6(2884) grep_sock_info - checking if port 5060 matches port 5060
 6(2884) grep_sock_info - checking if host==us: 11==11 &&  [192.168.1.5] == 
[192.168.1.5]
 6(2884) grep_sock_info - checking if port 5060 matches port 5060
 6(2884) grep_sock_info - checking if host==us: 11==9 &&  [192.168.1.5] == 
[127.0.0.1]
 6(2884) grep_sock_info - checking if port 5060 matches port 5060
 6(2884) grep_sock_info - checking if host==us: 11==11 &&  [192.168.1.5] == 
[192.168.1.5]
 6(2884) grep_sock_info - checking if port 5060 matches port 5060
 6(2884) check_nonce(): comparing [438222d8c7aac499351c46bad60c32a2c03eb751] 
and [438222d8c7aac499351c46bad60c32a2c03eb751]
 6(2884) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed
 6(2884) REGISTER: challenging user2
 6(2884) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.5", 
nonce="438222d8c7aac499351c46bad60c32a2c03eb751"
'
 6(2884) parse_headers: flags=ffffffffffffffff
 6(2884) check_via_address(192.168.1.2, 192.168.1.2, 0)
 6(2884) DEBUG:destroy_avp_list: destroying list (nil)
 6(2884) receive_msg: cleaning up
-------------------------------------------

As I see in the sterman.c source rc_auth fails:

/* Send request */
if ((i = rc_auth(rh, SIP_PORT, send, &received, msg)) == OK_RC) {
    DBG("DEBUG:auth_radius:radius_authorize_sterman: Success\n");
    rc_avpair_free(send);
    send = 0;

    generate_avps(received);

    rc_avpair_free(received);
    return 1;
} else {
    LOG(L_ERR,"ERROR:auth_radius:radius_authorize_sterman: "
    "rc_auth failed\n");
    goto err;
}

Any opinion?

Thanks in advance

Arda





----- Original Message ----- 
From: "Bogdan-Andrei Iancu" <bogdan at voice-system.ro>
To: "Arda Tekin" <arda at nicivr.com>
Cc: <users at openser.org>
Sent: Friday, November 25, 2005 5:00 PM
Subject: Re: [Users] How can I send radius authentication packet with 
openser


> Hi Arda,
>
> you need to use auth_radius for this purpose. See:
>    http://www.openser.org/docs/modules/1.1.x/auth_radius.html
>
> regards,
> bogdan
>
> Arda Tekin wrote:
>
>> Hi,
>>  I have installed openser, mysql, radiusclient-ng-0.5.2 successfully on 
>> REL3.0. openser works well with mysql. I need to send a radius 
>> authentication packet to a radius server(according to RFC2865).
>> Packet contains base params:
>>
>> User-name                    (attr.1)                    $Username
>>
>> Password                      (attr.2)                    $Password
>>
>> NAS-Identifier                (attr.4) 
>> (auto-generated)
>>
>> NAS-Port                      (attr.5)                    $uref
>>
>> State                            (attr.24)                  0
>>
>> Client-Port-DNIS            (attr.30)                  NONE
>>
>> Caller-Id                        (attr.31)                  $calling
>>
>>  I can not find a clear sample about radius. Which module is used for 
>> this purpose?
>>  Regards
>>  Arda
>>
>>------------------------------------------------------------------------
>>
>>_______________________________________________
>>Users mailing list
>>Users at openser.org
>>http://openser.org/cgi-bin/mailman/listinfo/users
>>
> 





More information about the sr-users mailing list