[Serusers] Noisy feedback tells & radius_authorize_sterman(): Failure

Kamran Ahmad p_kami at yahoo.com
Fri Nov 25 18:12:46 CET 2005


Hi all

I am using SER-0.9.3 with radiusclient-ng-0.5.1 but
unable to get thrrough radius Digest Authentication i
am getting Noisy feedback tells and no request to
Radius

----------------------------------------------------
192.168.0.1:10411 -> 192.168.0.3:5060
  REGISTER sip:192.168.0.3 SIP/2.0..To:
2000<sip:2000 at 192.168.0.3>..From: 2000<sip:2000 at 212.
  36.71.78>;tag=68a232bb..Via: SIP/2.0/UDP
192.168.1.236:10411;branch=z9hG4bK-d87543-788469354
  -1--d87543-;rport..Call-ID: 726b328158a24912..CSeq:
2 REGISTER..Contact: <sip:2000 at 192.168.1
  .236:10411>..Expires: 60..Max-Forwards: 70..Allow:
INVITE, ACK, CANCEL, OPTIONS, BYE, REFER,
   NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent:
eyeBeam release 3005x stamp 17288..Authorizat
  ion: Digest
username="2000",realm="192.168.0.3",nonce="438142b95bb202f9f7b35267264fa3cdf240
 
c34c",uri="sip:192.168.0.3",response="587553ab1fdd8979c16dd5619ea1f3f1",algorithm=MD5..Cont
  ent-Length: 0....
#
U 192.168.0.3:5060 -> 192.168.0.1:10411
  SIP/2.0 100 Trying..To:
2000<sip:2000 at 192.168.0.3>..From:
2000<sip:2000 at 192.168.0.3>;tag=6
  8a232bb..Via: SIP/2.0/UDP
192.168.1.236:10411;branch=z9hG4bK-d87543-788469354-1--d87543-;rpo
  rt=10411;received=192.168.0.1..Call-ID:
726b328158a24912..CSeq: 2 REGISTER..Server: OpenSer
   (0.9.5 (i386/linux))..Content-Length: 0..Warning:
392 192.168.0.3:5060 "Noisy feedback tel
  ls:  pid=27853 req_src_ip=192.168.0.1
req_src_port=10411 in_uri=sip:192.168.0.3 out_uri=si
  p:192.168.0.3 via_cnt==1"....
#
U 192.168.0.3:5060 -> 192.168.0.1:10411
  SIP/2.0 401 Unauthorized..To:
2000<sip:2000 at 192.168.0.3>;tag=236419814c1d6cbca250c821be3316
  c3.97c8..From:
2000<sip:2000 at 192.168.0.3>;tag=68a232bb..Via:
SIP/2.0/UDP 192.168.1.236:1041
 
1;branch=z9hG4bK-d87543-788469354-1--d87543-;rport=10411;received=192.168.0.1..Call-ID:
726
  b328158a24912..CSeq: 2 REGISTER..WWW-Authenticate:
Digest realm="192.168.0.3",
nonce="7264fa3cdf240c34c"..Server: OpenSer (0.9.5
(i386/linux))..Content-Length:
  0..Warning: 392 192.168.0.3:5060 "Noisy feedback
tells:  pid=27853 req_src_ip=192.168.0.1
  req_src_port=10411 in_uri=sip:192.168.0.3
out_uri=sip:192.168.0.3 via_cnt==1"....
------------------------------------------------------------------------


why i am getting these


-------------------------------------------------------
 0(27853) radius_authorize_sterman(): Failure
 0(27853) build_auth_hf(): 'WWW-Authenticate: Digest
realm="192.168.0.3,
nonce="43814271015d7812e9f068467d0c352ceb679d70"
'
 0(27853) parse_headers: flags=-1
 0(27853) check_via_address(192.168.0.1, 192.168.0.1,
0)
 0(27853) DEBUG:destroy_avp_list: destroying list
0x4043dee0
 0(27853) receive_msg: cleaning up


ser.cfg
-----------------------
loadmodule "/usr/local/lib/ser/modules/mysql.so"

loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"

loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/uri.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/ser/modules/auth.so"
modparam("usrloc", "db_mode",   0)

modparam("auth_radius","radius_config","/usr/local/etc/radiusclient-ng/radiusclient.conf")
modparam("auth_radius","service_type",15)

# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
#modparam("usrloc", "db_mode", 2)

# -- auth params --
# Uncomment if you are using auth module
#
#modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which
true in this config),
# uncomment also the following parameter)
#
#modparam("auth_db", "password_column", "password")

# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)

modparam("nathelper", "natping_interval", 30)

modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "rtpproxy_sock",
"unix:/var/run/rtpproxy.sock")

#modparam("usrloc", "db_mode", 2)

modparam("registrar", "nat_flag", 6)

modparam("rr", "enable_full_lr", 1)
#############################################################################
modparam("tm", "fr_timer", 40)
modparam("tm", "fr_inv_timer", 35)
modparam("tm", "wt_timer", 5)
modparam("tm", "fr_inv_timer_avp", "inv_timeout")
###########################################################################

# -------------------------  request routing logic
-------------------

# main routing logic

route{

        # max_forwards==0, or excessively long
requests
        if (!mf_process_maxfwd_header("10")) {
                sl_send_reply("483","Too Many Hops");
                break;
        };
        if (msg:len >=  max_len ) {
                sl_send_reply("513", "Message too
big");
                break;
        };

        if (!method=="REGISTER") {
                record_route();
        }

        if (loose_route()) {
                # mark routing logic in request
                append_hf("P-hint: rr-enforced\r\n");
                route(1);
                break;
        };

        if (!uri==myself) {
                # mark routing logic in request
                append_hf("P-hint: outbound\r\n");
                route(1);
                break;

        };

        if (method=="BYE" || method=="CANCEL") {
                unforce_rtp_proxy();
        }

        if (loose_route()) {

                if (has_totag() && (method=="INVITE"
|| method=="ACK")) {
                        if (nat_uac_test("19")) {
                                setflag(6);

                                force_rport();
                                fix_nated_contact();
                        };
#                    force_rtp_proxy("l");
                        force_rtp_proxy();
                };
                route(1);
                break;
        };

        # if the request is for other domain use
UsrLoc
        # (in case, it does not work, use the
following command
        if (uri==myself) {
                if (method=="INVITE") {
                        route(3);
                        break;
                };
        };
        append_hf("P-hint: usrloc applied\r\n");
        route(1);
}

route[1]
{
        #
-----------------------------------------------------------------
        # Default Message Handler
        #
-----------------------------------------------------------------

        t_on_reply("1");

        if (!t_relay()) {
                if (method=="INVITE" && isflagset(6))
{
                  unforce_rtp_proxy();
                };
                sl_reply_error();
        };
}

route[2] {
        #
-----------------------------------------------------------------
        # REGISTER Message Handler
        #
----------------------------------------------------------------

        if (!search("^Contact:\ +\*") &&
nat_uac_test("19")) {
                setflag(6);
                fix_nated_register();
                force_rport();
        };

        sl_send_reply("100", "Trying");

        if (!radius_www_authorize("")) {
                www_challenge("","0");
                break;
        };

        consume_credentials();

        if (!save("location")) {
                sl_reply_error();
        };
}





	
		
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com




More information about the sr-users mailing list