[Serusers] Radius authentication and accounting issues

deepak.chandrasekaran at wipro.com deepak.chandrasekaran at wipro.com
Tue Oct 11 07:11:08 CEST 2005


Hi all,



I am trying to provide radius authentication and accounting in ser.

I am using freeradius.



Everytime I try to start ser, it crashes.

Can anybody suggest some possible reasons as to why this happens?



I followed radius how-to doc to configure radius server and
radiusclient-ng library.



I hv attached herewith my ser.cfg file.



Any help would be greatly appreciated.



Thanks in advance.



Regards,

Deepak



Ser.cfg:



# ----------- global configuration parameters ------------------------



#debug=3         # debug level (cmd line: -dddddddddd)

#fork=no

#log_stderror=yes       # (cmd line: -E)



/* Uncomment these lines to enter debugging mode

fork=no

log_stderror=yes

*/



check_via=no    # (cmd. line: -v)

dns=no           # (cmd. line: -r)

rev_dns=no      # (cmd. line: -R)

port=5060

#children=4

fifo="/tmp/ser_fifo"



# ------------------ module loading ----------------------------------



# Uncomment this if you want to use SQL database

#loadmodule "/usr/local/lib/ser/modules/mysql.so"



loadmodule "/usr/local/lib/ser/modules/sl.so"

loadmodule "/usr/local/lib/ser/modules/tm.so"

loadmodule "/usr/local/lib/ser/modules/rr.so"

loadmodule "/usr/local/lib/ser/modules/maxfwd.so"

loadmodule "/usr/local/lib/ser/modules/usrloc.so"

loadmodule "/usr/local/lib/ser/modules/registrar.so"

loadmodule "/usr/local/lib/ser/modules/textops.so"



# RADIUS support

#loadmodule "/usr/local/lib/ser/modules/acc.so"



# Uncomment this if you want digest authentication

# mysql.so must be loaded !

loadmodule "/usr/local/lib/ser/modules/auth.so"

#loadmodule "/usr/local/lib/ser/modules/auth_db.so"

loadmodule "/usr/local/lib/ser/modules/auth_radius.so"





# ----------------- setting module-specific parameters ---------------



# -- usrloc params --



modparam("usrloc", "db_mode",   0)



# -- acc params --



#modparam("acc",
"radius_config","/usr/local/etc/radiusclient-ng/radiusclient.conf")

#modparam("acc", "radius_missed_flag", 2)

#modparam("acc", "radius_flag", 1)



# -- rr params --

# add value to ;lr param to make some broken UAs happy

modparam("rr", "enable_full_lr", 1)



# -- auth_radius params --

modparam("auth_radius",
"radius_config","/usr/local/etc/radiusclient-ng/radiusclient.conf")



modparam("auth_radius", "service_type", 15)





# -------------------------  request routing logic -------------------



# main routing logic



route{



        # initial sanity checks -- messages with

        # max_forwards==0, or excessively long requests

        if (!mf_process_maxfwd_header("10")) {

                sl_send_reply("483","Too Many Hops");

                break;

        };

        if (msg:len >=  2048 ) {

                sl_send_reply("513", "Message too big");

                break;

        };





        # we record-route all messages -- to make sure that

        # subsequent messages will go through our proxy; that's

        # particularly good if upstream and downstream entities

        # use different transport protocol

        if (!method=="REGISTER") record_route();



        # subsequent messages withing a dialog should take the

        # path determined by record-routing

        if (loose_route()) {

                # mark routing logic in request

                append_hf("P-hint: rr-enforced\r\n");

                route(1);

                break;

        };



        if (!uri==myself) {

                # mark routing logic in request

                append_hf("P-hint: outbound\r\n");

                route(1);

                break;

        };



        # if the request is for other domain use UsrLoc

        # (in case, it does not work, use the following command

        # with proper names and addresses in it)

        if (uri==myself) {



                if (method=="REGISTER") {

#                       log(1, "REGISTER: Authenticating user\n");



# Uncomment this if you want to use digest authentication

#                       if (!www_authorize("nerd.vngncoe.wipro.com",
"subscriber")) {



                        if (!radius_www_authorize("")) {

                                log(1, "REGISTER: challenging user\n");

                                www_challenge("", "0");

                                break;

                        };



                        save("location");

                        break;

                };



                lookup("aliases");

                if (!uri==myself) {

                        append_hf("P-hint: outbound alias\r\n");

                        route(1);

                        break;

                };



                # native SIP destinations are handled using our USRLOC
DB

                if (!lookup("location")) {

                        sl_send_reply("404", "Not Found");

                        break;

                };

        };

        append_hf("P-hint: usrloc applied\r\n");

        route(1);

}



route[1]

{

        # send it out now; use stateful forwarding as it works reliably

        # even for UDP2TCP

        if (!t_relay()) {

                sl_reply_error();

        };

}











Confidentiality Notice

The information contained in this electronic message and any attachments to this message are intended
for the exclusive use of the addressee(s) and may contain confidential or privileged information. If
you are not the intended recipient, please notify the sender at Wipro or Mailadmin at wipro.com immediately
and destroy all copies of this message and any attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20051011/e18aaebc/attachment.htm>


More information about the sr-users mailing list