[Users] ser with radius group checking - something amiss
Velimir Novkovic
voip at e-prometheus.org
Sat Mar 4 10:38:30 CET 2006
Hi,
I run SER with Radius/MySQL for authentication and accounting.
Things are pretty much in place except for group checking. I have something
like this in my ser.cfg:
....
modparam("auth_radius", "radius_config",
"/etc/radiusclient-ng/radiusclient.conf")
modparam("group_radius", "use_domain", 1)
.....
if (uri=~"^sip:[0-9]{8}@") { # Domestic PSTN
if (!radius_is_user_in("credentials", "ld")) {
sl_send_reply("403", "No permission for domestic
calls");
return;
};
route(4);
return;
};
....
When I look at Radius debug log I can see that when ser sends a request to
radius, radius wants to do digest on it and then the complete request fails
and call can't go through. Output looks something like this:
..
rad_recv: Access-Request packet from host 127.0.0.1:34027, id=18, length=72
User-Name = "81000 at sage.home.local"
Sip-Group = "voicemail"
Service-Type = Group-Check
NAS-Port = 0
NAS-IP-Address = 127.0.0.1
Processing the authorize section of radiusd.conf
..
** bunch of sql statements ...
..
modcall: group authorize returns ok for request 17
rad_check_password: Found Auth-Type Digest
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
ERROR: No Digest-Nonce: Cannot perform Digest authentication
modcall[authenticate]: module "digest" returns invalid for request 17
modcall: group authenticate returns invalid for request 17
auth: Failed to validate the user.
In databases I have following:
mysql> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username =
'81000 at sage.home.local' ORDER BY id;
+----+-----------------------+--------------+-------------+----+
| id | UserName | Attribute | Value | op |
+----+-----------------------+--------------+-------------+----+
| 18 | 81000 at sage.home.local | Service-Type | Group-Check | := |
+----+-----------------------+--------------+-------------+----+
1 row in set (0.00 sec)
mysql> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username =
'81000 at sage.home.local' ORDER BY id;
+----+-----------------------+---------------+------------------------------
------+----+
| id | UserName | Attribute | Value
| op |
+----+-----------------------+---------------+------------------------------
------+----+
| 23 | 81000 at sage.home.local | User-Password |
$1$d7XAeahG$9f17cb8JaKj8R1z9GpwG4/ | := |
| 25 | 81000 at sage.home.local | Sip-Rpid | 81000
| = |
| 30 | 81000 at sage.home.local | Auth-Type | Digest
| := |
+----+-----------------------+---------------+------------------------------
------+----+
mysql> SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op FR
OM radgroupcheck,usergroup WHERE usergroup.Username =
'81000 at sage.home.local' AND usergroup.GroupName = radgroupcheck.G
roupName ORDER BY radgroupcheck.id;
+----+-----------+-----------+--------+----+
| id | GroupName | Attribute | Value | op |
+----+-----------+-----------+--------+----+
| 12 | voicemail | Auth-Type | Accept | := |
+----+-----------+-----------+--------+----+
Has anyone had a chance to do something like this with success? I am stuck
at the moment - any help is greatly appreciated.
Thanks.
/Vel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20060304/c52946a0/attachment.htm>
More information about the sr-users
mailing list