[Users] ser with radius group checking - something amiss

Velimir Novkovic voip at e-prometheus.org
Sat Mar 4 10:38:30 CET 2006


Hi,

 

I run SER with Radius/MySQL for authentication and accounting. 

 

Things are pretty much in place except for group checking. I have something
like this in my ser.cfg:

 

....

modparam("auth_radius", "radius_config",
"/etc/radiusclient-ng/radiusclient.conf")

modparam("group_radius", "use_domain", 1)

 

.....

            if (uri=~"^sip:[0-9]{8}@") {  # Domestic PSTN

                  if (!radius_is_user_in("credentials", "ld")) {

                        sl_send_reply("403", "No permission for domestic
calls"); 

                        return;

                  };

                  route(4);

                  return;

            };

....

 

When I look at Radius debug log I can see that when ser sends a request to
radius, radius wants to do digest on it and then the complete request fails
and call can't go through. Output looks something like this:

..

rad_recv: Access-Request packet from host 127.0.0.1:34027, id=18, length=72

        User-Name = "81000 at sage.home.local"

        Sip-Group = "voicemail"

        Service-Type = Group-Check

        NAS-Port = 0

        NAS-IP-Address = 127.0.0.1

  Processing the authorize section of radiusd.conf

..

** bunch of sql statements ...

..

 

modcall: group authorize returns ok for request 17

  rad_check_password:  Found Auth-Type Digest

auth: type "digest"

  Processing the authenticate section of radiusd.conf

modcall: entering group authenticate for request 17

ERROR: No Digest-Nonce: Cannot perform Digest authentication

  modcall[authenticate]: module "digest" returns invalid for request 17

modcall: group authenticate returns invalid for request 17

auth: Failed to validate the user.

 

 

In databases I have following:

 

mysql> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username =
'81000 at sage.home.local' ORDER BY id;

+----+-----------------------+--------------+-------------+----+

| id | UserName              | Attribute    | Value       | op |

+----+-----------------------+--------------+-------------+----+

| 18 | 81000 at sage.home.local | Service-Type | Group-Check | := |

+----+-----------------------+--------------+-------------+----+

1 row in set (0.00 sec)

 

mysql> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username =
'81000 at sage.home.local' ORDER BY id;

+----+-----------------------+---------------+------------------------------
------+----+

| id | UserName              | Attribute     | Value
| op |

+----+-----------------------+---------------+------------------------------
------+----+

| 23 | 81000 at sage.home.local | User-Password |
$1$d7XAeahG$9f17cb8JaKj8R1z9GpwG4/ | := |

| 25 | 81000 at sage.home.local | Sip-Rpid      | 81000
| =  |

| 30 | 81000 at sage.home.local | Auth-Type     | Digest
| := |

+----+-----------------------+---------------+------------------------------
------+----+

 

 

mysql> SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op  FR

OM radgroupcheck,usergroup WHERE usergroup.Username =
'81000 at sage.home.local' AND usergroup.GroupName = radgroupcheck.G

roupName ORDER BY radgroupcheck.id;

+----+-----------+-----------+--------+----+

| id | GroupName | Attribute | Value  | op |

+----+-----------+-----------+--------+----+

| 12 | voicemail | Auth-Type | Accept | := |

+----+-----------+-----------+--------+----+

 

 

 

Has anyone had a chance to do something like this with success? I am stuck
at the moment - any help is greatly appreciated.

 

Thanks.

/Vel

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20060304/c52946a0/attachment.htm>


More information about the sr-users mailing list