[Users] OpenSER with freeRadius
Velimir Novkovic
voip at e-prometheus.org
Fri Mar 10 21:01:46 CET 2006
I configured OpenSER with Freeradius. It is somewhat messy to have it setup
- of course depends on your background. In my case I missed deeper knowledge
of Radius that had caused me quite some trouble.
I haven't experienced your problem - no OpenSER processes. Sounds a bit
strange.
My advice is: have both SER and freeRadius running in _DEBUG_ mode and read
outputs carefully. Radius: radiusd -X, and ser with entry in cfg file.
Radius is powerful and extremely fragile: passwords and avps need to match
between client and server; user/group blocks must be correctly
defined/specified to your spec etc. But if you have debug info - you can
easily see when something goes wrong.
Good luck.
/Vel
_____
From: users-bounces at openser.org [mailto:users-bounces at openser.org] On Behalf
Of C. Ed Felt
Sent: Thursday, March 09, 2006 6:33 AM
To: users at openser.org
Cc: Jaime Work
Subject: [Users] OpenSER with freeRadius
Fellow OpenSER users:
We have been using SER at our VoIP company for a few years now and have been
running in to security issues. We are pleased to see someone has taken
improving SER seriously and are trying to move to OpenSER but are having
problems with the implementation we need: OpenSER with Radius Accounting and
Radius Authentication (with freeradius and MySQL).
I compiled the latest stable version of openser on an FC1 Linux PC with the
needed modules added for Radius Authentication and Accounting. I am also
using the latest version of freeradius.
I have spent plenty of time in the email archives and documentation before
asking you for help.
I seemed to have everything installed correctly after adding the line
'modparam("auth_radius", "radius_config",
"/usr/local/etc/radiusclient-ng/radiusclient.conf")' to the default openser
config file. All the radius modules seem to load now and openser doesn't
exit with any errors. But when I start openser and check "ps -eaf | grep
openser" it isn't running so I assume. Here are the last few lines of
/var/log/messages:
I tried adding verbosity to the debug "-ddddd" but didn't get any more
information than the logs above.
I have also all ready included the needed dictionary file from openser for
freeradius in the freeradius dictionary config.
Here is my current config under modules loading for auth (only change to
default config besides modparam above):
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/openser/modules/auth.so"
#loadmodule "/usr/local/lib/openser/modules/auth_db.so"
loadmodule "/usr/local/lib/openser/modules/auth_radius.so"
#loadmodule "/usr/local/lib/openser/modules/group_radius.so"
#loadmodule "/usr/local/lib/openser/modules/uri_radius.so"
Please let me know what else I can try to get this working. Some kind of
walk thru for the freeradius configuration would be helpful as well
(freeradius with MySQL).
--
Thanks,
C. Ed Felt Caflo Network Engineer/Programmer
<http://www.caflo.com/>
(801) 766-8433 (home)
(801) 420-8879 (cell)
74999 (h.323)
74777 (sip)
edeefelt at hotmail.com <mailto://edeefelt@hotmail>
efelt at caflobvi.com
chat: edeefelt(aim), edeefelt (yahoo), edeefelt at hotmail.com (msn),
v_2chafe at hotmail.com (msn)
http://www.thefelts.net <http://www.thefelts.net/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20060310/57dacfb8/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 3753 bytes
Desc: not available
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20060310/57dacfb8/attachment.jpeg>
More information about the sr-users
mailing list