[Serusers] Problem with radius - ser setup

Lokesh Kumar lokesh at interacesso.pt
Mon Oct 23 12:17:32 CEST 2006 

Hello List , I have problem with the authentication of users via Radius.
Mentioned below are the logs. Can anyone please give me hint where I am
doing wrong , I did exactly as mentioned in the ser-radius how to.

 

 

The logs from Radius are like the mentioned below.

 

        Sip-Uri-User = "211069020"

        NAS-Port = 5060

        NAS-IP-Address = 127.0.0.1

  Processing the authorize section of radiusd.conf

modcall: entering group authorize for request 14421

  modcall[authorize]: module "preprocess" returns ok for request 14421

  modcall[authorize]: module "chap" returns noop for request 14421

  modcall[authorize]: module "mschap" returns noop for request 14421

rlm_digest: Adding Auth-Type = DIGEST

  modcall[authorize]: module "digest" returns ok for request 14421

    rlm_realm: Looking up realm "xxx.pt" for User-Name = "211069020 at XXX.pt"

    rlm_realm: No such realm "xxx.pt"

  modcall[authorize]: module "suffix" returns noop for request 14421

  rlm_eap: No EAP-Message, not doing EAP

  modcall[authorize]: module "eap" returns noop for request 14421

    users: Matched entry DEFAULT at line 152

    users: Matched entry 211069020 at xxx.pt at line 217

  modcall[authorize]: module "files" returns ok for request 14421

modcall: leaving group authorize (returns ok) for request 14421

  rad_check_password:  Found Auth-Type Digest

auth: type "digest"

  Processing the authenticate section of radiusd.conf

modcall: entering group authenticate for request 14421

    rlm_digest: Converting Digest-Attributes to something sane...

        Digest-User-Name = "211069020"

        Digest-Realm = "xxx.pt"

        Digest-Nonce = "453c9377946262d76fceca014a1553f8384db20f"

        Digest-URI = "sip:xxx.pt"

        Digest-Method = "REGISTER"

        Digest-QOP = "auth"

        Digest-Nonce-Count = "00000001"

        Digest-CNonce = "5640622967614"

A1 = 211069020:xxx.pt:211069020

A2 = REGISTER:sip:xxx.pt

KD =
f7d0e83a9277bd217ba41ac8e070aee4:453c9377946262d76fceca014a1553f8384db20f:00
000001:5640622967614:auth:4a210dfe3dc88ca825764f5ea20d8b01

  modcall[authenticate]: module "digest" returns ok for request 14421

modcall: leaving group authenticate (returns ok) for request 14421

radius_xlat:  'Authenticated from Radius'

Sending Access-Accept of id 131 to 127.0.0.1 port 56964

        Reply-Message = "Authenticated from Radius"

        Sip-Rpid = "211069020"

Finished request 14421

Going to the next request

--- Walking the entire request list ---

Waking up in 6 seconds...

rad_recv: Access-Request packet from host 127.0.0.1:56965, id=132, length=57

        User-Name = "@xxx.pt"

        Service-Type = Callback-Administrative

        NAS-Port = 0

        NAS-IP-Address = 127.0.0.1

  Processing the authorize section of radiusd.conf

modcall: entering group authorize for request 14422

  modcall[authorize]: module "preprocess" returns ok for request 14422

  modcall[authorize]: module "chap" returns noop for request 14422

  modcall[authorize]: module "mschap" returns noop for request 14422

  modcall[authorize]: module "digest" returns noop for request 14422

    rlm_realm: Looking up realm "xxx.pt" for User-Name = "@xxx.pt"

    rlm_realm: No such realm "xxx.pt"

  modcall[authorize]: module "suffix" returns noop for request 14422

  rlm_eap: No EAP-Message, not doing EAP

  modcall[authorize]: module "eap" returns noop for request 14422

    users: Matched entry DEFAULT at line 152

  modcall[authorize]: module "files" returns ok for request 14422

modcall: leaving group authorize (returns ok) for request 14422

  rad_check_password:  Found Auth-Type System

auth: type "System"

  Processing the authenticate section of radiusd.conf

modcall: entering group authenticate for request 14422

rlm_unix: Attribute "User-Password" is required for authentication.

  modcall[authenticate]: module "unix" returns invalid for request 14422

modcall: leaving group authenticate (returns invalid) for request 14422

auth: Failed to validate the user.

Delaying request 14422 for 1 seconds

Finished request 14422

Going to the next request

Waking up in 6 seconds...

--- Walking the entire request list ---

Cleaning up request 14421 ID 131 with timestamp 453c9257

Sending Access-Reject of id 132 to 127.0.0.1 port 56965

Cleaning up request 14422 ID 132 with timestamp 453c9257

Nothing to do.  Sleeping until we see a request.

 

 

 

And the logs from ser are like the mentioned below.

 

0(15034) found end of header

 0(15034) find_first_route: No Route headers found

 0(15034) loose_route: There is no Route HF

 0(15034) parse_headers: flags=-1

 0(15034) check_via_address(212.13.42.65, 192.168.0.47, 0)

 0(15034) parse_headers: flags=64

 0(15034) check_nonce(): comparing
[453c93b9459779f9f51440d01f13c9e0db2b2965] an
d [453c93b9459779f9f51440d01f13c9e0db2b2965]

 0(15034) radius_authorize_sterman(): Success

 0(15034) save_rpid(): rpid value is '211069020'

 0(15034) radius_does_uri_exist(): Failure

 0(15034) parse_headers: flags=-1

 0(15034) check_via_address(212.13.42.65, 192.168.0.47, 0)

 0(15034) DEBUG:destroy_avp_list: destroying list 0xf5062350

 0(15034) receive_msg: cleaning up

 0(15034) SIP Request:

 0(15034)  method:  <OPTIONS>

 0(15034)  uri:     <sip:xxx.pt:5060>

 0(15034)  version: <SIP/2.0>

 0(15034) parse_headers: flags=1

 0(15034) Found param type 235, <rport> = <n/a>; state=6

 0(15034) Found param type 232, <branch> =
<z9hG4bKc0a8002f0000000b453c94d700006
3800000fc1b>; state=16

 0(15034) end of header reached, state=5

 0(15034) parse_headers: Via found, flags=1

 0(15034) parse_headers: this is the first via

 0(15034) After parse_msg...

 0(15034) preparing to run routing scripts...

 0(15034) parse_headers: flags=128

 0(15034) DEBUG: get_hdr_body : content_length=0

 0(15034) get_hdr_field: cseq <CSeq>: <11858> <OPTIONS>

 0(15034) DEBUG:maxfwd:is_maxfwd_present: value = 70

 0(15034) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16

 0(15034) DEBUG: add_param: tag=56414607811795

 0(15034) end of header reached, state=29

 0(15034) parse_headers: flags=256

 0(15034) end of header reached, state=9

 0(15034) DEBUG: get_hdr_field: <To> [29]; uri=[sip:xxx.pt:5060]

 0(15034) DEBUG: to body [<sip:xxx.pt:5060>

]

 0(15034) found end of header

 0(15034) find_first_route: No Route headers found

 0(15034) loose_route: There is no Route HF

 0(15034) lookup(): '' Not found in usrloc

 0(15034) lookup(): '' Not found in usrloc

 0(15034) parse_headers: flags=-1

 0(15034) check_via_address(212.13.42.65, 192.168.0.47, 0)

 0(15034) DEBUG:destroy_avp_list: destroying list (nil)

 0(15034) receive_msg: cleaning up

 

The users file in raddb is like this

 

211069020 at xxx.pt Auth-Type := Digest, User-Password == "211069020"

     Reply-Message = "Authenticated from Radius",

     Sip-Rpid = "211069020"

211069020 at xxx.pt Sip-Group == "local", Auth-Type := Accept

     Reply-Message = "Authorized"

"users" 221L, 7200C


 

I have mentioned dictionary.ser in radius and radiusclient.

 

Where I am doing wrong can anyone please give a hint.

 

Thank you very much

 

 

Lokesh


-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.408 / Virus Database: 268.13.9/490 - Release Date: 10/20/2006
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20061023/fab60bdb/attachment.htm>

More information about the sr-users mailing list