[Serusers] Problem with radius - ser setup
Greger V. Teigre
greger at teigre.com
Mon Oct 23 13:07:38 CEST 2006
Looks ok. Just don't challenge OPTIONS messages (second message)
g-)
Lokesh Kumar wrote:
>
> Hello List , I have problem with the authentication of users via
> Radius. Mentioned below are the logs. Can anyone please give me hint
> where I am doing wrong , I did exactly as mentioned in the ser-radius
> how to.
>
>
>
>
>
> The logs from Radius are like the mentioned below.
>
>
>
> Sip-Uri-User = "211069020"
>
> NAS-Port = 5060
>
> NAS-IP-Address = 127.0.0.1
>
> Processing the authorize section of radiusd.conf
>
> modcall: entering group authorize for request 14421
>
> modcall[authorize]: module "preprocess" returns ok for request 14421
>
> modcall[authorize]: module "chap" returns noop for request 14421
>
> modcall[authorize]: module "mschap" returns noop for request 14421
>
> rlm_digest: Adding Auth-Type = DIGEST
>
> modcall[authorize]: module "digest" returns ok for request 14421
>
> rlm_realm: Looking up realm "xxx.pt" for User-Name =
> "211069020 at XXX.pt"
>
> rlm_realm: No such realm "xxx.pt"
>
> modcall[authorize]: module "suffix" returns noop for request 14421
>
> rlm_eap: No EAP-Message, not doing EAP
>
> modcall[authorize]: module "eap" returns noop for request 14421
>
> users: Matched entry DEFAULT at line 152
>
> users: Matched entry 211069020 at xxx.pt at line 217
>
> modcall[authorize]: module "files" returns ok for request 14421
>
> modcall: leaving group authorize (returns ok) for request 14421
>
> rad_check_password: Found Auth-Type Digest
>
> auth: type "digest"
>
> Processing the authenticate section of radiusd.conf
>
> modcall: entering group authenticate for request 14421
>
> rlm_digest: Converting Digest-Attributes to something sane...
>
> Digest-User-Name = "211069020"
>
> Digest-Realm = "xxx.pt"
>
> Digest-Nonce = "453c9377946262d76fceca014a1553f8384db20f"
>
> Digest-URI = "sip:xxx.pt"
>
> Digest-Method = "REGISTER"
>
> Digest-QOP = "auth"
>
> Digest-Nonce-Count = "00000001"
>
> Digest-CNonce = "5640622967614"
>
> A1 = 211069020:xxx.pt:211069020
>
> A2 = REGISTER:sip:xxx.pt
>
> KD =
> f7d0e83a9277bd217ba41ac8e070aee4:453c9377946262d76fceca014a1553f8384db20f:00000001:5640622967614:auth:4a210dfe3dc88ca825764f5ea20d8b01
>
> modcall[authenticate]: module "digest" returns ok for request 14421
>
> modcall: leaving group authenticate (returns ok) for request 14421
>
> radius_xlat: 'Authenticated from Radius'
>
> Sending Access-Accept of id 131 to 127.0.0.1 port 56964
>
> Reply-Message = "Authenticated from Radius"
>
> Sip-Rpid = "211069020"
>
> Finished request 14421
>
> Going to the next request
>
> --- Walking the entire request list ---
>
> Waking up in 6 seconds...
>
> rad_recv: Access-Request packet from host 127.0.0.1:56965, id=132,
> length=57
>
> User-Name = "@xxx.pt"
>
> Service-Type = Callback-Administrative
>
> NAS-Port = 0
>
> NAS-IP-Address = 127.0.0.1
>
> Processing the authorize section of radiusd.conf
>
> modcall: entering group authorize for request 14422
>
> modcall[authorize]: module "preprocess" returns ok for request 14422
>
> modcall[authorize]: module "chap" returns noop for request 14422
>
> modcall[authorize]: module "mschap" returns noop for request 14422
>
> modcall[authorize]: module "digest" returns noop for request 14422
>
> rlm_realm: Looking up realm "xxx.pt" for User-Name = "@xxx.pt"
>
> rlm_realm: No such realm "xxx.pt"
>
> modcall[authorize]: module "suffix" returns noop for request 14422
>
> rlm_eap: No EAP-Message, not doing EAP
>
> modcall[authorize]: module "eap" returns noop for request 14422
>
> users: Matched entry DEFAULT at line 152
>
> modcall[authorize]: module "files" returns ok for request 14422
>
> modcall: leaving group authorize (returns ok) for request 14422
>
> rad_check_password: Found Auth-Type System
>
> auth: type "System"
>
> Processing the authenticate section of radiusd.conf
>
> modcall: entering group authenticate for request 14422
>
> rlm_unix: Attribute "User-Password" is required for authentication.
>
> modcall[authenticate]: module "unix" returns invalid for request 14422
>
> modcall: leaving group authenticate (returns invalid) for request 14422
>
> auth: Failed to validate the user.
>
> Delaying request 14422 for 1 seconds
>
> Finished request 14422
>
> Going to the next request
>
> Waking up in 6 seconds...
>
> --- Walking the entire request list ---
>
> Cleaning up request 14421 ID 131 with timestamp 453c9257
>
> Sending Access-Reject of id 132 to 127.0.0.1 port 56965
>
> Cleaning up request 14422 ID 132 with timestamp 453c9257
>
> Nothing to do. Sleeping until we see a request.
>
>
>
>
>
>
>
> And the logs from ser are like the mentioned below.
>
>
>
> 0(15034) found end of header
>
> 0(15034) find_first_route: No Route headers found
>
> 0(15034) loose_route: There is no Route HF
>
> 0(15034) parse_headers: flags=-1
>
> 0(15034) check_via_address(212.13.42.65, 192.168.0.47, 0)
>
> 0(15034) parse_headers: flags=64
>
> 0(15034) check_nonce(): comparing
> [453c93b9459779f9f51440d01f13c9e0db2b2965] an
> d
> [453c93b9459779f9f51440d01f13c9e0db2b2965]
>
> 0(15034) radius_authorize_sterman(): Success
>
> 0(15034) save_rpid(): rpid value is '211069020'
>
> 0(15034) radius_does_uri_exist(): Failure
>
> 0(15034) parse_headers: flags=-1
>
> 0(15034) check_via_address(212.13.42.65, 192.168.0.47, 0)
>
> 0(15034) DEBUG:destroy_avp_list: destroying list 0xf5062350
>
> 0(15034) receive_msg: cleaning up
>
> 0(15034) SIP Request:
>
> 0(15034) method: <OPTIONS>
>
> 0(15034) uri: <sip:xxx.pt:5060>
>
> 0(15034) version: <SIP/2.0>
>
> 0(15034) parse_headers: flags=1
>
> 0(15034) Found param type 235, <rport> = <n/a>; state=6
>
> 0(15034) Found param type 232, <branch> =
> <z9hG4bKc0a8002f0000000b453c94d700006
> 3800000fc1b>;
> state=16
>
> 0(15034) end of header reached, state=5
>
> 0(15034) parse_headers: Via found, flags=1
>
> 0(15034) parse_headers: this is the first via
>
> 0(15034) After parse_msg...
>
> 0(15034) preparing to run routing scripts...
>
> 0(15034) parse_headers: flags=128
>
> 0(15034) DEBUG: get_hdr_body : content_length=0
>
> 0(15034) get_hdr_field: cseq <CSeq>: <11858> <OPTIONS>
>
> 0(15034) DEBUG:maxfwd:is_maxfwd_present: value = 70
>
> 0(15034) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
>
> 0(15034) DEBUG: add_param: tag=56414607811795
>
> 0(15034) end of header reached, state=29
>
> 0(15034) parse_headers: flags=256
>
> 0(15034) end of header reached, state=9
>
> 0(15034) DEBUG: get_hdr_field: <To> [29]; uri=[sip:xxx.pt:5060]
>
> 0(15034) DEBUG: to body [<sip:xxx.pt:5060>
>
> ]
>
> 0(15034) found end of header
>
> 0(15034) find_first_route: No Route headers found
>
> 0(15034) loose_route: There is no Route HF
>
> 0(15034) lookup(): '' Not found in usrloc
>
> 0(15034) lookup(): '' Not found in usrloc
>
> 0(15034) parse_headers: flags=-1
>
> 0(15034) check_via_address(212.13.42.65, 192.168.0.47, 0)
>
> 0(15034) DEBUG:destroy_avp_list: destroying list (nil)
>
> 0(15034) receive_msg: cleaning up
>
>
>
> The users file in raddb is like this
>
>
>
> 211069020 at xxx.pt Auth-Type := Digest, User-Password == "211069020"
>
> Reply-Message = "Authenticated from Radius",
>
> Sip-Rpid = "211069020"
>
> 211069020 at xxx.pt Sip-Group == "local", Auth-Type := Accept
>
> Reply-Message = "Authorized"
>
> "users" 221L,
> 7200C
>
>
>
> I have mentioned dictionary.ser in radius and radiusclient.
>
>
>
> Where I am doing wrong can anyone please give a hint.
>
>
>
> Thank you very much
>
>
>
>
>
> Lokesh
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.1.408 / Virus Database: 268.13.9/490 - Release Date: 10/20/2006
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20061023/eb2bf8e5/attachment.htm>
More information about the sr-users
mailing list