[Serusers] Re: Ser 0.9.6 + RADIUS

Greger V. Teigre greger at teigre.com
Mon Jan 15 09:25:17 CET 2007 

You just sent the debug output for the first message (the one creating 
the challenge).  The next message should contain the credentials, which 
will be used for radius auth.
As far as I remember, by default radiusclient uses localhost to send its 
radius requests. When the radius server is only listening on a physical 
interface or remote server, you need to add a directive to 
radiusclient.conf. I don't remember right now.
g-)

Daniel Corbe wrote:
> Turned debug to 9, this is what I get
>
>
> 0(19309) SIP Request:
> 0(19309)  method:  <REGISTER>
> 0(19309)  uri:     <sip:192.168.1.109>
> 0(19309)  version: <SIP/2.0>
> 0(19309) parse_headers: flags=1
> 0(19309) Found param type 235, <rport> = <n/a>; state=6
> 0(19309) Found param type 232, <branch> =
> <z9hG4bK3AA0D153A44111DB884A0017F2C52DAE>; state=16
> 0(19309) end of header reached, state=5
> 0(19309) parse_headers: Via found, flags=1
> 0(19309) parse_headers: this is the first via
> 0(19309) After parse_msg...
> 0(19309) preparing to run routing scripts...
> 0(19309) parse_headers: flags=128
> 0(19309) end of header reached, state=9
> 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin at 192.168.1.109]
> 0(19309) DEBUG: to body [1234 <sip:admin at 192.168.1.109>
> ]
> 0(19309) get_hdr_field: cseq <CSeq>: <40142> <REGISTER>
> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
> 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
> 0(19309) parse_headers: flags=256
> 0(19309) DEBUG: get_hdr_body : content_length=0
> 0(19309) found end of header
> 0(19309) find_first_route: No Route headers found
> 0(19309) loose_route: There is no Route HF
> 0(19309) XLOG: xl_print_log: final buffer length 26
> 0(19309) REGISTER request received
> 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> 0(19309) parse_headers: flags=64
> 0(19309) XLOG: xl_print_log: final buffer length 27
> 0(19309) NATed client, enabling NAT
> 0(19309) parse_headers: flags=4096
> 0(19309) pre_auth(): Credentials with given realm not found
> 0(19309) XLOG: xl_print_log: final buffer length 28
> 0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
> 'WWW-Authenticate: Digest realm="192.168.1.109",
> nonce="45aaa391b970a38171714c791e2feec0b390aeed"
> '
> 0(19309) parse_headers: flags=-1
> 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
> 0(19309) receive_msg: cleaning up
> 0(19309) SIP Request:
> 0(19309)  method:  <REGISTER>
> 0(19309)  uri:     <sip:192.168.1.109>
> 0(19309)  version: <SIP/2.0>
> 0(19309) parse_headers: flags=1
> 0(19309) Found param type 235, <rport> = <n/a>; state=6
> 0(19309) Found param type 232, <branch> =
> <z9hG4bK3AA5DFEFA44111DB884A0017F2C52DAE>; state=16
> 0(19309) end of header reached, state=5
> 0(19309) parse_headers: Via found, flags=1
> 0(19309) parse_headers: this is the first via
> 0(19309) After parse_msg...
> 0(19309) preparing to run routing scripts...
> 0(19309) parse_headers: flags=128
> 0(19309) end of header reached, state=9
> 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin at 192.168.1.109]
> 0(19309) DEBUG: to body [1234 <sip:admin at 192.168.1.109>
> ]
> 0(19309) get_hdr_field: cseq <CSeq>: <40143> <REGISTER>
> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
> 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
> 0(19309) parse_headers: flags=256
> 0(19309) DEBUG: get_hdr_body : content_length=0
> 0(19309) found end of header
> 0(19309) find_first_route: No Route headers found
> 0(19309) loose_route: There is no Route HF
> 0(19309) XLOG: xl_print_log: final buffer length 26
> 0(19309) REGISTER request received
> 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> 0(19309) parse_headers: flags=64
> 0(19309) XLOG: xl_print_log: final buffer length 27
> 0(19309) NATed client, enabling NAT
> 0(19309) check_nonce(): comparing
> [45aaa391b970a38171714c791e2feec0b390aeed] and
> [45aaa391b970a38171714c791e2feec0b390aeed]
> 0(19309) res: -1
> 0(19309) radius_authorize_sterman(): Failure
> 0(19309) XLOG: xl_print_log: final buffer length 28
> 0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
> 'WWW-Authenticate: Digest realm="192.168.1.109",
> nonce="45aaa391b970a38171714c791e2feec0b390aeed"
> '
> 0(19309) parse_headers: flags=-1
> 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
> 0(19309) receive_msg: cleaning up
> 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
> 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
> 0(19309) SIP Request:
> 0(19309)  method:  <REGISTER>
> 0(19309)  uri:     <sip:192.168.1.109>
> 0(19309)  version: <SIP/2.0>
> 0(19309) parse_headers: flags=1
> 0(19309) Found param type 235, <rport> = <n/a>; state=6
> 0(19309) Found param type 232, <branch> =
> <z9hG4bK46BAEDC8A44111DB884A0017F2C52DAE>; state=16
> 0(19309) end of header reached, state=5
> 0(19309) parse_headers: Via found, flags=1
> 0(19309) parse_headers: this is the first via
> 0(19309) After parse_msg...
> 0(19309) preparing to run routing scripts...
> 0(19309) parse_headers: flags=128
> 0(19309) end of header reached, state=9
> 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin at 192.168.1.109]
> 0(19309) DEBUG: to body [1234 <sip:admin at 192.168.1.109>
> ]
> 0(19309) get_hdr_field: cseq <CSeq>: <40144> <REGISTER>
> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
> 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
> 0(19309) parse_headers: flags=256
> 0(19309) DEBUG: get_hdr_body : content_length=0
> 0(19309) found end of header
> 0(19309) find_first_route: No Route headers found
> 0(19309) loose_route: There is no Route HF
> 0(19309) XLOG: xl_print_log: final buffer length 26
> 0(19309) REGISTER request received
> 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> 0(19309) parse_headers: flags=64
> 0(19309) XLOG: xl_print_log: final buffer length 27
> 0(19309) NATed client, enabling NAT
> 0(19309) parse_headers: flags=4096
> 0(19309) pre_auth(): Credentials with given realm not found
> 0(19309) XLOG: xl_print_log: final buffer length 28
> 0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
> 'WWW-Authenticate: Digest realm="192.168.1.109",
> nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e"
> '
> 0(19309) parse_headers: flags=-1
> 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
> 0(19309) receive_msg: cleaning up
> 0(19309) SIP Request:
> 0(19309)  method:  <REGISTER>
> 0(19309)  uri:     <sip:192.168.1.109>
> 0(19309)  version: <SIP/2.0>
> 0(19309) parse_headers: flags=1
> 0(19309) Found param type 235, <rport> = <n/a>; state=6
> 0(19309) Found param type 232, <branch> =
> <z9hG4bK46BF0C4DA44111DB884A0017F2C52DAE>; state=16
> 0(19309) end of header reached, state=5
> 0(19309) parse_headers: Via found, flags=1
> 0(19309) parse_headers: this is the first via
> 0(19309) After parse_msg...
> 0(19309) preparing to run routing scripts...
> 0(19309) parse_headers: flags=128
> 0(19309) end of header reached, state=9
> 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin at 192.168.1.109]
> 0(19309) DEBUG: to body [1234 <sip:admin at 192.168.1.109>
> ]
> 0(19309) get_hdr_field: cseq <CSeq>: <40145> <REGISTER>
> 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
> 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
> 0(19309) parse_headers: flags=256
> 0(19309) DEBUG: get_hdr_body : content_length=0
> 0(19309) found end of header
> 0(19309) find_first_route: No Route headers found
> 0(19309) loose_route: There is no Route HF
> 0(19309) XLOG: xl_print_log: final buffer length 26
> 0(19309) REGISTER request received
> 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> 0(19309) parse_headers: flags=64
> 0(19309) XLOG: xl_print_log: final buffer length 27
> 0(19309) NATed client, enabling NAT
> 0(19309) check_nonce(): comparing
> [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and
> [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e]
> 0(19309) res: -1
> 0(19309) radius_authorize_sterman(): Failure
> 0(19309) XLOG: xl_print_log: final buffer length 28
> 0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
> 'WWW-Authenticate: Digest realm="192.168.1.109",
> nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e"
> '
> 0(19309) parse_headers: flags=-1
> 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
> 0(19309) receive_msg: cleaning up
> 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
>
> On 1/14/07, Daniel Corbe <daniel.junkmail at gmail.com> wrote:
>> I cannot get my SER to talk to my RADIUS server, its just blindly
>> 401ing things without ever making contact with RADIUS.
>>
>> SER config looks like this
>>
>> if (method == "REGISTER") {
>>         if (!radius_www_authorize("")) {
>>                 www_challenge("", "1");
>>                 break;
>>         };
>>
>>         save("location");
>> };
>>
>> radiusclient-ng servers file:
>> 192.168.1.103                   heslo
>>
>> radiusclient.conf:
>> auth_order      radius,local
>> login_tries     4
>> login_timeout   60
>> authserver      192.168.1.103:1812
>> acctserver      192.168.1.103:1813
>> dictionary      /usr/local/etc/radiusclient-ng/dictionary
>>
>> FreeRADIUS clients.conf:
>> client 192.168.1.109 {
>>         secret          = heslo
>>         shortname       = proxy1
>>         nastype         = other
>>
>> Not sure what to do!
>>
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>

More information about the sr-users mailing list