[Serusers] Re: Ser 0.9.6 + RADIUS

Daniel Corbe daniel.junkmail at gmail.com
Mon Jan 15 18:40:25 CET 2007 

The 2nd request actually is in the debug output, if you scroll down
about half way.

 0(19309) check_nonce(): comparing
[45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and
[45aaa3a5f0d6c451172fad0e9784ef0e7a83193e]

The nonce provided by the UA is correct, and when you go a little
further down, you see a really strange error message:

 0(19309) res: -1
 0(19309) radius_authorize_sterman(): Failure

I'm not even sure what that means.


On 1/15/07, Greger V. Teigre <greger at teigre.com> wrote:
> You just sent the debug output for the first message (the one creating
> the challenge).  The next message should contain the credentials, which
> will be used for radius auth.
> As far as I remember, by default radiusclient uses localhost to send its
> radius requests. When the radius server is only listening on a physical
> interface or remote server, you need to add a directive to
> radiusclient.conf. I don't remember right now.
> g-)
>
> Daniel Corbe wrote:
> > Turned debug to 9, this is what I get
> >
> >
> > 0(19309) SIP Request:
> > 0(19309)  method:  <REGISTER>
> > 0(19309)  uri:     <sip:192.168.1.109>
> > 0(19309)  version: <SIP/2.0>
> > 0(19309) parse_headers: flags=1
> > 0(19309) Found param type 235, <rport> = <n/a>; state=6
> > 0(19309) Found param type 232, <branch> =
> > <z9hG4bK3AA0D153A44111DB884A0017F2C52DAE>; state=16
> > 0(19309) end of header reached, state=5
> > 0(19309) parse_headers: Via found, flags=1
> > 0(19309) parse_headers: this is the first via
> > 0(19309) After parse_msg...
> > 0(19309) preparing to run routing scripts...
> > 0(19309) parse_headers: flags=128
> > 0(19309) end of header reached, state=9
> > 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin at 192.168.1.109]
> > 0(19309) DEBUG: to body [1234 <sip:admin at 192.168.1.109>
> > ]
> > 0(19309) get_hdr_field: cseq <CSeq>: <40142> <REGISTER>
> > 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
> > 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
> > 0(19309) parse_headers: flags=256
> > 0(19309) DEBUG: get_hdr_body : content_length=0
> > 0(19309) found end of header
> > 0(19309) find_first_route: No Route headers found
> > 0(19309) loose_route: There is no Route HF
> > 0(19309) XLOG: xl_print_log: final buffer length 26
> > 0(19309) REGISTER request received
> > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > 0(19309) parse_headers: flags=64
> > 0(19309) XLOG: xl_print_log: final buffer length 27
> > 0(19309) NATed client, enabling NAT
> > 0(19309) parse_headers: flags=4096
> > 0(19309) pre_auth(): Credentials with given realm not found
> > 0(19309) XLOG: xl_print_log: final buffer length 28
> > 0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
> > 'WWW-Authenticate: Digest realm="192.168.1.109",
> > nonce="45aaa391b970a38171714c791e2feec0b390aeed"
> > '
> > 0(19309) parse_headers: flags=-1
> > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
> > 0(19309) receive_msg: cleaning up
> > 0(19309) SIP Request:
> > 0(19309)  method:  <REGISTER>
> > 0(19309)  uri:     <sip:192.168.1.109>
> > 0(19309)  version: <SIP/2.0>
> > 0(19309) parse_headers: flags=1
> > 0(19309) Found param type 235, <rport> = <n/a>; state=6
> > 0(19309) Found param type 232, <branch> =
> > <z9hG4bK3AA5DFEFA44111DB884A0017F2C52DAE>; state=16
> > 0(19309) end of header reached, state=5
> > 0(19309) parse_headers: Via found, flags=1
> > 0(19309) parse_headers: this is the first via
> > 0(19309) After parse_msg...
> > 0(19309) preparing to run routing scripts...
> > 0(19309) parse_headers: flags=128
> > 0(19309) end of header reached, state=9
> > 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin at 192.168.1.109]
> > 0(19309) DEBUG: to body [1234 <sip:admin at 192.168.1.109>
> > ]
> > 0(19309) get_hdr_field: cseq <CSeq>: <40143> <REGISTER>
> > 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
> > 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
> > 0(19309) parse_headers: flags=256
> > 0(19309) DEBUG: get_hdr_body : content_length=0
> > 0(19309) found end of header
> > 0(19309) find_first_route: No Route headers found
> > 0(19309) loose_route: There is no Route HF
> > 0(19309) XLOG: xl_print_log: final buffer length 26
> > 0(19309) REGISTER request received
> > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > 0(19309) parse_headers: flags=64
> > 0(19309) XLOG: xl_print_log: final buffer length 27
> > 0(19309) NATed client, enabling NAT
> > 0(19309) check_nonce(): comparing
> > [45aaa391b970a38171714c791e2feec0b390aeed] and
> > [45aaa391b970a38171714c791e2feec0b390aeed]
> > 0(19309) res: -1
> > 0(19309) radius_authorize_sterman(): Failure
> > 0(19309) XLOG: xl_print_log: final buffer length 28
> > 0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
> > 'WWW-Authenticate: Digest realm="192.168.1.109",
> > nonce="45aaa391b970a38171714c791e2feec0b390aeed"
> > '
> > 0(19309) parse_headers: flags=-1
> > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
> > 0(19309) receive_msg: cleaning up
> > 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
> > 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
> > 0(19309) SIP Request:
> > 0(19309)  method:  <REGISTER>
> > 0(19309)  uri:     <sip:192.168.1.109>
> > 0(19309)  version: <SIP/2.0>
> > 0(19309) parse_headers: flags=1
> > 0(19309) Found param type 235, <rport> = <n/a>; state=6
> > 0(19309) Found param type 232, <branch> =
> > <z9hG4bK46BAEDC8A44111DB884A0017F2C52DAE>; state=16
> > 0(19309) end of header reached, state=5
> > 0(19309) parse_headers: Via found, flags=1
> > 0(19309) parse_headers: this is the first via
> > 0(19309) After parse_msg...
> > 0(19309) preparing to run routing scripts...
> > 0(19309) parse_headers: flags=128
> > 0(19309) end of header reached, state=9
> > 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin at 192.168.1.109]
> > 0(19309) DEBUG: to body [1234 <sip:admin at 192.168.1.109>
> > ]
> > 0(19309) get_hdr_field: cseq <CSeq>: <40144> <REGISTER>
> > 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
> > 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
> > 0(19309) parse_headers: flags=256
> > 0(19309) DEBUG: get_hdr_body : content_length=0
> > 0(19309) found end of header
> > 0(19309) find_first_route: No Route headers found
> > 0(19309) loose_route: There is no Route HF
> > 0(19309) XLOG: xl_print_log: final buffer length 26
> > 0(19309) REGISTER request received
> > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > 0(19309) parse_headers: flags=64
> > 0(19309) XLOG: xl_print_log: final buffer length 27
> > 0(19309) NATed client, enabling NAT
> > 0(19309) parse_headers: flags=4096
> > 0(19309) pre_auth(): Credentials with given realm not found
> > 0(19309) XLOG: xl_print_log: final buffer length 28
> > 0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
> > 'WWW-Authenticate: Digest realm="192.168.1.109",
> > nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e"
> > '
> > 0(19309) parse_headers: flags=-1
> > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
> > 0(19309) receive_msg: cleaning up
> > 0(19309) SIP Request:
> > 0(19309)  method:  <REGISTER>
> > 0(19309)  uri:     <sip:192.168.1.109>
> > 0(19309)  version: <SIP/2.0>
> > 0(19309) parse_headers: flags=1
> > 0(19309) Found param type 235, <rport> = <n/a>; state=6
> > 0(19309) Found param type 232, <branch> =
> > <z9hG4bK46BF0C4DA44111DB884A0017F2C52DAE>; state=16
> > 0(19309) end of header reached, state=5
> > 0(19309) parse_headers: Via found, flags=1
> > 0(19309) parse_headers: this is the first via
> > 0(19309) After parse_msg...
> > 0(19309) preparing to run routing scripts...
> > 0(19309) parse_headers: flags=128
> > 0(19309) end of header reached, state=9
> > 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin at 192.168.1.109]
> > 0(19309) DEBUG: to body [1234 <sip:admin at 192.168.1.109>
> > ]
> > 0(19309) get_hdr_field: cseq <CSeq>: <40145> <REGISTER>
> > 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
> > 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
> > 0(19309) parse_headers: flags=256
> > 0(19309) DEBUG: get_hdr_body : content_length=0
> > 0(19309) found end of header
> > 0(19309) find_first_route: No Route headers found
> > 0(19309) loose_route: There is no Route HF
> > 0(19309) XLOG: xl_print_log: final buffer length 26
> > 0(19309) REGISTER request received
> > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > 0(19309) parse_headers: flags=64
> > 0(19309) XLOG: xl_print_log: final buffer length 27
> > 0(19309) NATed client, enabling NAT
> > 0(19309) check_nonce(): comparing
> > [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and
> > [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e]
> > 0(19309) res: -1
> > 0(19309) radius_authorize_sterman(): Failure
> > 0(19309) XLOG: xl_print_log: final buffer length 28
> > 0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
> > 'WWW-Authenticate: Digest realm="192.168.1.109",
> > nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e"
> > '
> > 0(19309) parse_headers: flags=-1
> > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
> > 0(19309) receive_msg: cleaning up
> > 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
> >
> > On 1/14/07, Daniel Corbe <daniel.junkmail at gmail.com> wrote:
> >> I cannot get my SER to talk to my RADIUS server, its just blindly
> >> 401ing things without ever making contact with RADIUS.
> >>
> >> SER config looks like this
> >>
> >> if (method == "REGISTER") {
> >>         if (!radius_www_authorize("")) {
> >>                 www_challenge("", "1");
> >>                 break;
> >>         };
> >>
> >>         save("location");
> >> };
> >>
> >> radiusclient-ng servers file:
> >> 192.168.1.103                   heslo
> >>
> >> radiusclient.conf:
> >> auth_order      radius,local
> >> login_tries     4
> >> login_timeout   60
> >> authserver      192.168.1.103:1812
> >> acctserver      192.168.1.103:1813
> >> dictionary      /usr/local/etc/radiusclient-ng/dictionary
> >>
> >> FreeRADIUS clients.conf:
> >> client 192.168.1.109 {
> >>         secret          = heslo
> >>         shortname       = proxy1
> >>         nastype         = other
> >>
> >> Not sure what to do!
> >>
> > _______________________________________________
> > Serusers mailing list
> > Serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
> >
> >
>

More information about the sr-users mailing list