[Serusers] Re: Ser 0.9.6 + RADIUS
Daniel Corbe
daniel.junkmail at gmail.com
Mon Jan 15 18:40:25 CET 2007
The 2nd request actually is in the debug output, if you scroll down
about half way.
0(19309) check_nonce(): comparing
[45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and
[45aaa3a5f0d6c451172fad0e9784ef0e7a83193e]
The nonce provided by the UA is correct, and when you go a little
further down, you see a really strange error message:
0(19309) res: -1
0(19309) radius_authorize_sterman(): Failure
I'm not even sure what that means.
On 1/15/07, Greger V. Teigre <greger at teigre.com> wrote:
> You just sent the debug output for the first message (the one creating
> the challenge). The next message should contain the credentials, which
> will be used for radius auth.
> As far as I remember, by default radiusclient uses localhost to send its
> radius requests. When the radius server is only listening on a physical
> interface or remote server, you need to add a directive to
> radiusclient.conf. I don't remember right now.
> g-)
>
> Daniel Corbe wrote:
> > Turned debug to 9, this is what I get
> >
> >
> > 0(19309) SIP Request:
> > 0(19309) method: <REGISTER>
> > 0(19309) uri: <sip:192.168.1.109>
> > 0(19309) version: <SIP/2.0>
> > 0(19309) parse_headers: flags=1
> > 0(19309) Found param type 235, <rport> = <n/a>; state=6
> > 0(19309) Found param type 232, <branch> =
> > <z9hG4bK3AA0D153A44111DB884A0017F2C52DAE>; state=16
> > 0(19309) end of header reached, state=5
> > 0(19309) parse_headers: Via found, flags=1
> > 0(19309) parse_headers: this is the first via
> > 0(19309) After parse_msg...
> > 0(19309) preparing to run routing scripts...
> > 0(19309) parse_headers: flags=128
> > 0(19309) end of header reached, state=9
> > 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin at 192.168.1.109]
> > 0(19309) DEBUG: to body [1234 <sip:admin at 192.168.1.109>
> > ]
> > 0(19309) get_hdr_field: cseq <CSeq>: <40142> <REGISTER>
> > 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
> > 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
> > 0(19309) parse_headers: flags=256
> > 0(19309) DEBUG: get_hdr_body : content_length=0
> > 0(19309) found end of header
> > 0(19309) find_first_route: No Route headers found
> > 0(19309) loose_route: There is no Route HF
> > 0(19309) XLOG: xl_print_log: final buffer length 26
> > 0(19309) REGISTER request received
> > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > 0(19309) parse_headers: flags=64
> > 0(19309) XLOG: xl_print_log: final buffer length 27
> > 0(19309) NATed client, enabling NAT
> > 0(19309) parse_headers: flags=4096
> > 0(19309) pre_auth(): Credentials with given realm not found
> > 0(19309) XLOG: xl_print_log: final buffer length 28
> > 0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
> > 'WWW-Authenticate: Digest realm="192.168.1.109",
> > nonce="45aaa391b970a38171714c791e2feec0b390aeed"
> > '
> > 0(19309) parse_headers: flags=-1
> > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
> > 0(19309) receive_msg: cleaning up
> > 0(19309) SIP Request:
> > 0(19309) method: <REGISTER>
> > 0(19309) uri: <sip:192.168.1.109>
> > 0(19309) version: <SIP/2.0>
> > 0(19309) parse_headers: flags=1
> > 0(19309) Found param type 235, <rport> = <n/a>; state=6
> > 0(19309) Found param type 232, <branch> =
> > <z9hG4bK3AA5DFEFA44111DB884A0017F2C52DAE>; state=16
> > 0(19309) end of header reached, state=5
> > 0(19309) parse_headers: Via found, flags=1
> > 0(19309) parse_headers: this is the first via
> > 0(19309) After parse_msg...
> > 0(19309) preparing to run routing scripts...
> > 0(19309) parse_headers: flags=128
> > 0(19309) end of header reached, state=9
> > 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin at 192.168.1.109]
> > 0(19309) DEBUG: to body [1234 <sip:admin at 192.168.1.109>
> > ]
> > 0(19309) get_hdr_field: cseq <CSeq>: <40143> <REGISTER>
> > 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
> > 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
> > 0(19309) parse_headers: flags=256
> > 0(19309) DEBUG: get_hdr_body : content_length=0
> > 0(19309) found end of header
> > 0(19309) find_first_route: No Route headers found
> > 0(19309) loose_route: There is no Route HF
> > 0(19309) XLOG: xl_print_log: final buffer length 26
> > 0(19309) REGISTER request received
> > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > 0(19309) parse_headers: flags=64
> > 0(19309) XLOG: xl_print_log: final buffer length 27
> > 0(19309) NATed client, enabling NAT
> > 0(19309) check_nonce(): comparing
> > [45aaa391b970a38171714c791e2feec0b390aeed] and
> > [45aaa391b970a38171714c791e2feec0b390aeed]
> > 0(19309) res: -1
> > 0(19309) radius_authorize_sterman(): Failure
> > 0(19309) XLOG: xl_print_log: final buffer length 28
> > 0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
> > 'WWW-Authenticate: Digest realm="192.168.1.109",
> > nonce="45aaa391b970a38171714c791e2feec0b390aeed"
> > '
> > 0(19309) parse_headers: flags=-1
> > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
> > 0(19309) receive_msg: cleaning up
> > 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
> > 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
> > 0(19309) SIP Request:
> > 0(19309) method: <REGISTER>
> > 0(19309) uri: <sip:192.168.1.109>
> > 0(19309) version: <SIP/2.0>
> > 0(19309) parse_headers: flags=1
> > 0(19309) Found param type 235, <rport> = <n/a>; state=6
> > 0(19309) Found param type 232, <branch> =
> > <z9hG4bK46BAEDC8A44111DB884A0017F2C52DAE>; state=16
> > 0(19309) end of header reached, state=5
> > 0(19309) parse_headers: Via found, flags=1
> > 0(19309) parse_headers: this is the first via
> > 0(19309) After parse_msg...
> > 0(19309) preparing to run routing scripts...
> > 0(19309) parse_headers: flags=128
> > 0(19309) end of header reached, state=9
> > 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin at 192.168.1.109]
> > 0(19309) DEBUG: to body [1234 <sip:admin at 192.168.1.109>
> > ]
> > 0(19309) get_hdr_field: cseq <CSeq>: <40144> <REGISTER>
> > 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
> > 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
> > 0(19309) parse_headers: flags=256
> > 0(19309) DEBUG: get_hdr_body : content_length=0
> > 0(19309) found end of header
> > 0(19309) find_first_route: No Route headers found
> > 0(19309) loose_route: There is no Route HF
> > 0(19309) XLOG: xl_print_log: final buffer length 26
> > 0(19309) REGISTER request received
> > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > 0(19309) parse_headers: flags=64
> > 0(19309) XLOG: xl_print_log: final buffer length 27
> > 0(19309) NATed client, enabling NAT
> > 0(19309) parse_headers: flags=4096
> > 0(19309) pre_auth(): Credentials with given realm not found
> > 0(19309) XLOG: xl_print_log: final buffer length 28
> > 0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
> > 'WWW-Authenticate: Digest realm="192.168.1.109",
> > nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e"
> > '
> > 0(19309) parse_headers: flags=-1
> > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
> > 0(19309) receive_msg: cleaning up
> > 0(19309) SIP Request:
> > 0(19309) method: <REGISTER>
> > 0(19309) uri: <sip:192.168.1.109>
> > 0(19309) version: <SIP/2.0>
> > 0(19309) parse_headers: flags=1
> > 0(19309) Found param type 235, <rport> = <n/a>; state=6
> > 0(19309) Found param type 232, <branch> =
> > <z9hG4bK46BF0C4DA44111DB884A0017F2C52DAE>; state=16
> > 0(19309) end of header reached, state=5
> > 0(19309) parse_headers: Via found, flags=1
> > 0(19309) parse_headers: this is the first via
> > 0(19309) After parse_msg...
> > 0(19309) preparing to run routing scripts...
> > 0(19309) parse_headers: flags=128
> > 0(19309) end of header reached, state=9
> > 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin at 192.168.1.109]
> > 0(19309) DEBUG: to body [1234 <sip:admin at 192.168.1.109>
> > ]
> > 0(19309) get_hdr_field: cseq <CSeq>: <40145> <REGISTER>
> > 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
> > 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
> > 0(19309) parse_headers: flags=256
> > 0(19309) DEBUG: get_hdr_body : content_length=0
> > 0(19309) found end of header
> > 0(19309) find_first_route: No Route headers found
> > 0(19309) loose_route: There is no Route HF
> > 0(19309) XLOG: xl_print_log: final buffer length 26
> > 0(19309) REGISTER request received
> > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > 0(19309) parse_headers: flags=64
> > 0(19309) XLOG: xl_print_log: final buffer length 27
> > 0(19309) NATed client, enabling NAT
> > 0(19309) check_nonce(): comparing
> > [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and
> > [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e]
> > 0(19309) res: -1
> > 0(19309) radius_authorize_sterman(): Failure
> > 0(19309) XLOG: xl_print_log: final buffer length 28
> > 0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
> > 'WWW-Authenticate: Digest realm="192.168.1.109",
> > nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e"
> > '
> > 0(19309) parse_headers: flags=-1
> > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
> > 0(19309) receive_msg: cleaning up
> > 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
> >
> > On 1/14/07, Daniel Corbe <daniel.junkmail at gmail.com> wrote:
> >> I cannot get my SER to talk to my RADIUS server, its just blindly
> >> 401ing things without ever making contact with RADIUS.
> >>
> >> SER config looks like this
> >>
> >> if (method == "REGISTER") {
> >> if (!radius_www_authorize("")) {
> >> www_challenge("", "1");
> >> break;
> >> };
> >>
> >> save("location");
> >> };
> >>
> >> radiusclient-ng servers file:
> >> 192.168.1.103 heslo
> >>
> >> radiusclient.conf:
> >> auth_order radius,local
> >> login_tries 4
> >> login_timeout 60
> >> authserver 192.168.1.103:1812
> >> acctserver 192.168.1.103:1813
> >> dictionary /usr/local/etc/radiusclient-ng/dictionary
> >>
> >> FreeRADIUS clients.conf:
> >> client 192.168.1.109 {
> >> secret = heslo
> >> shortname = proxy1
> >> nastype = other
> >>
> >> Not sure what to do!
> >>
> > _______________________________________________
> > Serusers mailing list
> > Serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
> >
> >
>
More information about the sr-users
mailing list