[Serusers] Re: Ser 0.9.6 + RADIUS

Daniel Corbe daniel.junkmail at gmail.com
Fri Jan 26 19:58:02 CET 2007 

Apparently OpenBSD just plain sucks for anything radius related.
Having troubles with radiusclient-ng, and rlm_perl on FreeRADIUS.  I
switched both machines to FreeBSD now everything works without a
problem.

On 1/15/07, Daniel Corbe <daniel.junkmail at gmail.com> wrote:
> The 2nd request actually is in the debug output, if you scroll down
> about half way.
>
>  0(19309) check_nonce(): comparing
> [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and
> [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e]
>
> The nonce provided by the UA is correct, and when you go a little
> further down, you see a really strange error message:
>
>  0(19309) res: -1
>  0(19309) radius_authorize_sterman(): Failure
>
> I'm not even sure what that means.
>
>
> On 1/15/07, Greger V. Teigre <greger at teigre.com> wrote:
> > You just sent the debug output for the first message (the one creating
> > the challenge).  The next message should contain the credentials, which
> > will be used for radius auth.
> > As far as I remember, by default radiusclient uses localhost to send its
> > radius requests. When the radius server is only listening on a physical
> > interface or remote server, you need to add a directive to
> > radiusclient.conf. I don't remember right now.
> > g-)
> >
> > Daniel Corbe wrote:
> > > Turned debug to 9, this is what I get
> > >
> > >
> > > 0(19309) SIP Request:
> > > 0(19309)  method:  <REGISTER>
> > > 0(19309)  uri:     <sip:192.168.1.109>
> > > 0(19309)  version: <SIP/2.0>
> > > 0(19309) parse_headers: flags=1
> > > 0(19309) Found param type 235, <rport> = <n/a>; state=6
> > > 0(19309) Found param type 232, <branch> =
> > > <z9hG4bK3AA0D153A44111DB884A0017F2C52DAE>; state=16
> > > 0(19309) end of header reached, state=5
> > > 0(19309) parse_headers: Via found, flags=1
> > > 0(19309) parse_headers: this is the first via
> > > 0(19309) After parse_msg...
> > > 0(19309) preparing to run routing scripts...
> > > 0(19309) parse_headers: flags=128
> > > 0(19309) end of header reached, state=9
> > > 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin at 192.168.1.109]
> > > 0(19309) DEBUG: to body [1234 <sip:admin at 192.168.1.109>
> > > ]
> > > 0(19309) get_hdr_field: cseq <CSeq>: <40142> <REGISTER>
> > > 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
> > > 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
> > > 0(19309) parse_headers: flags=256
> > > 0(19309) DEBUG: get_hdr_body : content_length=0
> > > 0(19309) found end of header
> > > 0(19309) find_first_route: No Route headers found
> > > 0(19309) loose_route: There is no Route HF
> > > 0(19309) XLOG: xl_print_log: final buffer length 26
> > > 0(19309) REGISTER request received
> > > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > > 0(19309) parse_headers: flags=64
> > > 0(19309) XLOG: xl_print_log: final buffer length 27
> > > 0(19309) NATed client, enabling NAT
> > > 0(19309) parse_headers: flags=4096
> > > 0(19309) pre_auth(): Credentials with given realm not found
> > > 0(19309) XLOG: xl_print_log: final buffer length 28
> > > 0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
> > > 'WWW-Authenticate: Digest realm="192.168.1.109",
> > > nonce="45aaa391b970a38171714c791e2feec0b390aeed"
> > > '
> > > 0(19309) parse_headers: flags=-1
> > > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > > 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
> > > 0(19309) receive_msg: cleaning up
> > > 0(19309) SIP Request:
> > > 0(19309)  method:  <REGISTER>
> > > 0(19309)  uri:     <sip:192.168.1.109>
> > > 0(19309)  version: <SIP/2.0>
> > > 0(19309) parse_headers: flags=1
> > > 0(19309) Found param type 235, <rport> = <n/a>; state=6
> > > 0(19309) Found param type 232, <branch> =
> > > <z9hG4bK3AA5DFEFA44111DB884A0017F2C52DAE>; state=16
> > > 0(19309) end of header reached, state=5
> > > 0(19309) parse_headers: Via found, flags=1
> > > 0(19309) parse_headers: this is the first via
> > > 0(19309) After parse_msg...
> > > 0(19309) preparing to run routing scripts...
> > > 0(19309) parse_headers: flags=128
> > > 0(19309) end of header reached, state=9
> > > 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin at 192.168.1.109]
> > > 0(19309) DEBUG: to body [1234 <sip:admin at 192.168.1.109>
> > > ]
> > > 0(19309) get_hdr_field: cseq <CSeq>: <40143> <REGISTER>
> > > 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
> > > 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
> > > 0(19309) parse_headers: flags=256
> > > 0(19309) DEBUG: get_hdr_body : content_length=0
> > > 0(19309) found end of header
> > > 0(19309) find_first_route: No Route headers found
> > > 0(19309) loose_route: There is no Route HF
> > > 0(19309) XLOG: xl_print_log: final buffer length 26
> > > 0(19309) REGISTER request received
> > > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > > 0(19309) parse_headers: flags=64
> > > 0(19309) XLOG: xl_print_log: final buffer length 27
> > > 0(19309) NATed client, enabling NAT
> > > 0(19309) check_nonce(): comparing
> > > [45aaa391b970a38171714c791e2feec0b390aeed] and
> > > [45aaa391b970a38171714c791e2feec0b390aeed]
> > > 0(19309) res: -1
> > > 0(19309) radius_authorize_sterman(): Failure
> > > 0(19309) XLOG: xl_print_log: final buffer length 28
> > > 0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
> > > 'WWW-Authenticate: Digest realm="192.168.1.109",
> > > nonce="45aaa391b970a38171714c791e2feec0b390aeed"
> > > '
> > > 0(19309) parse_headers: flags=-1
> > > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > > 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
> > > 0(19309) receive_msg: cleaning up
> > > 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
> > > 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
> > > 0(19309) SIP Request:
> > > 0(19309)  method:  <REGISTER>
> > > 0(19309)  uri:     <sip:192.168.1.109>
> > > 0(19309)  version: <SIP/2.0>
> > > 0(19309) parse_headers: flags=1
> > > 0(19309) Found param type 235, <rport> = <n/a>; state=6
> > > 0(19309) Found param type 232, <branch> =
> > > <z9hG4bK46BAEDC8A44111DB884A0017F2C52DAE>; state=16
> > > 0(19309) end of header reached, state=5
> > > 0(19309) parse_headers: Via found, flags=1
> > > 0(19309) parse_headers: this is the first via
> > > 0(19309) After parse_msg...
> > > 0(19309) preparing to run routing scripts...
> > > 0(19309) parse_headers: flags=128
> > > 0(19309) end of header reached, state=9
> > > 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin at 192.168.1.109]
> > > 0(19309) DEBUG: to body [1234 <sip:admin at 192.168.1.109>
> > > ]
> > > 0(19309) get_hdr_field: cseq <CSeq>: <40144> <REGISTER>
> > > 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
> > > 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
> > > 0(19309) parse_headers: flags=256
> > > 0(19309) DEBUG: get_hdr_body : content_length=0
> > > 0(19309) found end of header
> > > 0(19309) find_first_route: No Route headers found
> > > 0(19309) loose_route: There is no Route HF
> > > 0(19309) XLOG: xl_print_log: final buffer length 26
> > > 0(19309) REGISTER request received
> > > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > > 0(19309) parse_headers: flags=64
> > > 0(19309) XLOG: xl_print_log: final buffer length 27
> > > 0(19309) NATed client, enabling NAT
> > > 0(19309) parse_headers: flags=4096
> > > 0(19309) pre_auth(): Credentials with given realm not found
> > > 0(19309) XLOG: xl_print_log: final buffer length 28
> > > 0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
> > > 'WWW-Authenticate: Digest realm="192.168.1.109",
> > > nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e"
> > > '
> > > 0(19309) parse_headers: flags=-1
> > > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > > 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
> > > 0(19309) receive_msg: cleaning up
> > > 0(19309) SIP Request:
> > > 0(19309)  method:  <REGISTER>
> > > 0(19309)  uri:     <sip:192.168.1.109>
> > > 0(19309)  version: <SIP/2.0>
> > > 0(19309) parse_headers: flags=1
> > > 0(19309) Found param type 235, <rport> = <n/a>; state=6
> > > 0(19309) Found param type 232, <branch> =
> > > <z9hG4bK46BF0C4DA44111DB884A0017F2C52DAE>; state=16
> > > 0(19309) end of header reached, state=5
> > > 0(19309) parse_headers: Via found, flags=1
> > > 0(19309) parse_headers: this is the first via
> > > 0(19309) After parse_msg...
> > > 0(19309) preparing to run routing scripts...
> > > 0(19309) parse_headers: flags=128
> > > 0(19309) end of header reached, state=9
> > > 0(19309) DEBUG: get_hdr_field: <To> [32]; uri=[sip:admin at 192.168.1.109]
> > > 0(19309) DEBUG: to body [1234 <sip:admin at 192.168.1.109>
> > > ]
> > > 0(19309) get_hdr_field: cseq <CSeq>: <40145> <REGISTER>
> > > 0(19309) DEBUG:maxfwd:is_maxfwd_present: value = 70
> > > 0(19309) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
> > > 0(19309) parse_headers: flags=256
> > > 0(19309) DEBUG: get_hdr_body : content_length=0
> > > 0(19309) found end of header
> > > 0(19309) find_first_route: No Route headers found
> > > 0(19309) loose_route: There is no Route HF
> > > 0(19309) XLOG: xl_print_log: final buffer length 26
> > > 0(19309) REGISTER request received
> > > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > > 0(19309) parse_headers: flags=64
> > > 0(19309) XLOG: xl_print_log: final buffer length 27
> > > 0(19309) NATed client, enabling NAT
> > > 0(19309) check_nonce(): comparing
> > > [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e] and
> > > [45aaa3a5f0d6c451172fad0e9784ef0e7a83193e]
> > > 0(19309) res: -1
> > > 0(19309) radius_authorize_sterman(): Failure
> > > 0(19309) XLOG: xl_print_log: final buffer length 28
> > > 0(19309) No Digest, sending challenge 0(19309) build_auth_hf():
> > > 'WWW-Authenticate: Digest realm="192.168.1.109",
> > > nonce="45aaa3a5f0d6c451172fad0e9784ef0e7a83193e"
> > > '
> > > 0(19309) parse_headers: flags=-1
> > > 0(19309) check_via_address(192.168.1.111, 192.168.1.111, 0)
> > > 0(19309) DEBUG:destroy_avp_list: destroying list 0x8b8b80b0
> > > 0(19309) receive_msg: cleaning up
> > > 0(19309) udp_rcv_loop: probing packet received from 192.168.1.111 50195
> > >
> > > On 1/14/07, Daniel Corbe <daniel.junkmail at gmail.com> wrote:
> > >> I cannot get my SER to talk to my RADIUS server, its just blindly
> > >> 401ing things without ever making contact with RADIUS.
> > >>
> > >> SER config looks like this
> > >>
> > >> if (method == "REGISTER") {
> > >>         if (!radius_www_authorize("")) {
> > >>                 www_challenge("", "1");
> > >>                 break;
> > >>         };
> > >>
> > >>         save("location");
> > >> };
> > >>
> > >> radiusclient-ng servers file:
> > >> 192.168.1.103                   heslo
> > >>
> > >> radiusclient.conf:
> > >> auth_order      radius,local
> > >> login_tries     4
> > >> login_timeout   60
> > >> authserver      192.168.1.103:1812
> > >> acctserver      192.168.1.103:1813
> > >> dictionary      /usr/local/etc/radiusclient-ng/dictionary
> > >>
> > >> FreeRADIUS clients.conf:
> > >> client 192.168.1.109 {
> > >>         secret          = heslo
> > >>         shortname       = proxy1
> > >>         nastype         = other
> > >>
> > >> Not sure what to do!
> > >>
> > > _______________________________________________
> > > Serusers mailing list
> > > Serusers at lists.iptel.org
> > > http://lists.iptel.org/mailman/listinfo/serusers
> > >
> > >
> >
>

More information about the sr-users mailing list