[OpenSER-Users] Radius integration issue
Dan-Cristian Bogos
dan.bogos at gmail.com
Wed Jul 18 13:02:11 CEST 2007
Can u post your openser configuration + version also? From the debug u
sent it all looks fine except the error.
DanB
On 7/18/07, OpenSER ML <openser at zap2link.com> wrote:
> Hi Dan,
>
> I am running in debug mode, here is the output of FreeRadius which seems fine to me:
>
> rad_recv: Access-Request packet from host 192.168.2.80:35223, id=250, length=232
> User-Name = "101 at openser.org"
> Digest-Attributes = 0x0a05313031
> Digest-Attributes = 0x010d6f70656e7365722e6f7267
> Digest-Attributes = 0x022a34363961626230616465333832613934646432333533636264663264666438336231353933663564
> Digest-Attributes = 0x04127369703a3139322e3136382e322e3830
> Digest-Attributes = 0x030a5245474953544552
> Digest-Attributes = 0x050661757468
> Digest-Attributes = 0x090a3030303030303930
> Digest-Attributes = 0x081235343038316466316439623562383564
> Digest-Response = "d3ff78d09d9b2cefdce0c975b3c6fd26"
> Service-Type = IAPP-Register
> X-Ascend-PW-Lifetime = 0x313031
> NAS-Port = 5060
> NAS-IP-Address = 192.168.2.80
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 1124
> modcall[authorize]: module "preprocess" returns ok for request 1124
> radius_xlat: '/usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716'
> rlm_detail: /usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716
> modcall[authorize]: module "auth_log" returns ok for request 1124
> rlm_digest: Adding Auth-Type = DIGEST
> modcall[authorize]: module "digest" returns ok for request 1124
> users: Matched entry 101 at openser.org at line 53
> modcall[authorize]: module "files" returns ok for request 1124
> modcall: leaving group authorize (returns ok) for request 1124
> rad_check_password: Found Auth-Type DIGEST
> auth: type "digest"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 1124
> rlm_digest: Converting Digest-Attributes to something sane...
> Digest-User-Name = "101"
> Digest-Realm = "openser.org"
> Digest-Nonce = "469abb0ade382a94dd2353cbdf2dfd83b1593f5d"
> Digest-URI = "sip:192.168.2.80"
> Digest-Method = "REGISTER"
> Digest-QOP = "auth"
> Digest-Nonce-Count = "00000090"
> Digest-CNonce = "54081df1d9b5b85d"
> A1 = 101:openser.org:101
> A2 = REGISTER:sip:192.168.2.80
> H(A1) = f195c177997cee336c919be9279c5703
> H(A2) = 046d0643f281affab19fe62ffc848ab5
> KD = f195c177997cee336c919be9279c5703:469abb0ade382a94dd2353cbdf2dfd83b1593f5d:00000090:54081df1d9b5b85d:auth:046d0643f281affab19fe62ffc848ab5
> EXPECTED d3ff78d09d9b2cefdce0c975b3c6fd26
> RECEIVED d3ff78d09d9b2cefdce0c975b3c6fd26
> modcall[authenticate]: module "digest" returns ok for request 1124
> modcall: leaving group authenticate (returns ok) for request 1124
> Login OK: [101 at openser.org/<no User-Password attribute>] (from client 192.168.2.80 port 5060)
> Sending Access-Accept of id 250 to 192.168.2.80 port 35223
> Finished request 1124
> Going to the next request
> Waking up in 6 seconds...
>
>
> Z2L
> ----- Original Message -----
> From: "Dan-Cristian Bogos" <dan.bogos at gmail.com>
> To: openser at zap2link.com
> Sent: Wednesday, July 18, 2007 1:53:14 PM (GMT+0200) Asia/Jerusalem
> Subject: Re: [OpenSER-Users] Radius integration issue
>
> Hi,
>
> try running FreeRADIUS in debug mode, this will tell u more info
> regarding the cause of failure.
> To run FreeRADIUS in debug start it with -X option.
>
> Let us know about the results.
>
> Cheers,
> DanB
>
> On 7/18/07, OpenSER ML <openser at zap2link.com> wrote:
> > Hi All,
> >
> > I'm trying to connect OpenSER with FreeRadius. I've managed to get the digest authentication
> > going correctly, having the Radius respond with LOGIN OK for the requests that are in the users file. However, although the authentication process appears to succeed, the IP phone doesn't register to the OpenSER server.
> >
> > The following can be seen in the debug:
> >
> > 0(17821) SIP Request:
> > 0(17821) method: <REGISTER>
> > 0(17821) uri: <sip:192.168.2.80>
> > 0(17821) version: <SIP/2.0>
> > 0(17821) parse_headers: flags=2
> > 0(17821) Found param type 232, <branch> = <z9hG4bK4d7202f23b6595fc>; state=16
> > 0(17821) end of header reached, state=5
> > 0(17821) parse_headers: Via found, flags=2
> > 0(17821) parse_headers: this is the first via
> > 0(17821) After parse_msg...
> > 0(17821) preparing to run routing scripts...
> > 0(17821) parse_headers: flags=100
> > 0(17821) DEBUG:parse_to:end of header reached, state=10
> > 0(17821) DBUG:parse_to: display={}, ruri={sip:101 at 192.168.2.80;user=phone}
> > 0(17821) DEBUG: get_hdr_field: <To> [35]; uri=[sip:101 at 192.168.2.80;user=phone]
> > 0(17821) DEBUG: to body [<sip:101 at 192.168.2.80;user=phone>
> > ]
> > 0(17821) get_hdr_field: cseq <CSeq>: <20048> <REGISTER>
> > 0(17821) DEBUG:maxfwd:is_maxfwd_present: value = 70
> > 0(17821) parse_headers: flags=200
> > 0(17821) DEBUG: get_hdr_body : content_length=0
> > 0(17821) found end of header
> > 0(17821) find_first_route: No Route headers found
> > 0(17821) loose_route: There is no Route HF
> > 0(17821) grep_sock_info - checking if host==us: 12==12 && [192.168.2.80] == [192.168.2.80]
> > 0(17821) grep_sock_info - checking if port 5060 matches port 5060
> > 0(17821) grep_sock_info - checking if host==us: 12==12 && [192.168.2.80] == [192.168.2.80]
> > 0(17821) grep_sock_info - checking if port 5060 matches port 5060
> > 0(17821) check_nonce(): comparing [469aba5f4ff6b78f7b9588ad19fc0ab514e709da] and [469aba5f4ff6b78f7b9588ad19fc0ab514e709da]
> > 0(17821) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed
> > 0(17821) build_auth_hf(): 'WWW-Authenticate: Digest realm="openser.org", nonce="469aba5f4ff6b78f7b9588ad19fc0ab514e709da", qop="auth"
> > '
> > 0(17821) parse_headers: flags=ffffffffffffffff
> > 0(17821) check_via_address(192.168.2.101, 192.168.2.101, 0)
> > 0(17821) DEBUG:destroy_avp_list: destroying list (nil)
> > 0(17821) receive_msg: cleaning up
> >
> > As you can surely see, the ERROR is somewhere in the authorization status. Now, I've verified
> > the secret key between the machine, and all seems to be in place - any pointers will be highly appreciated.
> >
> > Z2L
> >
> > _______________________________________________
> > Users mailing list
> > Users at openser.org
> > http://openser.org/cgi-bin/mailman/listinfo/users
> >
>
>
More information about the sr-users
mailing list