[OpenSER-Users] Openser 1.2.1 with FreeRADIUS 1.1.6

Neeraj Gupta Neeraj.Gupta at Sun.COM
Thu Jun 28 17:42:27 CEST 2007 

No, there is no radius request generated under this scenario.
But the problem goes away when I comment out the radius_is_user_in section.

I found another email thread on this same topic.
http://osdir.com/ml/voip.openser.user/2005-10/msg00230.html
But in my case, I dont see radius request in radiusd -X output.

-Neeraj

Bogdan-Andrei Iancu wrote:
> Hi Neeraj,
>
> that is quite odd as the "credentials received are not filled 
> properly" is generated by the authentication API (auth module) and has 
> nothing to do with radius_is_user_in().
>
> when hitting radius_is_user_in(), does the process get blocked or it 
> just go through without doing anything? Can you check with 
> ngrep/tcpdump if any radius request is sent by radius_is_user_in()?
>
> regards,
> bogdan
>
> Neeraj Gupta wrote:
>> Thanks Bogdan.
>>
>> I spent a lot of time yesterday to troubleshoot my own problem.
>> Its much better now. Here is the latest.
>>
>> I found out that the routing script has a section which was causing 
>> all this.
>>
>>    # check if user is suspended
>>    if(is_method("REGISTER|INVITE|MESSAGE|OPTIONS|SUBSCRIBE"))
>>    {
>>        if (radius_is_user_in("From", "suspended")) {
>>            sl_send_reply("403", "Forbidden - suspended");
>>            exit;
>>        };
>>    };
>>
>> I confirmed that is_method function works fine but when the call hits 
>> radius_is_user_in, it does not go through
>> and I see "credentials received are not properly filled in" on 
>> openser. When I commented out this and other radius_is_user_in and 
>> re-ran, all is well.
>>
>> Any clue on whats missing here ?
>>
>> I am thinking of creating a how-to doc on openser wiki after 
>> completing my tests.
>>
>> Thanks,
>> Neeraj
>> Sun Microsystems
>>
>>
>> Bogdan-Andrei Iancu wrote:
>>> Hi Neeraj,
>>>
>>> The "pre_auth(): credentials received are not filled properly" is 
>>> generated in multiple cases, like missing username/realm/nonce, etc. 
>>> Check your register request to see if it has all the required info 
>>> in the auth hdr.
>>>
>>> Logs in debug=6 are also useful.
>>>
>>> regards,
>>> bogdan
>>>
>>> Neeraj Gupta wrote:
>>>> Hi,
>>>>
>>>> I switched to OpenSER 1.2.1 last week, from ser 0.9.6.
>>>> And this is first time I am trying to use FreeRADIUS 1.1.6 with 
>>>> OpenSER 1.2.1
>>>> I followed instructions on web based on 1.0.1 and made some changes 
>>>> by hand to adapt to 1.2.1 model.
>>>> This was my reference:
>>>> www.*openser*.org/docs/*openser*-radius-1.0.x.html
>>>>
>>>> I can start OpenSER, no issues but I am not able to use SiPP UA.
>>>> Openser does not respond back to UA (no incoming message in 
>>>> ethereal/wireshark).
>>>> Openser reports that "pre_auth(): credentials received are not 
>>>> filled properly".
>>>> I tried to comment out the avp sections in openser.cfg.. but Its 
>>>> not helping.
>>>> Please see my logs and configs below. If someone can send me a 
>>>> working config file, I will be very thankful.
>>>> If more info needed, let me know.
>>>>
>>>> _*# openser -V*_
>>>> version: openser 1.2.1-tls (sparc64/solaris)
>>>> flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, DISABLE_NAGLE, 
>>>> USE_MCAST, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, 
>>>> FAST_LOCK-ADAPTIVE_WAIT
>>>> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 
>>>> 16, MAX_URI_SIZE 1024, BUF_SIZE 65535
>>>> poll method support: poll, select, /dev/poll.
>>>> svnrevision: unknown
>>>> @(#) $Id: main.c 1827 2007-03-12 15:22:53Z bogdan_iancu $
>>>> main.c compiled on 23:04:19 Jun 26 2007 with gcc 3.4.6
>>>>
>>>> _*Radius users file*_
>>>>
>>>> # from website examples
>>>> ### --- avps ---
>>>> 101 at 192.168.4.128 Auth-Type := Accept, Service-Type == 
>>>> "SIP-Callee-AVPs"
>>>>         Sip-Avp += "#3#1",
>>>>         Sip-Avp += "#4:08:00",
>>>>         Sip-Avp += "#5:16:00",
>>>>         Sip-Avp += "#6:Mon,Wed,Thu,Fri"
>>>>
>>>> 102 at 192.168.4.128 Auth-Type := Accept, Service-Type == 
>>>> "SIP-Callee-AVPs"
>>>>         Sip-Avp += "#3#1",
>>>>         Sip-Avp += "#4:08:00",
>>>>         Sip-Avp += "#5:16:00",
>>>>         Sip-Avp += "#6:Mon,Wed,Thu,Fri"
>>>>
>>>> DEFAULT Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
>>>>
>>>> ### --- group checking ---
>>>> ### --- user 101 ---
>>>> 101 at 192.168.4.128 Auth-Type := Accept, Sip-Group == "voip", 
>>>> Service-Type == "Group-Check"
>>>>         Reply-Message = "Authorized"
>>>>
>>>> 101 at 192.168.4.128 Auth-Type := Accept, Sip-Group == "pstn", 
>>>> Service-Type == "Group-Check"
>>>>         Reply-Message = "Authorized"
>>>>
>>>> ### --- user 102 ---
>>>> 102 at 192.168.4.128 Auth-Type := Accept, Sip-Group == "voip", 
>>>> Service-Type == "Group-Check"
>>>>         Reply-Message = "Authorized"
>>>>
>>>> DEFAULT Auth-Type := Reject, Service-Type == "Group-Check"
>>>>
>>>> ### --- user authentication ---
>>>> 101 at 192.168.4.128 Auth-Type := Digest, User-Password == "101"
>>>>         Reply-Message = "Authenticated",
>>>>         Sip-Avp += "rpid:101",
>>>>         Sip-Avp += "#2:192.168.4.101",
>>>>         Sip-Avp += "#2:192.168.4.100"
>>>>
>>>> 102 at 192.168.4.128 Auth-Type := Digest, User-Password == "102"
>>>>         Reply-Message = "Authenticated",
>>>>         Sip-Avp += "rpid:102",
>>>>         Sip-Avp += "#2:192.168.4.101"
>>>>
>>>> # test user
>>>> test Auth-Type := Digest, User-Password == "test"
>>>>         Reply-Message = "Hello, test with digest"
>>>>
>>>> _*SiPP xml file:*_
>>>> <?xml version="1.0" encoding="ISO-8859-1" ?>
>>>> <!DOCTYPE scenario SYSTEM "sipp.dtd">
>>>>
>>>> <scenario name="registration">
>>>>
>>>> <send retrans="500">
>>>> <![CDATA[
>>>> REGISTER sip:192.168.4.128 SIP/2.0
>>>> Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
>>>> Max-Forwards: 20
>>>> From: "[field1]" <sip:[field1]@[field0]>;tag=[call_number]
>>>> To: "101" <sip:[field1]@[field0]>
>>>> Call-ID: [call_id]
>>>> CSeq: 1 REGISTER
>>>> Contact: <sip:[field1]@[local_ip]:[local_port]>
>>>> Expires: 1800
>>>> Content-Length: 0
>>>> User-Agent: Sipp/Ubuntu
>>>> Authorization: Digest username="[field1]@[field0]", realm="[field0]"
>>>> Supported: path
>>>> ]]>
>>>> </send>
>>>>
>>>> <recv response="401" auth="true" rtd="true">
>>>> </recv>
>>>>
>>>> <send retrans="500">
>>>> <![CDATA[
>>>> REGISTER sip:192.168.4.128 SIP/2.0
>>>> Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
>>>> Max-Forwards: 20
>>>> From: "[field1]" <sip:[field1]@[field0]>;tag=[call_number]
>>>> To: "101" <sip:[field1]@[field0]>
>>>> Call-ID: [call_id]
>>>> CSeq: 2 REGISTER
>>>> Contact: <sip:[field1]@[local_ip]:[local_port]>
>>>> Expires: 300
>>>> Content-Length: 0
>>>> User-Agent: Sipp/Ubuntu
>>>> [authentication username=[field1]@[field0] password=[field2]]
>>>> Supported: path
>>>> ]]>
>>>> </send>
>>>>
>>>> <recv response="200">
>>>> </recv>
>>>>
>>>> <ResponseTimeRepartition value="10, 20"/>
>>>> <CallLengthRepartition value="10"/>
>>>>
>>>> /scenario>
>>>>
>>>> Thanks,
>>>> Neeraj Gupta
>>>> Sun Microsystems
>>>> ------------------------------------------------------------------------ 
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at openser.org
>>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>>>   
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at openser.org
>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>
>
>
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users

More information about the sr-users mailing list