[OpenSER-Users] OpenSER + FreeRadius error (solved)

Norman Brandinger norm at goes.com
Sat Sep 22 04:42:06 CEST 2007


The issue I am referring to is this (and is not related to any specific
release of radiusclient-ng):

md5 hashes are not correct on 64bit platforms.
http://developer.berlios.de/bugs/?func=detailbug&bug_id=7442&group_id=1208

I've applied this patch on various versions of radiusclient-ng and had
success.

This problem was discussed previously, for example:
http://www.openser.org/pipermail/users/2006-August/006247.html
I found that applying the patch worked in cases where the latest CVS
didn't work.  This was a while ago (perhaps as long as a year ago).

The patch itself isn't very long and you may find it easier to manually
apply it (as I remember, I just manually applied it).

--- ../../radiusclient-ng-0.5.2/include/radiusclient-ng.h 2005-11-07
12:46:37.000000000 -0700
+++ radiusclient-ng.h 2006-09-19 17:32:54.725650893 -0600
@@ -19,6 +19,7 @@

#include <sys/types.h>
#include <stdio.h>
+#include <stdint.h>
#include <time.h>

#undef __BEGIN_DECLS
@@ -31,8 +32,8 @@
# define __END_DECLS /* empty */
#endif

-typedef unsigned long UINT4;
-typedef long INT4;
+#define UINT4 uint32_t
+#define INT4 int32_t

#define AUTH_VECTOR_LEN 16
#define AUTH_PASS_LEN (3 * 16) /* multiple of 16 */

On a related topic, I recently loaded the current development versions
of both freeradius and radiusclient-ng.  When I tried to remove the
radiusclient-ng dictionary overrides, it was surprising to note that,
for example, the octet attribute type isn't supported in
radiusclient-ng.  It seems that this piece of code has not kept pace
with other radius development efforts.  That said, the current
development copies of openser, freeradius and radiusclient-ng appear to
play nicely with each other.

Regards,
Norm

Edson wrote:
> Hi, Marc...
>
> I'll have to move an OpenSER from the test machine (OpenSUSE/P4) to a XEON
> (OpenSUSE/64-bits).
>
> So I'm curious to understand why are You saying that only with this version
> it will work? The one finded on the site indicated by Norman didn't work?
>
> How did You solve this issue, Norman?
>
> Edson
>
>> -----Original Message-----
>> From: users-bounces at openser.org [mailto:users-bounces at openser.org] On
>> Behalf Of Marc LEURENT
>> Sent: quinta-feira, 20 de setembro de 2007 11:04
>> To: Norman Brandinger
>> Cc: users at openser.org
>> Subject: Re: [OpenSER-Users] OpenSER + FreeRadius error (solved)
>>
>
> OK, if someone wants to use OpenSER + Freeradius accounting on a 64 bits
> platform,
>  libradiusclient-ng2-0.5.5-1 sould be use, otherwise it won't work
>
> Have a nice day
>
> Marc LEURENT a écrit :
> >>> THANKS!
> >>> Indeed, my computer is a 64bit platform!
> >>> I'm going to test the patch!
> >>>
> >>> Norman Brandinger a écrit :
> >>>> Hi Marc,
> >>>> I recall this problem when working on 64-bit machines.  Seems that
> >>>> radiusclient-ng needed a patch.  Not sure if the current CVS has this
> >>>> problem fixed.
> >>>> The radiusclient distribution is here:
> >>>> http://developer.berlios.de/projects/radiusclient-ng/
> >>>> Take a look at the 64-bit patches.
> >>>> If your machines aren't 64-bit, your problem may be somewhere else.
> >>>> Regards,
> >>>> Norm
> >>>
> >>>
> >>>
> >>>> Marc LEURENT wrote:
> >>>>> It seems that the credentials send by radiusclient from openser are
> >>>>> wrong whereas when I use a rastest, it's working!
> >>>>> Strange!
> >>>>>
> >>>>> rad_recv: Accounting-Request packet from host 213.91.4.213:34734,
> >>>>> id=43, length=293
> >>>>> Received Accounting-Request packet from 213.91.4.213 with invalid
> >>>>> signature!  (Shared secret is incorrect.) Dropping packet without
> >>>>> response.
> >>>>> Finished request 24
> >>>>> Going to the next request
> >>>>> --- Walking the entire request list ---
> >>>>> Waking up in 6 seconds...
> >>>>> --- Walking the entire request list ---
> >>>>> Cleaning up request 24 ID 43 with timestamp 46f23ab0
> >>>>> Nothing to do.  Sleeping until we see a request.
> >>>>> rad_recv: Accounting-Request packet from host 213.91.4.213:34734,
> >>>>> id=43, length=293
> >>>>> Received Accounting-Request packet from 213.91.4.213 with invalid
> >>>>> signature!  (Shared secret is incorrect.) Dropping packet without
> >>>>> response.
> >>>>> Finished request 25
> >>>>> Going to the next request
> >>>>> --- Walking the entire request list ---
> >>>>> Waking up in 6 seconds...
> >>>>> --- Walking the entire request list ---
> >>>>> Cleaning up request 25 ID 43 with timestamp 46f23aba
> >>>>> Nothing to do.  Sleeping until we see a request.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> Marc LEURENT a écrit :
> >>>>>> Does this error means something to somebody??
> >>>>>> Thanks
> >>>>>> ERROR:acc:acc_rad_request: radius-ing failed
> >>>>>> My openser.cfg
> >>>>>> # -- acc params (with radius )--
> >>>>>> modparam("acc", "radius_config",
> >>>>> "/etc/radiusclient-ng/radiusclient.conf")
> >>>>>> modparam("acc", "radius_flag", 1)
> >>>>>> modparam("acc", "radius_missed_flag", 2)
> >>>>>> .....
> >>>>>> ################### SET RADIUS ACCOUTING FLAGS
> >>>>> #################################
> >>>>>>         # Set the acc flags
> >>>>>>         xlog("JUSTE BEFORE SETTING FLAGS FOR RADIUS\r\n");
> >>>>>>         if(is_method("INVITE") && !has_totag()) {
> >>>>>>                xlog("L_INFO", "I AM SETTING THE FLAGS FOR RADIUS
> \r\n");
> >>>>>>                $avp(can_uri) = $ru;            # SIP Request's URI
> >>>>>>                $avp(billing_party) = "sip:" + $au + "@" + $ar; #
> >>>>> From URI
> >>>>>>                $avp(user_name) = $fu;
> >>>>>>                xlog("!!!! FROM TAG = $ft\r\n");
> >>>>>>                xlog("SETTING FLAGS 1 & 2 FOR RADIUS \r\n");
> >>>>>>                setflag(1);             # radius_flag
> >>>>>>                setflag(2);             # radius_missed_flag
> >>>>>>         };
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>> DEBUG OUTPUT:
> >>>>>>  3(26026) DEBUG: update_totag_set: new totag
> >>>>>>  3(26026) DEBUG: add_to_tail_of_timer[2]: 0x2b898c7eb9d0 (12)
> >>>>>>  3(26026) DEBUG:tm:relay_reply: sent buf=0x61d2e8: SIP/2.0 2...,
> >>>>> shmem=0x2b898c7ed7a8: SIP/2.0 2
> >>>>>>  3(26026) DBG: trans=0x2b898c7eb950, callback type 128, id 0
> entered
> >>>>>>  3(26026) ERROR:acc:acc_rad_request: radius-ing failed
> >>>>>>  3(26026) DEBUG: cleanup_uac_timers: RETR/FR timers reset
> >>>>>>  3(26026) DEBUG:tm:UNREF_UNSAFE: after is 0
> >>>>>>  3(26026) DEBUG:destroy_avp_list: destroying list (nil)
> >>>>>>  3(26026) receive_msg: cleaning up
> >>>>>>  1(26024) SIP Request:
> >>>>>>  1(26024)  method:  <ACK>
> >>>>>>  1(26024)  uri:     <sip:105 at 82.127.0.79:1030;user=phone;nat=yes>
> >>>>>>  1(26024)  version: <SIP/2.0>
> >>>>>>  1(26024) parse_headers: flags=2
> >>>>>>  1(26024) Found param type 232, <branch> =
> >>>>> <z9hG4bK2175363103192047157>; state=16
> >>>>>>  1(26024) end of header reached, state=5
> >>>>>>  1(26024) parse_headers: Via found, flags=2
> >>>>>>  1(26024) parse_headers: this is the first via
> >>>>> _______________________________________________
> >>>>> Users mailing list
> >>>>> Users at openser.org
> >>>>> http://openser.org/cgi-bin/mailman/listinfo/users
> >>>> _______________________________________________
> >>>> Users mailing list
> >>>> Users at openser.org
> >>>> http://openser.org/cgi-bin/mailman/listinfo/users
> >>>
> >>>
> >>>
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
>>
_______________________________________________
Users mailing list
Users at openser.org
http://openser.org/cgi-bin/mailman/listinfo/users






More information about the sr-users mailing list