[SR-Users] Help needed for OpenSer with Radius

Daniel-Constantin Mierla miconda at gmail.com
Mon Aug 2 18:26:45 CEST 2010


Hello,

On 8/2/10 12:36 PM, Pratik Shrestha wrote:
> Dear Daniel,
> Now the new issue. Seems now openser is trying to talk with radius 
> server. But still I am getting the one error in syslog which is as 
> follows.
>
> rc_send_server: no reply from RADIUS server 
> 128-185-38-162.totisp.net:1812 <http://128-185-38-162.totisp.net:1812>
>
> Actually I have written only 128.185.38.162 in auth_server in 
> radiusclient.conf. I don't know how this totisp.net 
> <http://totisp.net> is added. I haven't mentioned it anywhere.

probably reverse dns is done in the library, it is not relevant anyhow. 
Can you start radius server in debug mode and see if it got some 
request? You can also do a ngrep/wireshark on port 1812 of your radius 
server to watch for network packets coming from kamailio.

Cheers,
Daniel

>
> Please help me.
> Thanks.
>
> Regards,
> Pratik
>
> On Mon, Aug 2, 2010 at 11:44 AM, Pratik Shrestha <pratikdbl at gmail.com 
> <mailto:pratikdbl at gmail.com>> wrote:
>
>     Dear Daniel,
>
>     Before I work for the new version, I am first trying to configure
>     old version of openser and radius. I am using openser version
>     1.0.1 and radius client version 0.5.1 and I am following the
>     tutorial given in http://kamailio.net/docs/openser-radius-1.0.x.html.
>
>     My freeradius server is in another machine and when I use
>     radclient to check the user I made, I get the "Authenticated" message.
>     But when I use X-lite and connect to openser, it seems openser is
>     not talking with freeradius servers. I am sure the "secret" I am
>     using is right as I have already tested from radclient. The log
>     which I am getting in openser is as shown below
>
>     9(1986) SIP Request:
>      9(1986)  method: <REGISTER>
>      9(1986)  uri: <sip:192.168.0.56>
>      9(1986)  version: <SIP/2.0>
>      9(1986) parse_headers: flags=2
>      9(1986) Found param type 232, <branch> =
>     <z9hG4bK-d8754z-c33212005635f16c-1---d8754z->; state=6
>      9(1986) Found param type 235, <rport> = <n/a>; state=17
>      9(1986) end of header reached, state=5
>      9(1986) parse_headers: Via found, flags=2
>      9(1986) parse_headers: this is the first via
>      9(1986) After parse_msg...
>      9(1986) preparing to run routing scripts...
>      9(1986) parse_headers: flags=100
>      9(1986) DEBUG:maxfwd:is_maxfwd_present: value = 70
>      9(1986) parse_headers: flags=10
>      9(1986) DEBUG:parse_to:end of header reached, state=9
>      9(1986) DEBUG: get_hdr_field: <To> [44];
>     uri=[sip:101%40kamailio.org <http://40kamailio.org>@192.168.0.56
>     <http://192.168.0.56>]
>      9(1986) DEBUG: to body ["101"<sip:101%40kamailio.org
>     <http://40kamailio.org>@192.168.0.56 <http://192.168.0.56>>
>     ]
>      9(1986) DEBUG: add_param: tag=cc6e4259
>      9(1986) DEBUG:parse_to:end of header reached, state=29
>      9(1986) radius_is_user_in(): Failure
>      9(1986) parse_headers: flags=200
>      9(1986) get_hdr_field: cseq <CSeq>: <2> <REGISTER>
>      9(1986) DEBUG: get_hdr_body : content_length=0
>      9(1986) found end of header
>      9(1986) find_first_route: No Route headers found
>      9(1986) loose_route: There is no Route HF
>      9(1986) grep_sock_info - checking if host==us: 12==9 && 
>     [192.168.0.56] == [127.0.0.1]
>      9(1986) grep_sock_info - checking if port 5060 matches port 5060
>      9(1986) grep_sock_info - checking if host==us: 12==12 && 
>     [192.168.0.56] == [192.168.0.56]
>      9(1986) grep_sock_info - checking if port 5060 matches port 5060
>      9(1986) grep_sock_info - checking if host==us: 12==9 && 
>     [192.168.0.56] == [127.0.0.1]
>      9(1986) grep_sock_info - checking if port 5060 matches port 5060
>      9(1986) grep_sock_info - checking if host==us: 12==12 && 
>     [192.168.0.56] == [192.168.0.56]
>      9(1986) grep_sock_info - checking if port 5060 matches port 5060
>      9(1986) check_nonce(): comparing
>     [4c5649b2d78b205e6a5ca1c6dcdc54b84445dd9c] and
>     [4c5649b2d78b205e6a5ca1c6dcdc54b84445dd9c]
>      9(1986) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed
>      9(1986) build_auth_hf(): 'WWW-Authenticate: Digest
>     realm="192.168.0.56", nonce="4c5649b2d78b205e6a5ca1c6dcdc54b84445dd9c"
>     '
>      9(1986) parse_headers: flags=ffffffffffffffff
>      9(1986) check_via_address(192.168.0.148, 192.168.182.3, 0)
>      9(1986) DEBUG:destroy_avp_list: destroying list (nil)
>      9(1986) receive_msg: cleaning up
>
>     At freeradius also, no request goes from openser.
>
>     Please advise me how to get rid of this problem.
>
>     Best Regards,
>     Pratik
>
>
>     On Wed, Jul 28, 2010 at 5:56 PM, Pratik Shrestha
>     <pratikdbl at gmail.com <mailto:pratikdbl at gmail.com>> wrote:
>
>         Thanks a lot. I will give it a try
>
>         Pratik
>
>
>         On Wed, Jul 28, 2010 at 3:48 PM, Daniel-Constantin Mierla
>         <miconda at gmail.com <mailto:miconda at gmail.com>> wrote:
>
>             Hello,
>
>
>             On 7/22/10 6:06 AM, Pratik Shrestha wrote:
>
>                 Dear All,
>
>                 I am very new to OpenSer. I want to use latest version
>                 of OpenSer with Radius. I need the
>                 documentation/tutorial on how to do this. Googling,
>                 Ionly found for the old version. Please help me.
>
>
>             indeed, there is a rather old version:
>
>             http://www.kamailio.org/docs/openser-radius-1.0.x.html
>
>             What I can say now is that you can skip the part of
>             installing kamailio and use next link instead:
>             http://www.kamailio.org/dokuwiki/doku.php/install:kamailio-3.0.x-from-git
>
>             Radius client library is now in most of common Linux
>             distributions, so you can install it with the package
>             manager (you need the devel headers as well, the -dev
>             package).
>
>             FreeRadius configuration should be more or less the same.
>
>             The config of kamailio has changed quite a lot. Use the
>             default one from kamailio, follow the WITH_AUTH define
>             conditions and replace auth_db with auth_radius modules
>             and functions. Also, the rest of radius modules were
>             merged into misc_radius. For enabling radius acc, you need
>             to recompile acc module after editing the Makefile in
>             module directory.
>
>             Hope it helps to start, ask here if you get stuck.
>
>
>             Cheers,
>             Daniel
>
>             -- 
>             Daniel-Constantin Mierla
>             http://www.asipto.com/
>
>
>
>

-- 
Daniel-Constantin Mierla
http://www.asipto.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20100802/c7cdc258/attachment-0001.htm>


More information about the sr-users mailing list