[SR-Users] Authentcation with RADIUS on kamailio

Juraj Dančík jurajdancik at gmail.com
Fri Apr 12 23:04:36 CEST 2013


Hi, I have troble with authentication on Kamailio using RADIUS
authentication. For configure freeradius and radiusclient I used this
tutorial:

http://www.kamailio.org/docs/openser-radius-1.0.x.html

In config file of freeradius I have enabled digest in modules. In
sites-available/default is digest enabled too. In config file of
radiusclient I use for authentication server named localhost and in file
servers I have password for localhost. I think, in freeradius and
radiusclient config file, there is nothing wrong. When I test configuration
of freeradius and radiusclient with radclient, there is no problem. Access
is accepted. But when I want to authenticate with SIP Client (I use Jitsi),
all registration are accepted. It doesn't matter what username and password
I write.

Problem is probably in config file of Kamailio. I don't know for what are
dictionary files exactly used. I include dictionary.kamailio in freeradius's
dictionary and radiusclient's dicitionary too. I attached  The content of
this dictionary file. 

When I start Kamailio in debug mode I can see any record about
authentication or radius. Can anyone help me? Thanks for reply.

 [1622]: DEBUG: <core> [parser/msg_parser.c:623]: SIP Request:

[1622]: DEBUG: <core> [parser/msg_parser.c:625]:  method:  <REGISTER>

[1622]: DEBUG: <core> [parser/msg_parser.c:627]:  uri:
<sip:192.168.0.112>

[1622]: DEBUG: <core> [parser/msg_parser.c:629]:  version: <SIP/2.0>

[1622]: DEBUG: <core> [parser/msg_parser.c:170]: get_hdr_field: cseq <CSeq>:
<1> <REGISTER>

[1622]: DEBUG: <core> [parser/parse_to.c:799]: end of header reached,
state=10

[1622]: DEBUG: <core> [parser/msg_parser.c:190]: DEBUG: get_hdr_field: <To>
[31]; uri=[sip:fas at 192.168.0.11

[1622]: DEBUG: <core> [parser/msg_parser.c:192]: DEBUG: to body ["fas"
<sip:fas at 192.168.0.112>#015#012]

[1622]: DEBUG: <core> [parser/parse_via.c:1284]: Found param type 232,
<branch> = <z9hG4bK-383438-2e2d7047b

[1622]: DEBUG: <core> [parser/parse_via.c:2672]: end of header reached,
state=5

[1622]: DEBUG: <core> [parser/msg_parser.c:513]: parse_headers: Via found,
flags=2

[1622]: DEBUG: <core> [parser/msg_parser.c:515]: parse_headers: this is the
first via

[1622]: DEBUG: <core> [receive.c:149]: After parse_msg...

[1622]: DEBUG: <core> [receive.c:190]: preparing to run routing scripts...

[1622]: DEBUG: maxfwd [mf_funcs.c:85]: value = 70

[1622]: DEBUG: maxfwd [maxfwd.c:161]: value 70 decreased to 16

[1622]: DEBUG: <core> [parser/msg_parser.c:204]: DEBUG: get_hdr_body :
content_length=0

[1622]: DEBUG: <core> [parser/msg_parser.c:106]: found end of header

[1622]: DEBUG: <core> [parser/parse_to.c:176]: DEBUG: add_param:
tag=2148579d

[1622]: DEBUG: <core> [parser/parse_to.c:799]: end of header reached,
state=29

[1622]: DEBUG: sanity [mod_sanity.c:255]: sanity checks result: 1

[1622]: DEBUG: siputils [checks.c:103]: no totag

[1622]: DEBUG: tm [t_lookup.c:1095]: DEBUG: t_check_msg: msg id=1 global
id=0 T start=0xffffffffffffffff

[1622]: DEBUG: tm [t_lookup.c:534]: t_lookup_request: start searching:
hash=18808, isACK=0

[1622]: DEBUG: tm [t_lookup.c:492]: DEBUG: RFC3261 transaction matching
failed

1622]: DEBUG: tm [t_lookup.c:716]: DEBUG: t_lookup_request: no transaction
found

[1622]: DEBUG: tm [t_lookup.c:1164]: DEBUG: t_check_msg: msg id=1 global
id=1 T end=(nil)

[1622]: DEBUG: <core> [socket_info.c:589]: grep_sock_info - checking if
host==us: 13==9 && [192.168.0.112]

[1622]: DEBUG: <core> [socket_info.c:593]: grep_sock_info - checking if port
5060 (advertise 0) matches por

[1622]: DEBUG: <core> [socket_info.c:589]: grep_sock_info - checking if
host==us: 13==13 && [192.168.0.112]

[1622]: DEBUG: <core> [socket_info.c:593]: grep_sock_info - checking if port
5060 (advertise 0) matches por

[1622]: DEBUG: <core> [sruid.c:176]: new sruid is [uloc-51686c8e-656-1] (1 /
19)

[1622]: DEBUG: registrar [reply.c:368]: created Contact HF: Contact:
<sip:fas at 192.168.0.100:5060;transport=

[1622]: DEBUG: sl [sl.c:289]: reply in stateless mode (sl)

[1622]: DEBUG: <core> [msg_translator.c:206]:
check_via_address(192.168.0.100, 192.168.0.100, 0)

[1622]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying
list (nil)

[1622]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying
list (nil)

[1622]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying
list (nil)

[1622]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying
list (nil)

[1622]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying
list (nil)

[1622]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying
list (nil)

[1622]: DEBUG: <core> [xavp.c:447]: destroying xavp list (nil)

[1622]: DEBUG: <core> [receive.c:293]: receive_msg: cleaning up

 

#### Attributes ###

ATTRIBUTE Sip-Method 101 integer # Schulzrinne, acc

ATTRIBUTE Sip-Response-Code 102 integer # Schulzrinne, acc

ATTRIBUTE Sip-Cseq 103 string # Schulzrinne, acc

ATTRIBUTE Sip-To-Tag 104 string # Schulzrinne, acc

ATTRIBUTE Sip-From-Tag 105 string # Schulzrinne, acc

ATTRIBUTE Sip-Translated-Request-URI 107 string # Proprietary, acc

ATTRIBUTE Sip-Src-IP 108 string # Proprietary, acc

ATTRIBUTE Sip-Src-Port 109 string # Proprietary, acc

ATTRIBUTE Digest-Response 206 string # Sterman, auth_radius

ATTRIBUTE Sip-Uri-User 208 string # Proprietary, auth_radius

ATTRIBUTE Sip-Group 211 string # Proprietary, group_radius

ATTRIBUTE Sip-Rpid 213 string # Proprietary, auth_radius

ATTRIBUTE SIP-AVP 225 string # Proprietary, avp_radius

ATTRIBUTE Digest-Realm 1063 string # Sterman, auth_radius

ATTRIBUTE Digest-Nonce 1064 string # Sterman, auth_radius

ATTRIBUTE Digest-Method 1065 string # Sterman, auth_radius

ATTRIBUTE Digest-URI 1066 string # Sterman, auth_radius

ATTRIBUTE Digest-QOP 1067 string # Sterman, auth_radius

ATTRIBUTE Digest-Algorithm 1068 string # Sterman, auth_radius

ATTRIBUTE Digest-Body-Digest 1069 string # Sterman, auth_radius

ATTRIBUTE Digest-CNonce 1070 string # Sterman, auth_radius

ATTRIBUTE Digest-Nonce-Count 1071 string # Sterman, auth_radius

ATTRIBUTE Digest-User-Name 1072 string # Sterman, auth_radius

 

### Acct-Status-Type Values ###

VALUE Acct-Status-Type Failed 15 # RFC2866, acc

 

### Service-Type Values ###

VALUE Service-Type Call-Check 10 # RFC2865, uri_radius

VALUE Service-Type Group-Check 12 # Proprietary, group_radius

VALUE Service-Type Sip-Session 15 # Schulzrinne, acc, auth_radius

VALUE Service-Type SIP-Caller-AVPs 30 # Proprietary, avp_radius

VALUE Service-Type SIP-Callee-AVPs 31 # Proprietary, avp_radius

 

### Sip-Method Values ###

VALUE Sip-Method Undefined 0

VALUE Sip-Method Invite 1

VALUE Sip-Method Cancel 2

VALUE Sip-Method Ack 4

VALUE Sip-Method Bye 8

VALUE Sip-Method Info 16

VALUE Sip-Method Options 32

VALUE Sip-Method Update 64

VALUE Sip-Method Register 128

VALUE Sip-Method Message 256

VALUE Sip-Method Subscribe 512

VALUE Sip-Method Notify 1024

VALUE Sip-Method Prack 2048

VALUE Sip-Method Refer 4096

VALUE Sip-Method Other 8192

 

VALUE Sip-Method INVITE 1 # Proprietary, acc

VALUE Sip-Method CANCEL 2 # Proprietary, acc

VALUE Sip-Method ACK 4 # Proprietary, acc

VALUE Sip-Method BYE 8 # Proprietary, acc

 

######Kamailio config file##############

loadmodule "auth.so"

loadmodule "auth_radius"

loadmodule "acc_radius"

loadmodule "misc_radius"

 

# -- auth_radius params --

modparam("auth_radius", "radius_config",
"/usr/local/etc/radiusclient-ng/radiusclient.conf")

modparam("auth_radius", "service_type", 15)

 

# Authentication route

route[AUTH] {

#!ifdef WITH_AUTH

 

#!ifdef WITH_IPAUTH

        if((!is_method("REGISTER")) && allow_source_address())

        {

                # source IP allowed

                return;

        }

#!endif

        if (is_method("REGISTER"))

        {

                # authenticate requests

                if (!radius_www_authorize("$td") {

                        www_challenge("$td", "0");

                        exit;

                }

                # user authenticated - remove auth header

                if(!is_method("REGISTER|PUBLISH"))

                        consume_credentials();

        }

        # if caller is not local subscriber, then check if it calls

        # a local destination, otherwise deny, not an open relay here

        if (from_uri!=myself && uri!=myself)

        {

                sl_send_reply("403","Not relaying");

                exit;

        }

#!endif

        return;

}

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20130412/83cd6ece/attachment-0001.htm>


More information about the sr-users mailing list