[Users] SIP Clients Can't REGISTER

Edson 4lists at gmail.com
Fri Jun 16 05:35:15 CEST 2006 

What's the result from the 'RadiusClient' that I suggest?

 

Edson.

 

  _____  

From: Hamid Ali Asgari [mailto:Hamid at Parnak.com] 
Sent: quinta-feira, 15 de junho de 2006 22:03
To: 'Edson'; users at openser.org
Subject: RE: [Users] SIP Clients Can't REGISTER

 

If you take a look at the radius debug, you will see that the radius does
authenticate the user first and then ejects in the second auth.. Does it
have anything to do with the Sip-Group = "suspended" entry?

 

Interesting point is that everything is exactly like the examples on the
tutorial.

 

Thanks,

Hamid

 

rad_recv: Access-Request packet from host 127.0.0.1:32900, id=196,
length=185

        User-Name = "101 at mydomain.com"

        Digest-Attributes = 0x0a05313031

        Digest-Attributes = 0x010b73686174656c2e6972

        Digest-Attributes =
0x022a3434386666316666393332663830393337613034373266333837363163353036656166
3636613934

        Digest-Attributes = 0x040f7369703a73686174656c2e6972

        Digest-Attributes = 0x030a5245474953544552

        Digest-Response = "7a3f00f697286dd95c5aa654a9662dea"

        Service-Type = Sip-Session

        Sip-Uri-User = "101"

        NAS-Port = 5060

        NAS-IP-Address = 127.0.0.1

  Processing the authorize section of radiusd.conf

modcall: entering group authorize for request 100

  modcall[authorize]: module "preprocess" returns ok for request 100

  modcall[authorize]: module "chap" returns noop for request 100

  modcall[authorize]: module "mschap" returns noop for request 100

rlm_digest: Adding Auth-Type = DIGEST

  modcall[authorize]: module "digest" returns ok for request 100

    rlm_realm: Looking up realm "mydomain.com" for User-Name =
"101 at mydomain.com"

    rlm_realm: No such realm "mydomain.com"

  modcall[authorize]: module "suffix" returns noop for request 100

  rlm_eap: No EAP-Message, not doing EAP

  modcall[authorize]: module "eap" returns noop for request 100

    users: Matched entry DEFAULT at line 152

    users: Matched entry 101 at mydomain.com at line 255

  modcall[authorize]: module "files" returns ok for request 100

modcall: leaving group authorize (returns ok) for request 100

  rad_check_password:  Found Auth-Type Digest

auth: type "digest"

  Processing the authenticate section of radiusd.conf

modcall: entering group authenticate for request 100

    rlm_digest: Converting Digest-Attributes to something sane...

        Digest-User-Name = "101"

        Digest-Realm = "mydomain.com"

        Digest-Nonce = "448ff1ff932f80937a0472f38761c506eaf66a94"

        Digest-URI = "sip:mydomain.com"

        Digest-Method = "REGISTER"

A1 = 101:mydomain.com:101

A2 = REGISTER:sip:mydomain.com

H(A1) = a5d8cf73217ea46c8fd8ca5da1c6a2e3

H(A2) = 27e9df2d1a7ed715c7204d1316039120

KD =
a5d8cf73217ea46c8fd8ca5da1c6a2e3:448ff1ff932f80937a0472f38761c506eaf66a94:27
e9df2d1a7ed715c7204d1316039120 

EXPECTED 7a3f00f697286dd95c5aa654a9662dea

RECEIVED 7a3f00f697286dd95c5aa654a9662dea

  modcall[authenticate]: module "digest" returns ok for request 100

modcall: leaving group authenticate (returns ok) for request 100

radius_xlat:  'Authenticated'

Sending Access-Accept of id 196 to 127.0.0.1 port 32900

        Reply-Message = "Authenticated"

        SIP-AVP += "rpid:101"

        SIP-AVP += "#2:192.168.10.17"

Finished request 100

 

---------------------------------------------

 

Going to the next request

Waking up in 2 seconds...

rad_recv: Access-Request packet from host 127.0.0.1:32901, id=197, length=64

        User-Name = "101 at mydomain.com"

        Sip-Group = "suspended"

        Service-Type = Group-Check

        NAS-Port = 0

        NAS-IP-Address = 127.0.0.1

  Processing the authorize section of radiusd.conf

modcall: entering group authorize for request 101

  modcall[authorize]: module "preprocess" returns ok for request 101

  modcall[authorize]: module "chap" returns noop for request 101

  modcall[authorize]: module "mschap" returns noop for request 101

  modcall[authorize]: module "digest" returns noop for request 101

    rlm_realm: Looking up realm "mydomain.com" for User-Name =
"101 at mydomain.com"

    rlm_realm: No such realm "mydomain.com"

  modcall[authorize]: module "suffix" returns noop for request 101

  rlm_eap: No EAP-Message, not doing EAP

  modcall[authorize]: module "eap" returns noop for request 101

    users: Matched entry DEFAULT at line 152

    users: Matched entry DEFAULT at line 252

  modcall[authorize]: module "files" returns ok for request 101

modcall: leaving group authorize (returns ok) for request 101

  rad_check_password:  Found Auth-Type Reject

  rad_check_password: Auth-Type = Reject, rejecting user

auth: Failed to validate the user.

Delaying request 101 for 1 seconds

Finished request 101

 

 

 

  _____  

From: Edson [mailto:4lists at gmail.com] 
Sent: Thursday, June 15, 2006 4:19 PM
To: 'Hamid Ali Asgari'; users at openser.org
Subject: RE: [Users] SIP Clients Can't REGISTER

 

Take a look on the user credentials on Radius DB. Radius is rejecting the
authentication, so there should be some mismatch between Your login
credentials and what Radius has in its DB.

 

Try to run this command and see what's the result (linux version):

 

    radiusclient -f <conf-dir-of-radiusclient-ng>/radiusclient.conf -p 123
'User-Name=some at valid.user' 'Password=Guess';echo $?

 

It should return:

 

    Reply-Message                    = 'Authenticated'

 

Edson. 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kamailio.org/pipermail/users/attachments/20060616/cade4474/attachment.htm

More information about the Users mailing list