[Users] Radius Authentication failed ?

Daniel-Constantin Mierla daniel at voice-system.ro
Thu Mar 30 13:12:43 CEST 2006 

Have you got any message is syslog coming from radiusclient-ng library? 
The FreeRadius server reports ok for authentication.

Cheers,
Daniel


On 03/30/06 05:15, Nguyen Duc Phi wrote:
> I config openser authenticate from Radius. when softphone register to 
> openser, Freeradius response "Sending Access-Accept" but openser 
> inform "ERROR:auth_radius:radius_authorize_sterman: rc_auth failed" So 
> softphone not registered. I search this title in google and find on 
> "*OpenSER Users Mailing List*", I didnt find solution to 
> fix problem.  Could someone help me fix this problem ?
>  
> Here is list of product's version I used.
> openser-1.0.1
> OS : CentOS-4 x86_64
> radiusclient-ng-0.5.2
> freeradius-1.0.5
>  
> openser show debug :
>  
>  8(8985) parse_headers: flags=ffffffffffffffff
>  8(8985) check_via_address(192.168.212.123, 192.168.212.123, 0)
>  8(8985) DEBUG:destroy_avp_list: destroying list (nil)
>  8(8985) receive_msg: cleaning up
>  7(8982) SIP Request:
>  7(8982)  method:  <REGISTER>
>  7(8982)  uri:     <sip:vdc.com.vn>
>  7(8982)  version: <SIP/2.0>
>  7(8982) parse_headers: flags=2
>  7(8982) DEBUG: get_hdr_body : content_length=0
>  7(8982) get_hdr_field: cseq <CSeq>: <2> <REGISTER>
>  7(8982) DEBUG:parse_to:end of header reached, state=9
>  7(8982) DEBUG: get_hdr_field: <To> [23]; uri=[sip:5001 at vdc.com.vn]
>  7(8982) DEBUG: to body [<sip:5001 at vdc.com.vn>
> ]
>  7(8982) Found param type 235, <rport> = <n/a>; state=6
>  7(8982) Found param type 232, <branch> = 
> <z9hG4bKc0a8d47b0131c9b1442b39c80000367c00000003>; state=16
>  7(8982) end of header reached, state=5
>  7(8982) parse_headers: Via found, flags=2
>  7(8982) parse_headers: this is the first via
>  7(8982) After parse_msg...
>  7(8982) preparing to run routing scripts...
>  7(8982) DEBUG:maxfwd:is_maxfwd_present: value = 70
>  7(8982) parse_headers: flags=200
>  7(8982) found end of header
>  7(8982) find_first_route: No Route headers found
>  7(8982) loose_route: There is no Route HF
>  7(8982) grep_sock_info - checking if host==us: 10==9 &&  [vdc.com.vn] 
> == [127.0.0.1]
>  7(8982) grep_sock_info - checking if port 5060 matches port 5060
>  7(8982) grep_sock_info - checking if host==us: 10==13 &&  
> [vdc.com.vn] == [192.168.212.9]
>  7(8982) grep_sock_info - checking if port 5060 matches port 5060
>  7(8982) grep_sock_info - checking if host==us: 10==9 &&  [vdc.com.vn] 
> == [127.0.0.1]
>  7(8982) grep_sock_info - checking if port 5060 matches port 5060
>  7(8982) grep_sock_info - checking if host==us: 10==13 &&  
> [vdc.com.vn] == [192.168.212.9]
>  7(8982) grep_sock_info - checking if port 5060 matches port 5060
>  7(8982) grep_sock_info - checking if host==us: 10==9 &&  [vdc.com.vn] 
> == [127.0.0.1]
>  7(8982) grep_sock_info - checking if port 5060 matches port 5060
>  7(8982) grep_sock_info - checking if host==us: 10==13 &&  
> [vdc.com.vn] == [192.168.212.9]
>  7(8982) grep_sock_info - checking if port 5060 matches port 5060
>  7(8982) grep_sock_info - checking if host==us: 10==9 &&  [vdc.com.vn] 
> == [127.0.0.1]
>  7(8982) grep_sock_info - checking if port 5060 matches port 5060
>  7(8982) grep_sock_info - checking if host==us: 10==13 &&  
> [vdc.com.vn] == [192.168.212.9]
>  7(8982) grep_sock_info - checking if port 5060 matches port 5060
>  7(8982) check_nonce(): comparing 
> [442b360523cece6362803c97fa7fb10b37680cd8] and 
> [442b360523cece6362803c97fa7fb10b37680cd8]
>  7(8982) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed
>  7(8982) build_auth_hf(): 'WWW-Authenticate: Digest 
> realm="vdc.com.vn", nonce="442b360523cece6362803c97fa7fb10b37680cd8"
> '
>  7(8982) parse_headers: flags=ffffffffffffffff
>  7(8982) check_via_address(192.168.212.123, 192.168.212.123, 0)
>  7(8982) DEBUG:destroy_avp_list: destroying list (nil)
>  7(8982) receive_msg: cleaning up
>  
> Radius show debug:
>  
> rad_recv: Access-Request packet from host 192.168.212.9:32826, id=205, 
> length=203
>         User-Name = "5001 at vdc.com.vn <mailto:5001 at vdc.com.vn>"
>         Digest-Attributes = 0x0a0635303031
>         Digest-Attributes = 0x010c7664632e636f6d2e766e
>         Digest-Attributes = 
> 0x022a34343262333630353233636563653633363238303363393766613766623130623337363830636438
>         Digest-Attributes = 0x04107369703a7664632e636f6d2e766e
>         Digest-Attributes = 0x030a5245474953544552
>         Digest-Response = "1c3d532fc6c1c37004c6df6027e6242c"
>         Service-Type = 0x0000000f00000000
>         Sip-Uri-User = "5001"
>         NAS-Port = 0x000013c400000000
>         NAS-IP-Address = 0xc0a8d40900000000
>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
> Invalid operator for item Suffix: reverting to '=='
> Invalid operator for item Suffix: reverting to '=='
> Invalid operator for item Suffix: reverting to '=='
> Invalid operator for item Suffix: reverting to '=='
> Invalid operator for item Suffix: reverting to '=='
> Invalid operator for item Suffix: reverting to '=='
> Invalid operator for item Suffix: reverting to '=='
> Invalid operator for item Suffix: reverting to '=='
>   hints: Matched DEFAULT at 82
>   modcall[authorize]: module "preprocess" returns ok for request 0
>   modcall[authorize]: module "chap" returns noop for request 0
>   modcall[authorize]: module "mschap" returns noop for request 0
>     rlm_digest: Converting Digest-Attributes to something sane...
>         Digest-User-Name = "5001"
>         Digest-Realm = "vdc.com.vn"
>         Digest-Nonce = "442b360523cece6362803c97fa7fb10b37680cd8"
>         Digest-URI = "sip:vdc.com.vn"
>         Digest-Method = "REGISTER"
> rlm_digest: Adding Auth-Type = DIGEST
>   modcall[authorize]: module "digest" returns ok for request 0
>     rlm_realm: No '@' <mailto:%27@%27> in User-Name = "5001", looking 
> up realm NULL
>     rlm_realm: No such realm "NULL"
>   modcall[authorize]: module "suffix" returns noop for request 0
> radius_xlat:  '5001'
> rlm_sql (sql): sql_set_user escaped user --> '5001'
> radius_xlat:  'SELECT 1 as id,'5001' as UserName,'User-Password' as 
> Attribute,subscriber_password as Value,'==' as op FROM subscribers 
> WHERE subscriber_username = '5001'AND subscriber_status=1'
> rlm_sql (sql): Reserving sql socket id: 4
> radius_xlat:  ''
> radius_xlat:  'SELECT 1 as id,'5001' as UserName,'Session-Timeout' as 
> Attribute,getSessionTime('5001','')as Value,'=' as op FROM dual'
> radius_xlat:  ''
> rlm_sql (sql): Released sql socket id: 4
>   modcall[authorize]: module "sql" returns ok for request 0
> modcall: group authorize returns ok for request 0
>   rad_check_password:  Found Auth-Type DIGEST
> auth: type "digest"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 0
> A1 = 5001:vdc.com.vn:test
> A2 = REGISTER:sip:vdc.com.vn
> H(A1) = 454e15015603bd4bd79faf0c5ddd3346
> H(A2) = ac5bd79ed3d6bd2bddcb1cffafbbd09a
> KD = 
> 454e15015603bd4bd79faf0c5ddd3346:442b360523cece6362803c97fa7fb10b37680cd8:ac5bd79ed3d6bd2bddcb1cffafbbd09a
> EXPECTED 1c3d532fc6c1c37004c6df6027e6242c
> RECEIVED 1c3d532fc6c1c37004c6df6027e6242c
>   modcall[authenticate]: module "digest" returns ok for request 0
> modcall: group authenticate returns ok for request 0
> Login OK: [5001] (from client 192.168.212.9 port 3134307025)
> Sending Access-Accept of id 205 to 192.168.212.9:32826
>         Session-Timeout = 60
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 6 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 205 with timestamp 442b3adf
> Nothing to do.  Sleeping until we see a request.
>  
> Best regards,
> Nguyen
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
>

More information about the Users mailing list