[Users] Errors whie starting openser with radius server integration

Sanjeev Manoli meghsan at gmail.com
Wed Nov 8 08:35:08 CET 2006


Hi Ravi,
         Thanks for your help and suggestion. I went through avp
module documentation and figured out that the avp_check syntax in
config.cfg file was incorrect. I changed it as follows and now it's
working,
            if(!avp_check("$avp(i:2)", "eq/$avp($src_ip)/ig"))
            {
                sl_send_reply("403", "Forbidden IP");
                exit;
            };

But still I get parse error for following 2 statements in
openser.cfg (I commented them to make forward progress). Please advice
 modparam("acc", "radius_extra", "Sip-Src-IP=$si;Sip-Src-Port=$sp")
 modparam("avpops", "avp_aliases", "day=i:101;time=i:102")

Another thing is I am currently using the file based radius
authentication for the users. (I have created a file called
/usr/local/etc/raddb/users with 2 users). Do you know how to
enable/use radius with user authentication done from a database (i am
using mysql). I couldn't find any documentation for it.

Thanks for the help
- Sanjeev

On 11/6/06, raviprakash sunkara <sunkara.raviprakash.feb14 at gmail.com> wrote:
> Usrs   usrloc is  comment,
>
>
>
>
>
> On 11/7/06, Sanjeev Manoli <meghsan at gmail.com> wrote:
> > Hi,
> >    I am getting following errors as seen in /var/log/message while
> > running openser with radius integration,
> >
> *****************************************************************************************
> > Nov  6 20:33:45 lx-dev monit[13565]: 'openser' start: /etc/init.d/openser
> > Nov  6 20:33:45 lx-dev monit[13565]: 'openser' failed to start
> > Nov  6 20:33:45 lx-dev openser: init_tcp: using epoll_lt as the io
> > watch method (auto detected)
> > Nov  6 20:33:45 lx-dev openser: INFO: statistics manager successfully
> > initialized
> > Nov  6 20:33:45 lx-dev openser: StateLess module - initializing
> > Nov  6 20:33:45 lx-dev openser: TM - initializing...
> > Nov  6 20:33:46 lx-dev openser: Maxfwd module- initializing
> > Nov  6 20:33:46 lx-dev openser: AVPops - initializing
> > Nov  6 20:33:46 lx-dev openser: TextOPS - initializing
> > Nov  6 20:33:46 lx-dev openser: ACC - initializing
> > Nov  6 20:33:46 lx-dev openser: AUTH module - initializing
> > Nov  6 20:33:46 lx-dev openser: xl_parse_item: error - bad parameters
> > Nov  6 20:33:46 lx-dev openser: ERROR:avpops:fixup_check_avp: unable
> > to get pseudo-variable in P1
> > Nov  6 20:33:46 lx-dev openser: ERROR: fix_actions: fixing failed
> > (code=-2) at cfg line 146
> > Nov  6 20:33:46 lx-dev openser: ERROR: fix_expr : fix_actions error
> >
> *****************************************************************************************
> >      I am using openser (Version: openser-1.1.0-tls) and radius server
> > (freeradius-1.1.3) along with radiusclient-ng (radiusclient-ng-0.5.2 ).
> > I exactly followed the following radius integration documentation
> > from openser web site,
> > http://openser.org/docs/openser-radius-1.0.x.html
> >
> > If I remove the radius integration related part from openser.cfg then
> > my openser server starts fine, I have tested it with kphone SIP UA and
> > it works fine.
> >
> > One other question is I get parse error for following 2 statements in
> > openser.cfg (I commented them to make forward progress). Please advice
> > the right syntax to use following modparam statements.
> > modparam("acc", "radius_extra",
> "Sip-Src-IP=$si;Sip-Src-Port=$sp")
> > modparam("avpops", "avp_aliases", "day=i:101;time=i:102")
> >
> > This is kind of urgent for me and I am clueless at this point so
> > really appreciate all your help.
> >
> > Thanks,
> > - San
> > P.S.  For your reference here is the openser.cfg file that I am using,
> > #
> > # $Id$
> > #
> > # radius config script
> > #
> >
> > # ----------- global configuration parameters ------------------------
> >
> > debug=9            # debug level (cmd line: -dddddddddd)
> > fork=no
> > log_stderror=no    # (cmd line: -E)
> >
> > check_via=no    # (cmd. line: -v)
> > dns=no          # (cmd. line: -r)
> > rev_dns=no      # (cmd. line: -R)
> > port=5060
> > children=4
> > listen=udp: 192.168.0.5
> > alias="192.168.0.5"
> >
> > #fifo="/tmp/openser_fifo"
> >
> > # ------------------ module loading
> ----------------------------------
> > mpath="/usr/local/lib/openser/modules"
> >
> > loadmodule "mysql.so"
> > loadmodule "sl.so"
> > loadmodule "tm.so"
> > loadmodule "rr.so"
> > loadmodule "maxfwd.so"
> > loadmodule "avpops.so"
> > loadmodule " usrloc.so"
> > loadmodule "registrar.so"
> > loadmodule "textops.so"
> > loadmodule "xlog.so"
> > loadmodule "uri.so"
> > loadmodule "acc.so"
> > loadmodule "auth.so"
> > loadmodule "auth_radius.so"
> > loadmodule "group_radius.so"
> > loadmodule "avp_radius.so"
> >
> > # ----------------- setting module-specific parameters ---------------
> >
> > # -- usrloc params --
> >
> #modparam("usrloc","db_url","mysql://openser:openserrw@localhost/openser")
> > modparam("usrloc", "db_mode", 2)
> >
> > # -- acc params --
> > modparam("acc", "radius_flag", 1)
> > modparam("acc", "radius_missed_flag", 2)
> > modparam("acc", "log_flag", 1)
> > modparam("acc", "log_missed_flag", 1)
> > modparam("acc", "service_type", 15)
> > #modparam("acc", "radius_extra",
> "Sip-Src-IP=$si;Sip-Src-Port=$sp")
> > modparam("acc|auth_radius|group_radius|avp_radius",
> "radius_config",
> > "/etc/radiusclient-ng/radiusclient.conf")
> >
> > # -- group_radius params --
> > modparam("group_radius", "use_domain", 1)
> >
> > # -- avpops params --
> > #modparam("avpops", "avp_aliases", "day=i:101;time=i:102")
> >
> > # -- rr params --
> > # add value to ;lr param to make some broken UAs happy
> > modparam("rr", "enable_full_lr", 1)
> >
> > # -------------------------  request routing logic
> -------------------
> >
> > # main routing logic
> >
> > route{
> >
> >     # initial sanity checks -- messages with
> >     # max_forwards==0, or excessively long requests
> >     if (!mf_process_maxfwd_header("10")) {
> >         sl_send_reply("483","Too Many Hops");
> >         exit;
> >     };
> >
> >     if (msg:len >=  2048 ) {
> >         sl_send_reply("513", "Message too big");
> >         exit;
> >     };
> >
> >     # check if user is suspended
> >
> if(is_method("REGISTER|INVITE|MESSAGE|OPTIONS|SUBSCRIBE"))
> >     {
> >         if (radius_is_user_in("From", "suspended")) {
> >             sl_send_reply("403", "Forbidden -
> suspended");
> >             exit;
> >         };
> >     };
> >
> >     # we record-route all messages -- to make sure that
> >     # subsequent messages will go through our proxy; that's
> >     # particularly good if upstream and downstream entities
> >     # use different transport protocol
> >     if (!method=="REGISTER")
> >         record_route();
> >
> >     # subsequent messages withing a dialog should take the
> >     # path determined by record-routing
> >     if (loose_route()) {
> >         # mark routing logic in request
> >         append_hf("P-hint: rr-enforced\r\n");
> >         if(is_method("BYE"))
> >         { # log it all the time
> >             acc_rad_request("200 ok");
> >             acc_log_request("200 ok");
> >         }
> >         route(1);
> >     };
> >
> >     if(is_method("INVITE") && !has_totag())
> >     {   # set the acc flags
> >         setflag(1);
> >         setflag(2);
> >     };
> >
> >     if (!uri==myself) {
> >         # check if user is allowed to do voip calls to other domains
> >         if(is_method("INVITE|MESSAGE")) {
> >             if (!radius_is_user_in("From", "voip")) {
> >                 sl_send_reply("403", "Forbidden VoIP");
> >                 exit;
> >             };
> >         };
> >         # mark routing logic in request
> >         append_hf("P-hint: outbound\r\n");
> >         route(1);
> >     };
> >
> >     # if the request is for other domain use UsrLoc
> >     # (in case, it does not work, use the following command
> >     # with proper names and addresses in it)
> >     if (uri==myself) {
> >         # authenticate registers
> >         if (method=="REGISTER") {
> >             if (!radius_www_authorize("192.168.0.5")) {
> >                 www_challenge("192.168.0.5", "0");
> >                 exit;
> >             };
> >
> >             # check the src ip address
>
>
> Call the method is  Wrong , Check the Module doc od avp_radius  and Avp,
>
> >
> >             if(!avp_check("i:2", "eq/$src_ip/ig"))
> >             {
> >                 sl_send_reply("403", "Forbidden IP");
> >                 exit;
> >             };
> >
> >             save("location");
> >             exit;
> >         };
> >
> >         # calls to pstn
> >         if(uri=~"sip:00[1-9][0-9]+@") {
> >             if(is_method("INVITE") && !has_totag()) {
> >                 if (!radius_is_user_in("From", "pstn")) {
> >                     sl_send_reply("403", "Forbidden
> PSTN");
> >                     exit;
> >                 };
> >             };
> >             # set gateway address
> >             rewritehostport(" 10.10.10.10:5090");
> >             route(1);
> >         };
> >
> >         # load callee's avps
> >         if(avp_load_radius("callee"))
> >         {
> >             # check if user has time filter enabled
> >             if(avp_check("i:3", "eq/i:1"))
> >             {
> >                 # print time in an avp
> >                 avp_printf("i:100", "$Tf");
> >                 # extract day
> >                 avp_subst("i:100/i:101", "/(.{3})
> .+/*\1*/");
> >                 if(!avp_check("i:6", "fm/$day")) {
> >                     sl_send_reply("403", "Forbidden -
> day");
> >                     exit;
> >                 };
> >                 # extract 'hours:minutes'
> >                 avp_subst("i:100/i:102", "/(.{10})
> (.{5}):.+/\2/");
> >                 if((is_avp_set("i:4") && avp_check("i:4",
> "gt/$time"))
> >                 || (is_avp_set("i:5") && avp_check("i:5", "lt/$time"))) {
> >                     sl_send_reply("403", "Forbidden -
> time");
> >                     exit;
> >                 };
> >             };
> >         };
> >
> >         # native SIP destinations are handled using our USRLOC DB
> >         if (!lookup("location")) {
> >             # log to acc as missed call
> >             acc_rad_request("404 Not Found");
> >             acc_log_request("404 Not Found");
> >             sl_send_reply("404", "Not Found");
> >             exit;
> >         };
> >         append_hf("P-hint: usrloc applied\r\n");
> >     };
> >
> >     route(1);
> > }
> >
> > # generic forward
> > route[1] {
> >     # send it out now; use stateful forwarding as it works reliably
> >     # even for UDP2TCP
> >     if (!t_relay()) {
> >         sl_reply_error();
> >     };
> >     exit;
> > }
> > #
> >
> > _______________________________________________
> > Users mailing list
> > Users at openser.org
> > http://openser.org/cgi-bin/mailman/listinfo/users
> >
>
>
>
> --
> Thanks and Regards
> Ravi Prakash Sunkara
>  ravi.sunkara at hyperion-tech.com
> M:+91 9985077535
> O:+91 40 23114549
> F:+91 40 40208727
> ravi.sunkara at hyperion-tech.com
>  www.hyperion-tech.com




More information about the Users mailing list