[Users] uri_radius and radius_does_user_exist() not working

Toni Heinonen toni.heinonen at gmail.com
Tue Jan 9 19:34:10 CET 2007


Hello,

yes I did. I realized it asks a different service type from my RADIUS
server and I had to create separate records for uri_radius to work.
Ie. when it authenticates users, /etc/freeradius/users must have a
digest line, and then for uri_radius, you have to have another entry
for each user that implements the service type "call check", which
returns true even when there's no password (as there of course isn't
when OpenSER simply asks if the username exists).

It was kind of lame debugging and sniffing the traffic. Why couldn't
this all + an uri_radius example be included in the OpenSER+RADIUS
tutorial?

Kindest,
Toni

On 1/9/07, Daniel-Constantin Mierla <daniel at voice-system.ro> wrote:
> Hello,
>
> have you tried with freeradius in debug mode? It prints log messages
> which may help to identify the problem.
>
> Cheers,
> Daniel
>
>
> On 01/03/07 01:31, Toni Heinonen wrote:
> > Hi,
> >
> > I've been through the OpenSER + RADIUS configuration tutorial many,
> > many times, and it works like a charm, except for the uri_radius
> > module which I can't get to detect user existence with the
> > radius_does_user_exist() function.
> >
> > I'm trying to decide whether to send a 404 or a 480, as such:
> >
> > if (!lookup("location")) {
> >  if(radius_does_uri_exist()) {
> >    sl_send_reply("480", "User offline");
> >  } else {
> >    sl_send_reply("404", "User not found");
> >  };
> > };
> >
> > It worked identically with the uri_db module's does_user_exist()
> > function. Now the RADIUS server doesn't seem to understand the
> > Call-Check request. I have a dump here:
> >
> > http://tonih.iki.fi/temp/uri_radius.cap
> >
> > Can anyone guess why OpenSER always gives a 404 even for users that
> > exist, but that are simply offline? The users are currently
> > hand-configured into freeradius's text configuration file users.conf.
> >
> > PS. What have you found to be the best way to authenticate users from
> > a domain?  FreeRADIUS using Kerberos 5, LDAP or relaying to a
> > Microsoft RADIUS (IAS) server?
> >
>


-- 
http://tonih.iki.fi/ ~ http://blogit.helsinki.fi/toni.heinonen/
"The progress of a dynamic civilization depends on the special people
who make play out of work. In their all-absorbing passion, they create
the variations that, through trial and error, become the sources of
progress. They make the discoveries that drive the infinite series."
- Virginia Postrel




More information about the Users mailing list