[OpenSER-Users] Openser 1.2.1 with FreeRADIUS 1.1.6

Bogdan-Andrei Iancu bogdan at voice-system.ro
Thu Jun 28 17:33:37 CEST 2007


Hi Neeraj,

that is quite odd as the "credentials received are not filled properly" 
is generated by the authentication API (auth module) and has nothing to 
do with radius_is_user_in().

when hitting radius_is_user_in(), does the process get blocked or it 
just go through without doing anything? Can you check with ngrep/tcpdump 
if any radius request is sent by radius_is_user_in()?

regards,
bogdan

Neeraj Gupta wrote:
> Thanks Bogdan.
>
> I spent a lot of time yesterday to troubleshoot my own problem.
> Its much better now. Here is the latest.
>
> I found out that the routing script has a section which was causing 
> all this.
>
>    # check if user is suspended
>    if(is_method("REGISTER|INVITE|MESSAGE|OPTIONS|SUBSCRIBE"))
>    {
>        if (radius_is_user_in("From", "suspended")) {
>            sl_send_reply("403", "Forbidden - suspended");
>            exit;
>        };
>    };
>
> I confirmed that is_method function works fine but when the call hits 
> radius_is_user_in, it does not go through
> and I see "credentials received are not properly filled in" on 
> openser. When I commented out this and other radius_is_user_in and 
> re-ran, all is well.
>
> Any clue on whats missing here ?
>
> I am thinking of creating a how-to doc on openser wiki after 
> completing my tests.
>
> Thanks,
> Neeraj
> Sun Microsystems
>
>
> Bogdan-Andrei Iancu wrote:
>> Hi Neeraj,
>>
>> The "pre_auth(): credentials received are not filled properly" is 
>> generated in multiple cases, like missing username/realm/nonce, etc. 
>> Check your register request to see if it has all the required info in 
>> the auth hdr.
>>
>> Logs in debug=6 are also useful.
>>
>> regards,
>> bogdan
>>
>> Neeraj Gupta wrote:
>>> Hi,
>>>
>>> I switched to OpenSER 1.2.1 last week, from ser 0.9.6.
>>> And this is first time I am trying to use FreeRADIUS 1.1.6 with 
>>> OpenSER 1.2.1
>>> I followed instructions on web based on 1.0.1 and made some changes 
>>> by hand to adapt to 1.2.1 model.
>>> This was my reference:
>>> www.*openser*.org/docs/*openser*-radius-1.0.x.html
>>>
>>> I can start OpenSER, no issues but I am not able to use SiPP UA.
>>> Openser does not respond back to UA (no incoming message in 
>>> ethereal/wireshark).
>>> Openser reports that "pre_auth(): credentials received are not 
>>> filled properly".
>>> I tried to comment out the avp sections in openser.cfg.. but Its not 
>>> helping.
>>> Please see my logs and configs below. If someone can send me a 
>>> working config file, I will be very thankful.
>>> If more info needed, let me know.
>>>
>>> _*# openser -V*_
>>> version: openser 1.2.1-tls (sparc64/solaris)
>>> flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, DISABLE_NAGLE, 
>>> USE_MCAST, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, 
>>> FAST_LOCK-ADAPTIVE_WAIT
>>> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 
>>> 16, MAX_URI_SIZE 1024, BUF_SIZE 65535
>>> poll method support: poll, select, /dev/poll.
>>> svnrevision: unknown
>>> @(#) $Id: main.c 1827 2007-03-12 15:22:53Z bogdan_iancu $
>>> main.c compiled on 23:04:19 Jun 26 2007 with gcc 3.4.6
>>>
>>> _*Radius users file*_
>>>
>>> # from website examples
>>> ### --- avps ---
>>> 101 at 192.168.4.128 Auth-Type := Accept, Service-Type == 
>>> "SIP-Callee-AVPs"
>>>         Sip-Avp += "#3#1",
>>>         Sip-Avp += "#4:08:00",
>>>         Sip-Avp += "#5:16:00",
>>>         Sip-Avp += "#6:Mon,Wed,Thu,Fri"
>>>
>>> 102 at 192.168.4.128 Auth-Type := Accept, Service-Type == 
>>> "SIP-Callee-AVPs"
>>>         Sip-Avp += "#3#1",
>>>         Sip-Avp += "#4:08:00",
>>>         Sip-Avp += "#5:16:00",
>>>         Sip-Avp += "#6:Mon,Wed,Thu,Fri"
>>>
>>> DEFAULT Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
>>>
>>> ### --- group checking ---
>>> ### --- user 101 ---
>>> 101 at 192.168.4.128 Auth-Type := Accept, Sip-Group == "voip", 
>>> Service-Type == "Group-Check"
>>>         Reply-Message = "Authorized"
>>>
>>> 101 at 192.168.4.128 Auth-Type := Accept, Sip-Group == "pstn", 
>>> Service-Type == "Group-Check"
>>>         Reply-Message = "Authorized"
>>>
>>> ### --- user 102 ---
>>> 102 at 192.168.4.128 Auth-Type := Accept, Sip-Group == "voip", 
>>> Service-Type == "Group-Check"
>>>         Reply-Message = "Authorized"
>>>
>>> DEFAULT Auth-Type := Reject, Service-Type == "Group-Check"
>>>
>>> ### --- user authentication ---
>>> 101 at 192.168.4.128 Auth-Type := Digest, User-Password == "101"
>>>         Reply-Message = "Authenticated",
>>>         Sip-Avp += "rpid:101",
>>>         Sip-Avp += "#2:192.168.4.101",
>>>         Sip-Avp += "#2:192.168.4.100"
>>>
>>> 102 at 192.168.4.128 Auth-Type := Digest, User-Password == "102"
>>>         Reply-Message = "Authenticated",
>>>         Sip-Avp += "rpid:102",
>>>         Sip-Avp += "#2:192.168.4.101"
>>>
>>> # test user
>>> test Auth-Type := Digest, User-Password == "test"
>>>         Reply-Message = "Hello, test with digest"
>>>
>>> _*SiPP xml file:*_
>>> <?xml version="1.0" encoding="ISO-8859-1" ?>
>>> <!DOCTYPE scenario SYSTEM "sipp.dtd">
>>>
>>> <scenario name="registration">
>>>
>>> <send retrans="500">
>>> <![CDATA[
>>> REGISTER sip:192.168.4.128 SIP/2.0
>>> Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
>>> Max-Forwards: 20
>>> From: "[field1]" <sip:[field1]@[field0]>;tag=[call_number]
>>> To: "101" <sip:[field1]@[field0]>
>>> Call-ID: [call_id]
>>> CSeq: 1 REGISTER
>>> Contact: <sip:[field1]@[local_ip]:[local_port]>
>>> Expires: 1800
>>> Content-Length: 0
>>> User-Agent: Sipp/Ubuntu
>>> Authorization: Digest username="[field1]@[field0]", realm="[field0]"
>>> Supported: path
>>> ]]>
>>> </send>
>>>
>>> <recv response="401" auth="true" rtd="true">
>>> </recv>
>>>
>>> <send retrans="500">
>>> <![CDATA[
>>> REGISTER sip:192.168.4.128 SIP/2.0
>>> Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
>>> Max-Forwards: 20
>>> From: "[field1]" <sip:[field1]@[field0]>;tag=[call_number]
>>> To: "101" <sip:[field1]@[field0]>
>>> Call-ID: [call_id]
>>> CSeq: 2 REGISTER
>>> Contact: <sip:[field1]@[local_ip]:[local_port]>
>>> Expires: 300
>>> Content-Length: 0
>>> User-Agent: Sipp/Ubuntu
>>> [authentication username=[field1]@[field0] password=[field2]]
>>> Supported: path
>>> ]]>
>>> </send>
>>>
>>> <recv response="200">
>>> </recv>
>>>
>>> <ResponseTimeRepartition value="10, 20"/>
>>> <CallLengthRepartition value="10"/>
>>>
>>> /scenario>
>>>
>>> Thanks,
>>> Neeraj Gupta
>>> Sun Microsystems
>>> ------------------------------------------------------------------------ 
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at openser.org
>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>>   
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/users
>





More information about the Users mailing list