I've been trying to setup kamailio with the latest freeradius-client. I've been using the docker image kamailio/kamailio:5.3.1-jessie
adding the freeradius-client (latest github pool).
However it seems that kamailio cannot create a proper radius request and fails with error 3(9) ERROR: auth_radius [sterman.c:264]: radius_authorize_sterman(): unable to add User-Name attribute
Install freeradius-client
git clone https://github.com/FreeRADIUS/freeradius-client.git \
&& cd freeradius-client/ \
&& ./configure \
&& make \
&& make install
Modify the /usr/local/etc/radiusclient/dictionary
and append the following lines
$INCLUDE /etc/radiusclient/dictionary.sip
$INCLUDE /etc/radiusclient/dictionary.kamailio # https://github.com/kamailio/kamailio/blob/master/src/modules/auth_radius/cfg/dictionary.kamailio
Configure auth_radius
loadmodule "auth_radius.so"
loadmodule "misc_radius.so"
modparam("auth_radius|misc_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf")
I've went on the tried to debug the issue from the freeradius-client's point of view since it was easier to compile and iterate, and I've added various logs here and there to try and figure out what was wrong. From what I've seen, kamailio invokes INIT_AV
to setup the attrs
dictionary containing the dictionary attributes and matching values.
I've traced the rc_dict_findattr
and it seems that the library properly returns User-Name
attribute with value 1
.
However in the radius_authorize_sterman
function
the application tries to add the AVPs by invoking rc_avpair_add
and passing attr[...].v
value. I've logged the rc_avpair_add
parameters passed and it seems that attr[...].v
is not 1 as expected but 0, thus failing since 0 is an invalid attribute code.
I modified freeradius-client to replace attrid
with 1 if it were a 0 as a test, and it seems that all calls to rc_avpair_add
by sterman.c are passing 0 as attribute value leading to a radius message like:
(0) User-Name = "test@localhost"
(0) User-Name = "test"
(0) User-Name = "localhost"
(0) User-Name = "X3q5AV96t9WlJ5ZnoFFQQq/ftg7u+Mx5KRxYYIA="
(0) User-Name = "sip:localhost"
(0) User-Name = "REGISTER"
(0) User-Name = "bc6c2152d2e068e16f76188d69e66340"
(0) User-Name = "\017"
(0) User-Name = "test"
(0) NAS-Port = 5060
(0) NAS-IP-Address = 10.10.10.4
(As you can see pretty much all attributes are replaced by User-Name)
It looks like attrs
dictionary although initialized at mod_init
, at a later stage is somehow corrupted or reset.
kamailio -v
version: kamailio 5.3.1 (x86_64/linux)
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled with gcc 4.9.2
Linux bea2be591c38 4.19.76-linuxkit #1 SMP Tue May 26 11:42:35 UTC 2020 x86_64 GNU/Linux
This is tested on a docker installation using kamailio/kamailio:5.3.1-jessie
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.