Hi
Has anyone come up with a scalable method to log the complete SIP trace
of ALL calls, i.e to separate files etc
Ngrep is greate for a few, but I want to be able to track all calls, for
various purposes
Iqbal
Hello list,
I've been trying my hardest today to get group_radius to work, and its
function radius_is_user_in().
I'm running ser0.9.4 and freeradius 1.0.4 with the mysql backend and digest
authentication.
Radius authentication works fine.
The problem is that when radius_is_user_in() function gets called, it sends
a radius message but without the User-Password field and freeradius
complains that it requires it since we are using Digest.
I've seen a couple of posts here, but they were never answered:
http://lists.iptel.org/pipermail/serusers/2005-March/017342.htmlhttp://lists.iptel.org/pipermail/serusers/2005-March/017075.html
-----
I have a small test in my ser.cfg file:
if (!radius_www_authorize("")) {
xlog("L_I","%ci - %fu - User not authenticated, Radius
Authenticating...\n");
www_challenge("","0");
break;
} else {
xlog("L_I","%ci - %fu - User authenticated...\n");
};
if (radius_is_user_in("From", "Dialin")){
xlog("L_I","From: User is in Radius Group Dialin!!!!\n");
} else {
xlog("L_I","From: User *IS NOT* Group Dialin!!!!!\n");
};
if (radius_is_user_in("Credentials", "Dialin2")){
xlog("L_I","From: User is in Radius Group Dialin2!!!!\n");
} else {
xlog("L_I","From: User *IS NOT* Group Dialin2!!!!!\n");
};
-----
In /etc/raddb/users file I have the following at line 152:
DEFAULT Auth-Type = System
Fall-Through = 1
DEFAULT Service-Type == Group-Check, Auth-Type := None
DEFAULT Service-Type == SIP-Callee-AVPs, Auth-Type := None
-----
These are mysql tables:
+----+----------+-----------+----+----------+
| id | UserName | Attribute | op | Value |
+----+----------+-----------+----+----------+
| 1 | Jhassell | Password | == | changeme |
| 2 | Rneis | Password | == | changeme |
| 3 | 1000 | Password | == | 1000 |
| 4 | 2000 | Password | == | 2000 |
| 5 | 3000 | Password | == | 3000 |
| 8 | 1000 | Auth-Type | := | Digest |
+----+----------+-----------+----+----------+
+----+-----------+-----------+----+--------+
| id | GroupName | Attribute | op | Value |
+----+-----------+-----------+----+--------+
| 6 | Dialin | Auth-Type | := | Accept |
+----+-----------+-----------+----+--------+
+----+-----------+---------------+----+----------------------------------+--
----+
| id | GroupName | Attribute | op | Value |
prio |
+----+-----------+---------------+----+----------------------------------+--
----+
| 1 | Dialin | Reply-Message | = | "Authenticated by group Dialin" |
0 |
| 2 | Dialin2 | Reply-Message | = | "Authenticated by group Dialin2" |
0 |
+----+-----------+---------------+----+----------------------------------+--
----+
+----+----------+---------------+----+------------------+
| id | UserName | Attribute | op | Value |
+----+----------+---------------+----+------------------+
| 1 | 1000 | Reply-Message | = | "Authenticated" |
| 2 | 1000 | Sip-Group | = | Dialin |
| 3 | 1000 | SIP-AVP | = | Sip-Group:Dialin |
+----+----------+---------------+----+------------------+
+----+----------+------------+
| id | UserName | GroupName |
+----+----------+------------+
| 1 | Jhassell | Dialin |
| 2 | Rneis | Staticdial |
| 3 | 1000 | Dialin |
| 4 | 2000 | Dialin |
| 5 | 3000 | Dialin |
| 6 | 3000 | Dialin2 |
+----+----------+------------+
------
This is the debug I get from freeradius for the group check:
rad_recv: Access-Request packet from host xx.xx.xx.xx:33025, id=15,
length=67
User-Name = "1000(a)xx.xx.xx.xx"
Sip-Group = "Dialin2"
Service-Type = Group-Check
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 74
modcall[authorize]: module "preprocess" returns ok for request 74
modcall[authorize]: module "chap" returns noop for request 74
modcall[authorize]: module "mschap" returns noop for request 74
modcall[authorize]: module "digest" returns noop for request 74
rlm_realm: Looking up realm "xx.xx.xx.xx" for User-Name =
"1000(a)xx.xx.xx.xx"
rlm_realm: Found realm "xx.xx.xx.xx"
rlm_realm: Adding Stripped-User-Name = "1000"
rlm_realm: Proxying request from user 1000 to realm xx.xx.xx.xx
rlm_realm: Adding Realm = "xx.xx.xx.xx"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 74
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 74
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 158
modcall[authorize]: module "files" returns ok for request 74
radius_xlat: '1000'
rlm_sql (sql): sql_set_user escaped user --> '1000'
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "sql" returns ok for request 74
modcall: group authorize returns ok for request 74
rad_check_password: Found Auth-Type Digest
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 74
ERROR: No Digest-Nonce: Cannot perform Digest authentication
modcall[authenticate]: module "digest" returns invalid for request 74
modcall: group authenticate returns invalid for request 74
auth: Failed to validate the user.
Delaying request 74 for 1 seconds
Finished request 74
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 15 to xx.xx.xx.xx:33025
Reply-Message = "Authenticated"
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 74 ID 15 with timestamp 434f1121
Nothing to do. Sleeping until we see a request.
Any help in this matter would be deeply appreciated,
Lenir
Hello list,
I've been trying my hardest today to get group_radius to work, and its
function radius_is_user_in().
I'm running ser0.9.4 and freeradius 1.0.4 with the mysql backend and digest
authentication.
Radius authentication works fine.
The problem is that when radius_is_user_in() function gets called, it sends
a radius message but without the User-Password field and freeradius
complains that it requires it since we are using Digest.
I've seen a couple of posts here, but they were never answered:
http://lists.iptel.org/pipermail/serusers/2005-March/017342.htmlhttp://lists.iptel.org/pipermail/serusers/2005-March/017075.html
-----
I have a small test in my ser.cfg file:
if (!radius_www_authorize("")) {
xlog("L_I","%ci - %fu - User not authenticated, Radius
Authenticating...\n");
www_challenge("","0");
break;
} else {
xlog("L_I","%ci - %fu - User authenticated...\n");
};
if (radius_is_user_in("From", "Dialin")){
xlog("L_I","From: User is in Radius Group Dialin!!!!\n");
} else {
xlog("L_I","From: User *IS NOT* Group Dialin!!!!!\n");
};
if (radius_is_user_in("Credentials", "Dialin2")){
xlog("L_I","From: User is in Radius Group Dialin2!!!!\n");
} else {
xlog("L_I","From: User *IS NOT* Group Dialin2!!!!!\n");
};
-----
In /etc/raddb/users file I have the following at line 152:
DEFAULT Auth-Type = System
Fall-Through = 1
DEFAULT Service-Type == Group-Check, Auth-Type := None
DEFAULT Service-Type == SIP-Callee-AVPs, Auth-Type := None
-----
These are mysql tables:
+----+----------+-----------+----+----------+
| id | UserName | Attribute | op | Value |
+----+----------+-----------+----+----------+
| 1 | Jhassell | Password | == | changeme |
| 2 | Rneis | Password | == | changeme |
| 3 | 1000 | Password | == | 1000 |
| 4 | 2000 | Password | == | 2000 |
| 5 | 3000 | Password | == | 3000 |
| 8 | 1000 | Auth-Type | := | Digest |
+----+----------+-----------+----+----------+
+----+-----------+-----------+----+--------+
| id | GroupName | Attribute | op | Value |
+----+-----------+-----------+----+--------+
| 6 | Dialin | Auth-Type | := | Accept |
+----+-----------+-----------+----+--------+
+----+-----------+---------------+----+----------------------------------+--
----+
| id | GroupName | Attribute | op | Value |
prio |
+----+-----------+---------------+----+----------------------------------+--
----+
| 1 | Dialin | Reply-Message | = | "Authenticated by group Dialin" |
0 |
| 2 | Dialin2 | Reply-Message | = | "Authenticated by group Dialin2" |
0 |
+----+-----------+---------------+----+----------------------------------+--
----+
+----+----------+---------------+----+------------------+
| id | UserName | Attribute | op | Value |
+----+----------+---------------+----+------------------+
| 1 | 1000 | Reply-Message | = | "Authenticated" |
| 2 | 1000 | Sip-Group | = | Dialin |
| 3 | 1000 | SIP-AVP | = | Sip-Group:Dialin |
+----+----------+---------------+----+------------------+
+----+----------+------------+
| id | UserName | GroupName |
+----+----------+------------+
| 1 | Jhassell | Dialin |
| 2 | Rneis | Staticdial |
| 3 | 1000 | Dialin |
| 4 | 2000 | Dialin |
| 5 | 3000 | Dialin |
| 6 | 3000 | Dialin2 |
+----+----------+------------+
------
This is the debug I get from freeradius for the group check:
rad_recv: Access-Request packet from host xx.xx.xx.xx:33025, id=15,
length=67
User-Name = "1000(a)xx.xx.xx.xx"
Sip-Group = "Dialin2"
Service-Type = Group-Check
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 74
modcall[authorize]: module "preprocess" returns ok for request 74
modcall[authorize]: module "chap" returns noop for request 74
modcall[authorize]: module "mschap" returns noop for request 74
modcall[authorize]: module "digest" returns noop for request 74
rlm_realm: Looking up realm "xx.xx.xx.xx" for User-Name =
"1000(a)xx.xx.xx.xx"
rlm_realm: Found realm "xx.xx.xx.xx"
rlm_realm: Adding Stripped-User-Name = "1000"
rlm_realm: Proxying request from user 1000 to realm xx.xx.xx.xx
rlm_realm: Adding Realm = "xx.xx.xx.xx"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 74
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 74
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 158
modcall[authorize]: module "files" returns ok for request 74
radius_xlat: '1000'
rlm_sql (sql): sql_set_user escaped user --> '1000'
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "sql" returns ok for request 74
modcall: group authorize returns ok for request 74
rad_check_password: Found Auth-Type Digest
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 74
ERROR: No Digest-Nonce: Cannot perform Digest authentication
modcall[authenticate]: module "digest" returns invalid for request 74
modcall: group authenticate returns invalid for request 74
auth: Failed to validate the user.
Delaying request 74 for 1 seconds
Finished request 74
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 15 to xx.xx.xx.xx:33025
Reply-Message = "Authenticated"
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 74 ID 15 with timestamp 434f1121
Nothing to do. Sleeping until we see a request.
Any help in this matter would be deeply appreciated,
Lenir
Hi;
I'd like to set up a SIP network secured by TLS in my lab.
Would anyone please let me know if open source soft-phone is available
compatible with TLS enabled Openser? Any suggestions on soft-phones or
success stories are greatly appreciated.
Thanks,
Joon
Hello,
I'm writing a custom program using the serctl interface to manage users
(adds, deletes, etc.). One problem that I am having is with the case
where I want to reassign an alias to a different user.
My assumption was that the command: %serctl alias rm <aliasX> would
delete any references to "aliasX" and allow me to reuse "aliasX" for a
different user. What I've found is that even after using the
aforementioned command, "aliasX" is still in ser's memory cache and in
the database's alias table. Thus, if I attempt to reassign this number,
it fails.
I'm sure I'm not the first to try reassigning extensions through serctl,
so either it is broken or I do not understand what is really going on
(likely).
Any and all help is greatly appreciated.
Thanks.
hi again,
I'm having another problem.
I can already run ser-0.9.0, but there is a problem when
a client tries to register.
I edit the method REGISTER so that all the requests could be accepted:
if (method=="REGISTER") {
log(1, "LOG: Someone registred\n");
if (!save("location")) {
sl_reply_error();
};
break;
};
However, with the method,
if (method=="REGISTER" && nat_uac_test("3")) {
fix_nated_contact();
log(1, "LOG: Someone registred\n");
force_rport();
setflag(2);
};
the login failed and i got the following errors:
4(6453) qm_free: freeing frag. 0x81588c4 alloc'ed from
parser/msg_parser.c: parse_headers(278)
4(6453) qm_free(0x810bba0, 0x815f428), called from receive.c:
receive_msg(234)
4(6453) qm_free: freeing frag. 0x815f410 alloc'ed from receive.c:
receive_msg(92)
6(6462) qm_malloc(0x810bba0, 8) called from nathelper.c: timer(1539)
6(6462) qm_malloc(0x810bba0, 8) returns address 0x815cf98 frag.
0x815cf80 (size=8) on 1 -th hit
6(6462) qm_free(0x810bba0, 0x815cf98), called from nathelper.c: timer(1594)
6(6462) qm_free: freeing frag. 0x815cf80 alloc'ed from nathelper.c:
timer(1539)
3(6452) udp_rcv_loop: probing packet received from 213.22.190.48 50195
6(6462) qm_malloc(0x810bba0, 8) called from nathelper.c: timer(1539)
6(6462) qm_malloc(0x810bba0, 8) returns address 0x815cf98 frag.
0x815cf80 (size=8) on 1 -th hit
6(6462) qm_free(0x810bba0, 0x815cf98), called from nathelper.c: timer(1594)
6(6462) qm_free: freeing frag. 0x815cf80 alloc'ed from nathelper.c:
timer(1539)
6(6462) qm_malloc(0x810bba0, 8) called from nathelper.c: timer(1539)
6(6462) qm_malloc(0x810bba0, 8) returns address 0x815cf98 frag.
0x815cf80 (size=8) on 1 -th hit
6(6462) qm_free(0x810bba0, 0x815cf98), called from nathelper.c: timer(1594)
6(6462) qm_free: freeing frag. 0x815cf80 alloc'ed from nathelper.c:
timer(1539)
5(6461) udp_rcv_loop: probing packet received from 213.22.190.48 50195
Does anyone know what could be the problem?
Best regards,
Ravic Costa
hi,I'm new to ser,afer working several days could't figure out how to set up the call.hope get help here.
below is how i setup ser
rpm -i ser-0.8.12-0.i386.rpm
/etc/rc.d/init.d/ser start
and after use serctl ps can see ser runing,I use my softphone to make a dial on the pc side,and the ser side using serctl moni can receive 404 reply at server.And right now I can add users by serctl add.
So how to make a realy call without authentication,do i need install mysql?and do I need to add user?
Can someone please help me with REFER? I have a caller that calls in
over my SER and then ACKs a calls and when he tries to REFER I send him
the 202 but I never send him the NOTIFY. Can someone please help me
understand if I am supposed to send the NOTIFY right after the 202? I
send hima final NOTIFY when the call is over but not directly after my 202.
