Hi all,

I’m trying to configure SER 0.8.14 to use authentication with NavisRadius 4.5.0.

On my X-Lite (X-Lite v2.0 Build 1103m) client I’m getting “Login Failed! Contact Network Admin.”

I’m getting following message from NavisRadius. Why? => Reply-Message = "No check.password"

I would be very grateful if someone could look at my ser.cfg and output from NavisRadius.

Best regards

*****************************************************************************

This is what I get on RADIUS server (different from SER machine)

Client:

Client-Class = "#default"

Nas_Port_Normalization = off

Radius_Remove_Trailing_Nul = TRUE

Radius_Append_Trailing_Nul = FALSE

Auto_Remove_Check_Items = TRUE

Check_Authenticators = TRUE

Session_Time_From_Time_Of_Day = FALSE

Radius_Charset = "UTF8"

Client-Class = "video"

Client-Dictionary = "draft_ietf_radext_digest_auth_01"

**** dictionary of radiusclient on SER machine is adjusted to dictionary of RADIUS, and RADIUS can recognize attributes - except if I MUST run sterman_aaa_sip_00 on NavisRadius???? I attached dictionary in radiusclient to this message ****

Client-Secret = <hidden>

Request:

User-Name = "djovanov.srce"

Digest-Username = "djovanov.srce"

Digest-Realm = "srce.hr"

Digest-Nonce = "427b5aa983df858da94c50d1f8132a69e3e703ad"

Digest-URI = "sip:srce.hr"

Digest-Method = "REGISTER"

Digest-Response = "ca6202fe55c51501295a9bc6ab325420"

Service-Type = IAPP-Register

Anonymous = v0-a208-646A6F76616E6F7669632E73726365

**** RADIUS doesn’t recognize code 208, which is Sip-Uri-User ****

****Am I missing Digest-Algorithm? Why SER doesn’t send this attribute?****

NAS-IP-Address = 161.53.0.131

NAS-Port = 5060

Packet:

Client-Name = "161.53.0.131"

Packet-Type = Access-Request

Packet-Identifier = 213

Packet-Length = 197

Packet-Authenticator = 2B25D6D4934B930EB21F8E1B6AEFFE50

Source-Address = 161.53.0.131

Source-Port = 33159

Destination-Address = 0.0.0.0

Destination-Port = 1812

Receipt-Time = "2005/05/06 13:44:32"

Full-User-Name = "djovanov.srce"

Base-User-Name = "djovanov.srce"

Normalized-Nas-Port = 5060

19 <engine.worker.0> -> checkDigest[AuthHttpDigest]

19 <plugin.AuthHttpDigest.checkDigest> FAILURE -- No check.password

20 <engine.worker.0> Variable group trace

Reply:

Reply-Message = "No check.password"

**** this is message is which I get from NavisRadius ****

****************************************************************************************

This is my ser.cfg

fifo_db_url="mysql://ser:heslo@localhost/ser"

# ------------------ module loading ----------------------------------

loadmodule "/usr/local/lib/ser/modules/mysql.so"

loadmodule "/usr/local/lib/ser/modules/sl.so"

loadmodule "/usr/local/lib/ser/modules/tm.so"

loadmodule "/usr/local/lib/ser/modules/rr.so"

loadmodule "/usr/local/lib/ser/modules/maxfwd.so"

loadmodule "/usr/local/lib/ser/modules/usrloc.so"

loadmodule "/usr/local/lib/ser/modules/registrar.so"

loadmodule "/usr/local/lib/ser/modules/textops.so"

loadmodule "/usr/local/lib/ser/modules/auth.so"

loadmodule "/usr/local/lib/ser/modules/group.so"

loadmodule "/usr/local/lib/ser/modules/uri.so"

loadmodule "/usr/local/lib/ser/modules/uri_radius.so"

loadmodule "/usr/local/lib/ser/modules/group_radius.so"

loadmodule "/usr/local/lib/ser/modules/auth_radius.so"

loadmodule "/usr/local/lib/ser/modules/msilo.so"

modparam("usrloc", "db_url", "mysql://ser:heslo@localhost/ser")

modparam("usrloc", "db_mode", 2)

modparam("usrloc", "timer_interval", 10)

modparam("rr", "enable_full_lr", 1)

modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient-ng/radiusclient.conf")

modparam("auth_radius", "service_type", 15)

modparam("group_radius", "use_domain", 0)

if (uri==myself) {

if (method=="REGISTER") {

# Uncomment this if you want to use digest authentication

if (!radius_www_authorize("")) {

www_challenge("", "0");

break;

};

save("location");

break;

};

lookup("aliases");

if (!uri==myself) {

append_hf("P-hint: outbound alias\r\n");

route(1);

break;

};

# native SIP destinations are handled using our USRLOC DB

if (!lookup("location")) {

sl_send_reply("404", "Not Found");

break;

};

****************************************************************************************

This is output from XLite client

SEND TIME: 367959953

SEND >> 161.53.0.131:5060

Via: SIP/2.0/UDP 161.53.0.112:5060;rport;branch=z9hG4bK5F06B40648DE4583908CA9F59275C8AC

From: djovanov.srce <sip:djovanov.srce@srce.hr>;tag=1082157231

To: djovanov.srce <sip:djovanov.srce@srce.hr>

Contact: "djovanov.srce" <sip:djovanov.srce@161.53.0.112:5060>

Call-ID: 9AE1D3A885904642B6446C443007BA11@srce.hr

CSeq: 6774 REGISTER

Expires: 1800

Authorization: Digest username="djovanov.srce",realm="srce.hr",nonce="427b6e9134acf8132394741bae95d74a5994cb67",response="e6f6d76db22b74c6c0746d2cff9b34f8",uri="sip:srce.hr"

Max-Forwards: 70

User-Agent: X-Lite release 1103m

Content-Length: 0

RECEIVE TIME: 367959968

RECEIVE << 161.53.0.131:5060

SIP/2.0 401 Unauthorized

Via: SIP/2.0/UDP 161.53.0.112:5060;rport=5060;branch=z9hG4bK5F06B40648DE4583908CA9F59275C8AC

From: djovanov.srce <sip:djovanov.srce@srce.hr>;tag=1082157231

To: djovanov.srce <sip:djovanov.srce@srce.hr>;tag=06b273b7ac7b46f473f32e25d8adc515.da4f

Call-ID: 9AE1D3A885904642B6446C443007BA11@srce.hr

CSeq: 6774 REGISTER

WWW-Authenticate: Digest realm="srce.hr", nonce="427b6e9134acf8132394741bae95d74a5994cb67"

Server: Sip EXpress router (0.10.99-dev0 (i386/linux))

Content-Length: 0

Warning: 392 161.53.0.131:5060 "Noisy feedback tells: pid=14777 req_src_ip=161.53.0.112 req_src_port=5060 in_uri=sip:srce.hr out_uri=sip:srce.hr via_cnt==1"