What's the result from the 'RadiusClient' that I suggest?
Edson.
_____
From: Hamid Ali Asgari [mailto:Hamid@Parnak.com]
Sent: quinta-feira, 15 de junho de 2006 22:03
To: 'Edson'; users(a)openser.org
Subject: RE: [Users] SIP Clients Can't REGISTER
If you take a look at the radius debug, you will see that the radius does
authenticate the user first and then ejects in the second auth.. Does it
have anything to do with the Sip-Group = "suspended" entry?
Interesting point is that everything is exactly like the examples on the
tutorial.
Thanks,
Hamid
rad_recv: Access-Request packet from host 127.0.0.1:32900, id=196,
length=185
User-Name = "101(a)mydomain.com"
Digest-Attributes = 0x0a05313031
Digest-Attributes = 0x010b73686174656c2e6972
Digest-Attributes =
0x022a3434386666316666393332663830393337613034373266333837363163353036656166
3636613934
Digest-Attributes = 0x040f7369703a73686174656c2e6972
Digest-Attributes = 0x030a5245474953544552
Digest-Response = "7a3f00f697286dd95c5aa654a9662dea"
Service-Type = Sip-Session
Sip-Uri-User = "101"
NAS-Port = 5060
NAS-IP-Address = 127.0.0.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 100
modcall[authorize]: module "preprocess" returns ok for request 100
modcall[authorize]: module "chap" returns noop for request 100
modcall[authorize]: module "mschap" returns noop for request 100
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok for request 100
rlm_realm: Looking up realm "mydomain.com" for User-Name =
"101(a)mydomain.com"
rlm_realm: No such realm "mydomain.com"
modcall[authorize]: module "suffix" returns noop for request 100
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 100
users: Matched entry DEFAULT at line 152
users: Matched entry 101(a)mydomain.com at line 255
modcall[authorize]: module "files" returns ok for request 100
modcall: leaving group authorize (returns ok) for request 100
rad_check_password: Found Auth-Type Digest
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 100
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "101"
Digest-Realm = "mydomain.com"
Digest-Nonce = "448ff1ff932f80937a0472f38761c506eaf66a94"
Digest-URI = "sip:mydomain.com"
Digest-Method = "REGISTER"
A1 = 101:mydomain.com:101
A2 =
REGISTER:sip:mydomain.com
H(A1) = a5d8cf73217ea46c8fd8ca5da1c6a2e3
H(A2) = 27e9df2d1a7ed715c7204d1316039120
KD =
a5d8cf73217ea46c8fd8ca5da1c6a2e3:448ff1ff932f80937a0472f38761c506eaf66a94:27
e9df2d1a7ed715c7204d1316039120
EXPECTED 7a3f00f697286dd95c5aa654a9662dea
RECEIVED 7a3f00f697286dd95c5aa654a9662dea
modcall[authenticate]: module "digest" returns ok for request 100
modcall: leaving group authenticate (returns ok) for request 100
radius_xlat: 'Authenticated'
Sending Access-Accept of id 196 to 127.0.0.1 port 32900
Reply-Message = "Authenticated"
SIP-AVP += "rpid:101"
SIP-AVP += "#2:192.168.10.17"
Finished request 100
---------------------------------------------
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32901, id=197, length=64
User-Name = "101(a)mydomain.com"
Sip-Group = "suspended"
Service-Type = Group-Check
NAS-Port = 0
NAS-IP-Address = 127.0.0.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 101
modcall[authorize]: module "preprocess" returns ok for request 101
modcall[authorize]: module "chap" returns noop for request 101
modcall[authorize]: module "mschap" returns noop for request 101
modcall[authorize]: module "digest" returns noop for request 101
rlm_realm: Looking up realm "mydomain.com" for User-Name =
"101(a)mydomain.com"
rlm_realm: No such realm "mydomain.com"
modcall[authorize]: module "suffix" returns noop for request 101
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 101
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 252
modcall[authorize]: module "files" returns ok for request 101
modcall: leaving group authorize (returns ok) for request 101
rad_check_password: Found Auth-Type Reject
rad_check_password: Auth-Type = Reject, rejecting user
auth: Failed to validate the user.
Delaying request 101 for 1 seconds
Finished request 101
_____
From: Edson [mailto:4lists@gmail.com]
Sent: Thursday, June 15, 2006 4:19 PM
To: 'Hamid Ali Asgari'; users(a)openser.org
Subject: RE: [Users] SIP Clients Can't REGISTER
Take a look on the user credentials on Radius DB. Radius is rejecting the
authentication, so there should be some mismatch between Your login
credentials and what Radius has in its DB.
Try to run this command and see what's the result (linux version):
radiusclient -f <conf-dir-of-radiusclient-ng>/radiusclient.conf -p 123
'User-Name=some(a)valid.user' 'Password=Guess';echo $?
It should return:
Reply-Message = 'Authenticated'
Edson.