Hello,
make sure that digest realm parameter and From/To domain are same.
Jan.
On 03-10 22:37, John Foster wrote:
Hi Jan,
Already gone through this, did exactly the same, radiusclient is installed n configured, While m geting an error in debug of ser, that is
15(26965) check_nonce(): comparing [3f7e23177ff358f48050c11e7540943971b73f02] and [3f7e23177ff358f48050c11e7540943971b73f02] 15(26965) authorize(): Credentials realm and URI host do not match 15(26965) build_auth_hf(): 'WWW-Authenticate: Digest realm="cooking.com.pk", nonce="3f7e23177ff358f48050c11e7540943971b73f02"
While ser conf is fine enough, pasted below. alias="cooking.com.pk" # ------------------ module loading ---------------------------------- # Uncomment this if you want to use SQL database loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" # ----------------- setting module-specific parameters --------------- # -- usrloc params -- #modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2) # -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password") modparam("auth_radius", "service_type", 15) # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops....:("); break; }; if (len_gt( max_len )) { sl_send_reply("513", "Message too big"); break; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route(); # loose-route processing if (loose_route()) { t_relay(); break; }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri=~"voice.cooking.com.pk") { if (method=="REGISTER") { # Uncomment this if you want to use digest authentication if (!radius_www_authorize("cooking.com.pk")) { www_challenge("cooking.com.pk", "0"); break; }; save("location"); break; }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found....!!!"); break; }; }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); }; }
Seems some minor mistake.., As no request is being sent to radius, ngrep shows nothing for that....
JF
Jan Janak jan@iptel.org wrote: See http://iptel.org/ser/ser_radius.html
Jan.
On 03-10 03:47, John Foster wrote:
Hi
I m using RADIATOR with ser0.8.11, while ser is running it doesnt send req to radius, following are snapd of log generated at ser (ngrep o/p)
# U 202.133.64.66:5060 -> 202.133.64.71:5060 REGISTER sip:voice.cooking.com.pk SIP/2.0..Via: SIP/2.0/UDP 202.133.64.66;branch=z9hG4bKnp1730137267-43b5a45e202.133.64.6 6..From: ;tag=671fccba..To: ..Call-ID: 1969536413-43c1d03 a@1969536416-43c1d037..Contact: ;expires=600;q=0.500..Expires: 600..CSeq: 22 REGISTER..Content- Length: 0..User-Agent: Ahead SIPPS IP Phone Version 2.0.42.13.... # U 202.133.64.71:5060 -> 202.133.64.66:5060 SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 202.133.64.66;branch=z9hG4bKnp1730137267-43b5a45e202.133.64.66..From: > ;tag=671fccba..To">21@voice.cooking.com.pk>;tag=671fccba..To: ;tag=b27e1a1d33761e85846fc98f5f3a7e58.bdca..Ca ll-ID: 1969536413-43c1d03a@1969536416-43c1d037..CSeq: 22 REGISTER..WWW-Authenticate: Digest realm="cooking.com.pk", nonce ="3f7d19d62902cb25358e2c666df77d1369d90974"..Server: Sip EXpress router (0.8.11 (i386/linux))..Content-Length: 0..Warning : 392 202.133.64.71:5060 "Noisy feedback tells: pid=13339 req_src_ip=202.133.64.66 req_src_port=5060 in_uri=sip:voice.co oking.com.pk out_uri=sip:voice.cooking.com.pk via_cnt==1"....
While here is my ser.cfg
# mysql.so must be loaded ! loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" # ----------------- setting module-specific parameters --------------- # -- usrloc params -- #modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2) # -- auth params -- # Uncomment if you are using auth module # #modparam("auth_dbs", "calculate_ha1", yes) modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password") modparam("auth_radius", "service_type", 15) : : : : # Uncomment this if you want to use digest authentication if (!radius_www_authorize("cooking.com.pk")) { www_challenge("cooking.com.pk", "0"); break; };
Any hint? JF
Do you Yahoo!? The New Yahoo! Shopping - with improved product search _______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Do you Yahoo!? The New Yahoo! Shopping - with improved product search