Re: [Serusers] help with radius installation

typos in your paths? I've tried ser+radius once, and it worked fine with me! Here is the step-by-step tutorial how I did it! regards, klaus 19.4.2004: ser+radius installation on mandrake 10.0; klaus darilion Note: This installation uses unstable ser, therefore the new radiusclient library is necessary (radiusclient-ng). ser 0.8.12 stable still requires the original radius library from: http://www.mcs.de/~lf/radius In this setup, radius is only used for authentication, not for accounting! 1. get ser: mkdir ser cd ser/ export CVSROOT=:pserver:anonymous@cvs.berlios.de:/cvsroot/ser cvs login cvs co sip_router cd .. 2. get the new radiusclient mkdir radiusclient-ng cd radiusclient-ng/ export CVSROOT=:pserver:anonymous@cvs.berlios.de:/cvsroot/radiusclient-ng cvs login cvs co radiusclient-ng cd .. 3. compile and install the radius client cd radiusclient-ng/radiusclient-ng ./configure ./make su ./make install exit cd ../.. 4. compile and install ser cd ser/sip_router make all make modules modules=modules/auth_radius su make install cp modules/auth_radius/auth_radius.so /usr/local/lib/ser/modules/ cp rpm/ser.init /etc/init.d/ser vi /etc/init.d/ser -> change ser=/usr/sbin/ser to ser=/usr/local/sbin/ser, save and exit -> check if ser starts! /etc/init.d/ser start ps -A --> there should be plenty of ser processes /etc/init.d/ser stop ps -A --> all the ser processes should be stopped exit cd ../.. 5. configure radius client --> if the radius server is on another machine, edit /usr/local/etc/radiusclient/radiusclient.conf and set authserver and acctserver to the proper machine. --> configure the shared secret for your radius server in /usr/local/etc/radiusclient/servers, e.g. I used: localhost testsecret --> add ser's sip dictionary (dictionary.ser ) to the dictionary of the radius client: cd ser/sip_router su cp etc/dictionary.ser /usr/local/etc/radiusclient/ cat /usr/local/etc/radiusclient/dictionary.ser exit cd ../.. 6. installing a radius server, in this case freeradius -->get freeradius mkdir freeradius cd freeradius wget ftp://ftp.freeradius.org/pub/radius/freeradius-0.9.3.tar.gz tar -xvzf freeradius-0.9.3.tar.gz cd freeradius-0.9.3 ./configure make su make install vi /usr/local/etc/raddb/clients.conf --> set the shared secret in clients.conf, in my case: testsecret for 127.0.0.1 vi /usr/local/etc/raddb/dictionary --> add the following at the end the dictionary file: $INCLUDE /usr/local/etc/radiusclient/dictionary.ser vi /usr/local/etc/raddb/radiusd.conf -->uncomment the word "digest" in the "authorize" and "authenticate" section vi /usr/local/etc/raddb/users -->insert a testuser: test Auth-Type := Digest, User-Password == "test" Reply-Message = "Hello, test with digest" 7. test the radius server --> start freeradus in debug mode radiusd -X --> create a file called "digest" with the following content (everything in one line) User-Name = "test", Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7", Digest-Realm = "testrealm", Digest-Nonce = "1234abcd" , Digest-Method = "INVITE", Digest-URI = "sip:5555551212@example.com", Digest-Algorithm = "MD5", Digest-User-Name = "test" --> send the request to the server radclient -f digest localhost auth testsecret -->this sould return: Received response ID 160, code 2, length = 45 Reply-Message = "Hello, test with digest" 8. reconfigure ser for radius things --> RADIUS-related modules are not compiled by default. To compile them, edit Makefile, find variable exclude_modules and you should see "auth_radius", "group_radius", and "uri_radius" among excluded modules. Simply remove the three modules from the list. -->If you need RADIUS accounting then edit also sip_router/modules/acc/Makefile and uncomment lines containing: DEFS+=-DRAD_ACC LIBS=-L$(LOCALBASE)/lib -lradiusclient 9. add radiusclient library to library path vi /etc/ld.so.conf --> add /usr/local/lib to the conf file ldconfig -v 10. edit ser.cfg loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" ------------------------- modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") modparam("auth_radius", "service_type", 15) ------------------------- # Uncomment this if you want to use digest authentication if (!radius_www_authorize("")) { www_challenge("", "0"); break; }; 11. run ser