Re: [Serusers] Seruser - Radius authentication

I really don't know what to tell you more, there simply must be some problem in your setup because I am pretty sure that the radius code in ser works. Read ser-radius howto carefully and double check every step. One last thing, you are running the server and client on the same host, double check that you don't have two entries for 127.0.0.1 or localhost in the configuration files of the server (one is there by default). Also, do the test using radclient as described in ser-radius howto. Jan. On 23-09 13:25, Steven R. Bunin wrote: > Jan, > > Just checked that and both my client and server files match in terms of the secret. I also did a > test using XTradius on a different server. I need to update that XTradius with the ser dictionary > and it might work, as of now the XTradius is saying it is not receiving a password. > > Steve > > Jan Janak wrote: > > > Check that you really configured the same shared secret in the > > radiusclient library and the radius server. I remember I had the same > > problem when I accidentally misconfigured the secret. > > > > Jan. > > > > On 23-09 13:11, Steven R. Bunin wrote: > > > Hi Jan, > > > > > > I am running freeradius with the -X and it is sending back whatever message I place in my > > > "Reply-message = ..." field. > > > > > > here is the output.. > > > > > > rlm_eap: EAP-Message not found > > > rlm_digest: Converting Digest-Attributes to something sane... > > > Digest-User-Name = "17182681152" > > > Digest-Realm = "sip2.solaas.com" > > > Digest-Nonce = "3f70740aca7efa44e94e91a8df73c19d5c4318fc" > > > Digest-URI = "sip:sip2.solaas.com" > > > Digest-Method = "REGISTER" > > > rlm_digest: Adding Auth-Type = DIGEST > > > Sending Access-Accept of id 138 to 127.0.0.1:33966 > > > rad_recv: Access-Request packet from host 127.0.0.1:33966, id=139, > > > length=227 > > > User-Name = "17182681152(a)sip2.solaas.com" > > > Digest-Attributes = 0x0a0d3137313832363831313532 > > > Digest-Attributes = 0x0111736970322e736f6c6161732e636f6d > > > Digest-Attributes = > > > 0x022a33663730373434376537393537646530346662333637643335373333643436613631366435616564 > > > Digest-Attributes = 0x04157369703a736970322e736f6c6161732e636f6d > > > Digest-Attributes = 0x030a5245474953544552 > > > Digest-Response = "1c54b2afbdd7ea6b401e20e056c22ebe" > > > Service-Type = IAPP-Register > > > X-Ascend-PW-Lifetime = 0x3137313832363831313532 > > > NAS-IP-Address = 127.0.0.1 > > > NAS-Port = 5060 > > > rlm_eap: EAP-Message not found > > > rlm_digest: Converting Digest-Attributes to something sane... > > > Digest-User-Name = "17182681152" > > > Digest-Realm = "sip2.solaas.com" > > > Digest-Nonce = "3f707447e7957de04fb367d35733d46a616d5aed" > > > Digest-URI = "sip:sip2.solaas.com" > > > Digest-Method = "REGISTER" > > > rlm_digest: Adding Auth-Type = DIGEST > > > Sending Access-Accept of id 139 to 127.0.0.1:33966 > > > > > > As you can see, there is an Access-Accept being sent.. but my Xten-Pro sipphone is receiving > > > an Unauthorized message from SER (based on my ethereal packet sniffer). > > > > > > Steve > > > > > > > > > Jan Janak wrote: > > > > > > > Hello, > > > > > > > > I suppose you are using freeradius server. Start it with -X option and > > > > see the output. > > > > > > > > Jan. > > > > > > > > On 23-09 13:01, Steven R. Bunin wrote: > > > > > I am also using Ser with Radius and finally got the Radiusclient, Radius and > > > > > Ser to all talk together. The only issue I have is that the radius server is > > > > > not sending back what the radiusclient it looking for in order to tell Ser to > > > > > authenticate the user (I hope that isn't too confusing). > > > > > > > > > > The lines affecting radius in my ser.cfg are > > > > > modparam("auth_radius","radius_config","/usr/local/etc/radiusclient/radiusclient.conf") > > > > > > > > > > route{ > > > > > log(1,"logging so message came in"); > > > > > > > > > > if (uri=~"solaas.com") { > > > > > log(1,"sip_2 ip came through"); > > > > > > > > > > if (method=="REGISTER") { > > > > > log(1,"register go through"); > > > > > > > > > > # Uncomment this if you want to use digest authentication > > > > > if (!radius_www_authorize("")) { > > > > > www_challenge("","0"); > > > > > log(1,"request came in"); > > > > > break; > > > > > }; > > > > > > > > > > save("location"); > > > > > break; > > > > > }; > > > > > } > > > > > > > > > > I can add my radiusclient.conf file if it will help you.. > > > > > > > > > > my users file for the radius server looks like this: > > > > > > > > > > xxxxxxxxxx(a)sip.server.com Auth-Type := Digest, User-Password == "1234" > > > > > Reply-Message = "Authenticated" > > > > > > > > > > Hope that helps and also let me know if anyone sees anything wrong with my > > > > > radius setup so I can finally authenticate. > > > > > > > > > > Steve > > > > > > > > > > > > > > > > > Message: 1 > > > > > > Date: Tue, 23 Sep 2003 11:24:11 -0500 > > > > > > From: "Steve Dolloff" <sdolloff(a)noc.dls.net> > > > > > > Subject: RE: [Serusers] Troubles setting up radius authentication > > > > > > To: "Jan Janak" <jan(a)iptel.org> > > > > > > Cc: Serusers <serusers(a)lists.iptel.org> > > > > > > Message-ID: > > > > > > <ADCFA6B7CA0C754EB837B423E5A521D2543512(a)mailbox.noc.dls.net> > > > > > > Content-Type: text/plain; charset="us-ascii" > > > > > > > > > > > > Yes, I have added the SIP definitions to the radiusclient library. It > > > > > > is the dictionary file defined in the radiusclient.conf file as > > > > > > /etc/sip_dictionary. It was created using the dictionary file from > > > > > > radiusclient and adding the information from the link that you refered > > > > > > to. > > > > > > > > > > > > ----------------------- > > > > > > > > > > > > Hello, > > > > > > > > > > > > if there is no radius traffic then radiusclient library has some > > > > > > problems when buiding the request. Did you extend your radius dictionary > > > > > > as described in http://iptel.org/ser/ser_radius.html ? > > > > > > > > > > > > Jan. > > > > > > > > > > > > On 23-09 10:38, Steve Dolloff wrote: > > > > > > > I am trying to switch from database authentication to radius > > > > > > > authentication. > > > > > > > > > > > > > > I have compiled and installed the module. > > > > > > > > > > > > > > I have added the following to my ser.cfg > > > > > > > > > > > > > > modparam("auth_radius", "radius_config", "/etc/ser/radiusclient.conf") > > > > > > > modparam("auth_radius", "service_type",15) > > > > > > > > > > > > > > if (method=="REGISTER") { > > > > > > > log(1,"authenticating"); > > > > > > > if (!radius_www_authorize("test.net")) > > > > > > { > > > > > > > log(1,"radius auth failure"); > > > > > > > www_challenge("test.net", > > > > > > "0"); > > > > > > > break; > > > > > > > }; > > > > > > > > > > > > > > I have configured the following in /etc/ser/radiusclient.conf > > > > > > > authserver radius1.test.net:1812 > > > > > > > authserver radius2.test.net:1812 > > > > > > > servers /etc/servers > > > > > > > dictionary /etc/sip_dictionary > > > > > > > > > > > > > > I have configured the following in /etc/servers > > > > > > > > > > > > > > Radius1.test.net secret > > > > > > > Radius2.test.net secret2 > > > > > > > > > > > > > > I get the following in my messages log. > > > > > > > > > > > > > > Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: authenticating > > > > > > > Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: radius auth failure > > > > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: authenticating > > > > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: radius auth failure > > > > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: authenticating > > > > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: radius auth failure > > > > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: authenticating > > > > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: radius auth failure > > > > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: authenticating > > > > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: radius auth failure > > > > > > > > > > > > > > And ngrep port 1812 shows no traffic at all. Where are these auth > > > > > > > request going? How can I get more debug info? > > > > > > > > > > > > > > Thanks for your help. > > > > > > > > > > > > > > Stephen > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > Serusers mailing list > > > > > > > serusers(a)lists.iptel.org > > > > > > > http://lists.iptel.org/mailman/listinfo/serusers > > > > > >