14 Apr
2005
14 Apr
'05
8:23 a.m.
I am running freeradius on the same host.
authserver localhost
acctserver localhost
the secret is correct.
I checked the radius configuration with radclient (radclient -f digest
localhost auth <secret>) and it's working fine, i see the process in
the logs.
but it's like the the ser not talking to the radius. (BTW i tried to
change the localhost in radiusclient.conf to my ip address of the NIC
- and it's the same nothing happens in the radius when the register
request coming)
here some debug maybe it can help.
----------------------------------------------------------
14(1036) parse_headers: flags=-1
14(1036) check_via_address(62.219.158.191, 62.219.158.191, 1)
14(1036) DEBUG:destroy_avp_list: destroing list (nil)
14(1036) receive_msg: cleaning up
9(1012) SIP Request:
9(1012) method: <REGISTER>
9(1012) uri: <sip:xxx.xxx.xxx.xxx>
9(1012) version: <SIP/2.0>
9(1012) parse_headers: flags=1
9(1012) Found param type 232, <branch> = <z9hG4bKfc5751413c832e6d>;
state=16
9(1012) end of header reached, state=5
9(1012) parse_headers: Via found, flags=1
9(1012) parse_headers: this is the first via
9(1012) After parse_msg...
9(1012) preparing to run routing scripts...
9(1012) REGISTER: Authenticating user
9(1012) parse_headers: flags=4
9(1012) end of header reached, state=9
9(1012) DEBUG: get_hdr_field: <To> [45];
uri=[sip:phonenumber@xxx.xxx.xxx.xxx;user=phone]
9(1012) DEBUG: to body [<sip:phonenumber@xxx.xxx.xxx.xxx;user=phone>
]
9(1012) parse_headers: flags=4096
9(1012) get_hdr_field: cseq <CSeq>: <103> <REGISTER>
9(1012) DEBUG: get_hdr_body : content_length=0
9(1012) found end of header
9(1012) pre_auth(): Credentials with given realm not found
9(1012) REGISTER: challenging user
9(1012) build_auth_hf(): 'WWW-Authenticate: Digest
realm="xxx.xxx.xxx.xxx",
nonce="425e063022afc1142ed6730d46da41692ff3ed57"
Thanks for any help.
On 4/14/05, Rod Bacon <rod.bacon(a)empoweredcomms.com.au> wrote:
Double-check all your RADIUS config files. Make sure
that your authserver
and accserver are set correctly in the radiusclient.conf (especially if the
RADIUS server is on a different machine). Also check the server.conf in
radiusclient-ng and clients.conf in freeredius to make sure that
server/client definitions (including shared key) are correct. The thing that
got me (I run RADIUS on a different server) was the bindaddr parameter in
radiusclient.conf. By default, it only sends RADIUS packets via localhost
(127.0.0.1). I had to set this paramater to the IP address of my NIC.
----- Original Message -----
From: "Alex" <alexandergav(a)gmail.com>
To: <serusers(a)lists.iptel.org>
Sent: Thursday, April 14, 2005 3:16 PM
Subject: [Serusers] Register authentication with ser.
Hi all
I need a little help with that.
I have installation of ser-0.8.14 and freeradius1.02.
I am checking my register requests with ngrep and it's coming on port
5060 with no problem. The problem is authentication, I can't
authenticate users through radius, freeradius working properly i
checked that with radiusclient, but the register request is not going
through authentication in the radius.( I don't see anything happens in
the radius logs)
If there any way to debug the ser ( i have debug=9 inside ser.cfg). In
order to see what's happening when the request is coming, and if it's
going to the radius or not.
ser.cfg
-----------------------------------
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
--------------------
modparamd"auth_radius",
"radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
modparam("auth_radius", "service_type", 15)
----------------------
if (method=="REGISTER") {
log(1, "REGISTER: Authenticating user\n");
if (!radius_www_authorize("")) {
log(1, "REGISTER: challenging user\n");
www_challenge("", "0");
break;
};
setflag(1);
save("location");
sl_send_reply("200","ok");
break;
};
------------------------
Thanks for any help.
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers