Hi,
I get the following:
[root@localhost radiusclient-ng]#
radiusclient -f /usr/local/etc/radiusclient-ng/radiusclient.conf
'User-Name=101@mydomain.com' 'Password=101';echo $?
Reply-Message
= 'Authenticated'
1
I guess the radiusclient is working fine
since I am receiving the RADIUS packets on the freeradius debugs.
I suspect the following entries in the
debug:
rad_recv: Access-Request packet from host 127.0.0.1:32901,
id=197, length=64
User-Name =
"101@mydomain"
Sip-Group =
"suspended"
Service-Type =
Group-Check
NAS-Port = 0
NAS-IP-Address =
127.0.0.1
Why is openser setting the group to
SUSPENDED???? Since there is no group named suspended on the radius that
may be the reason the radius is rejecting:
RADIUS Users file:
### --- avps ---
101@mydomain.com Auth-Type := Accept,
Service-Type == "SIP-Callee-AVPs"
Sip-Avp += "#3#1",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Fri"
102@mydomain.com Auth-Type := Accept,
Service-Type == "SIP-Callee-AVPs"
Sip-Avp += "#3#1",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Free"
DEFAULT Auth-Type := Accept, Service-Type
== "SIP-Callee-AVPs"
### --- group checking ---
### --- user 101 ---
101@mydomain.com Auth-Type := Accept,
Sip-Group == "voip", Service-Type == "Group-Check"
Reply-Message = "Authorized"
101@mydomain.com Auth-Type := Accept,
Sip-Group == "suspended", Service-Type == "Group-Check"
Reply-Message = "Authorized"
101@mydomain.com Auth-Type := Accept,
Sip-Group == "pstn", Service-Type == "Group-Check"
Reply-Message = "Authorized"
### --- user 102 ---
102@mydomain.com Auth-Type := Accept,
Sip-Group == "voip", Service-Type == "Group-Check"
Reply-Message = "Authorized"
DEFAULT Auth-Type := Reject, Service-Type
== "Group-Check"
### --- user authentication ---
101@mydomain.com Auth-Type := Digest,
User-Password == "101"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:101",
Sip-Avp += "#2:192.168.10.17",
#
Sip-Avp += "#2:192.168.2.11"
102@mydomain.com Auth-Type := Digest,
User-Password == "102"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:102",
#
Sip-Avp += "#2:192.168.2.12"
From: Edson
[mailto:4lists@gmail.com]
Sent: Thursday, June 15, 2006 4:19
PM
To: 'Hamid Ali Asgari';
Subject: RE: [Users] SIP Clients
Can't REGISTER
Take a look on the user credentials on
Radius DB… Radius is rejecting the authentication, so there should be
some mismatch between Your login credentials and what Radius has in its DB.
Try to run this command and see
what’s the result (linux version):
radiusclient -f
<conf-dir-of-radiusclient-ng>/radiusclient.conf -p 123
'User-Name=some@valid.user' 'Password=Guess';echo $?
It should return:
Reply-Message
= 'Authenticated'
Edson.