If you take a look at the radius debug, you will see that the radius does authenticate the user first and then ejects in the second auth.. Does it have anything to do with the Sip-Group = "suspended” entry?

 

Interesting point is that everything is exactly like the examples on the tutorial.

 

Thanks,

Hamid

 

rad_recv: Access-Request packet from host 127.0.0.1:32900, id=196, length=185

        User-Name = "101@mydomain.com"

        Digest-Attributes = 0x0a05313031

        Digest-Attributes = 0x010b73686174656c2e6972

        Digest-Attributes = 0x022a34343866663166663933326638303933376130343732663338373631633530366561663636613934

        Digest-Attributes = 0x040f7369703a73686174656c2e6972

        Digest-Attributes = 0x030a5245474953544552

        Digest-Response = "7a3f00f697286dd95c5aa654a9662dea"

        Service-Type = Sip-Session

        Sip-Uri-User = "101"

        NAS-Port = 5060

        NAS-IP-Address = 127.0.0.1

  Processing the authorize section of radiusd.conf

modcall: entering group authorize for request 100

  modcall[authorize]: module "preprocess" returns ok for request 100

  modcall[authorize]: module "chap" returns noop for request 100

  modcall[authorize]: module "mschap" returns noop for request 100

rlm_digest: Adding Auth-Type = DIGEST

  modcall[authorize]: module "digest" returns ok for request 100

    rlm_realm: Looking up realm "mydomain.com" for User-Name = "101@mydomain.com"

    rlm_realm: No such realm "mydomain.com"

  modcall[authorize]: module "suffix" returns noop for request 100

  rlm_eap: No EAP-Message, not doing EAP

  modcall[authorize]: module "eap" returns noop for request 100

    users: Matched entry DEFAULT at line 152

    users: Matched entry 101@mydomain.com at line 255

  modcall[authorize]: module "files" returns ok for request 100

modcall: leaving group authorize (returns ok) for request 100

  rad_check_password:  Found Auth-Type Digest

auth: type "digest"

  Processing the authenticate section of radiusd.conf

modcall: entering group authenticate for request 100

    rlm_digest: Converting Digest-Attributes to something sane...

        Digest-User-Name = "101"

        Digest-Realm = "mydomain.com"

        Digest-Nonce = "448ff1ff932f80937a0472f38761c506eaf66a94"

        Digest-URI = "sip:mydomain.com"

        Digest-Method = "REGISTER"

A1 = 101:mydomain.com:101

A2 = REGISTER:sip:mydomain.com

H(A1) = a5d8cf73217ea46c8fd8ca5da1c6a2e3

H(A2) = 27e9df2d1a7ed715c7204d1316039120

KD = a5d8cf73217ea46c8fd8ca5da1c6a2e3:448ff1ff932f80937a0472f38761c506eaf66a94:27e9df2d1a7ed715c7204d1316039120

EXPECTED 7a3f00f697286dd95c5aa654a9662dea

RECEIVED 7a3f00f697286dd95c5aa654a9662dea

  modcall[authenticate]: module "digest" returns ok for request 100

modcall: leaving group authenticate (returns ok) for request 100

radius_xlat:  'Authenticated'

Sending Access-Accept of id 196 to 127.0.0.1 port 32900

        Reply-Message = "Authenticated"

        SIP-AVP += "rpid:101"

        SIP-AVP += "#2:192.168.10.17"

Finished request 100

 

---------------------------------------------

 

Going to the next request

Waking up in 2 seconds...

rad_recv: Access-Request packet from host 127.0.0.1:32901, id=197, length=64

        User-Name = "101@mydomain.com"

        Sip-Group = "suspended"

        Service-Type = Group-Check

        NAS-Port = 0

        NAS-IP-Address = 127.0.0.1

  Processing the authorize section of radiusd.conf

modcall: entering group authorize for request 101

  modcall[authorize]: module "preprocess" returns ok for request 101

  modcall[authorize]: module "chap" returns noop for request 101

  modcall[authorize]: module "mschap" returns noop for request 101

  modcall[authorize]: module "digest" returns noop for request 101

    rlm_realm: Looking up realm "mydomain.com" for User-Name = "101@mydomain.com"

    rlm_realm: No such realm "mydomain.com"

  modcall[authorize]: module "suffix" returns noop for request 101

  rlm_eap: No EAP-Message, not doing EAP

  modcall[authorize]: module "eap" returns noop for request 101

    users: Matched entry DEFAULT at line 152

    users: Matched entry DEFAULT at line 252

  modcall[authorize]: module "files" returns ok for request 101

modcall: leaving group authorize (returns ok) for request 101

  rad_check_password:  Found Auth-Type Reject

  rad_check_password: Auth-Type = Reject, rejecting user

auth: Failed to validate the user.

Delaying request 101 for 1 seconds

Finished request 101

 

 

 


From: Edson [mailto:4lists@gmail.com]
Sent: Thursday, June 15, 2006 4:19 PM
To: 'Hamid Ali Asgari'; users@openser.org
Subject: RE: [Users] SIP Clients Can't REGISTER

 

Take a look on the user credentials on Radius DB… Radius is rejecting the authentication, so there should be some mismatch between Your login credentials and what Radius has in its DB.

 

Try to run this command and see what’s the result (linux version):

 

    radiusclient -f <conf-dir-of-radiusclient-ng>/radiusclient.conf -p 123 'User-Name=some@valid.user' 'Password=Guess';echo $?

 

It should return:

 

    Reply-Message                    = 'Authenticated'

 

Edson.