RE: [Serusers] radius issue

I am using the Microsoft radius server, but it isn't getting that far yet. I asked our MS sysadmin, and he is not seeing anythin in the logs.

I didn't provide enough info below as I thought I did. The client I am using is MS Messenger 4.7. When I start SER on the server, it shows listening for the following:

Listening on 127.0.0.1 [127.0.0.1]:5060 10.0.2.1 [10.0.2.1]:5060 Aliases: comm01.orau.gov:5060 localhost:5060 localhost.localdomain:5060 comm01:5060

I did a capture using ethereal, and what comes back is an icmp packet, which usually indicates SER is not running. But, ps shows instances of SER running.

Do you see any issues with the ser.cfg file?

Scott Morris Enterprise Network Engineer DOE - ORAU / ORISE 865-576-4672

-----Original Message----- From: Daniel-Constantin Mierla [mailto:daniel@iptel.org] Sent: Tuesday, March 30, 2004 4:19 AM To: Morris, Scott Cc: serusers@lists.iptel.org Subject: Re: [Serusers] radius issue

Have you followed http://iptel.org/ser/doc/ser_radius/ser_radius.html? What radius server are you using?

.Daniel

On 03/30/04 00:08, Morris, Scott wrote:

Present Configuration OS - Redhat ES 3 SER - 8.12 (installed from rpm) SER radius (installed from rpm) radius client - 3.25 i586 - installed from rpmfind.net

SER starts, but I receive the message that my signin failed because the service is not running. SER is running, I id a ps and it show sintances of SER running. I beleive it is my ser.cfg file. I am not sure where authhentication configuration items begin and end with what I am doing. I am not using mysql, but want to use radius authentication. I have my ser.cfg below.

*Scott Morris* Enterprise Network Engineer DOE - ORAU / ORISE 865-576-4672

#
# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
#
# simple quick-start config script
#

# ----------- global configuration parameters 

---

#debug=3         # debug level (cmd line: -dddddddddd)
#fork=yes
#log_stderror=no        # (cmd line: -E)

/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
debug=7
# fork=no
# log_stderror=yes




check_via=no    # (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
# alias=orau.gov


# ------------------ module loading 

---

# Uncomment this if you want to use SQL database
#loadmodule "/usr/lib/ser/modules/mysql.so"

loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/registrar.so"

# Uncomment this if you want digest authentication
# mysql.so must be loaded !
#loadmodule "/usr/lib/ser/modules/auth.so"
#loadmodule "/usr/lib/ser/modules/auth_db.so"
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"
loadmodule "/usr/lib/ser/modules/auth_radius.so"
# ----------------- setting module-specific parameters 

---

# -- usrloc params --

modparam("usrloc", "db_mode",   0)

# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
#modparam("usrloc", "db_mode", 2)

# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this
config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")

# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)

# --auth_radius params
modparam("auth_radius", "radius_config",
"/etc/radiusclient/radiusclient.conf")
modparam("auth_radius", "service_type", 15)
# -------------------------  request routing logic 

---

# main routing logic

route{

        # initial sanity checks -- messages with
        # max_forwards==0, or excessively long requests
        if (!mf_process_maxfwd_header("10")) {
                sl_send_reply("483","Too Many Hops");
                break;
        };
        if ( msg:len > max_len ) {
                sl_send_reply("513", "Message too big");
                break;
        };

        # we record-route all messages -- to make sure that
        # subsequent messages will go through our proxy; that's
        # particularly good if upstream and downstream entities
        # use different transport protocol
        record_route();
        # loose-route processing
        if (loose_route()) {
                t_relay();
                break;
        };

        # if the request is for other domain use UsrLoc
        # (in case, it does not work, use the following command
        # with proper names and addresses in it)
        if (uri==myself) {

                if (method=="REGISTER") {

# Uncomment this if you want to use digest authentication
                        if (!radius_www_authorize("iptel.org")) {
                                www_challenge("iptel.org", "0");


                                break;
                        };




                        save("location");
                        break;
                };

                # native SIP destinations are handled using our
USRLOC DB
                if (!lookup("location")) {
                        sl_send_reply("404", "Not Found");
                        break;
                };
        };
        # forward to current uri now; use stateful forwarding; that
        # works reliably even if we forward from TCP to UDP
        if (!t_relay()) {
                sl_reply_error();
        };

}

---

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers