Hi, I have troble with authentication on Kamailio using RADIUS authentication. For configure freeradius and radiusclient I used this tutorial:

http://www.kamailio.org/docs/openser-radius-1.0.x.html

In config file of freeradius I have enabled digest in modules. In sites-available/default is digest enabled too. In config file of radiusclient I use for authentication server named localhost and in file servers I have password for localhost. I think, in freeradius and radiusclient config file, there is nothing wrong. When I test configuration of freeradius and radiusclient with radclient, there is no problem. Access is accepted. But when I want to authenticate with SIP Client (I use Jitsi), all registration are accepted. It doesn’t matter what username and password I write…

Problem is probably in config file of Kamailio. I don’t know for what are dictionary files exactly used. I include dictionary.kamailio in freeradius’s dictionary and radiusclient’s dicitionary too. I attached The content of this dictionary file.

When I start Kamailio in debug mode I can see any record about authentication or radius. Can anyone help me? Thanks for reply.

[1622]: DEBUG: <core> [parser/msg_parser.c:623]: SIP Request:

[1622]: DEBUG: <core> [parser/msg_parser.c:625]: method: <REGISTER>

[1622]: DEBUG: <core> [parser/msg_parser.c:627]: uri: <sip:192.168.0.112>

[1622]: DEBUG: <core> [parser/msg_parser.c:629]: version: <SIP/2.0>

[1622]: DEBUG: <core> [parser/msg_parser.c:170]: get_hdr_field: cseq <CSeq>: <1> <REGISTER>

[1622]: DEBUG: <core> [parser/parse_to.c:799]: end of header reached, state=10

[1622]: DEBUG: <core> [parser/msg_parser.c:190]: DEBUG: get_hdr_field: <To> [31]; uri=[sip:fas@192.168.0.11

[1622]: DEBUG: <core> [parser/msg_parser.c:192]: DEBUG: to body ["fas" <sip:fas@192.168.0.112>#015#012]

[1622]: DEBUG: <core> [parser/parse_via.c:1284]: Found param type 232, <branch> = <z9hG4bK-383438-2e2d7047b

[1622]: DEBUG: <core> [parser/parse_via.c:2672]: end of header reached, state=5

[1622]: DEBUG: <core> [parser/msg_parser.c:513]: parse_headers: Via found, flags=2

[1622]: DEBUG: <core> [parser/msg_parser.c:515]: parse_headers: this is the first via

[1622]: DEBUG: <core> [receive.c:149]: After parse_msg...

[1622]: DEBUG: <core> [receive.c:190]: preparing to run routing scripts...

[1622]: DEBUG: maxfwd [mf_funcs.c:85]: value = 70

[1622]: DEBUG: maxfwd [maxfwd.c:161]: value 70 decreased to 16

[1622]: DEBUG: <core> [parser/msg_parser.c:204]: DEBUG: get_hdr_body : content_length=0

[1622]: DEBUG: <core> [parser/msg_parser.c:106]: found end of header

[1622]: DEBUG: <core> [parser/parse_to.c:176]: DEBUG: add_param: tag=2148579d

[1622]: DEBUG: <core> [parser/parse_to.c:799]: end of header reached, state=29

[1622]: DEBUG: sanity [mod_sanity.c:255]: sanity checks result: 1

[1622]: DEBUG: siputils [checks.c:103]: no totag

[1622]: DEBUG: tm [t_lookup.c:1095]: DEBUG: t_check_msg: msg id=1 global id=0 T start=0xffffffffffffffff

[1622]: DEBUG: tm [t_lookup.c:534]: t_lookup_request: start searching: hash=18808, isACK=0

[1622]: DEBUG: tm [t_lookup.c:492]: DEBUG: RFC3261 transaction matching failed

1622]: DEBUG: tm [t_lookup.c:716]: DEBUG: t_lookup_request: no transaction found

[1622]: DEBUG: tm [t_lookup.c:1164]: DEBUG: t_check_msg: msg id=1 global id=1 T end=(nil)

[1622]: DEBUG: <core> [socket_info.c:589]: grep_sock_info - checking if host==us: 13==9 && [192.168.0.112]

[1622]: DEBUG: <core> [socket_info.c:593]: grep_sock_info - checking if port 5060 (advertise 0) matches por

[1622]: DEBUG: <core> [socket_info.c:589]: grep_sock_info - checking if host==us: 13==13 && [192.168.0.112]

[1622]: DEBUG: <core> [socket_info.c:593]: grep_sock_info - checking if port 5060 (advertise 0) matches por

[1622]: DEBUG: <core> [sruid.c:176]: new sruid is [uloc-51686c8e-656-1] (1 / 19)

[1622]: DEBUG: registrar [reply.c:368]: created Contact HF: Contact: <sip:fas@192.168.0.100:5060;transport=

[1622]: DEBUG: sl [sl.c:289]: reply in stateless mode (sl)

[1622]: DEBUG: <core> [msg_translator.c:206]: check_via_address(192.168.0.100, 192.168.0.100, 0)

[1622]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying list (nil)

[1622]: DEBUG: <core> [xavp.c:447]: destroying xavp list (nil)

[1622]: DEBUG: <core> [receive.c:293]: receive_msg: cleaning up

#### Attributes ###

ATTRIBUTE Sip-Method 101 integer # Schulzrinne, acc

ATTRIBUTE Sip-Response-Code 102 integer # Schulzrinne, acc

ATTRIBUTE Sip-Cseq 103 string # Schulzrinne, acc

ATTRIBUTE Sip-To-Tag 104 string # Schulzrinne, acc

ATTRIBUTE Sip-From-Tag 105 string # Schulzrinne, acc

ATTRIBUTE Sip-Translated-Request-URI 107 string # Proprietary, acc

ATTRIBUTE Sip-Src-IP 108 string # Proprietary, acc

ATTRIBUTE Sip-Src-Port 109 string # Proprietary, acc

ATTRIBUTE Digest-Response 206 string # Sterman, auth_radius

ATTRIBUTE Sip-Uri-User 208 string # Proprietary, auth_radius

ATTRIBUTE Sip-Group 211 string # Proprietary, group_radius

ATTRIBUTE Sip-Rpid 213 string # Proprietary, auth_radius

ATTRIBUTE SIP-AVP 225 string # Proprietary, avp_radius

ATTRIBUTE Digest-Realm 1063 string # Sterman, auth_radius

ATTRIBUTE Digest-Nonce 1064 string # Sterman, auth_radius

ATTRIBUTE Digest-Method 1065 string # Sterman, auth_radius

ATTRIBUTE Digest-URI 1066 string # Sterman, auth_radius

ATTRIBUTE Digest-QOP 1067 string # Sterman, auth_radius

ATTRIBUTE Digest-Algorithm 1068 string # Sterman, auth_radius

ATTRIBUTE Digest-Body-Digest 1069 string # Sterman, auth_radius

ATTRIBUTE Digest-CNonce 1070 string # Sterman, auth_radius

ATTRIBUTE Digest-Nonce-Count 1071 string # Sterman, auth_radius

ATTRIBUTE Digest-User-Name 1072 string # Sterman, auth_radius

### Acct-Status-Type Values ###

VALUE Acct-Status-Type Failed 15 # RFC2866, acc

### Service-Type Values ###

VALUE Service-Type Call-Check 10 # RFC2865, uri_radius

VALUE Service-Type Group-Check 12 # Proprietary, group_radius

VALUE Service-Type Sip-Session 15 # Schulzrinne, acc, auth_radius

VALUE Service-Type SIP-Caller-AVPs 30 # Proprietary, avp_radius

VALUE Service-Type SIP-Callee-AVPs 31 # Proprietary, avp_radius

### Sip-Method Values ###

VALUE Sip-Method Undefined 0

VALUE Sip-Method Invite 1

VALUE Sip-Method Cancel 2

VALUE Sip-Method Ack 4

VALUE Sip-Method Bye 8

VALUE Sip-Method Info 16

VALUE Sip-Method Options 32

VALUE Sip-Method Update 64

VALUE Sip-Method Register 128

VALUE Sip-Method Message 256

VALUE Sip-Method Subscribe 512

VALUE Sip-Method Notify 1024

VALUE Sip-Method Prack 2048

VALUE Sip-Method Refer 4096

VALUE Sip-Method Other 8192

VALUE Sip-Method INVITE 1 # Proprietary, acc

VALUE Sip-Method CANCEL 2 # Proprietary, acc

VALUE Sip-Method ACK 4 # Proprietary, acc

VALUE Sip-Method BYE 8 # Proprietary, acc

######Kamailio config file##############

loadmodule "auth.so"

loadmodule "auth_radius"

loadmodule "acc_radius"

loadmodule "misc_radius"

# -- auth_radius params --

modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient-ng/radiusclient.conf")

modparam("auth_radius", "service_type", 15)

# Authentication route

route[AUTH] {

#!ifdef WITH_AUTH

#!ifdef WITH_IPAUTH

if((!is_method("REGISTER")) && allow_source_address())

{

# source IP allowed

return;

}

#!endif

if (is_method("REGISTER"))

{

# authenticate requests

if (!radius_www_authorize("$td") {

www_challenge("$td", "0");

exit;

}

# user authenticated - remove auth header

if(!is_method("REGISTER|PUBLISH"))

consume_credentials();

}

# if caller is not local subscriber, then check if it calls

# a local destination, otherwise deny, not an open relay here

if (from_uri!=myself && uri!=myself)

{

sl_send_reply("403","Not relaying");

exit;

}

#!endif

return;

}