g-)

---- Original Message ----
From: Naresh Parmar
To: Ricardo Martinez ; serusers@lists.iptel.org
Sent: Wednesday, July 20, 2005 07:09 PM
Subject: RE: [Serusers] Problem authorizing with radius

> Hi Ricardo,
>
> Tried it. It still gives me the same error. Please let me know the
> version of the radius server you are using.?? Also can you please let
> me know wht did u do to make the accounting work...??
>
> Best Regards,
> Naresh
>
> Ricardo Martinez <rmartinez@redvoiss.net> wrote:
> Hello Naresh.
>     I guess there is an error in the way you call the authorization
> for the INVITE. As far as i know for the REGISTER message
> (authentication) you need the statement :
>
>     radius_www_authorize
>
>     But for the INVITE you need to call "radius_proxy_authorize".
> This is what i have in my ser.cfg
>
>             if (method=="INVITE") {
>
>                 if (!radius_proxy_authorize("")) {
>                         proxy_challenge("","1");
>                         break;
>                 };
>         };
>
> maybe you can try this and tell me how it works.
>
> Good luck
>
> Ricardo Martinez.-
>
> -----Mensaje original-----
> De: Naresh Parmar [mailto:naresh_parmar14@yahoo.com]
> Enviado el: Miércoles, 20 de Julio de 2005 12:10
> Para: Ricardo Martinez; serusers@lists.iptel.org
> Asunto: RE: [Serusers] Problem authorizing with radius
>
>
> Hi Ricardo,
>
> We are using freeradius server 0.9.1 and SER 0.9.3. The version of
> radius client is radiusclient-ng-0.5.1. The users file in the radius
> server looks like as below:
>
> test@sip2.zone Auth-Type := Digest, User-Password == "cisco1234"
>         Reply-Message = "Authenticated",
>         Sip-Rpid = "1970"
> test@sip2.zone Auth-Type := Accept
>         Reply-Message = "Authorized",
>         Sip-Group == "ld"
>
> The radius authentication and authorization parts in the ser.cfg file
> are given below:
>
>   if (uri=~"^sip:9[0-9]*@") {
>                         if (method=="INVITE"){
>                                 if (!radius_www_authorize("")) {
>                                          www_challenge("", "1");
>                                         break;
>                                 }else{
>                                         if
> (radius_is_user_in("Credentials", "ld")){
>
> forward(192.168.2.101,5060);
>                                                 break;
>                                         }else{
>                                                 break;
>                                         };
>                                 };
>                         };
>                 };
>
>
> And finally the error is as below:
>
> Invalid operator for item Suffix: reverting to '=='
>   modcall[authorize]: module "preprocess" returns ok
>   modcall[authorize]: module "chap" returns noop
>   rlm_eap: No EAP-Message, not doing EAP
>   modcall[authorize]: module "eap" returns noop
>     rlm_digest: Converting Digest-Attributes to something sane...
>         Digest-User-Name = "test"
>         Digest-Realm = "sip2.zone"
>         Digest-Nonce = "42de75b2e9e39194a286e8ccd284646ffa14bcc2"
>         Digest-URI = "sip:94161000@sip2.zone"
>         Digest-Method = "INVITE"
>         Digest-QOP = "auth"
>         Digest-Nonce-Count = "0000000a"
>         Digest-CNonce = "753F926DB8F5415D8D56EE7816410E33"
> rlm_digest: Adding Auth-Type = DIGEST
>   modcall[authorize]: module "digest" returns ok
>     rlm_realm: Looking up realm "sip2.zone" for User-Name =
> "test@sip2.zone"
>     rlm_realm: No such realm "sip2.zone"
>   modcall[authorize]: module "suffix" returns noop
>     users: Matched entry test@sip2.zone at line 226
>   modcall[authorize]: module "files" returns ok
>   modcall[authorize]: module "mschap" returns noop
> modcall: group authorize returns ok
>   rad_check_password: Found Auth-Type Digest
> auth: type "digest"
> modcall: entering group authenticate
> A1 = test:sip2.zone:cisco1234
> A2 = INVITE:sip:94161000@sip2.zone
> KD =
> 53d3b82970bada131a062103f553b8b8:42de75b2e9e39194a286e8ccd284646ffa14bcc2:0000000a:753F926DB8F5415D8D56EE7816410E33:auth:18227b358ffe96049a3745eeb
> 449fae2
>   modcall[authenticate]: module "digest" returns ok
> modcall: group authenticate returns ok
> radius_xlat: 'Authenticated'
> Login OK: [test@sip2.zone/<no User-Password attribute>] (from client
> proxy port 5060)
> Sending Access-Accept of id 203 to 192.168.2.1:32831
>         Reply-Message = "Authenticated"
>         Sip-Rpid = "1970"
> Finished request 6
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 192.168.2.1:32831, id=204,
> length=53
>         User-Name = "test"
>         Sip-Group = "ld"
>         Service-Type = Group-Check
>         NAS-IP-Address = 192.168.2.1
>         NAS-Port = 0
> modcall: ent ering group authorize
> Invalid operator for item Suffix: reverting to '=='
> Invalid operator for item Suffix: reverting to '=='
> Invalid operator for item Suffix: reverting to '=='
>   modcall[authorize]: module "preprocess" returns ok
>   modcall[authorize]: module "chap" returns noop
>   rlm_eap: No EAP-Message, not doing EAP
>   modcall[authorize]: module "eap" returns noop
>   modcall[authorize]: module "digest" returns noop
>     rlm_realm: No '@' in User-Name = "test", looking up realm NULL
>     rlm_realm: No such realm "NULL"
>   modcall[authorize]: module "suffix" returns noop
>   modcall[authorize]: module "files" returns notfound
>   modcall[authorize]: module "mschap" returns noop
> modcall: group authorize returns ok
> auth: No authenticate method (Auth-Type) configuration found for the
> request: Rejecting the user
> auth: Failed to validate the user.
> Login incorrect: [test/<no User-Password attribute>] (from client
> proxy port 0)
> Delaying request 7 for 1 seconds
> Finished request 7
> Going to the next request
> Waking up in 6 seconds...
>
> As you can see from the above configuration, the authentication works
> perfect, its only in the authorization where it fails. Also can you
> please let me know about the accounting configuration??
>
> Thanks a lot..
> Naresh
>
>
> Ricardo Martinez <rmartinez@redvoiss.net> wrote:
> Hello Naresh
> I have authentication, authorization and accounting (AAA) through
> radius working fine. What radius server are you using?, can you send
> us more information about the configuration?
>
> Cheers,
> Ricardo.-
>
> -----Mensaje original-----
> De: Naresh Parmar [mailto:naresh_parmar14@yahoo.com]
> Enviado el: Miércoles, 20 de Julio de 2005 10:37
> Para: serusers@lists.iptel.org
> Asunto: [Serusers] Problem authorizing with radius
>
>
> hi friends,
>
> I am having problems while authorizing with the radius server. I am
> using the same configuration as mentioned in the radius-howto.
> Authentication works perfect as I am able to authenticate using the
> radius server. However while authorizing against the radius server to
> make a call I get the following error:
>
> auth: No authenticate method (Auth-Type) configuration found for the
> user
> request: Rejecting the user
> auth: Failed to validate the user.
> Delaying request 2 for 1 seconds
> Finished request 2
>
> When I authorize against the mysql database, it works fine. Any
> clue???
>
> Best Regards,
> Naresh
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
>
> Start your day with Yahoo! - make it your home page
>
>
>
> _______________________________________________
> Serusers mailing list
> serusers@lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers