18 Jul
2007
18 Jul
'07
1:02 p.m.
Can u post your openser configuration + version also? From the debug u
sent it all looks fine except the error.
DanB
On 7/18/07, OpenSER ML <openser(a)zap2link.com> wrote:
Hi Dan,
I am running in debug mode, here is the output of FreeRadius which seems fine to me:
rad_recv: Access-Request packet from host 192.168.2.80:35223, id=250, length=232
User-Name = "101(a)openser.org"
Digest-Attributes = 0x0a05313031
Digest-Attributes = 0x010d6f70656e7365722e6f7267
Digest-Attributes =
0x022a34363961626230616465333832613934646432333533636264663264666438336231353933663564
Digest-Attributes = 0x04127369703a3139322e3136382e322e3830
Digest-Attributes = 0x030a5245474953544552
Digest-Attributes = 0x050661757468
Digest-Attributes = 0x090a3030303030303930
Digest-Attributes = 0x081235343038316466316439623562383564
Digest-Response = "d3ff78d09d9b2cefdce0c975b3c6fd26"
Service-Type = IAPP-Register
X-Ascend-PW-Lifetime = 0x313031
NAS-Port = 5060
NAS-IP-Address = 192.168.2.80
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1124
modcall[authorize]: module "preprocess" returns ok for request 1124
radius_xlat:
'/usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716'
rlm_detail:
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716
modcall[authorize]: module "auth_log" returns ok for request 1124
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok for request 1124
users: Matched entry 101(a)openser.org at line 53
modcall[authorize]: module "files" returns ok for request 1124
modcall: leaving group authorize (returns ok) for request 1124
rad_check_password: Found Auth-Type DIGEST
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1124
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "101"
Digest-Realm = "openser.org"
Digest-Nonce = "469abb0ade382a94dd2353cbdf2dfd83b1593f5d"
Digest-URI = "sip:192.168.2.80"
Digest-Method = "REGISTER"
Digest-QOP = "auth"
Digest-Nonce-Count = "00000090"
Digest-CNonce = "54081df1d9b5b85d"
A1 = 101:openser.org:101
A2 = REGISTER:sip:192.168.2.80
H(A1) = f195c177997cee336c919be9279c5703
H(A2) = 046d0643f281affab19fe62ffc848ab5
KD =
f195c177997cee336c919be9279c5703:469abb0ade382a94dd2353cbdf2dfd83b1593f5d:00000090:54081df1d9b5b85d:auth:046d0643f281affab19fe62ffc848ab5
EXPECTED d3ff78d09d9b2cefdce0c975b3c6fd26
RECEIVED d3ff78d09d9b2cefdce0c975b3c6fd26
modcall[authenticate]: module "digest" returns ok for request 1124
modcall: leaving group authenticate (returns ok) for request 1124
Login OK: [101(a)openser.org/<no User-Password attribute>] (from client 192.168.2.80
port 5060)
Sending Access-Accept of id 250 to 192.168.2.80 port 35223
Finished request 1124
Going to the next request
Waking up in 6 seconds...
Z2L
----- Original Message -----
From: "Dan-Cristian Bogos" <dan.bogos(a)gmail.com>
To: openser(a)zap2link.com
Sent: Wednesday, July 18, 2007 1:53:14 PM (GMT+0200) Asia/Jerusalem
Subject: Re: [OpenSER-Users] Radius integration issue
Hi,
try running FreeRADIUS in debug mode, this will tell u more info
regarding the cause of failure.
To run FreeRADIUS in debug start it with -X option.
Let us know about the results.
Cheers,
DanB
On 7/18/07, OpenSER ML <openser(a)zap2link.com> wrote:
Hi All,
I'm trying to connect OpenSER with FreeRadius. I've managed to get the digest
authentication
going correctly, having the Radius respond with LOGIN OK for the requests that are in the
users file. However, although the authentication process appears to succeed, the IP phone
doesn't register to the OpenSER server.
The following can be seen in the debug:
0(17821) SIP Request:
0(17821) method: <REGISTER>
0(17821) uri: <sip:192.168.2.80>
0(17821) version: <SIP/2.0>
0(17821) parse_headers: flags=2
0(17821) Found param type 232, <branch> = <z9hG4bK4d7202f23b6595fc>;
state=16
0(17821) end of header reached, state=5
0(17821) parse_headers: Via found, flags=2
0(17821) parse_headers: this is the first via
0(17821) After parse_msg...
0(17821) preparing to run routing scripts...
0(17821) parse_headers: flags=100
0(17821) DEBUG:parse_to:end of header reached, state=10
0(17821) DBUG:parse_to: display={}, ruri={sip:101@192.168.2.80;user=phone}
0(17821) DEBUG: get_hdr_field: <To> [35]; uri=[sip:101@192.168.2.80;user=phone]
0(17821) DEBUG: to body [<sip:101@192.168.2.80;user=phone>
]
0(17821) get_hdr_field: cseq <CSeq>: <20048> <REGISTER>
0(17821) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(17821) parse_headers: flags=200
0(17821) DEBUG: get_hdr_body : content_length=0
0(17821) found end of header
0(17821) find_first_route: No Route headers found
0(17821) loose_route: There is no Route HF
0(17821) grep_sock_info - checking if host==us: 12==12 && [192.168.2.80] ==
[192.168.2.80]
0(17821) grep_sock_info - checking if port 5060 matches port 5060
0(17821) grep_sock_info - checking if host==us: 12==12 && [192.168.2.80] ==
[192.168.2.80]
0(17821) grep_sock_info - checking if port 5060 matches port 5060
0(17821) check_nonce(): comparing [469aba5f4ff6b78f7b9588ad19fc0ab514e709da] and
[469aba5f4ff6b78f7b9588ad19fc0ab514e709da]
0(17821) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed
0(17821) build_auth_hf(): 'WWW-Authenticate: Digest realm="openser.org",
nonce="469aba5f4ff6b78f7b9588ad19fc0ab514e709da", qop="auth"
'
0(17821) parse_headers: flags=ffffffffffffffff
0(17821) check_via_address(192.168.2.101, 192.168.2.101, 0)
0(17821) DEBUG:destroy_avp_list: destroying list (nil)
0(17821) receive_msg: cleaning up
As you can surely see, the ERROR is somewhere in the authorization status. Now,
I've verified
the secret key between the machine, and all seems to be in place - any pointers will be
highly appreciated.
Z2L
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users