Re: [Serusers] radius accounting issue

19 Dec 2003

Hi,

Here is the output from starting radius with -X, does it look good? I kind
of notice that the NAS-IP-Address is form 127.0.0.1, shouldn't it come from
192.168.1.94, (my server running ser)?? I am still not able to get radius to
report accounting records. I am without START or STOP record. I have re-read
radius-how to again and I am sure I followed all steps mentioned. I have
even gone back to recomplie acc.so again. Any more suggestions? Do you think
my previous ser.cfg looks Ok?

rad_recv: Access-Request packet from host 192.168.1.94:38881, id=122,
length=191
        User-Name = &quot;317(a)abc.com&quot;
        Digest-Attributes = 0x0a05333137
        Digest-Attributes = 0x010d616363657373762e636f6d
        Digest-Attributes =
0x022a3366653335653538396665373766653531613961323634386162323666613834656461
3031633732
        Digest-Attributes = 0x04117369703a616363657373762e636f6d
        Digest-Attributes = 0x030a5245474953544552
        Digest-Response = "e14e2d008b655cebbb738e38833003a1"
        Service-Type = IAPP-Register
        Sip-Uri-User = "317"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 5060
modcall: entering group authorize for request 2
  modcall[authorize]: module "preprocess" returns ok for request 2
  modcall[authorize]: module "chap" returns noop for request 2
  modcall[authorize]: module "eap" returns noop for request 2
    rlm_digest: Converting Digest-Attributes to something sane...
        Digest-User-Name = "317"
        Digest-Realm = "abc.com"
        Digest-Nonce = "3fe35e589fe77fe51a9a2648ab26fa84eda01c72"
        Digest-URI = "sip:abc.com"
        Digest-Method = "REGISTER"
rlm_digest: Adding Auth-Type = DIGEST
  modcall[authorize]: module "digest" returns ok for request 2
    rlm_realm: Looking up realm "abc.com" for User-Name =
&quot;317(a)abc.com&quot;
    rlm_realm: No such realm "abc.com"
  modcall[authorize]: module "suffix" returns noop for request 2
    users: Matched 317(a)abc.com at 1
  modcall[authorize]: module "files" returns ok for request 2
  modcall[authorize]: module "mschap" returns noop for request 2
modcall: group authorize returns ok for request 2
  rad_check_password:  Found Auth-Type Digest
auth: type "digest"
modcall: entering group authenticate for request 2
A1 = 317:abc.com:1234
A2 = REGISTER:sip:abc.com
KD =
456084ff9475e53e7dec297e96ff648d:3fe35e589fe77fe51a9a2648ab26fa84eda01c72:01
de61682c4ba42a1136eb32515fa714
  modcall[authenticate]: module "digest" returns ok for request 2
modcall: group authenticate returns ok for request 2
radius_xlat:  'Authtnticated'
Login OK: [317(a)abc.com/&lt;no User-Password attribute>] (from client sushi port
5060)
Sending Access-Accept of id 122 to 192.168.1.94:38881
        Reply-Message = "Authtnticated"
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 122 with timestamp 3fe36696
Nothing to do.  Sleeping until we see a request.

Regards,

Anthony

----- Original Message ----- 
From: "Jan Janak" &lt;jan(a)iptel.org&gt;
To: "Anthony Law" &lt;anthonyl(a)accessv.com&gt;
Cc: "Mailing List Ser" &lt;serusers(a)lists.iptel.org&gt;
Sent: Thursday, December 18, 2003 3:36 PM
Subject: Re: [Serusers] radius accounting issue

...
  Hello,

 does your radius server gets any radius messages from ser ? Try to start
 the radius server with -X parameter, the server will stay in foreground
 and print a lot of debugging information.

 Try to make a call then to see if there is any communication between
 radiusclient library and radius server.

 Also check the radius howto available at http://iptel.org/ser

   Jan.

 On 16-12 13:02, Anthony Law wrote:
 > Hi,
 >
 > I am having problem getting radius accounting to work. My problem is that
...
  > radius detail file is not written to
/var/log/radius/radacct/ in fact there
...
  > is no radius accounting at all, strangely I do
have radius.log (radius setup
...
  > seems to be fine as I could get detail accounting
from my dialup NAS) I am
...
  > running "ser-0.8.11, freeradius-0.9.3 &
radiusclient-0.3.2".
 > Here is my ser.cfg
 >
 > #
 > # $Id: ser.cfg,v 1.21.2.1 2003/07/30 16:46:18 andrei Exp $
 > #
 > # simple quick-start config script
 > #
 >
 > # ----------- global configuration parameters ------------------------
 >
 > debug=9         # debug level (cmd line: -dddddddddd)
 > fork=yes
 > log_stderror=no # (cmd line: -E)
 >
 > /* Uncomment these lines to enter debugging mode
 > debug=9
 > fork=no
 > log_stderror=yes
 > */
 >
 > check_via=no    # (cmd. line: -v)
 > dns=no           # (cmd. line: -r)
 > rev_dns=no      # (cmd. line: -R)
 > #port=5060
 > #children=4
 > fifo="/tmp/ser_fifo"
 >
 > # ------------------ module loading ----------------------------------
 >
 > # Uncomment this if you want to use SQL database
 > #loadmodule "/usr/local/lib/ser/modules/mysql.so"
 >
 > loadmodule "/usr/local/lib/ser/modules/sl.so"
 > loadmodule "/usr/local/lib/ser/modules/tm.so"
 > loadmodule "/usr/local/lib/ser/modules/rr.so"
 > loadmodule "/usr/local/lib/ser/modules/acc.so"
 > loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
 > loadmodule "/usr/local/lib/ser/modules/usrloc.so"
 > loadmodule "/usr/local/lib/ser/modules/registrar.so"
 >
 > # Uncomment this if you want digest authentication
 > # mysql.so must be loaded !
 > #loadmodule "/usr/local/lib/ser/modules/auth.so"
 > #loadmodule "/usr/local/lib/ser/modules/auth_db.so"
 > loadmodule "/usr/local/lib/ser/modules/auth.so"
 > loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
 >
 > # ----------------- setting module-specific parameters ---------------
 >
 > # -- usrloc params --
 >
 > modparam("usrloc", "db_mode",   0)
 >
 > # Uncomment this if you want to use SQL database
 > # for persistent storage and comment the previous line
 > #modparam("usrloc", "db_mode", 2)
 >
 > # -- auth params --
 > # Uncomment if you are using auth module
 > #
 > #modparam("auth_db", "calculate_ha1", yes)
 > modparam("auth_radius", "radius_config",
 > "/usr/local/etc/radiusclient/radiusclient.conf")
 > modparam("acc", "radius_config",
 > "/usr/local/etc/radiusclient/radiusclient.conf")
 >
 > # If you set "calculate_ha1" parameter to yes (which true in this
config),
...
  > # uncomment also the following parameter)
 > #
 > #modparam("auth_db", "password_column", "password")
 > modparam("auth_radius", "service_type", 15)
 >
 > # -- rr params --
 > # add value to ;lr param to make some broken UAs happy
 > modparam("rr", "enable_full_lr", 1)
 >
 > # related to radius acct
 > modparam("acc", "log_level", 1)
 > modparam("acc", "radius_flag", 1)
 > modparam("acc", "radius_missed_flag", 3)
 >
 > # -------------------------  request routing logic -------------------
 >
 > # main routing logic
 >
 > route{
 >
 >         # initial sanity checks -- messages with
 >         # max_forwards==0, or excessively long requests
 >         if (!mf_process_maxfwd_header("10")) {
 >                 sl_send_reply("483","Too Many Hops");
 >                 break;
 >         };
 >         if (len_gt( max_len )) {
 >                 sl_send_reply("513", "Message too big");
 >                 break;
 >         };
 >
 >         # we record-route all messages -- to make sure that
 >         # subsequent messages will go through our proxy; that's
 >         # particularly good if upstream and downstream entities
 >         # use different transport protocol
 >         record_route();
 >         # loose-route processing
 >         if (loose_route()) {
 >                 t_relay();
 >                 break;
 >         };
 >
 >         # if the request is for other domain use UsrLoc
 >         # (in case, it does not work, use the following command
 >         # with proper names and addresses in it)
 > #       if (uri==myself) {
 >         if (uri=~"") {
 >                 if (method=="REGISTER") {
 >                         log(1, "Register: Authenticating user\n");
 > # Uncomment this if you want to use digest authentication
 >                         if (!radius_www_authorize("")) {
 >                                 log(1, "Register: Challenging user\n");
 >                                 www_challenge("", "0");
 >                                 break;
 >                         };
 >
 >                         save("location");
 >                         break;
 >                 };
 >
 >         if (method=="INVITE") {
 >
 >                 log(1, "INVITE\n");
 >                 setflag(1); /* set for accounting (the same value as in
 > log_flag!) */
 >         };
 >
 >         if (method=="MESSAGE") {
 >                 log(1, "MESSAGE\n");
 >                 setflag(1); /* set for accounting (the same value as in
 > log_flag!) */
 >         };
 >
 >         if (method=="BYE" || method=="CANCEL") {
 >                 log (1, "BYE or CANCEL\n");
 >                 setflag(1);
 >         };
 >                 # native SIP destinations are handled using our USRLOC DB
...

 if (!lookup("location")) {
                         sl_send_reply("404", "Not Found");
                         break;
                 };
         };
         # forward to current uri now; use stateful forwarding; that
         # works reliably even if we forward from TCP to UDP
         if (!t_relay()) {
                 sl_reply_error();
         };

 }

 Suggestions anyone??

 Regards,

 Anthony

 _______________________________________________
 Serusers mailing list
 serusers(a)lists.iptel.org
 http://lists.iptel.org/mailman/listinfo/serusers 

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: [Serusers] radius accounting issue