Hi all,
I’m trying to configure SER 0.8.14 to use
authentication with NavisRadius 4.5.0.
On my X-Lite (X-Lite v2.0 Build 1103m)
client I’m getting “Login Failed! Contact Network Admin.”
I’m getting
following message from NavisRadius. Why? => Reply-Message = "No
check.password"
I would be very grateful if someone could look at my
ser.cfg and output from NavisRadius.
Best regards
*****************************************************************************
This is what I get on RADIUS server (different from
SER machine)
Client:
Client-Class =
"#default"
Nas_Port_Normalization =
off
Radius_Remove_Trailing_Nul
= TRUE
Radius_Append_Trailing_Nul
= FALSE
Auto_Remove_Check_Items =
TRUE
Check_Authenticators =
TRUE
Session_Time_From_Time_Of_Day
= FALSE
Radius_Charset =
"UTF8"
Client-Class =
"video"
Client-Dictionary =
"draft_ietf_radext_digest_auth_01"
**** dictionary of
radiusclient on SER machine is adjusted to dictionary of RADIUS, and RADIUS can
recognize attributes - except if I MUST run sterman_aaa_sip_00 on
NavisRadius???? I attached dictionary in radiusclient to this message ****
Client-Secret =
<hidden>
Request:
User-Name =
"djovanov.srce"
Digest-Username =
"djovanov.srce"
Digest-Realm =
"srce.hr"
Digest-Nonce =
"427b5aa983df858da94c50d1f8132a69e3e703ad"
Digest-URI =
"sip:srce.hr"
Digest-Method =
"REGISTER"
Digest-Response =
"ca6202fe55c51501295a9bc6ab325420"
Service-Type =
IAPP-Register
Anonymous =
v0-a208-646A6F76616E6F7669632E73726365
**** RADIUS doesn’t
recognize code 208, which is Sip-Uri-User ****
****Am I missing
Digest-Algorithm? Why SER doesn’t send this attribute?****
NAS-IP-Address =
161.53.0.131
NAS-Port = 5060
Packet:
Client-Name =
"161.53.0.131"
Packet-Type =
Access-Request
Packet-Identifier = 213
Packet-Length = 197
Packet-Authenticator =
2B25D6D4934B930EB21F8E1B6AEFFE50
Source-Address =
161.53.0.131
Source-Port = 33159
Destination-Address =
0.0.0.0
Destination-Port = 1812
Receipt-Time =
"2005/05/06 13:44:32"
Full-User-Name =
"djovanov.srce"
Base-User-Name =
"djovanov.srce"
Normalized-Nas-Port =
5060
19
<engine.worker.0> -> checkDigest[AuthHttpDigest]
19
<plugin.AuthHttpDigest.checkDigest> FAILURE -- No check.password
20
<engine.worker.0> Variable group trace
Reply:
Reply-Message = "No
check.password"
**** this is message is
which I get from NavisRadius ****
****************************************************************************************
This is my ser.cfg
fifo_db_url="mysql://ser:heslo@localhost/ser"
# ------------------
module loading ----------------------------------
loadmodule
"/usr/local/lib/ser/modules/mysql.so"
loadmodule
"/usr/local/lib/ser/modules/sl.so"
loadmodule
"/usr/local/lib/ser/modules/tm.so"
loadmodule
"/usr/local/lib/ser/modules/rr.so"
loadmodule
"/usr/local/lib/ser/modules/maxfwd.so"
loadmodule
"/usr/local/lib/ser/modules/usrloc.so"
loadmodule
"/usr/local/lib/ser/modules/registrar.so"
loadmodule
"/usr/local/lib/ser/modules/textops.so"
loadmodule
"/usr/local/lib/ser/modules/auth.so"
loadmodule
"/usr/local/lib/ser/modules/group.so"
loadmodule
"/usr/local/lib/ser/modules/uri.so"
loadmodule
"/usr/local/lib/ser/modules/uri_radius.so"
loadmodule
"/usr/local/lib/ser/modules/group_radius.so"
loadmodule
"/usr/local/lib/ser/modules/auth_radius.so"
loadmodule
"/usr/local/lib/ser/modules/msilo.so"
modparam("usrloc",
"db_url", "mysql://ser:heslo@localhost/ser")
modparam("usrloc",
"db_mode", 2)
modparam("usrloc",
"timer_interval", 10)
modparam("rr",
"enable_full_lr", 1)
modparam("auth_radius",
"radius_config",
"/usr/local/etc/radiusclient-ng/radiusclient.conf")
modparam("auth_radius",
"service_type", 15)
modparam("group_radius",
"use_domain", 0)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!radius_www_authorize("")) {
www_challenge("", "0");
break;
};
save("location");
break;
};
lookup("aliases");
if (!uri==myself) {
append_hf("P-hint: outbound alias\r\n");
route(1);
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};