21 Jul
2005
21 Jul
'05
5:05 p.m.
Folks,
i changed the flag in the sip_router/modules/acc/Makefile to LIBS=-L$(LOCALBASE)/lib and
it works fine now.....i.e. the acc module compiles fine...... Thanks Ricardo and
Greger...your advise really helped me out....now i m using radius authentication and mysql
authorization......user credentials are stored in the mysql database only after the user
is authenticated against radius server........
Thanks Ricardo and Greger...your advise really helped me out....now i m using radius
authentication and mysql authorization......i'll be back with the queries on
accounting now :)
cheers,
naresh
"Greger V. Teigre" <greger(a)teigre.com> wrote:>auth: No authenticate
method (Auth-Type) configuration found for the request: Rejecting the user
auth: Failed to validate the user.
This is where it fails. SER does not send Auth-Type, freeRadius is configured to require
an Auth-Type. I don't know how you change that, I don't use freeRadius.
g-)
---- Original Message ----
From: Naresh Parmar
To: Ricardo Martinez ; serusers(a)lists.iptel.org
Sent: Wednesday, July 20, 2005 07:09 PM
Subject: RE: [Serusers] Problem authorizing with radius
Hi Ricardo,
Tried it. It still gives me the same error. Please let me know the
version of the radius server you are using.?? Also can you please let
me know wht did u do to make the accounting work...??
Best Regards,
Naresh
Ricardo Martinez <rmartinez(a)redvoiss.net> wrote:
Hello Naresh.
I guess there is an error in the way you call the authorization
for the INVITE. As far as i know for the REGISTER message
(authentication) you need the statement :
radius_www_authorize
But for the INVITE you need to call "radius_proxy_authorize".
This is what i have in my ser.cfg
if (method=="INVITE") {
if (!radius_proxy_authorize("")) {
proxy_challenge("","1");
break;
};
};
maybe you can try this and tell me how it works.
Good luck
Ricardo Martinez.-
-----Mensaje original-----
De: Naresh Parmar [mailto:naresh_parmar14@yahoo.com]
Enviado el: Miércoles, 20 de Julio de 2005 12:10
Para: Ricardo Martinez; serusers(a)lists.iptel.org
Asunto: RE: [Serusers] Problem authorizing with radius
Hi Ricardo,
We are using freeradius server 0.9.1 and SER 0.9.3. The version of
radius client is radiusclient-ng-0.5.1. The users file in the radius
server looks like as below:
test(a)sip2.zone Auth-Type := Digest, User-Password == "cisco1234"
Reply-Message = "Authenticated",
Sip-Rpid = "1970"
test(a)sip2.zone Auth-Type := Accept
Reply-Message = "Authorized",
Sip-Group == "ld"
The radius authentication and authorization parts in the ser.cfg file
are given below:
if (uri=~"^sip:9[0-9]*@") {
if (method=="INVITE"){
if (!radius_www_authorize("")) {
www_challenge("", "1");
break;
}else{
if
(radius_is_user_in("Credentials", "ld")){
forward(192.168.2.101,5060);
break;
}else{
break;
};
};
};
};
And finally the error is as below:
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "test"
Digest-Realm = "sip2.zone"
Digest-Nonce = "42de75b2e9e39194a286e8ccd284646ffa14bcc2"
Digest-URI = "sip:94161000@sip2.zone"
Digest-Method = "INVITE"
Digest-QOP = "auth"
Digest-Nonce-Count = "0000000a"
Digest-CNonce = "753F926DB8F5415D8D56EE7816410E33"
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok
rlm_realm: Looking up realm "sip2.zone" for User-Name =
"test(a)sip2.zone"
rlm_realm: No such realm "sip2.zone"
modcall[authorize]: module "suffix" returns noop
users: Matched entry test(a)sip2.zone at line 226
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Digest
auth: type "digest"
modcall: entering group authenticate
A1 = test:sip2.zone:cisco1234
A2 = INVITE:sip:94161000@sip2.zone
KD =
53d3b82970bada131a062103f553b8b8:42de75b2e9e39194a286e8ccd284646ffa14bcc2:0000000a:753F926DB8F5415D8D56EE7816410E33:auth:18227b358ffe96049a3745eeb
449fae2
modcall[authenticate]: module "digest" returns ok
modcall: group authenticate returns ok
radius_xlat: 'Authenticated'
Login OK: [test(a)sip2.zone/<no User-Password attribute>] (from client
proxy port 5060)
Sending Access-Accept of id 203 to 192.168.2.1:32831
Reply-Message = "Authenticated"
Sip-Rpid = "1970"
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.1:32831, id=204,
length=53
User-Name = "test"
Sip-Group = "ld"
Service-Type = Group-Check
NAS-IP-Address = 192.168.2.1
NAS-Port = 0
modcall: ent ering group authorize
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop
modcall[authorize]: module "digest" returns noop
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
modcall[authorize]: module "files" returns notfound
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [test/<no User-Password attribute>] (from client
proxy port 0)
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 6 seconds...
As you can see from the above configuration, the authentication works
perfect, its only in the authorization where it fails. Also can you
please let me know about the accounting configuration??
Thanks a lot..
Naresh
Ricardo Martinez <rmartinez(a)redvoiss.net> wrote:
Hello Naresh
I have authentication, authorization and accounting (AAA) through
radius working fine. What radius server are you using?, can you send
us more information about the configuration?
Cheers,
Ricardo.-
-----Mensaje original-----
De: Naresh Parmar [mailto:naresh_parmar14@yahoo.com]
Enviado el: Miércoles, 20 de Julio de 2005 10:37
Para: serusers(a)lists.iptel.org
Asunto: [Serusers] Problem authorizing with radius
hi friends,
I am having problems while authorizing with the radius server. I am
using the same configuration as mentioned in the radius-howto.
Authentication works perfect as I am able to authenticate using the
radius server. However while authorizing against the radius server to
make a call I get the following error:
auth: No authenticate method (Auth-Type) configuration found for the
user
request: Rejecting the user
auth: Failed to validate the user.
Delaying request 2 for 1 seconds
Finished request 2
When I authorize against the mysql database, it works fine. Any
clue???
Best Regards,
Naresh
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Start your day with Yahoo! - make it your home page
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
---------------------------------
Start your day with Yahoo! - make it your home page