Hi,

 

I run SER with Radius/MySQL for authentication and accounting.

 

Things are pretty much in place except for group checking. I have something like this in my ser.cfg:

 

……..

modparam("auth_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")

modparam("group_radius", "use_domain", 1)

 

………..

            if (uri=~"^sip:[0-9]{8}@") {  # Domestic PSTN

                  if (!radius_is_user_in("credentials", "ld")) {

                        sl_send_reply("403", "No permission for domestic calls");

                        break;

                  };

                  route(4);

                  break;

            };

…………

 

When I look at Radius debug log I can see that when ser sends a request to radius, radius wants to do digest on it and then the complete request fails and call can’t go through. Output looks something like this:

……

rad_recv: Access-Request packet from host 127.0.0.1:34027, id=18, length=72

        User-Name = "81000@sage.home.local"

        Sip-Group = "voicemail"

        Service-Type = Group-Check

        NAS-Port = 0

        NAS-IP-Address = 127.0.0.1

  Processing the authorize section of radiusd.conf

….

** bunch of sql statements …..

….

 

modcall: group authorize returns ok for request 17

  rad_check_password:  Found Auth-Type Digest

auth: type "digest"

  Processing the authenticate section of radiusd.conf

modcall: entering group authenticate for request 17

ERROR: No Digest-Nonce: Cannot perform Digest authentication

  modcall[authenticate]: module "digest" returns invalid for request 17

modcall: group authenticate returns invalid for request 17

auth: Failed to validate the user.

 

 

In databases I have following:

 

mysql> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '81000@sage.home.local' ORDER BY id;

+----+-----------------------+--------------+-------------+----+

| id | UserName              | Attribute    | Value       | op |

+----+-----------------------+--------------+-------------+----+

| 18 | 81000@sage.home.local | Service-Type | Group-Check | := |

+----+-----------------------+--------------+-------------+----+

1 row in set (0.00 sec)

 

mysql> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '81000@sage.home.local' ORDER BY id;

+----+-----------------------+---------------+------------------------------------+----+

| id | UserName              | Attribute     | Value                              | op |

+----+-----------------------+---------------+------------------------------------+----+

| 23 | 81000@sage.home.local | User-Password | $1$d7XAeahG$9f17cb8JaKj8R1z9GpwG4/ | := |

| 25 | 81000@sage.home.local | Sip-Rpid      | 81000                              | =  |

| 30 | 81000@sage.home.local | Auth-Type     | Digest                             | := |

+----+-----------------------+---------------+------------------------------------+----+

 

 

mysql> SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FR

OM radgroupcheck,usergroup WHERE usergroup.Username = '81000@sage.home.local' AND usergroup.GroupName = radgroupcheck.G

roupName ORDER BY radgroupcheck.id;

+----+-----------+-----------+--------+----+

| id | GroupName | Attribute | Value  | op |

+----+-----------+-----------+--------+----+

| 12 | voicemail | Auth-Type | Accept | := |

+----+-----------+-----------+--------+----+

 

 

 

Has anyone had a chance to do something like this with success? I am stuck at the moment – any help is greatly appreciated.

 

Thanks.

/Vel