Hello Naresh.I guess there is an error in the way you call the authorization for the INVITE. As far as i know for the REGISTER message (authentication) you need the statement :radius_www_authorizeBut for the INVITE you need to call "radius_proxy_authorize". This is what i have in my ser.cfgif (method=="INVITE") {if (!radius_proxy_authorize("")) {
proxy_challenge("","1");
break;
};
};maybe you can try this and tell me how it works.Good luck
Ricardo Martinez.------Mensaje original-----
De: Naresh Parmar [mailto:naresh_parmar14@yahoo.com]
Enviado el: Miércoles, 20 de Julio de 2005 12:10
Para: Ricardo Martinez; serusers@lists.iptel.org
Asunto: RE: [Serusers] Problem authorizing with radiusHi Ricardo,We are using freeradius server 0.9.1 and SER 0.9.3. The version of radius client is radiusclient-ng-0.5.1. The users file in the radius server looks like as below:test@sip2.zone Auth-Type := Digest, User-Password == "cisco1234"
Reply-Message = "Authenticated",
Sip-Rpid = "1970"The radius authentication and authorization parts in the ser.cfg file are given below:if (uri=~"^sip:9[0-9]*@") {
if (method=="INVITE"){
if (!radius_www_authorize("")) {
www_challenge("", "1");
break;
}else{
if (radius_is_user_in("Credentials", "ld")){
forward(192.168.2.101,5060);
break;
}else{
break;
};
};
};
};And finally the error is as below:Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "test"
Digest-Realm = "sip2.zone"
Digest-Nonce = "42de75b2e9e39194a286e8ccd284646ffa14bcc2"
Digest-URI = "sip:94161000@sip2.zone"
Digest-Method = "INVITE"
Digest-QOP = "auth"
Digest-Nonce-Count = "0000000a"
Digest-CNonce = "753F926DB8F5415D8D56EE7816410E33"
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok
rlm_realm: Looking up realm "sip2.zone" for User-Name = "test@sip2.zone"
rlm_realm: No such realm "sip2.zone"
modcall[authorize]: module "suffix" returns noop
users: Matched entry test@sip2.zone at line 226
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Digest
auth: type "digest"
modcall: entering group authenticate
A1 = test:sip2.zone:cisco1234
A2 = INVITE:sip:94161000@sip2.zone
KD = 53d3b82970bada131a062103f553b8b8:42de75b2e9e39194a286e8ccd284646ffa14bcc2:0000000a:753F926DB8F5415D8D56EE7816410E33:auth:18227b358ffe96049a3745eeb449fae2
modcall[authenticate]: module "digest" returns ok
modcall: group authenticate returns ok
radius_xlat: 'Authenticated'
Login OK: [test@sip2.zone/<no User-Password attribute>] (from client proxy port 5060)
Sending Access-Accept of id 203 to 192.168.2.1:32831
Reply-Message = "Authenticated"
Sip-Rpid = "1970"
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.1:32831, id=204, length=53
User-Name = "test"
Sip-Group = "ld"
Service-Type = Group-Check
NAS-IP-Address = 192.168.2.1
NAS-Port = 0
modcall: entering group authorize
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop
modcall[authorize]: module "digest" returns noop
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
modcall[authorize]: module "files" returns notfound
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [test/<no User-Password attribute>] (from client proxy port 0)
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 6 seconds...As you can see from the above configuration, the authentication works perfect, its only in the authorization where it fails. Also can you please let me know about the accounting configuration??Thanks a lot..Naresh
Ricardo Martinez <rmartinez@redvoiss.net> wrote:Hello NareshI have authentication, authorization and accounting (AAA) through radius working fine. What radius server are you using?, can you send us more information about the configuration?Cheers,Ricardo.------Mensaje original-----
De: Naresh Parmar [mailto:naresh_parmar14@yahoo.com]
Enviado el: Miércoles, 20 de Julio de 2005 10:37
Para: serusers@lists.iptel.org
Asunto: [Serusers] Problem authorizing with radiushi friends,I am having problems while authorizing with the radius server. I am using the same configuration as mentioned in the radius-howto. Authentication works perfect as I am able to authenticate using the radius server. However while authorizing against the radius server to make a call I get the following error:auth: No authenticate method (Auth-Type) configuration found for the user
request: Rejecting the user
auth: Failed to validate the user.
Delaying request 2 for 1 seconds
Finished request 2When I authorize against the mysql database, it works fine. Any clue???Best Regards,Naresh
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com