hi i have installed ser with acc/mysql/radius module while registering a user 'm getting the following error message
can somebody please point me as to what is wrong and where
rad_recv: Access-Request packet from host myhost:33532, id=69, length=294 Thread 3 assigned request 2 Waking up in 2 seconds... Thread 3 handling request 2, (1 handled so far) User-Name = "sip:test@myhost" Digest-Attributes = "\n\034sip:test@myhost" Digest-Attributes = "\001\023myhost" Digest-Attributes = "\002*3f338410ec3d4e634e2883b85928416ef3c364e5" Digest-Attributes = "\004\027sip:myhost" Digest-Attributes = "\003\nREGISTER" Digest-Attributes = "\005\006auth" Digest-Attributes = "\t\n00000001" Digest-Attributes = "\010"34555301336645129540719731434531" Digest-Response = "acdd6400b4c16da2a04f85334d871415" Service-Type = IAPP-Register SIP-URI-User = "test" NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 2 for 1 seconds Finished request 2
FYI- OS- RH 7.2 SER- latest from cvs with acc/mysql and radius RADIUS- freeradius ------------------------------------ser.cfg--------------------------------- # # $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $ # # simple quick-start config script #
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd) fork=no log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo" mhomed=yes listen=myhost # ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/acc.so"
modparam("usrloc", "db_mode", 1) modparam("auth_radius", "radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) modparam("acc", "log_level", 1) modparam("acc", "radius_flag", 1) # ------------------------- request routing logic -------------------
# main routing logic alias=myhost route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (len_gt( max_len )) { sl_send_reply("513", "Message too big"); break; };
# we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol
record_route(); # if (loose_route()) { # t_relay(); # break; # }; # # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri=~"myhost") {
if (method=="REGISTER") { log(1, "REGISTER: Authenticating user\n");
if (!radius_www_authorize("")) { log(1, "REGISTER: challenging user\n"); www_challenge("", "1"); break; }; save("location"); break; };
if (method=="INVITE") {
log(1, "INVITE\n"); setflag(1); /* set for accounting (the same value as in log_flag!) */ };
if (method=="MESSAGE") { log(1, "MESSAGE\n"); setflag(1); /* set for accounting (the same value as in log_flag!) */ };
if (method=="BYE" || method=="CANCEL") { log (1, "BYE or CANCEL\n"); setflag(1);
};
# native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; #}; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); };
}; } -------------------------------------------end----------------------------------------------------------
i dunno what is wrong here..if you need any other config files to help me out please let me know regards, Madan
Hello, have you set up FreeRADIUS to load digest authentication module (rlm_digest)? You should have uncommented some lines in radiusd.conf (see comments in that file).
If you use RADIUS authentication module the auth_db may be useless and is better to load auth module prior to auth_radius.
Daniel
Madan wrote:
hi i have installed ser with acc/mysql/radius module while registering a user 'm getting the following error message
can somebody please point me as to what is wrong and where
rad_recv: Access-Request packet from host myhost:33532, id=69, length=294 Thread 3 assigned request 2 Waking up in 2 seconds... Thread 3 handling request 2, (1 handled so far) User-Name = "sip:test@myhost" Digest-Attributes = "\n\034sip:test@myhost" Digest-Attributes = "\001\023myhost" Digest-Attributes = "\002*3f338410ec3d4e634e2883b85928416ef3c364e5" Digest-Attributes = "\004\027sip:myhost" Digest-Attributes = "\003\nREGISTER" Digest-Attributes = "\005\006auth" Digest-Attributes = "\t\n00000001" Digest-Attributes = "\010"34555301336645129540719731434531" Digest-Response = "acdd6400b4c16da2a04f85334d871415" Service-Type = IAPP-Register SIP-URI-User = "test" NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 2 for 1 seconds Finished request 2
FYI- OS- RH 7.2 SER- latest from cvs with acc/mysql and radius RADIUS- freeradius ------------------------------------ser.cfg---------------------------------
# # $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $ # # simple quick-start config script #
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd) fork=no log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo" mhomed=yes listen=myhost # ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/acc.so"
modparam("usrloc", "db_mode", 1) modparam("auth_radius", "radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) modparam("acc", "log_level", 1) modparam("acc", "radius_flag", 1) # ------------------------- request routing logic -------------------
# main routing logic alias=myhost route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (len_gt( max_len )) { sl_send_reply("513", "Message too big"); break; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route();# if (loose_route()) { # t_relay(); # break; # }; # # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri=~"myhost") {
if (method=="REGISTER") { log(1, "REGISTER: Authenticating user\n");
if (!radius_www_authorize("")) { log(1, "REGISTER: challenging user\n"); www_challenge("", "1"); break; }; save("location"); break; }; if (method=="INVITE") { log(1, "INVITE\n"); setflag(1); /* set for accounting (the same value as in log_flag!) */ }; if (method=="MESSAGE") { log(1, "MESSAGE\n"); setflag(1); /* set for accounting (the same value as in log_flag!) */ }; if (method=="BYE" || method=="CANCEL") { log (1, "BYE or CANCEL\n"); setflag(1); }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; #}; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); };}; } -------------------------------------------end----------------------------------------------------------
i dunno what is wrong here..if you need any other config files to help me out please let me know regards, Madan
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
I forgot to tell you -- for each user you want to authenticate with digest the Auth-Type must be set to DIGEST (in users database of radius server).
Daniel
Daniel-Constantin Mierla wrote:
Hello, have you set up FreeRADIUS to load digest authentication module (rlm_digest)? You should have uncommented some lines in radiusd.conf (see comments in that file).
If you use RADIUS authentication module the auth_db may be useless and is better to load auth module prior to auth_radius.
Daniel
Madan wrote:
hi i have installed ser with acc/mysql/radius module while registering a user 'm getting the following error message
can somebody please point me as to what is wrong and where
rad_recv: Access-Request packet from host myhost:33532, id=69, length=294 Thread 3 assigned request 2 Waking up in 2 seconds... Thread 3 handling request 2, (1 handled so far) User-Name = "sip:test@myhost" Digest-Attributes = "\n\034sip:test@myhost" Digest-Attributes = "\001\023myhost" Digest-Attributes = "\002*3f338410ec3d4e634e2883b85928416ef3c364e5" Digest-Attributes = "\004\027sip:myhost" Digest-Attributes = "\003\nREGISTER" Digest-Attributes = "\005\006auth" Digest-Attributes = "\t\n00000001" Digest-Attributes = "\010"34555301336645129540719731434531" Digest-Response = "acdd6400b4c16da2a04f85334d871415" Service-Type = IAPP-Register SIP-URI-User = "test" NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 2 for 1 seconds Finished request 2
FYI- OS- RH 7.2 SER- latest from cvs with acc/mysql and radius RADIUS- freeradius ------------------------------------ser.cfg---------------------------------
# # $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $ # # simple quick-start config script #
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd) fork=no log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo" mhomed=yes listen=myhost # ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/acc.so"
modparam("usrloc", "db_mode", 1) modparam("auth_radius", "radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) modparam("acc", "log_level", 1) modparam("acc", "radius_flag", 1) # ------------------------- request routing logic -------------------
# main routing logic alias=myhost route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (len_gt( max_len )) { sl_send_reply("513", "Message too big"); break; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route();# if (loose_route()) { # t_relay(); # break; # }; # # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri=~"myhost") {
if (method=="REGISTER") { log(1, "REGISTER: Authenticating user\n");
if (!radius_www_authorize("")) { log(1, "REGISTER: challenging user\n"); www_challenge("", "1"); break; }; save("location"); break; }; if (method=="INVITE") { log(1, "INVITE\n"); setflag(1); /* set for accounting (the same value as in log_flag!) */ }; if (method=="MESSAGE") { log(1, "MESSAGE\n"); setflag(1); /* set for accounting (the same value as in log_flag!) */ }; if (method=="BYE" || method=="CANCEL") { log (1, "BYE or CANCEL\n"); setflag(1); }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; #}; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); };}; } -------------------------------------------end----------------------------------------------------------
i dunno what is wrong here..if you need any other config files to help me out please let me know regards, Madan
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hi Daniel Yes- I have configured freeradius to use rlm_digest and as per your advice i did nt load the auth_db module and also auth module was placed before auth_radius
Yes- my raddb/users file contains Auth-Type for Digest
test Auth-Type := Digest, User-Password = "test" Reply-Message = "Hello, test with digest"
but this does nt seems to help me
regards, Madan
I forgot to tell you -- for each user you want to authenticate with digest the Auth-Type must be set to DIGEST (in users database of radius server).
Daniel
Daniel-Constantin Mierla wrote:
Hello, have you set up FreeRADIUS to load digest authentication module (rlm_digest)? You should have uncommented some lines in radiusd.conf (see comments in that file).
If you use RADIUS authentication module the auth_db may be useless and is better to load auth module prior to auth_radius.
Daniel
Madan wrote:
hi i have installed ser with acc/mysql/radius module while registering a user 'm getting the following error message
can somebody please point me as to what is wrong and where
rad_recv: Access-Request packet from host myhost:33532, id=69, length=294 Thread 3 assigned request 2 Waking up in 2 seconds... Thread 3 handling request 2, (1 handled so far) User-Name = "sip:test@myhost" Digest-Attributes = "\n\034sip:test@myhost" Digest-Attributes = "\001\023myhost" Digest-Attributes = "\002*3f338410ec3d4e634e2883b85928416ef3c364e5" Digest-Attributes = "\004\027sip:myhost" Digest-Attributes = "\003\nREGISTER" Digest-Attributes = "\005\006auth" Digest-Attributes = "\t\n00000001" Digest-Attributes = "\010"34555301336645129540719731434531" Digest-Response = "acdd6400b4c16da2a04f85334d871415" Service-Type = IAPP-Register SIP-URI-User = "test" NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 2 for 1 seconds Finished request 2
FYI- OS- RH 7.2 SER- latest from cvs with acc/mysql and radius RADIUS- freeradius ------------------------------------ser.cfg---------------------------------
# # $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $ # # simple quick-start config script #
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd) fork=no log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo" mhomed=yes listen=myhost # ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/acc.so"
modparam("usrloc", "db_mode", 1) modparam("auth_radius", "radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) modparam("acc", "log_level", 1) modparam("acc", "radius_flag", 1) # ------------------------- request routing logic -------------------
# main routing logic alias=myhost route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (len_gt( max_len )) { sl_send_reply("513", "Message too big"); break; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route();# if (loose_route()) { # t_relay(); # break; # }; # # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri=~"myhost") {
if (method=="REGISTER") { log(1, "REGISTER: Authenticating user\n");
if (!radius_www_authorize("")) { log(1, "REGISTER: challenging user\n"); www_challenge("", "1"); break; }; save("location"); break; }; if (method=="INVITE") { log(1, "INVITE\n"); setflag(1); /* set for accounting (the same value as in log_flag!) */ }; if (method=="MESSAGE") { log(1, "MESSAGE\n"); setflag(1); /* set for accounting (the same value as in log_flag!) */ }; if (method=="BYE" || method=="CANCEL") { log (1, "BYE or CANCEL\n"); setflag(1); }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; #}; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); };}; } -------------------------------------------end----------------------------------------------------------
i dunno what is wrong here..if you need any other config files to help me out please let me know regards, Madan
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
.
hello, try to put in radiusd.conf in authenticate section:
Auth-Type DIGEST { digest }
instead of "digest" if you didn't try it already.
Daniel
Madan wrote:
Hi Daniel Yes- I have configured freeradius to use rlm_digest and as per your advice i did nt load the auth_db module and also auth module was placed before auth_radius
Yes- my raddb/users file contains Auth-Type for Digest
test Auth-Type := Digest, User-Password = "test" Reply-Message = "Hello, test with digest"
but this does nt seems to help me
regards, Madan
I forgot to tell you -- for each user you want to authenticate with digest the Auth-Type must be set to DIGEST (in users database of radius server).
Daniel
Daniel-Constantin Mierla wrote:
Hello, have you set up FreeRADIUS to load digest authentication module (rlm_digest)? You should have uncommented some lines in radiusd.conf (see comments in that file).
If you use RADIUS authentication module the auth_db may be useless and is better to load auth module prior to auth_radius.
Daniel
Madan wrote:
hi i have installed ser with acc/mysql/radius module while registering a user 'm getting the following error message
can somebody please point me as to what is wrong and where
rad_recv: Access-Request packet from host myhost:33532, id=69, length=294 Thread 3 assigned request 2 Waking up in 2 seconds... Thread 3 handling request 2, (1 handled so far) User-Name = "sip:test@myhost" Digest-Attributes = "\n\034sip:test@myhost" Digest-Attributes = "\001\023myhost" Digest-Attributes = "\002*3f338410ec3d4e634e2883b85928416ef3c364e5" Digest-Attributes = "\004\027sip:myhost" Digest-Attributes = "\003\nREGISTER" Digest-Attributes = "\005\006auth" Digest-Attributes = "\t\n00000001" Digest-Attributes = "\010"34555301336645129540719731434531" Digest-Response = "acdd6400b4c16da2a04f85334d871415" Service-Type = IAPP-Register SIP-URI-User = "test" NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 2 for 1 seconds Finished request 2
FYI- OS- RH 7.2 SER- latest from cvs with acc/mysql and radius RADIUS- freeradius ------------------------------------ser.cfg---------------------------------
# # $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $ # # simple quick-start config script #
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd) fork=no log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo" mhomed=yes listen=myhost # ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/acc.so"
modparam("usrloc", "db_mode", 1) modparam("auth_radius", "radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) modparam("acc", "log_level", 1) modparam("acc", "radius_flag", 1) # ------------------------- request routing logic -------------------
# main routing logic alias=myhost route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (len_gt( max_len )) { sl_send_reply("513", "Message too big"); break; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route();# if (loose_route()) { # t_relay(); # break; # }; # # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri=~"myhost") {
if (method=="REGISTER") { log(1, "REGISTER: Authenticating user\n");
if (!radius_www_authorize("")) { log(1, "REGISTER: challenging user\n"); www_challenge("", "1"); break; }; save("location"); break; }; if (method=="INVITE") { log(1, "INVITE\n"); setflag(1); /* set for accounting (the same value as in log_flag!) */ }; if (method=="MESSAGE") { log(1, "MESSAGE\n"); setflag(1); /* set for accounting (the same value as in log_flag!) */ }; if (method=="BYE" || method=="CANCEL") { log (1, "BYE or CANCEL\n"); setflag(1); }; # native SIP destinations are handled using ourUSRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; #}; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); };
}; } -------------------------------------------end----------------------------------------------------------
i dunno what is wrong here..if you need any other config files to help me out please let me know regards, Madan
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
i already have that part in my radiusd.conf
i believe the following radius message is something to do with dictionary part
"No authenticate method (Auth-Type) configuration found for the request: Rejecting the user"
i would really appreciate if you can help me getting this up and running
regards, Madan
Daniel-Constantin Mierla wrote:
hello, try to put in radiusd.conf in authenticate section:
Auth-Type DIGEST { digest }
instead of "digest" if you didn't try it already.
Daniel
Madan wrote:
Hi Daniel Yes- I have configured freeradius to use rlm_digest and as per your advice i did nt load the auth_db module and also auth module was placed before auth_radius
Yes- my raddb/users file contains Auth-Type for Digest
test Auth-Type := Digest, User-Password = "test" Reply-Message = "Hello, test with digest"
but this does nt seems to help me
regards, Madan
I forgot to tell you -- for each user you want to authenticate with digest the Auth-Type must be set to DIGEST (in users database of radius server).
Daniel
Daniel-Constantin Mierla wrote:
Hello, have you set up FreeRADIUS to load digest authentication module (rlm_digest)? You should have uncommented some lines in radiusd.conf (see comments in that file).
If you use RADIUS authentication module the auth_db may be useless and is better to load auth module prior to auth_radius.
Daniel
Madan wrote:
hi i have installed ser with acc/mysql/radius module while registering a user 'm getting the following error message
can somebody please point me as to what is wrong and where
rad_recv: Access-Request packet from host myhost:33532, id=69, length=294 Thread 3 assigned request 2 Waking up in 2 seconds... Thread 3 handling request 2, (1 handled so far) User-Name = "sip:test@myhost" Digest-Attributes = "\n\034sip:test@myhost" Digest-Attributes = "\001\023myhost" Digest-Attributes = "\002*3f338410ec3d4e634e2883b85928416ef3c364e5" Digest-Attributes = "\004\027sip:myhost" Digest-Attributes = "\003\nREGISTER" Digest-Attributes = "\005\006auth" Digest-Attributes = "\t\n00000001" Digest-Attributes = "\010"34555301336645129540719731434531" Digest-Response = "acdd6400b4c16da2a04f85334d871415" Service-Type = IAPP-Register SIP-URI-User = "test" NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 2 for 1 seconds Finished request 2
FYI- OS- RH 7.2 SER- latest from cvs with acc/mysql and radius RADIUS- freeradius ------------------------------------ser.cfg---------------------------------
# # $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $ # # simple quick-start config script #
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd) fork=no log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo" mhomed=yes listen=myhost # ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/acc.so"
modparam("usrloc", "db_mode", 1) modparam("auth_radius", "radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) modparam("acc", "log_level", 1) modparam("acc", "radius_flag", 1) # ------------------------- request routing logic -------------------
# main routing logic alias=myhost route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (len_gt( max_len )) { sl_send_reply("513", "Message too big"); break; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route();# if (loose_route()) { # t_relay(); # break; # }; # # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri=~"myhost") {
if (method=="REGISTER") { log(1, "REGISTER: Authenticating user\n");
if (!radius_www_authorize("")) { log(1, "REGISTER: challenging user\n"); www_challenge("", "1"); break; }; save("location"); break; }; if (method=="INVITE") { log(1, "INVITE\n"); setflag(1); /* set for accounting (the same value as in log_flag!) */ }; if (method=="MESSAGE") { log(1, "MESSAGE\n"); setflag(1); /* set for accounting (the same value as in log_flag!) */ }; if (method=="BYE" || method=="CANCEL") { log (1, "BYE or CANCEL\n"); setflag(1); }; # native SIP destinations are handled using ourUSRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; #}; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); };
}; } -------------------------------------------end----------------------------------------------------------
i dunno what is wrong here..if you need any other config files to help me out please let me know regards, Madan
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
.
Unfortunately I haven't played too much with atuh_radius and FreeRADIUS with digest authentication. Seems that what I could help you already know.
Try to add next line in dictionary file (if you didn't):
VALUE Auth-Type DIGEST 1050
(or any other value instead of 1050 if it isn't already used). That's all I can say ... maybe someone else on the list can tell more.
.Daniel
Madan wrote:
i already have that part in my radiusd.conf
i believe the following radius message is something to do with dictionary part
"No authenticate method (Auth-Type) configuration found for the request: Rejecting the user"
i would really appreciate if you can help me getting this up and running
regards, Madan
Daniel-Constantin Mierla wrote:
hello, try to put in radiusd.conf in authenticate section:
Auth-Type DIGEST { digest }
instead of "digest" if you didn't try it already.
Daniel
Madan wrote:
Hi Daniel Yes- I have configured freeradius to use rlm_digest and as per your advice i did nt load the auth_db module and also auth module was placed before auth_radius
Yes- my raddb/users file contains Auth-Type for Digest
test Auth-Type := Digest, User-Password = "test" Reply-Message = "Hello, test with digest"
but this does nt seems to help me
regards, Madan
I forgot to tell you -- for each user you want to authenticate with digest the Auth-Type must be set to DIGEST (in users database of radius server).
Daniel
Daniel-Constantin Mierla wrote:
Hello, have you set up FreeRADIUS to load digest authentication module (rlm_digest)? You should have uncommented some lines in radiusd.conf (see comments in that file).
If you use RADIUS authentication module the auth_db may be useless and is better to load auth module prior to auth_radius.
Daniel
Madan wrote:
hi i have installed ser with acc/mysql/radius module while registering a user 'm getting the following error message
can somebody please point me as to what is wrong and where
rad_recv: Access-Request packet from host myhost:33532, id=69, length=294 Thread 3 assigned request 2 Waking up in 2 seconds... Thread 3 handling request 2, (1 handled so far) User-Name = "sip:test@myhost" Digest-Attributes = "\n\034sip:test@myhost" Digest-Attributes = "\001\023myhost" Digest-Attributes = "\002*3f338410ec3d4e634e2883b85928416ef3c364e5" Digest-Attributes = "\004\027sip:myhost" Digest-Attributes = "\003\nREGISTER" Digest-Attributes = "\005\006auth" Digest-Attributes = "\t\n00000001" Digest-Attributes = "\010"34555301336645129540719731434531" Digest-Response = "acdd6400b4c16da2a04f85334d871415" Service-Type = IAPP-Register SIP-URI-User = "test" NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 2 for 1 seconds Finished request 2
FYI- OS- RH 7.2 SER- latest from cvs with acc/mysql and radius RADIUS- freeradius ------------------------------------ser.cfg---------------------------------
# # $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $ # # simple quick-start config script #
# ----------- global configuration parameters
debug=3 # debug level (cmd line: -dddddddddd) fork=no log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo" mhomed=yes listen=myhost
# ------------------ module loading
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/acc.so"
modparam("usrloc", "db_mode", 1) modparam("auth_radius", "radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) modparam("acc", "log_level", 1) modparam("acc", "radius_flag", 1)
# ------------------------- request routing logic
# main routing logic alias=myhost route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (len_gt( max_len )) { sl_send_reply("513", "Message too big"); break; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route();# if (loose_route()) { # t_relay(); # break; # }; # # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri=~"myhost") {
if (method=="REGISTER") { log(1, "REGISTER: Authenticating user\n");
if (!radius_www_authorize("")) { log(1, "REGISTER: challenging user\n"); www_challenge("", "1"); break; }; save("location"); break; }; if (method=="INVITE") { log(1, "INVITE\n"); setflag(1); /* set for accounting (the same valueas in log_flag!) */ };
if (method=="MESSAGE") { log(1, "MESSAGE\n"); setflag(1); /* set for accounting (the same valueas in log_flag!) */ };
if (method=="BYE" || method=="CANCEL") { log (1, "BYE or CANCEL\n"); setflag(1); }; # native SIP destinations are handled using ourUSRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; #}; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); };
}; } -------------------------------------------end----------------------------------------------------------
i dunno what is wrong here..if you need any other config files to help me out please let me know regards, Madan
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hi,
one thing strikes me:
You are using "test" as User-Name in your raddb file:
test Auth-Type := Digest, User-Password = "test" Reply-Message = "Hello, test with digest"
But your authentication request uses a full SIP URI ("sip:test@myhost") as User-Name:
Thread 3 handling request 2, (1 handled so far) User-Name = "sip:test@myhost" Digest-Attributes = "\n\034sip:test@myhost"
So maybe (i have no experience with freeradius) your radius daemon just does not find the user's name in the raddb file?
I think you either need to do some rewriting, or (just for testing) you need to add the full User-Name to your raddb, e.g.
sip:test@myhost Auth-Type := Digest, User-Password = "test" Reply-Message = "Hello, test with digest"
or probably just
sip:test Auth-Type := Digest, User-Password = "test" Reply-Message = "Hello, test with digest"
if freeradius does strip away the realm already.
cheers
axelm
-
Alexander Mayrhofer -
Daniel-Constantin Mierla -
Madan