Madan, These are some instructions. I copy to the list so that it can be of use for more people: 1. You need to download and install radiusclient from http://www.mcs.de/~lf/radius/. 2. Compile ser and modules (make sure to compile auth_radius module too). 3. Download the latest version of freeradius (0.9.0). The previous one, 0.8.1, crashed when performing digest authentication. You can find it in: http://www.freeradius.org/ 4. Don't be confused with the radius client and the radius server side. SER only uses the client side (radiusclient) to build radius requests. Therefore, the line modparam("auth_radius", "radius_config","/usr/local/etc/raddb/clients.conf") is incorrect and should be something like this (depending on where you installed radiusclient) modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") 5. Authenticate users from all realms: Instead of... if (radius_www_authorize("mydomain", "subscriber")) { www_challenge("mydomain", "0"); break; }; do not specify domain name.... if (method=="REGISTER") { log(1, "REGISTER: Authenticating user\n"); if (!radius_www_authorize("")) { log(1, "REGISTER: challenging user\n"); www_challenge("", "0"); break; }; save("location"); break; }; 6. With these changes, you should see RADIUS messages being generated to your radius server. You then only need to have something like this in your "users" file (radius server): jaime Auth-Type := Digest, User-Password = "jaime" Reply-Message = "Hello!" The server will have to be configured to know what "Digest" authentication is. Read rlm_digest in docs to find out how to do it. In your config, you have 2 if (method==REGISTER). I think you should avoid the 2nd and merge the 2 conditions somehow, since the 2nd if(method==REGISTER) does never get called??? 7. For accounting, compile acc module with radius support. For that, uncomment one of the lines in the Makefile. 8. You will probably need to change some "#includes" in <ser_directory>/sip_router/modules/acc/dict.h, to be the same than <ser_directory>/sip_router/etc/radiusclient.h. 9. In SER config file, set accounting flags for INVITE and BYE/CANCEL, and you should be able to see logs generated in your radius server. This is my ser config file: # ----------- global configuration parameters ------------------------ debug=3 # debug level (cmd line: -dddddddddd) fork=no log_stderror=yes # (cmd line: -E) /* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */ check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo" # ------------------ module loading ---------------------------------- # Uncomment this if you want to use SQL database loadmodule "./modules/mysql/mysql.so" loadmodule "./modules/sl/sl.so" loadmodule "./modules/tm/tm.so" loadmodule "./modules/rr/rr.so" loadmodule "./modules/maxfwd/maxfwd.so" loadmodule "./modules/usrloc/usrloc.so" loadmodule "./modules/registrar/registrar.so" loadmodule "./modules/uri/uri.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "./modules/auth/auth.so" loadmodule "./modules/auth_db/auth_db.so" loadmodule "modules/acc/acc.so" loadmodule "./modules/auth_radius/auth_radius.so" # ----------------- setting module-specific parameters --------------- # -- usrloc params -- modparam("usrloc", "db_mode", 2) modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) modparam("acc", "log_level", 1) modparam("acc", "radius_flag", 1) # ------------------------- request routing logic ------------------- alias=domain.com # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (len_gt( max_len )) { sl_send_reply("513", "Message too big"); break; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route(); # loose-route processing # if (loose_route()) { # t_relay(); # break; # }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (method=="REGISTER") { log(1, "REGISTER: Authenticating user\n"); if (!radius_www_authorize("")) { log(1, "REGISTER: challenging user\n"); www_challenge("", "0"); break; }; save("location"); break; }; if (method=="INVITE") { log(1, "INVITE\n"); setflag(1); /* set for accounting (the same value as in log_flag!) */ }; if (method=="MESSAGE") { log(1, "MESSAGE\n"); setflag(1); /* set for accounting (the same value as in log_flag!) */ }; if (method=="BYE" || method=="CANCEL") { log (1, "BYE or CANCEL\n"); setflag(1); }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; if (!t_relay()) { sl_reply_error(); break; }; } --------------------------------------------------------------- I hope it helps, Jaime