Hi,
I've been through the OpenSER + RADIUS configuration tutorial many, many times, and it works like a charm, except for the uri_radius module which I can't get to detect user existence with the radius_does_user_exist() function.
I'm trying to decide whether to send a 404 or a 480, as such:
if (!lookup("location")) { if(radius_does_uri_exist()) { sl_send_reply("480", "User offline"); } else { sl_send_reply("404", "User not found"); }; };
It worked identically with the uri_db module's does_user_exist() function. Now the RADIUS server doesn't seem to understand the Call-Check request. I have a dump here:
http://tonih.iki.fi/temp/uri_radius.cap
Can anyone guess why OpenSER always gives a 404 even for users that exist, but that are simply offline? The users are currently hand-configured into freeradius's text configuration file users.conf.
PS. What have you found to be the best way to authenticate users from a domain? FreeRADIUS using Kerberos 5, LDAP or relaying to a Microsoft RADIUS (IAS) server?
Hello,
have you tried with freeradius in debug mode? It prints log messages which may help to identify the problem.
Cheers, Daniel
On 01/03/07 01:31, Toni Heinonen wrote:
Hi,
I've been through the OpenSER + RADIUS configuration tutorial many, many times, and it works like a charm, except for the uri_radius module which I can't get to detect user existence with the radius_does_user_exist() function.
I'm trying to decide whether to send a 404 or a 480, as such:
if (!lookup("location")) { if(radius_does_uri_exist()) { sl_send_reply("480", "User offline"); } else { sl_send_reply("404", "User not found"); }; };
It worked identically with the uri_db module's does_user_exist() function. Now the RADIUS server doesn't seem to understand the Call-Check request. I have a dump here:
http://tonih.iki.fi/temp/uri_radius.cap
Can anyone guess why OpenSER always gives a 404 even for users that exist, but that are simply offline? The users are currently hand-configured into freeradius's text configuration file users.conf.
PS. What have you found to be the best way to authenticate users from a domain? FreeRADIUS using Kerberos 5, LDAP or relaying to a Microsoft RADIUS (IAS) server?
Hello,
yes I did. I realized it asks a different service type from my RADIUS server and I had to create separate records for uri_radius to work. Ie. when it authenticates users, /etc/freeradius/users must have a digest line, and then for uri_radius, you have to have another entry for each user that implements the service type "call check", which returns true even when there's no password (as there of course isn't when OpenSER simply asks if the username exists).
It was kind of lame debugging and sniffing the traffic. Why couldn't this all + an uri_radius example be included in the OpenSER+RADIUS tutorial?
Kindest, Toni
On 1/9/07, Daniel-Constantin Mierla daniel@voice-system.ro wrote:
Hello,
have you tried with freeradius in debug mode? It prints log messages which may help to identify the problem.
Cheers, Daniel
On 01/03/07 01:31, Toni Heinonen wrote:
Hi,
I've been through the OpenSER + RADIUS configuration tutorial many, many times, and it works like a charm, except for the uri_radius module which I can't get to detect user existence with the radius_does_user_exist() function.
I'm trying to decide whether to send a 404 or a 480, as such:
if (!lookup("location")) { if(radius_does_uri_exist()) { sl_send_reply("480", "User offline"); } else { sl_send_reply("404", "User not found"); }; };
It worked identically with the uri_db module's does_user_exist() function. Now the RADIUS server doesn't seem to understand the Call-Check request. I have a dump here:
http://tonih.iki.fi/temp/uri_radius.cap
Can anyone guess why OpenSER always gives a 404 even for users that exist, but that are simply offline? The users are currently hand-configured into freeradius's text configuration file users.conf.
PS. What have you found to be the best way to authenticate users from a domain? FreeRADIUS using Kerberos 5, LDAP or relaying to a Microsoft RADIUS (IAS) server?
Hi Toni,
Since you went through all this and you have fresh memories, you could submit an update to the document or create a new page on the wiki.
Regards, Ovidiu Sas
On 1/9/07, Toni Heinonen toni.heinonen@gmail.com wrote:
Hello,
yes I did. I realized it asks a different service type from my RADIUS server and I had to create separate records for uri_radius to work. Ie. when it authenticates users, /etc/freeradius/users must have a digest line, and then for uri_radius, you have to have another entry for each user that implements the service type "call check", which returns true even when there's no password (as there of course isn't when OpenSER simply asks if the username exists).
It was kind of lame debugging and sniffing the traffic. Why couldn't this all + an uri_radius example be included in the OpenSER+RADIUS tutorial?
Kindest, Toni
On 1/9/07, Daniel-Constantin Mierla daniel@voice-system.ro wrote:
Hello,
have you tried with freeradius in debug mode? It prints log messages which may help to identify the problem.
Cheers, Daniel
On 01/03/07 01:31, Toni Heinonen wrote:
Hi,
I've been through the OpenSER + RADIUS configuration tutorial many, many times, and it works like a charm, except for the uri_radius module which I can't get to detect user existence with the radius_does_user_exist() function.
I'm trying to decide whether to send a 404 or a 480, as such:
if (!lookup("location")) { if(radius_does_uri_exist()) { sl_send_reply("480", "User offline"); } else { sl_send_reply("404", "User not found"); }; };
It worked identically with the uri_db module's does_user_exist() function. Now the RADIUS server doesn't seem to understand the Call-Check request. I have a dump here:
http://tonih.iki.fi/temp/uri_radius.cap
Can anyone guess why OpenSER always gives a 404 even for users that exist, but that are simply offline? The users are currently hand-configured into freeradius's text configuration file users.conf.
PS. What have you found to be the best way to authenticate users from a domain? FreeRADIUS using Kerberos 5, LDAP or relaying to a Microsoft RADIUS (IAS) server?
-- http://tonih.iki.fi/ ~ http://blogit.helsinki.fi/toni.heinonen/ "The progress of a dynamic civilization depends on the special people who make play out of work. In their all-absorbing passion, they create the variations that, through trial and error, become the sources of progress. They make the discoveries that drive the infinite series."
- Virginia Postrel
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-
Daniel-Constantin Mierla -
Ovidiu Sas -
Toni Heinonen