6 Feb
2007
6 Feb
'07
6:30 p.m.
Hello,
I'm having a hard time getting RADIUS auth to work at all. I've reached
the point where I am debugging the network traffic with tshark.
I can see RADIUS packets generated from the openser box for accounting,
but no RADIUS authentication packets are sent. Also, it seems no
response comes back from the RADIUS server even for accounting requests.
radclient against my radius server returns me an Access-Reject at least
and the tshark dump contains auth request and response.
OpenSER 1.1.1 tells me:
Feb 6 17:27:04 openser openser[22596]: rc_send_server: no reply from
RADIUS server
I suspect the issues lie in the radiusclient-ng layer. I'm using
radiusclient-ng from Debian Etch (0.5.3-2), but I see many branches in
CVS, like RELENG_0_5_5 which seems newer.
thanks
7 Feb
7 Feb
5:03 p.m.
Hi Luca,
take a look at here:
http://openser.org/dokuwiki/doku.php/troubleshooting:radius
maybe you find something to help you.
regards,
bogdan
Luca Corti wrote:
Hello,
I'm having a hard time getting RADIUS auth to work at all. I've reached
the point where I am debugging the network traffic with tshark.
I can see RADIUS packets generated from the openser box for accounting,
but no RADIUS authentication packets are sent. Also, it seems no
response comes back from the RADIUS server even for accounting requests.
radclient against my radius server returns me an Access-Reject at least
and the tshark dump contains auth request and response.
OpenSER 1.1.1 tells me:
Feb 6 17:27:04 openser openser[22596]: rc_send_server: no reply from
RADIUS server
I suspect the issues lie in the radiusclient-ng layer. I'm using
radiusclient-ng from Debian Etch (0.5.3-2), but I see many branches in
CVS, like RELENG_0_5_5 which seems newer.
thanks
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
5:35 p.m.
On Wed, 2007-02-07 at 17:03 +0200, Bogdan-Andrei Iancu wrote:
Hello,
SIP-AVP is present in the dictionary used by radiusclient-ng.
radiusclient-ng configuration files are readable by the user OpenSER is
running as.
I don't even reach the authentication stage, so the DIgest-User-Password
issue is not relevant here.
thanks a lot for you help. Unfortunately it seems this is not what
causes my problems.
ciao
Luca
8 Feb
8 Feb
11:22 a.m.
Hi Luca,
have you checked if the auth server address is also configured?
http://www.openser.org/docs/openser-radius-1.0.x.html#radiusclient_ng_confi…
regards,
bogdan
Luca Corti wrote:
On Wed, 2007-02-07 at 17:03 +0200, Bogdan-Andrei Iancu
wrote:
Hello,
SIP-AVP is present in the dictionary used by radiusclient-ng.
radiusclient-ng configuration files are readable by the user OpenSER is
running as.
I don't even reach the authentication stage, so the DIgest-User-Password
issue is not relevant here.
thanks a lot for you help. Unfortunately it seems this is not what
causes my problems.
ciao
Luca
11:42 a.m.
On Thu, 2007-02-08 at 11:22 +0200, Bogdan-Andrei Iancu wrote:
Hi Luca,
Hello Bogdan,
have you checked if the auth server address is also
configured?
http://www.openser.org/docs/openser-radius-1.0.x.html#radiusclient_ng_confi…
yes, I have
authserver radius1
authserver radius2
acctserver radius1
acctserver radius2
in my radiusclient.conf file. Also if I run openser under strace I can see that there are
attempts to send requests to the radius server.
Some accounting requests for NOTIFY messages are received by the RADIUS server, but no
authentication requests.
ciao
Luca
1:14 p.m.
On Thu, 2007-02-08 at 10:42 +0100, Luca Corti wrote:
in my radiusclient.conf file. Also if I run openser
under strace I can see that there are attempts to send requests to the radius server.
Some accounting requests for NOTIFY messages are received by the RADIUS server, but no
authentication requests.
It seems having loaded domain.so but not having my sip realm in the
domain table broke radius authentication. It is now working.
Thanks a lot for all your support.
Luca
2:40 p.m.
oh...so radius auth was never triggered because the received realm was
not matching any of the local domains....
regards,
bogdan
Luca Corti wrote:
On Thu, 2007-02-08 at 10:42 +0100, Luca Corti wrote:
in my radiusclient.conf file. Also if I run
openser under strace I can see that there are attempts to send requests to the radius
server.
Some accounting requests for NOTIFY messages are received by the RADIUS server, but no
authentication requests.
It seems having loaded domain.so but not having my sip realm in the
domain table broke radius authentication. It is now working.
Thanks a lot for all your support.
Luca
6504
days inactive
6506
days old
6 comments
2 participants
participants (2)
-
Bogdan-Andrei Iancu -
Luca Corti