Hello,
I'm having a hard time getting RADIUS auth to work at all. I've reached the point where I am debugging the network traffic with tshark.
I can see RADIUS packets generated from the openser box for accounting, but no RADIUS authentication packets are sent. Also, it seems no response comes back from the RADIUS server even for accounting requests. radclient against my radius server returns me an Access-Reject at least and the tshark dump contains auth request and response.
OpenSER 1.1.1 tells me:
Feb 6 17:27:04 openser openser[22596]: rc_send_server: no reply from RADIUS server
I suspect the issues lie in the radiusclient-ng layer. I'm using radiusclient-ng from Debian Etch (0.5.3-2), but I see many branches in CVS, like RELENG_0_5_5 which seems newer.
thanks
Hi Luca,
take a look at here: http://openser.org/dokuwiki/doku.php/troubleshooting:radius
maybe you find something to help you.
regards, bogdan
Luca Corti wrote:
Hello,
I'm having a hard time getting RADIUS auth to work at all. I've reached the point where I am debugging the network traffic with tshark.
I can see RADIUS packets generated from the openser box for accounting, but no RADIUS authentication packets are sent. Also, it seems no response comes back from the RADIUS server even for accounting requests. radclient against my radius server returns me an Access-Reject at least and the tshark dump contains auth request and response.
OpenSER 1.1.1 tells me:
Feb 6 17:27:04 openser openser[22596]: rc_send_server: no reply from RADIUS server
I suspect the issues lie in the radiusclient-ng layer. I'm using radiusclient-ng from Debian Etch (0.5.3-2), but I see many branches in CVS, like RELENG_0_5_5 which seems newer.
thanks
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
On Wed, 2007-02-07 at 17:03 +0200, Bogdan-Andrei Iancu wrote:
Hello,
SIP-AVP is present in the dictionary used by radiusclient-ng.
radiusclient-ng configuration files are readable by the user OpenSER is running as.
I don't even reach the authentication stage, so the DIgest-User-Password issue is not relevant here.
thanks a lot for you help. Unfortunately it seems this is not what causes my problems.
ciao
Luca
Hi Luca,
have you checked if the auth server address is also configured?
http://www.openser.org/docs/openser-radius-1.0.x.html#radiusclient_ng_config...
regards, bogdan
Luca Corti wrote:
On Wed, 2007-02-07 at 17:03 +0200, Bogdan-Andrei Iancu wrote:
Hello,
SIP-AVP is present in the dictionary used by radiusclient-ng.
radiusclient-ng configuration files are readable by the user OpenSER is running as.
I don't even reach the authentication stage, so the DIgest-User-Password issue is not relevant here.
thanks a lot for you help. Unfortunately it seems this is not what causes my problems.
ciao
Luca
On Thu, 2007-02-08 at 11:22 +0200, Bogdan-Andrei Iancu wrote:
Hi Luca,
Hello Bogdan,
have you checked if the auth server address is also configured? http://www.openser.org/docs/openser-radius-1.0.x.html#radiusclient_ng_config...
yes, I have
authserver radius1 authserver radius2 acctserver radius1 acctserver radius2
in my radiusclient.conf file. Also if I run openser under strace I can see that there are attempts to send requests to the radius server. Some accounting requests for NOTIFY messages are received by the RADIUS server, but no authentication requests.
ciao
Luca
On Thu, 2007-02-08 at 10:42 +0100, Luca Corti wrote:
in my radiusclient.conf file. Also if I run openser under strace I can see that there are attempts to send requests to the radius server. Some accounting requests for NOTIFY messages are received by the RADIUS server, but no authentication requests.
It seems having loaded domain.so but not having my sip realm in the domain table broke radius authentication. It is now working.
Thanks a lot for all your support.
Luca
oh...so radius auth was never triggered because the received realm was not matching any of the local domains....
regards, bogdan
Luca Corti wrote:
On Thu, 2007-02-08 at 10:42 +0100, Luca Corti wrote:
in my radiusclient.conf file. Also if I run openser under strace I can see that there are attempts to send requests to the radius server. Some accounting requests for NOTIFY messages are received by the RADIUS server, but no authentication requests.
It seems having loaded domain.so but not having my sip realm in the domain table broke radius authentication. It is now working.
Thanks a lot for all your support.
Luca
-
Bogdan-Andrei Iancu -
Luca Corti