Jan,
Just checked that and both my client and server files match in terms of the secret. I also
did a
test using XTradius on a different server. I need to update that XTradius with the ser
dictionary
and it might work, as of now the XTradius is saying it is not receiving a password.
Steve
Jan Janak wrote:
Check that you really configured the same shared
secret in the
radiusclient library and the radius server. I remember I had the same
problem when I accidentally misconfigured the secret.
Jan.
On 23-09 13:11, Steven R. Bunin wrote:
> Hi Jan,
>
> I am running freeradius with the -X and it is sending back whatever message I place
in my
> "Reply-message = ..." field.
>
> here is the output..
>
> rlm_eap: EAP-Message not found
> rlm_digest: Converting Digest-Attributes to something sane...
> Digest-User-Name = "17182681152"
> Digest-Realm = "sip2.solaas.com"
> Digest-Nonce = "3f70740aca7efa44e94e91a8df73c19d5c4318fc"
> Digest-URI = "sip:sip2.solaas.com"
> Digest-Method = "REGISTER"
> rlm_digest: Adding Auth-Type = DIGEST
> Sending Access-Accept of id 138 to 127.0.0.1:33966
> rad_recv: Access-Request packet from host 127.0.0.1:33966, id=139,
> length=227
> User-Name = "17182681152(a)sip2.solaas.com"
> Digest-Attributes = 0x0a0d3137313832363831313532
> Digest-Attributes = 0x0111736970322e736f6c6161732e636f6d
> Digest-Attributes =
>
0x022a33663730373434376537393537646530346662333637643335373333643436613631366435616564
> Digest-Attributes = 0x04157369703a736970322e736f6c6161732e636f6d
> Digest-Attributes = 0x030a5245474953544552
> Digest-Response = "1c54b2afbdd7ea6b401e20e056c22ebe"
> Service-Type = IAPP-Register
> X-Ascend-PW-Lifetime = 0x3137313832363831313532
> NAS-IP-Address = 127.0.0.1
> NAS-Port = 5060
> rlm_eap: EAP-Message not found
> rlm_digest: Converting Digest-Attributes to something sane...
> Digest-User-Name = "17182681152"
> Digest-Realm = "sip2.solaas.com"
> Digest-Nonce = "3f707447e7957de04fb367d35733d46a616d5aed"
> Digest-URI = "sip:sip2.solaas.com"
> Digest-Method = "REGISTER"
> rlm_digest: Adding Auth-Type = DIGEST
> Sending Access-Accept of id 139 to 127.0.0.1:33966
>
> As you can see, there is an Access-Accept being sent.. but my Xten-Pro sipphone is
receiving
> an Unauthorized message from SER (based on my ethereal packet sniffer).
>
> Steve
>
>
> Jan Janak wrote:
>
> > Hello,
> >
> > I suppose you are using freeradius server. Start it with -X option and
> > see the output.
> >
> > Jan.
> >
> > On 23-09 13:01, Steven R. Bunin wrote:
> > > I am also using Ser with Radius and finally got the Radiusclient, Radius
and
> > > Ser to all talk together. The only issue I have is that the radius server
is
> > > not sending back what the radiusclient it looking for in order to tell Ser
to
> > > authenticate the user (I hope that isn't too confusing).
> > >
> > > The lines affecting radius in my ser.cfg are
> > >
modparam("auth_radius","radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
> > >
> > > route{
> > > log(1,"logging so message came in");
> > >
> > > if (uri=~"solaas.com") {
> > > log(1,"sip_2 ip came through");
> > >
> > > if (method=="REGISTER") {
> > > log(1,"register go through");
> > >
> > > # Uncomment this if you want to use digest authentication
> > > if (!radius_www_authorize("")) {
> > > www_challenge("","0");
> > > log(1,"request came in");
> > > break;
> > > };
> > >
> > > save("location");
> > > break;
> > > };
> > > }
> > >
> > > I can add my radiusclient.conf file if it will help you..
> > >
> > > my users file for the radius server looks like this:
> > >
> > > xxxxxxxxxx(a)sip.server.com Auth-Type := Digest, User-Password ==
"1234"
> > > Reply-Message = "Authenticated"
> > >
> > > Hope that helps and also let me know if anyone sees anything wrong with
my
> > > radius setup so I can finally authenticate.
> > >
> > > Steve
> > >
> > > >
> > > > Message: 1
> > > > Date: Tue, 23 Sep 2003 11:24:11 -0500
> > > > From: "Steve Dolloff" <sdolloff(a)noc.dls.net>
> > > > Subject: RE: [Serusers] Troubles setting up radius authentication
> > > > To: "Jan Janak" <jan(a)iptel.org>
> > > > Cc: Serusers <serusers(a)lists.iptel.org>
> > > > Message-ID:
> > > >
<ADCFA6B7CA0C754EB837B423E5A521D2543512(a)mailbox.noc.dls.net>
> > > > Content-Type: text/plain; charset="us-ascii"
> > > >
> > > > Yes, I have added the SIP definitions to the radiusclient library.
It
> > > > is the dictionary file defined in the radiusclient.conf file as
> > > > /etc/sip_dictionary. It was created using the dictionary file from
> > > > radiusclient and adding the information from the link that you
refered
> > > > to.
> > > >
> > > > -----------------------
> > > >
> > > > Hello,
> > > >
> > > > if there is no radius traffic then radiusclient library has some
> > > > problems when buiding the request. Did you extend your radius
dictionary
> > > > as described in
http://iptel.org/ser/ser_radius.html ?
> > > >
> > > > Jan.
> > > >
> > > > On 23-09 10:38, Steve Dolloff wrote:
> > > > > I am trying to switch from database authentication to radius
> > > > > authentication.
> > > > >
> > > > > I have compiled and installed the module.
> > > > >
> > > > > I have added the following to my ser.cfg
> > > > >
> > > > > modparam("auth_radius", "radius_config",
"/etc/ser/radiusclient.conf")
> > > > > modparam("auth_radius", "service_type",15)
> > > > >
> > > > > if (method=="REGISTER") {
> > > > >
log(1,"authenticating");
> > > > > if
(!radius_www_authorize("test.net"))
> > > > {
> > > > > log(1,"radius auth
failure");
> > > > >
www_challenge("test.net",
> > > > "0");
> > > > > break;
> > > > > };
> > > > >
> > > > > I have configured the following in /etc/ser/radiusclient.conf
> > > > > authserver radius1.test.net:1812
> > > > > authserver radius2.test.net:1812
> > > > > servers /etc/servers
> > > > > dictionary /etc/sip_dictionary
> > > > >
> > > > > I have configured the following in /etc/servers
> > > > >
> > > > >
Radius1.test.net secret
> > > > >
Radius2.test.net secret2
> > > > >
> > > > > I get the following in my messages log.
> > > > >
> > > > > Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: authenticating
> > > > > Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: radius auth failure
> > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: authenticating
> > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: radius auth failure
> > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: authenticating
> > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: radius auth failure
> > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: authenticating
> > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: radius auth failure
> > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: authenticating
> > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: radius auth failure
> > > > >
> > > > > And ngrep port 1812 shows no traffic at all. Where are these
auth
> > > > > request going? How can I get more debug info?
> > > > >
> > > > > Thanks for your help.
> > > > >
> > > > > Stephen
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > Serusers mailing list
> > > > > serusers(a)lists.iptel.org
> > > > >
http://lists.iptel.org/mailman/listinfo/serusers
> > > >
> > > > ------------------------------
> > > >
> > > > Message: 2
> > > > Date: Tue, 23 Sep 2003 11:30:07 -0500
> > > > From: "Steve Dolloff" <sdolloff(a)noc.dls.net>
> > > > Subject: RE: [Serusers] Troubles setting up radius authentication
> > > > To: "Jan Janak" <jan(a)iptel.org>
> > > > Cc: Serusers <serusers(a)lists.iptel.org>
> > > > Message-ID:
> > > >
<ADCFA6B7CA0C754EB837B423E5A521D2543513(a)mailbox.noc.dls.net>
> > > > Content-Type: text/plain; charset="us-ascii"
> > > >
> > > > Here is a copy of the stderr if I run from console.
> > > >
> > > > 8(27147) qm_free(0x80bf800, 0x80cbc6c), called from
parser/parse_via.c:
> > > > free_via_list(1973)
> > > > 8(27147) qm_free: freeing frag. 0x80cbc54 alloc'ed from
> > > > parser/msg_parser.c: get_hdr_field(109)
> > > > 8(27147) qm_free(0x80bf800, 0x80cbd10), called from parser/hf.c:
> > > > free_hdr_field_lst(170)
> > > > 8(27147) qm_free: freeing frag. 0x80cbcf8 alloc'ed from
> > > > parser/msg_parser.c: parse_headers(276)
> > > > 8(27147) qm_free(0x80bf800, 0x80cbc1c), called from parser/hf.c:
> > > > free_hdr_field_lst(170)
> > > > 8(27147) qm_free: freeing frag. 0x80cbc04 alloc'ed from
> > > > parser/msg_parser.c: parse_headers(276)
> > > > 8(27147) qm_free(0x80bf800, 0x80cbdb0), called from
parser/parse_to.c:
> > > > free_to(778)
> > > > 8(27147) qm_free: freeing frag. 0x80cbd98 alloc'ed from
> > > > parser/msg_parser.c: get_hdr_field(149)
> > > > 8(27147) qm_free(0x80bf800, 0x80cbe04), called from parser/hf.c:
> > > > free_hdr_field_lst(170)
> > > > 8(27147) qm_free: freeing frag. 0x80cbdec alloc'ed from
> > > > parser/msg_parser.c: parse_headers(276)
> > > > 8(27147) qm_free(0x80bf800, 0x80cbd60), called from parser/hf.c:
> > > > free_hdr_field_lst(170)
> > > > 8(27147) qm_free: freeing frag. 0x80cbd48 alloc'ed from
> > > > parser/msg_parser.c: parse_headers(276)
> > > > 8(27147) qm_free(0x80bf800, 0x80c9da8), called from
> > > > parser/parse_cseq.c: free_cseq(102)
> > > > 8(27147) qm_free: freeing frag. 0x80c9d90 alloc'ed from
> > > > parser/msg_parser.c: get_hdr_field(128)
> > > > 8(27147) qm_free(0x80bf800, 0x80cbe54), called from parser/hf.c:
> > > > free_hdr_field_lst(170)
> > > > 8(27147) qm_free: freeing frag. 0x80cbe3c alloc'ed from
> > > > parser/msg_parser.c: parse_headers(276)
> > > > 8(27147) qm_free(0x80bf800, 0x80cc0d8), called from
> > > > parser/parse_param.c: do_free_params(420)
> > > > 8(27147) qm_free: freeing frag. 0x80cc0c0 alloc'ed from
> > > > parser/parse_param.c: parse_params(337)
> > > > 8(27147) qm_free(0x80bf800, 0x80cc084), called from
> > > > parser/contact/contact.c: free_contacts(293)
> > > > 8(27147) qm_free: freeing frag. 0x80cc06c alloc'ed from
> > > > parser/contact/contact.c: parse_contacts(194)
> > > > 8(27147) qm_free(0x80bf800, 0x80ca3cc), called from
> > > > parser/contact/parse_contact.c: free_contact(109)
> > > > 8(27147) qm_free: freeing frag. 0x80ca3b4 alloc'ed from
> > > > parser/contact/parse_contact.c: parse_contact(81)
> > > > 8(27147) qm_free(0x80bf800, 0x80cbea4), called from parser/hf.c:
> > > > free_hdr_field_lst(170)
> > > > 8(27147) qm_free: freeing frag. 0x80cbe8c alloc'ed from
> > > > parser/msg_parser.c: parse_headers(276)
> > > > 8(27147) qm_free(0x80bf800, 0x80cbef4), called from parser/hf.c:
> > > > free_hdr_field_lst(170)
> > > > 8(27147) qm_free: freeing frag. 0x80cbedc alloc'ed from
> > > > parser/msg_parser.c: parse_headers(276)
> > > > 8(27147) qm_free(0x80bf800, 0x80cbf44), called from parser/hf.c:
> > > > free_hdr_field_lst(170)
> > > > 8(27147) qm_free: freeing frag. 0x80cbf2c alloc'ed from
> > > > parser/msg_parser.c: parse_headers(276)
> > > > 8(27147) qm_free(0x80bf800, 0x80cbf94), called from parser/hf.c:
> > > > free_hdr_field_lst(170)
> > > > 8(27147) qm_free: freeing frag. 0x80cbf7c alloc'ed from
> > > > parser/msg_parser.c: parse_headers(276)
> > > > 8(27147) qm_free(0x80bf800, 0x80c8934), called from data_lump.c:
> > > > free_lump(321)
> > > > 8(27147) qm_free: freeing frag. 0x80c891c alloc'ed from
mf_funcs.c:
> > > > add_maxfwd_header(131)
> > > > 8(27147) qm_free(0x80bf800, 0x80cbfe4), called from data_lump.c:
> > > > free_lump_list(346)
> > > > 8(27147) qm_free: freeing frag. 0x80cbfcc alloc'ed from
data_lump.c:
> > > > insert_new_lump_before(136)
> > > > 8(27147) qm_free(0x80bf800, 0x80cc034), called from data_lump.c:
> > > > free_lump_list(357)
> > > > 8(27147) qm_free: freeing frag. 0x80cc01c alloc'ed from
data_lump.c:
> > > > anchor_lump(292)
> > > > 8(27147) qm_free(0x80bf800, 0x80cc174), called from data_lump.c:
> > > > free_lump(321)
> > > > 8(27147) qm_free: freeing frag. 0x80cc15c alloc'ed from
nathelper.c:
> > > > fix_nated_contact_f(204)
> > > > 8(27147) qm_free(0x80bf800, 0x80cc124), called from data_lump.c:
> > > > free_lump_list(352)
> > > > 8(27147) qm_free: freeing frag. 0x80cc10c alloc'ed from
data_lump.c:
> > > > insert_new_lump_after(111)
> > > > 8(27147) qm_free(0x80bf800, 0x80cc1dc), called from data_lump.c:
> > > > free_lump_list(357)
> > > > 8(27147) qm_free: freeing frag. 0x80cc1c4 alloc'ed from
data_lump.c:
> > > > del_lump(262)
> > > > 8(27147) qm_free(0x80bf800, 0x80cc35c), called from
data_lump_rpl.c:
> > > > free_lump_rpl(84)
> > > > 8(27147) qm_free: freeing frag. 0x80cc344 alloc'ed from
> > > > data_lump_rpl.c: build_lump_rpl(47)
> > > > 8(27147) qm_free(0x80bf800, 0x80c9cf0), called from
data_lump_rpl.c:
> > > > free_lump_rpl(85)
> > > > 8(27147) qm_free: freeing frag. 0x80c9cd8 alloc'ed from
> > > > data_lump_rpl.c: build_lump_rpl(40)
> > > > 8(27147) qm_free(0x80bf800, 0x80cb918), called from receive.c:
> > > > receive_msg(187)
> > > > 8(27147) qm_free: freeing frag. 0x80cb900 alloc'ed from
receive.c:
> > > > receive_msg(78)
> > > >
> > > > -----Original Message-----
> > > > From: Jan Janak [mailto:jan@iptel.org]
> > > > Sent: Tuesday, September 23, 2003 10:45 AM
> > > > To: Steve Dolloff
> > > > Cc: Serusers
> > > > Subject: Re: [Serusers] Troubles setting up radius authentication
> > > >
> > > > Hello,
> > > >
> > > > if there is no radius traffic then radiusclient library has some
> > > > problems when buiding the request. Did you extend your radius
dictionary
> > > > as described in
http://iptel.org/ser/ser_radius.html ?
> > > >
> > > > Jan.
> > > >
> > > > On 23-09 10:38, Steve Dolloff wrote:
> > > > > I am trying to switch from database authentication to radius
> > > > > authentication.
> > > > >
> > > > > I have compiled and installed the module.
> > > > >
> > > > > I have added the following to my ser.cfg
> > > > >
> > > > > modparam("auth_radius", "radius_config",
"/etc/ser/radiusclient.conf")
> > > > > modparam("auth_radius", "service_type",15)
> > > > >
> > > > > if (method=="REGISTER") {
> > > > >
log(1,"authenticating");
> > > > > if
(!radius_www_authorize("test.net"))
> > > > {
> > > > > log(1,"radius auth
failure");
> > > > >
www_challenge("test.net",
> > > > "0");
> > > > > break;
> > > > > };
> > > > >
> > > > > I have configured the following in /etc/ser/radiusclient.conf
> > > > > authserver radius1.test.net:1812
> > > > > authserver radius2.test.net:1812
> > > > > servers /etc/servers
> > > > > dictionary /etc/sip_dictionary
> > > > >
> > > > > I have configured the following in /etc/servers
> > > > >
> > > > >
Radius1.test.net secret
> > > > >
Radius2.test.net secret2
> > > > >
> > > > > I get the following in my messages log.
> > > > >
> > > > > Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: authenticating
> > > > > Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: radius auth failure
> > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: authenticating
> > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: radius auth failure
> > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: authenticating
> > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: radius auth failure
> > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: authenticating
> > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: radius auth failure
> > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: authenticating
> > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: radius auth failure
> > > > >
> > > > > And ngrep port 1812 shows no traffic at all. Where are these
auth
> > > > > request going? How can I get more debug info?
> > > > >
> > > > > Thanks for your help.
> > > > >
> > > > > Stephen
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > Serusers mailing list
> > > > > serusers(a)lists.iptel.org
> > > > >
http://lists.iptel.org/mailman/listinfo/serusers
> > > >
> > > > ------------------------------
> > > >
> > > > Message: 3
> > > > Date: Tue, 23 Sep 2003 18:30:35 +0200
> > > > From: Jan Janak <jan(a)iptel.org>
> > > > Subject: Re: [Serusers] Troubles setting up radius authentication
> > > > To: Steve Dolloff <sdolloff(a)noc.dls.net>
> > > > Cc: Serusers <serusers(a)lists.iptel.org>
> > > > Message-ID: <20030923163035.GJ766(a)localhost.localdomain>
> > > > Content-Type: text/plain; charset=iso-8859-2
> > > >
> > > > Hello,
> > > >
> > > > >From the information below I can't say where the problem is,
but I would
> > > > say some attribute definitions are missing.
> > > >
> > > > Unfortunatelly the stable version of auth_radius module doesn't
print
> > > > much debugging messages when something goes wrong.
> > > >
> > > > Did you compile your server from sources or do you use binary
packages ?
> > > > You can try unstable version branch from the CVS, that should tell
you
> > > > where the problem is, or I can send you a patch to stable version if
you
> > > > can apply it and compile from sources.
> > > >
> > > > Jan.
> > > >
> > > > On 23-09 11:24, Steve Dolloff wrote:
> > > > > Yes, I have added the SIP definitions to the radiusclient
library. It
> > > > > is the dictionary file defined in the radiusclient.conf file as
> > > > > /etc/sip_dictionary. It was created using the dictionary file
from
> > > > > radiusclient and adding the information from the link that you
refered
> > > > > to.
> > > > >
> > > > > -----------------------
> > > > >
> > > > > Hello,
> > > > >
> > > > > if there is no radius traffic then radiusclient library has
some
> > > > > problems when buiding the request. Did you extend your radius
dictionary
> > > > > as described in
http://iptel.org/ser/ser_radius.html ?
> > > > >
> > > > > Jan.
> > > > >
> > > > > On 23-09 10:38, Steve Dolloff wrote:
> > > > > > I am trying to switch from database authentication to
radius
> > > > > > authentication.
> > > > > >
> > > > > > I have compiled and installed the module.
> > > > > >
> > > > > > I have added the following to my ser.cfg
> > > > > >
> > > > > > modparam("auth_radius",
"radius_config", "/etc/ser/radiusclient.conf")
> > > > > > modparam("auth_radius",
"service_type",15)
> > > > > >
> > > > > > if (method=="REGISTER")
{
> > > > > >
log(1,"authenticating");
> > > > > > if
(!radius_www_authorize("test.net"))
> > > > > {
> > > > > > log(1,"radius
auth failure");
> > > > > >
www_challenge("test.net",
> > > > > "0");
> > > > > > break;
> > > > > > };
> > > > > >
> > > > > > I have configured the following in
/etc/ser/radiusclient.conf
> > > > > > authserver radius1.test.net:1812
> > > > > > authserver radius2.test.net:1812
> > > > > > servers /etc/servers
> > > > > > dictionary /etc/sip_dictionary
> > > > > >
> > > > > > I have configured the following in /etc/servers
> > > > > >
> > > > > >
Radius1.test.net secret
> > > > > >
Radius2.test.net secret2
> > > > > >
> > > > > > I get the following in my messages log.
> > > > > >
> > > > > > Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: authenticating
> > > > > > Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: radius auth
failure
> > > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: authenticating
> > > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: radius auth
failure
> > > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: authenticating
> > > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: radius auth
failure
> > > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: authenticating
> > > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: radius auth
failure
> > > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: authenticating
> > > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: radius auth
failure
> > > > > >
> > > > > > And ngrep port 1812 shows no traffic at all. Where are
these auth
> > > > > > request going? How can I get more debug info?
> > > > > >
> > > > > > Thanks for your help.
> > > > > >
> > > > > > Stephen
> > > > > >
> > > > > >
> > > > > > _______________________________________________
> > > > > > Serusers mailing list
> > > > > > serusers(a)lists.iptel.org
> > > > > >
http://lists.iptel.org/mailman/listinfo/serusers
> > > > >
> > > > > _______________________________________________
> > > > > Serusers mailing list
> > > > > serusers(a)lists.iptel.org
> > > > >
http://lists.iptel.org/mailman/listinfo/serusers
> > > >
> > > > ------------------------------
> > > >
> > > > Message: 4
> > > > Date: Tue, 23 Sep 2003 11:39:53 -0500
> > > > From: "Steve Dolloff" <sdolloff(a)noc.dls.net>
> > > > Subject: RE: [Serusers] Troubles setting up radius authentication
> > > > To: "Jan Janak" <jan(a)iptel.org>
> > > > Cc: Serusers <serusers(a)lists.iptel.org>
> > > > Message-ID:
> > > >
<ADCFA6B7CA0C754EB837B423E5A521D2543514(a)mailbox.noc.dls.net>
> > > > Content-Type: text/plain; charset="us-ascii"
> > > >
> > > > This is my current info.
> > > >
> > > > ser -V
> > > > version: ser 0.8.12dev-t16 (i386/linux)
> > > > flags: STATS:Off, USE_IPV6, USE_TCP, DISABLE_NAGLE, DNS_IP_HACK,
> > > > SHM_MEM, SHM_MMAP, PKG_MALLOC, DBG_QM_MALLOC,
FAST_LOCK-ADAPTIVE_WAIT
> > > > ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN
16,
> > > > MAX_URI_SIZE 1024, BUF_SIZE 65535
> > > > @(#) $Id: main.c,v 1.167 2003/07/07 14:08:26 jiri Exp $
> > > > main.c compiled on 10:02:36 Sep 11 2003 with gcc 3.2
> > > >
> > > > this was built from source off of CVS. If there is a newer version
that
> > > > would give more info, I will recompile.
> > > >
> > > > Stephen
> > > >
> > > > Hello,
> > > >
> > > > >From the information below I can't say where the problem is,
but I would
> > > > say some attribute definitions are missing.
> > > >
> > > > Unfortunatelly the stable version of auth_radius module doesn't
print
> > > > much debugging messages when something goes wrong.
> > > >
> > > > Did you compile your server from sources or do you use binary
packages ?
> > > > You can try unstable version branch from the CVS, that should tell
you
> > > > where the problem is, or I can send you a patch to stable version if
you
> > > > can apply it and compile from sources.
> > > >
> > > > Jan.
> > > >
> > > > On 23-09 11:24, Steve Dolloff wrote:
> > > > > Yes, I have added the SIP definitions to the radiusclient
library. It
> > > > > is the dictionary file defined in the radiusclient.conf file as
> > > > > /etc/sip_dictionary. It was created using the dictionary file
from
> > > > > radiusclient and adding the information from the link that you
refered
> > > > > to.
> > > > >
> > > > > -----------------------
> > > > >
> > > > > Hello,
> > > > >
> > > > > if there is no radius traffic then radiusclient library has
some
> > > > > problems when buiding the request. Did you extend your radius
> > > > dictionary
> > > > > as described in
http://iptel.org/ser/ser_radius.html ?
> > > > >
> > > > > Jan.
> > > > >
> > > > > On 23-09 10:38, Steve Dolloff wrote:
> > > > > > I am trying to switch from database authentication to
radius
> > > > > > authentication.
> > > > > >
> > > > > > I have compiled and installed the module.
> > > > > >
> > > > > > I have added the following to my ser.cfg
> > > > > >
> > > > > > modparam("auth_radius",
"radius_config",
> > > > "/etc/ser/radiusclient.conf")
> > > > > > modparam("auth_radius",
"service_type",15)
> > > > > >
> > > > > > if (method=="REGISTER")
{
> > > > > >
log(1,"authenticating");
> > > > > > if
> > > > (!radius_www_authorize("test.net"))
> > > > > {
> > > > > > log(1,"radius
auth
> > > > failure");
> > > > > >
www_challenge("test.net",
> > > > > "0");
> > > > > > break;
> > > > > > };
> > > > > >
> > > > > > I have configured the following in
/etc/ser/radiusclient.conf
> > > > > > authserver radius1.test.net:1812
> > > > > > authserver radius2.test.net:1812
> > > > > > servers /etc/servers
> > > > > > dictionary /etc/sip_dictionary
> > > > > >
> > > > > > I have configured the following in /etc/servers
> > > > > >
> > > > > >
Radius1.test.net secret
> > > > > >
Radius2.test.net secret2
> > > > > >
> > > > > > I get the following in my messages log.
> > > > > >
> > > > > > Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: authenticating
> > > > > > Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: radius auth
failure
> > > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: authenticating
> > > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: radius auth
failure
> > > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: authenticating
> > > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: radius auth
failure
> > > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: authenticating
> > > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: radius auth
failure
> > > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: authenticating
> > > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: radius auth
failure
> > > > > >
> > > > > > And ngrep port 1812 shows no traffic at all. Where are
these auth
> > > > > > request going? How can I get more debug info?
> > > > > >
> > > > > > Thanks for your help.
> > > > > >
> > > > > > Stephen
> > > > > >
> > > > > >
> > > > > > _______________________________________________
> > > > > > Serusers mailing list
> > > > > > serusers(a)lists.iptel.org
> > > > > >
http://lists.iptel.org/mailman/listinfo/serusers
> > > > >
> > > > > _______________________________________________
> > > > > Serusers mailing list
> > > > > serusers(a)lists.iptel.org
> > > > >
http://lists.iptel.org/mailman/listinfo/serusers
> > > >
> > > > ------------------------------
> > > >
> > > > Message: 5
> > > > Date: Tue, 23 Sep 2003 18:40:34 +0200
> > > > From: Jan Janak <jan(a)iptel.org>
> > > > Subject: Re: [Serusers] Troubles setting up radius authentication
> > > > To: Steve Dolloff <sdolloff(a)noc.dls.net>
> > > > Cc: Serusers <serusers(a)lists.iptel.org>
> > > > Message-ID: <20030923164034.GK766(a)localhost.localdomain>
> > > > Content-Type: text/plain; charset=iso-8859-2
> > > >
> > > > Hello,
> > > >
> > > > this should be recent enough. Try to look for messages like this:
> > > >
> > > > sterman(): Unable to add PW_DIGEST_REALM attribute
> > > >
> > > > (see sip_router/modules/auth_radius/sterman.c for more details).
> > > >
> > > > The file contains functions that build and send radius messages.
> > > >
> > > > Jan.
> > > >
> > > > On 23-09 11:39, Steve Dolloff wrote:
> > > > > This is my current info.
> > > > >
> > > > > ser -V
> > > > > version: ser 0.8.12dev-t16 (i386/linux)
> > > > > flags: STATS:Off, USE_IPV6, USE_TCP, DISABLE_NAGLE,
DNS_IP_HACK,
> > > > > SHM_MEM, SHM_MMAP, PKG_MALLOC, DBG_QM_MALLOC,
FAST_LOCK-ADAPTIVE_WAIT
> > > > > ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144,
MAX_LISTEN 16,
> > > > > MAX_URI_SIZE 1024, BUF_SIZE 65535
> > > > > @(#) $Id: main.c,v 1.167 2003/07/07 14:08:26 jiri Exp $
> > > > > main.c compiled on 10:02:36 Sep 11 2003 with gcc 3.2
> > > > >
> > > > > this was built from source off of CVS. If there is a newer
version that
> > > > > would give more info, I will recompile.
> > > > >
> > > > > Stephen
> > > > >
> > > > >
> > > > > Hello,
> > > > >
> > > > > >From the information below I can't say where the problem
is, but I would
> > > > > say some attribute definitions are missing.
> > > > >
> > > > > Unfortunatelly the stable version of auth_radius module
doesn't print
> > > > > much debugging messages when something goes wrong.
> > > > >
> > > > > Did you compile your server from sources or do you use binary
packages ?
> > > > > You can try unstable version branch from the CVS, that should
tell you
> > > > > where the problem is, or I can send you a patch to stable
version if you
> > > > > can apply it and compile from sources.
> > > > >
> > > > > Jan.
> > > > >
> > > > > On 23-09 11:24, Steve Dolloff wrote:
> > > > > > Yes, I have added the SIP definitions to the radiusclient
library. It
> > > > > > is the dictionary file defined in the radiusclient.conf
file as
> > > > > > /etc/sip_dictionary. It was created using the dictionary
file from
> > > > > > radiusclient and adding the information from the link that
you refered
> > > > > > to.
> > > > > >
> > > > > > -----------------------
> > > > > >
> > > > > > Hello,
> > > > > >
> > > > > > if there is no radius traffic then radiusclient library has
some
> > > > > > problems when buiding the request. Did you extend your
radius
> > > > > dictionary
> > > > > > as described in
http://iptel.org/ser/ser_radius.html ?
> > > > > >
> > > > > > Jan.
> > > > > >
> > > > > > On 23-09 10:38, Steve Dolloff wrote:
> > > > > > > I am trying to switch from database authentication to
radius
> > > > > > > authentication.
> > > > > > >
> > > > > > > I have compiled and installed the module.
> > > > > > >
> > > > > > > I have added the following to my ser.cfg
> > > > > > >
> > > > > > > modparam("auth_radius",
"radius_config",
> > > > > "/etc/ser/radiusclient.conf")
> > > > > > > modparam("auth_radius",
"service_type",15)
> > > > > > >
> > > > > > > if
(method=="REGISTER") {
> > > > > > >
log(1,"authenticating");
> > > > > > > if
> > > > > (!radius_www_authorize("test.net"))
> > > > > > {
> > > > > > >
log(1,"radius auth
> > > > > failure");
> > > > > > >
www_challenge("test.net",
> > > > > > "0");
> > > > > > > break;
> > > > > > > };
> > > > > > >
> > > > > > > I have configured the following in
/etc/ser/radiusclient.conf
> > > > > > > authserver radius1.test.net:1812
> > > > > > > authserver radius2.test.net:1812
> > > > > > > servers /etc/servers
> > > > > > > dictionary /etc/sip_dictionary
> > > > > > >
> > > > > > > I have configured the following in /etc/servers
> > > > > > >
> > > > > > >
Radius1.test.net secret
> > > > > > >
Radius2.test.net secret2
> > > > > > >
> > > > > > > I get the following in my messages log.
> > > > > > >
> > > > > > > Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]:
authenticating
> > > > > > > Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: radius
auth failure
> > > > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]:
authenticating
> > > > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: radius
auth failure
> > > > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]:
authenticating
> > > > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: radius
auth failure
> > > > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]:
authenticating
> > > > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: radius
auth failure
> > > > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]:
authenticating
> > > > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: radius
auth failure
> > > > > > >
> > > > > > > And ngrep port 1812 shows no traffic at all. Where
are these auth
> > > > > > > request going? How can I get more debug info?
> > > > > > >
> > > > > > > Thanks for your help.
> > > > > > >
> > > > > > > Stephen
> > > > > > >
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > Serusers mailing list
> > > > > > > serusers(a)lists.iptel.org
> > > > > > >
http://lists.iptel.org/mailman/listinfo/serusers
> > > > > >
> > > > > > _______________________________________________
> > > > > > Serusers mailing list
> > > > > > serusers(a)lists.iptel.org
> > > > > >
http://lists.iptel.org/mailman/listinfo/serusers
> > > >
> > > > ------------------------------
> > > >
> > > > Message: 6
> > > > Date: Tue, 23 Sep 2003 18:46:27 +0200
> > > > From: Jan Janak <jan(a)iptel.org>
> > > > Subject: Re: [Serusers] Troubles setting up radius authentication
> > > > To: Steve Dolloff <sdolloff(a)noc.dls.net>
> > > > Cc: Serusers <serusers(a)lists.iptel.org>
> > > > Message-ID: <20030923164627.GL766(a)localhost.localdomain>
> > > > Content-Type: text/plain; charset=iso-8859-2
> > > >
> > > > Looking at modification time of sterman.c I realized that your
> > > > sources are not recent enough. The file was last modified on
September
> > > > 12 and you built your server on September 11, so please try to
update
> > > > from the cvs, at least auth_radius module.
> > > >
> > > > Jan.
> > > >
> > > > On 23-09 11:39, Steve Dolloff wrote:
> > > > > This is my current info.
> > > > >
> > > > > ser -V
> > > > > version: ser 0.8.12dev-t16 (i386/linux)
> > > > > flags: STATS:Off, USE_IPV6, USE_TCP, DISABLE_NAGLE,
DNS_IP_HACK,
> > > > > SHM_MEM, SHM_MMAP, PKG_MALLOC, DBG_QM_MALLOC,
FAST_LOCK-ADAPTIVE_WAIT
> > > > > ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144,
MAX_LISTEN 16,
> > > > > MAX_URI_SIZE 1024, BUF_SIZE 65535
> > > > > @(#) $Id: main.c,v 1.167 2003/07/07 14:08:26 jiri Exp $
> > > > > main.c compiled on 10:02:36 Sep 11 2003 with gcc 3.2
> > > > >
> > > > > this was built from source off of CVS. If there is a newer
version that
> > > > > would give more info, I will recompile.
> > > > >
> > > > > Stephen
> > > > >
> > > > >
> > > > > Hello,
> > > > >
> > > > > >From the information below I can't say where the problem
is, but I would
> > > > > say some attribute definitions are missing.
> > > > >
> > > > > Unfortunatelly the stable version of auth_radius module
doesn't print
> > > > > much debugging messages when something goes wrong.
> > > > >
> > > > > Did you compile your server from sources or do you use binary
packages ?
> > > > > You can try unstable version branch from the CVS, that should
tell you
> > > > > where the problem is, or I can send you a patch to stable
version if you
> > > > > can apply it and compile from sources.
> > > > >
> > > > > Jan.
> > > > >
> > > > > On 23-09 11:24, Steve Dolloff wrote:
> > > > > > Yes, I have added the SIP definitions to the radiusclient
library. It
> > > > > > is the dictionary file defined in the radiusclient.conf
file as
> > > > > > /etc/sip_dictionary. It was created using the dictionary
file from
> > > > > > radiusclient and adding the information from the link that
you refered
> > > > > > to.
> > > > > >
> > > > > > -----------------------
> > > > > >
> > > > > > Hello,
> > > > > >
> > > > > > if there is no radius traffic then radiusclient library has
some
> > > > > > problems when buiding the request. Did you extend your
radius
> > > > > dictionary
> > > > > > as described in
http://iptel.org/ser/ser_radius.html ?
> > > > > >
> > > > > > Jan.
> > > > > >
> > > > > > On 23-09 10:38, Steve Dolloff wrote:
> > > > > > > I am trying to switch from database authentication to
radius
> > > > > > > authentication.
> > > > > > >
> > > > > > > I have compiled and installed the module.
> > > > > > >
> > > > > > > I have added the following to my ser.cfg
> > > > > > >
> > > > > > > modparam("auth_radius",
"radius_config",
> > > > > "/etc/ser/radiusclient.conf")
> > > > > > > modparam("auth_radius",
"service_type",15)
> > > > > > >
> > > > > > > if
(method=="REGISTER") {
> > > > > > >
log(1,"authenticating");
> > > > > > > if
> > > > > (!radius_www_authorize("test.net"))
> > > > > > {
> > > > > > >
log(1,"radius auth
> > > > > failure");
> > > > > > >
www_challenge("test.net",
> > > > > > "0");
> > > > > > > break;
> > > > > > > };
> > > > > > >
> > > > > > > I have configured the following in
/etc/ser/radiusclient.conf
> > > > > > > authserver radius1.test.net:1812
> > > > > > > authserver radius2.test.net:1812
> > > > > > > servers /etc/servers
> > > > > > > dictionary /etc/sip_dictionary
> > > > > > >
> > > > > > > I have configured the following in /etc/servers
> > > > > > >
> > > > > > >
Radius1.test.net secret
> > > > > > >
Radius2.test.net secret2
> > > > > > >
> > > > > > > I get the following in my messages log.
> > > > > > >
> > > > > > > Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]:
authenticating
> > > > > > > Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: radius
auth failure
> > > > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]:
authenticating
> > > > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: radius
auth failure
> > > > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]:
authenticating
> > > > > > > Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: radius
auth failure
> > > > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]:
authenticating
> > > > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: radius
auth failure
> > > > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]:
authenticating
> > > > > > > Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: radius
auth failure
> > > > > > >
> > > > > > > And ngrep port 1812 shows no traffic at all. Where
are these auth
> > > > > > > request going? How can I get more debug info?
> > > > > > >
> > > > > > > Thanks for your help.
> > > > > > >
> > > > > > > Stephen
> > > > > > >
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > Serusers mailing list
> > > > > > > serusers(a)lists.iptel.org
> > > > > > >
http://lists.iptel.org/mailman/listinfo/serusers
> > > > > >
> > > > > > _______________________________________________
> > > > > > Serusers mailing list
> > > > > > serusers(a)lists.iptel.org
> > > > > >
http://lists.iptel.org/mailman/listinfo/serusers
> > > >
> > > > ------------------------------
> > > >
> > > > _______________________________________________
> > > > Serusers mailing list
> > > > serusers(a)lists.iptel.org
> > > >
http://lists.iptel.org/mailman/listinfo/serusers
> > > >
> > > > End of Serusers Digest, Vol 5, Issue 50
> > > > ***************************************
> > >
> > > --
> > > Steven R. Bunin - Managing Partner
> > >
> > > SOLAAS LLC
> > > 10 East 39th Street
> > > Suite 1125
> > > New York, NY 10016
> > > (+001) 212-532-6700
> > > Cellular: 646-739-7000
> > > Fax (+001) 212-532-6776
> > >
> > >
http://www.solaas.com
> > >
> > > --
> > >
> > > This e-mail may contain confidential and/or privileged information. If you
are
> > > not the intended recipient (or have received this e-mail in error) please
> > > notify the sender immediately and destroy this e-mail. Any unauthorized
> > > copying, disclosure or distribution of the material in this e-mail is
strictly
> > > forbidden.
> > >
> > >
> > > _______________________________________________
> > > Serusers mailing list
> > > serusers(a)lists.iptel.org
> > >
http://lists.iptel.org/mailman/listinfo/serusers
>
> --
> Steven R. Bunin - Managing Partner
>
> SOLAAS LLC
> 10 East 39th Street
> Suite 1125
> New York, NY 10016
> (+001) 212-532-6700
> Cellular: 646-739-7000
> Fax (+001) 212-532-6776
>
>
http://www.solaas.com
>
> --
>
> This e-mail may contain confidential and/or privileged information. If you are not
the
> intended recipient (or have received this e-mail in error) please notify the sender
> immediately and destroy this e-mail. Any unauthorized copying, disclosure or
distribution of
> the material in this e-mail is strictly forbidden.
>
>
--
Steven R. Bunin - Managing Partner
SOLAAS LLC
10 East 39th Street
Suite 1125
New York, NY 10016
(+001) 212-532-6700
Cellular: 646-739-7000
Fax (+001) 212-532-6776
--
This e-mail may contain confidential and/or privileged information. If you are not the
intended
recipient (or have received this e-mail in error) please notify the sender immediately and
destroy
this e-mail. Any unauthorized copying, disclosure or distribution of the material in this
e-mail
is strictly forbidden.