[Serusers] Seruser - Radius authentication - sr-users

23 Sep 2003

      I am also using Ser with Radius and finally got the Radiusclient, Radius and
Ser to all talk together. The only issue I have is that the radius server is
not sending back what the radiusclient it looking for in order to tell Ser to
authenticate the user (I hope that isn't too confusing).
The lines affecting radius in my ser.cfg are
modparam("auth_radius","radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
route{
     log(1,"logging so message came in");
if (uri=~"solaas.com") {
     log(1,"sip_2 ip came through");
if (method=="REGISTER") {
     log(1,"register go through");
# Uncomment this if you want to use digest authentication
   if (!radius_www_authorize("")) {
    www_challenge("","0");
     log(1,"request came in");
    break;
   };
save("location");
   break;
  };
}
I can add my radiusclient.conf file if it will help you..
my users file for the radius server looks like this:
xxxxxxxxxx@sip.server.com Auth-Type := Digest, User-Password == "1234"
    Reply-Message  = "Authenticated"
Hope that helps and also let me know if anyone sees anything wrong with my
radius setup so I can finally authenticate.
Steve
...
Message: 1
Date: Tue, 23 Sep 2003 11:24:11 -0500
From: "Steve Dolloff" sdolloff@noc.dls.net
Subject: RE: [Serusers] Troubles setting up radius authentication
To: "Jan Janak" jan@iptel.org
Cc: Serusers serusers@lists.iptel.org
Message-ID:
        ADCFA6B7CA0C754EB837B423E5A521D2543512@mailbox.noc.dls.net
Content-Type: text/plain;       charset="us-ascii"
Yes, I have added the SIP definitions to the radiusclient library.  It
is the dictionary file defined in the radiusclient.conf file as
/etc/sip_dictionary.  It was created using the dictionary file from
radiusclient and adding the information from the link that you refered
to.

Hello,
if there is no radius traffic then radiusclient library has some
problems when buiding the request. Did you extend your radius dictionary
as described in http://iptel.org/ser/ser_radius.html ?
Jan.
On 23-09 10:38, Steve Dolloff wrote:
...
I am trying to switch from database authentication to radius
authentication.
I have compiled and installed the module.
I have added the following to my ser.cfg
modparam("auth_radius", "radius_config", "/etc/ser/radiusclient.conf")
modparam("auth_radius", "service_type",15)
                    if (method=="REGISTER") {
                            log(1,"authenticating");
                            if (!radius_www_authorize("test.net"))

{
...
                                    log(1,"radius auth failure");
                                    www_challenge("test.net",

"0");
...
                                    break;
                            };

I have configured the following in /etc/ser/radiusclient.conf
authserver      radius1.test.net:1812
authserver      radius2.test.net:1812
servers         /etc/servers
dictionary      /etc/sip_dictionary
I have configured the following in /etc/servers
Radius1.test.net      secret
Radius2.test.net      secret2
I get the following in my messages log.
Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: authenticating
Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: radius auth failure
Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: authenticating
Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: radius auth failure
Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: authenticating
Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: radius auth failure
Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: authenticating
Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: radius auth failure
Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: authenticating
Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: radius auth failure
And ngrep port 1812 shows no traffic at all.  Where are these auth
request going?  How can I get more debug info?
Thanks for your help.
Stephen

Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers

Message: 2
Date: Tue, 23 Sep 2003 11:30:07 -0500
From: "Steve Dolloff" sdolloff@noc.dls.net
Subject: RE: [Serusers] Troubles setting up radius authentication
To: "Jan Janak" jan@iptel.org
Cc: Serusers serusers@lists.iptel.org
Message-ID:
        ADCFA6B7CA0C754EB837B423E5A521D2543513@mailbox.noc.dls.net
Content-Type: text/plain;       charset="us-ascii"
Here is a copy of the stderr if I run from console.
8(27147) qm_free(0x80bf800, 0x80cbc6c), called from parser/parse_via.c:
free_via_list(1973)
 8(27147) qm_free: freeing frag. 0x80cbc54 alloc'ed from
parser/msg_parser.c: get_hdr_field(109)
 8(27147) qm_free(0x80bf800, 0x80cbd10), called from parser/hf.c:
free_hdr_field_lst(170)
 8(27147) qm_free: freeing frag. 0x80cbcf8 alloc'ed from
parser/msg_parser.c: parse_headers(276)
 8(27147) qm_free(0x80bf800, 0x80cbc1c), called from parser/hf.c:
free_hdr_field_lst(170)
 8(27147) qm_free: freeing frag. 0x80cbc04 alloc'ed from
parser/msg_parser.c: parse_headers(276)
 8(27147) qm_free(0x80bf800, 0x80cbdb0), called from parser/parse_to.c:
free_to(778)
 8(27147) qm_free: freeing frag. 0x80cbd98 alloc'ed from
parser/msg_parser.c: get_hdr_field(149)
 8(27147) qm_free(0x80bf800, 0x80cbe04), called from parser/hf.c:
free_hdr_field_lst(170)
 8(27147) qm_free: freeing frag. 0x80cbdec alloc'ed from
parser/msg_parser.c: parse_headers(276)
 8(27147) qm_free(0x80bf800, 0x80cbd60), called from parser/hf.c:
free_hdr_field_lst(170)
 8(27147) qm_free: freeing frag. 0x80cbd48 alloc'ed from
parser/msg_parser.c: parse_headers(276)
 8(27147) qm_free(0x80bf800, 0x80c9da8), called from
parser/parse_cseq.c: free_cseq(102)
 8(27147) qm_free: freeing frag. 0x80c9d90 alloc'ed from
parser/msg_parser.c: get_hdr_field(128)
 8(27147) qm_free(0x80bf800, 0x80cbe54), called from parser/hf.c:
free_hdr_field_lst(170)
 8(27147) qm_free: freeing frag. 0x80cbe3c alloc'ed from
parser/msg_parser.c: parse_headers(276)
 8(27147) qm_free(0x80bf800, 0x80cc0d8), called from
parser/parse_param.c: do_free_params(420)
 8(27147) qm_free: freeing frag. 0x80cc0c0 alloc'ed from
parser/parse_param.c: parse_params(337)
 8(27147) qm_free(0x80bf800, 0x80cc084), called from
parser/contact/contact.c: free_contacts(293)
 8(27147) qm_free: freeing frag. 0x80cc06c alloc'ed from
parser/contact/contact.c: parse_contacts(194)
 8(27147) qm_free(0x80bf800, 0x80ca3cc), called from
parser/contact/parse_contact.c: free_contact(109)
 8(27147) qm_free: freeing frag. 0x80ca3b4 alloc'ed from
parser/contact/parse_contact.c: parse_contact(81)
 8(27147) qm_free(0x80bf800, 0x80cbea4), called from parser/hf.c:
free_hdr_field_lst(170)
 8(27147) qm_free: freeing frag. 0x80cbe8c alloc'ed from
parser/msg_parser.c: parse_headers(276)
 8(27147) qm_free(0x80bf800, 0x80cbef4), called from parser/hf.c:
free_hdr_field_lst(170)
 8(27147) qm_free: freeing frag. 0x80cbedc alloc'ed from
parser/msg_parser.c: parse_headers(276)
 8(27147) qm_free(0x80bf800, 0x80cbf44), called from parser/hf.c:
free_hdr_field_lst(170)
 8(27147) qm_free: freeing frag. 0x80cbf2c alloc'ed from
parser/msg_parser.c: parse_headers(276)
 8(27147) qm_free(0x80bf800, 0x80cbf94), called from parser/hf.c:
free_hdr_field_lst(170)
 8(27147) qm_free: freeing frag. 0x80cbf7c alloc'ed from
parser/msg_parser.c: parse_headers(276)
 8(27147) qm_free(0x80bf800, 0x80c8934), called from data_lump.c:
free_lump(321)
 8(27147) qm_free: freeing frag. 0x80c891c alloc'ed from mf_funcs.c:
add_maxfwd_header(131)
 8(27147) qm_free(0x80bf800, 0x80cbfe4), called from data_lump.c:
free_lump_list(346)
 8(27147) qm_free: freeing frag. 0x80cbfcc alloc'ed from data_lump.c:
insert_new_lump_before(136)
 8(27147) qm_free(0x80bf800, 0x80cc034), called from data_lump.c:
free_lump_list(357)
 8(27147) qm_free: freeing frag. 0x80cc01c alloc'ed from data_lump.c:
anchor_lump(292)
 8(27147) qm_free(0x80bf800, 0x80cc174), called from data_lump.c:
free_lump(321)
 8(27147) qm_free: freeing frag. 0x80cc15c alloc'ed from nathelper.c:
fix_nated_contact_f(204)
 8(27147) qm_free(0x80bf800, 0x80cc124), called from data_lump.c:
free_lump_list(352)
 8(27147) qm_free: freeing frag. 0x80cc10c alloc'ed from data_lump.c:
insert_new_lump_after(111)
 8(27147) qm_free(0x80bf800, 0x80cc1dc), called from data_lump.c:
free_lump_list(357)
 8(27147) qm_free: freeing frag. 0x80cc1c4 alloc'ed from data_lump.c:
del_lump(262)
 8(27147) qm_free(0x80bf800, 0x80cc35c), called from data_lump_rpl.c:
free_lump_rpl(84)
 8(27147) qm_free: freeing frag. 0x80cc344 alloc'ed from
data_lump_rpl.c: build_lump_rpl(47)
 8(27147) qm_free(0x80bf800, 0x80c9cf0), called from data_lump_rpl.c:
free_lump_rpl(85)
 8(27147) qm_free: freeing frag. 0x80c9cd8 alloc'ed from
data_lump_rpl.c: build_lump_rpl(40)
 8(27147) qm_free(0x80bf800, 0x80cb918), called from receive.c:
receive_msg(187)
 8(27147) qm_free: freeing frag. 0x80cb900 alloc'ed from receive.c:
receive_msg(78)
-----Original Message-----
From: Jan Janak [mailto:jan@iptel.org]
Sent: Tuesday, September 23, 2003 10:45 AM
To: Steve Dolloff
Cc: Serusers
Subject: Re: [Serusers] Troubles setting up radius authentication
Hello,
if there is no radius traffic then radiusclient library has some
problems when buiding the request. Did you extend your radius dictionary
as described in http://iptel.org/ser/ser_radius.html ?
Jan.
On 23-09 10:38, Steve Dolloff wrote:
...
I am trying to switch from database authentication to radius
authentication.
I have compiled and installed the module.
I have added the following to my ser.cfg
modparam("auth_radius", "radius_config", "/etc/ser/radiusclient.conf")
modparam("auth_radius", "service_type",15)
                    if (method=="REGISTER") {
                            log(1,"authenticating");
                            if (!radius_www_authorize("test.net"))

{
...
                                    log(1,"radius auth failure");
                                    www_challenge("test.net",

"0");
...
                                    break;
                            };

I have configured the following in /etc/ser/radiusclient.conf
authserver      radius1.test.net:1812
authserver      radius2.test.net:1812
servers         /etc/servers
dictionary      /etc/sip_dictionary
I have configured the following in /etc/servers
Radius1.test.net      secret
Radius2.test.net      secret2
I get the following in my messages log.
Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: authenticating
Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: radius auth failure
Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: authenticating
Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: radius auth failure
Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: authenticating
Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: radius auth failure
Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: authenticating
Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: radius auth failure
Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: authenticating
Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: radius auth failure
And ngrep port 1812 shows no traffic at all.  Where are these auth
request going?  How can I get more debug info?
Thanks for your help.
Stephen

Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers

Message: 3
Date: Tue, 23 Sep 2003 18:30:35 +0200
From: Jan Janak jan@iptel.org
Subject: Re: [Serusers] Troubles setting up radius authentication
To: Steve Dolloff sdolloff@noc.dls.net
Cc: Serusers serusers@lists.iptel.org
Message-ID: 20030923163035.GJ766@localhost.localdomain
Content-Type: text/plain; charset=iso-8859-2
Hello,
...
From the information below I can't say where the problem is, but I would
say some attribute definitions are missing.
Unfortunatelly the stable version of auth_radius module doesn't print
much debugging messages when something goes wrong.
Did you compile your server from sources or do you use binary packages ?
You can try unstable version branch from the CVS, that should tell you
where the problem is, or I can send you a patch to stable version if you
can apply it and compile from sources.
Jan.
On 23-09 11:24, Steve Dolloff wrote:
...
Yes, I have added the SIP definitions to the radiusclient library.  It
is the dictionary file defined in the radiusclient.conf file as
/etc/sip_dictionary.  It was created using the dictionary file from
radiusclient and adding the information from the link that you refered
to.

Hello,
if there is no radius traffic then radiusclient library has some
problems when buiding the request. Did you extend your radius dictionary
as described in http://iptel.org/ser/ser_radius.html ?
Jan.
On 23-09 10:38, Steve Dolloff wrote:
...
I am trying to switch from database authentication to radius
authentication.
I have compiled and installed the module.
I have added the following to my ser.cfg
modparam("auth_radius", "radius_config", "/etc/ser/radiusclient.conf")
modparam("auth_radius", "service_type",15)
                    if (method=="REGISTER") {
                            log(1,"authenticating");
                            if (!radius_www_authorize("test.net"))

{
...
                                    log(1,"radius auth failure");
                                    www_challenge("test.net",

"0");
...
                                    break;
                            };

I have configured the following in /etc/ser/radiusclient.conf
authserver      radius1.test.net:1812
authserver      radius2.test.net:1812
servers         /etc/servers
dictionary      /etc/sip_dictionary
I have configured the following in /etc/servers
Radius1.test.net    secret
Radius2.test.net    secret2
I get the following in my messages log.
Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: authenticating
Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: radius auth failure
Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: authenticating
Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: radius auth failure
Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: authenticating
Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: radius auth failure
Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: authenticating
Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: radius auth failure
Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: authenticating
Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: radius auth failure
And ngrep port 1812 shows no traffic at all.  Where are these auth
request going?  How can I get more debug info?
Thanks for your help.
Stephen

Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers

Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers

Message: 4
Date: Tue, 23 Sep 2003 11:39:53 -0500
From: "Steve Dolloff" sdolloff@noc.dls.net
Subject: RE: [Serusers] Troubles setting up radius authentication
To: "Jan Janak" jan@iptel.org
Cc: Serusers serusers@lists.iptel.org
Message-ID:
        ADCFA6B7CA0C754EB837B423E5A521D2543514@mailbox.noc.dls.net
Content-Type: text/plain;       charset="us-ascii"
This is my current info.
ser -V
version: ser 0.8.12dev-t16 (i386/linux)
flags: STATS:Off, USE_IPV6, USE_TCP, DISABLE_NAGLE, DNS_IP_HACK,
SHM_MEM, SHM_MMAP, PKG_MALLOC, DBG_QM_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535
@(#) $Id: main.c,v 1.167 2003/07/07 14:08:26 jiri Exp $
main.c compiled on 10:02:36 Sep 11 2003 with gcc 3.2
this was built from source off of CVS.  If there is a newer version that
would give more info, I will recompile.
Stephen
Hello,
...
From the information below I can't say where the problem is, but I would
say some attribute definitions are missing.
Unfortunatelly the stable version of auth_radius module doesn't print
much debugging messages when something goes wrong.
Did you compile your server from sources or do you use binary packages ?
You can try unstable version branch from the CVS, that should tell you
where the problem is, or I can send you a patch to stable version if you
can apply it and compile from sources.
Jan.
On 23-09 11:24, Steve Dolloff wrote:
...
Yes, I have added the SIP definitions to the radiusclient library.  It
is the dictionary file defined in the radiusclient.conf file as
/etc/sip_dictionary.  It was created using the dictionary file from
radiusclient and adding the information from the link that you refered
to.

Hello,
if there is no radius traffic then radiusclient library has some
problems when buiding the request. Did you extend your radius
dictionary
...
as described in http://iptel.org/ser/ser_radius.html ?
Jan.
On 23-09 10:38, Steve Dolloff wrote:
...
I am trying to switch from database authentication to radius
authentication.
I have compiled and installed the module.
I have added the following to my ser.cfg
modparam("auth_radius", "radius_config",
"/etc/ser/radiusclient.conf")
...
...
modparam("auth_radius", "service_type",15)
                    if (method=="REGISTER") {
                            log(1,"authenticating");
                            if

(!radius_www_authorize("test.net"))
...
{
...
                                    log(1,"radius auth

failure");
...
...
                                    www_challenge("test.net",

"0");
...
                                    break;
                            };

I have configured the following in /etc/ser/radiusclient.conf
authserver      radius1.test.net:1812
authserver      radius2.test.net:1812
servers         /etc/servers
dictionary      /etc/sip_dictionary
I have configured the following in /etc/servers
Radius1.test.net    secret
Radius2.test.net    secret2
I get the following in my messages log.
Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: authenticating
Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: radius auth failure
Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: authenticating
Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: radius auth failure
Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: authenticating
Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: radius auth failure
Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: authenticating
Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: radius auth failure
Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: authenticating
Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: radius auth failure
And ngrep port 1812 shows no traffic at all.  Where are these auth
request going?  How can I get more debug info?
Thanks for your help.
Stephen

Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers

Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers

Message: 5
Date: Tue, 23 Sep 2003 18:40:34 +0200
From: Jan Janak jan@iptel.org
Subject: Re: [Serusers] Troubles setting up radius authentication
To: Steve Dolloff sdolloff@noc.dls.net
Cc: Serusers serusers@lists.iptel.org
Message-ID: 20030923164034.GK766@localhost.localdomain
Content-Type: text/plain; charset=iso-8859-2
Hello,
this should be recent enough. Try to look for messages like this:
sterman(): Unable to add PW_DIGEST_REALM attribute
(see sip_router/modules/auth_radius/sterman.c for more details).
The file contains functions that build and send radius messages.
Jan.
On 23-09 11:39, Steve Dolloff wrote:
...
This is my current info.
ser -V
version: ser 0.8.12dev-t16 (i386/linux)
flags: STATS:Off, USE_IPV6, USE_TCP, DISABLE_NAGLE, DNS_IP_HACK,
SHM_MEM, SHM_MMAP, PKG_MALLOC, DBG_QM_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535
@(#) $Id: main.c,v 1.167 2003/07/07 14:08:26 jiri Exp $
main.c compiled on 10:02:36 Sep 11 2003 with gcc 3.2
this was built from source off of CVS.  If there is a newer version that
would give more info, I will recompile.
Stephen
Hello,
...
From the information below I can't say where the problem is, but I would
say some attribute definitions are missing.
Unfortunatelly the stable version of auth_radius module doesn't print
much debugging messages when something goes wrong.
Did you compile your server from sources or do you use binary packages ?
You can try unstable version branch from the CVS, that should tell you
where the problem is, or I can send you a patch to stable version if you
can apply it and compile from sources.
Jan.
On 23-09 11:24, Steve Dolloff wrote:
...
Yes, I have added the SIP definitions to the radiusclient library.  It
is the dictionary file defined in the radiusclient.conf file as
/etc/sip_dictionary.  It was created using the dictionary file from
radiusclient and adding the information from the link that you refered
to.

Hello,
if there is no radius traffic then radiusclient library has some
problems when buiding the request. Did you extend your radius
dictionary
...
as described in http://iptel.org/ser/ser_radius.html ?
Jan.
On 23-09 10:38, Steve Dolloff wrote:
...
I am trying to switch from database authentication to radius
authentication.
I have compiled and installed the module.
I have added the following to my ser.cfg
modparam("auth_radius", "radius_config",
"/etc/ser/radiusclient.conf")
...
...
modparam("auth_radius", "service_type",15)
                    if (method=="REGISTER") {
                            log(1,"authenticating");
                            if

(!radius_www_authorize("test.net"))
...
{
...
                                    log(1,"radius auth

failure");
...
...
                                    www_challenge("test.net",

"0");
...
                                    break;
                            };

I have configured the following in /etc/ser/radiusclient.conf
authserver      radius1.test.net:1812
authserver      radius2.test.net:1812
servers         /etc/servers
dictionary      /etc/sip_dictionary
I have configured the following in /etc/servers
Radius1.test.net  secret
Radius2.test.net  secret2
I get the following in my messages log.
Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: authenticating
Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: radius auth failure
Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: authenticating
Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: radius auth failure
Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: authenticating
Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: radius auth failure
Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: authenticating
Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: radius auth failure
Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: authenticating
Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: radius auth failure
And ngrep port 1812 shows no traffic at all.  Where are these auth
request going?  How can I get more debug info?
Thanks for your help.
Stephen

Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers

Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers

Message: 6
Date: Tue, 23 Sep 2003 18:46:27 +0200
From: Jan Janak jan@iptel.org
Subject: Re: [Serusers] Troubles setting up radius authentication
To: Steve Dolloff sdolloff@noc.dls.net
Cc: Serusers serusers@lists.iptel.org
Message-ID: 20030923164627.GL766@localhost.localdomain
Content-Type: text/plain; charset=iso-8859-2
Looking at modification time of sterman.c I realized that your
sources are not recent enough. The file was last modified on September
12 and you built your server on September 11, so please try to update
from the cvs, at least auth_radius module.
Jan.
On 23-09 11:39, Steve Dolloff wrote:
...
This is my current info.
ser -V
version: ser 0.8.12dev-t16 (i386/linux)
flags: STATS:Off, USE_IPV6, USE_TCP, DISABLE_NAGLE, DNS_IP_HACK,
SHM_MEM, SHM_MMAP, PKG_MALLOC, DBG_QM_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535
@(#) $Id: main.c,v 1.167 2003/07/07 14:08:26 jiri Exp $
main.c compiled on 10:02:36 Sep 11 2003 with gcc 3.2
this was built from source off of CVS.  If there is a newer version that
would give more info, I will recompile.
Stephen
Hello,
...
From the information below I can't say where the problem is, but I would
say some attribute definitions are missing.
Unfortunatelly the stable version of auth_radius module doesn't print
much debugging messages when something goes wrong.
Did you compile your server from sources or do you use binary packages ?
You can try unstable version branch from the CVS, that should tell you
where the problem is, or I can send you a patch to stable version if you
can apply it and compile from sources.
Jan.
On 23-09 11:24, Steve Dolloff wrote:
...
Yes, I have added the SIP definitions to the radiusclient library.  It
is the dictionary file defined in the radiusclient.conf file as
/etc/sip_dictionary.  It was created using the dictionary file from
radiusclient and adding the information from the link that you refered
to.

Hello,
if there is no radius traffic then radiusclient library has some
problems when buiding the request. Did you extend your radius
dictionary
...
as described in http://iptel.org/ser/ser_radius.html ?
Jan.
On 23-09 10:38, Steve Dolloff wrote:
...
I am trying to switch from database authentication to radius
authentication.
I have compiled and installed the module.
I have added the following to my ser.cfg
modparam("auth_radius", "radius_config",
"/etc/ser/radiusclient.conf")
...
...
modparam("auth_radius", "service_type",15)
                    if (method=="REGISTER") {
                            log(1,"authenticating");
                            if

(!radius_www_authorize("test.net"))
...
{
...
                                    log(1,"radius auth

failure");
...
...
                                    www_challenge("test.net",

"0");
...
                                    break;
                            };

I have configured the following in /etc/ser/radiusclient.conf
authserver      radius1.test.net:1812
authserver      radius2.test.net:1812
servers         /etc/servers
dictionary      /etc/sip_dictionary
I have configured the following in /etc/servers
Radius1.test.net  secret
Radius2.test.net  secret2
I get the following in my messages log.
Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: authenticating
Sep 23 10:39:03 voip2 /usr/sbin/ser[25945]: radius auth failure
Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: authenticating
Sep 23 10:39:30 voip2 /usr/sbin/ser[25947]: radius auth failure
Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: authenticating
Sep 23 10:39:30 voip2 /usr/sbin/ser[25949]: radius auth failure
Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: authenticating
Sep 23 10:39:34 voip2 /usr/sbin/ser[25948]: radius auth failure
Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: authenticating
Sep 23 10:39:34 voip2 /usr/sbin/ser[25945]: radius auth failure
And ngrep port 1812 shows no traffic at all.  Where are these auth
request going?  How can I get more debug info?
Thanks for your help.
Stephen

Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers

Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers

Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
End of Serusers Digest, Vol 5, Issue 50

--
Steven R. Bunin - Managing Partner
SOLAAS LLC
10 East 39th Street
Suite 1125
New York, NY 10016
(+001) 212-532-6700
Cellular: 646-739-7000
Fax (+001) 212-532-6776
http://www.solaas.com
--
This e-mail may contain confidential and/or privileged information. If you are
not the intended recipient (or have received this e-mail in error) please
notify the sender immediately and destroy this e-mail. Any unauthorized
copying, disclosure or distribution of the material in this e-mail is strictly
forbidden.