New subject: [Serusers] radius issue

30 Mar 2004

I am using the Microsoft radius server, but it isn't getting that far yet.
I asked our MS sysadmin, and he is not seeing anythin in the logs.

I didn't provide enough info below as I thought I did.  The client I am
using is MS Messenger 4.7.  When I start SER on the server, it shows
listening for the following:

     Listening on 
       127.0.0.1 [127.0.0.1]:5060
       10.0.2.1 [10.0.2.1]:5060
Aliases: comm01.orau.gov:5060 localhost:5060 localhost.localdomain:5060
comm01:5060 

I did a capture using ethereal, and what comes back is an icmp packet, which
usually indicates SER is not running.  But, ps shows instances of SER
running.

Do you see any issues with the ser.cfg file? 

Scott Morris
Enterprise Network Engineer
DOE - ORAU / ORISE
865-576-4672

-----Original Message-----
From: Daniel-Constantin Mierla [mailto:daniel@iptel.org] 
Sent: Tuesday, March 30, 2004 4:19 AM
To: Morris, Scott
Cc: serusers(a)lists.iptel.org
Subject: Re: [Serusers] radius issue

Have you followed http://iptel.org/ser/doc/ser_radius/ser_radius.html? 
What radius server are you using?

.Daniel

On 03/30/04 00:08, Morris, Scott wrote:

...
  Present Configuration        OS - Redhat ES 3
                                        SER - 8.12 (installed from rpm)
                                        SER radius (installed from rpm)
                                        radius client - 3.25 i586 -
 installed from rpmfind.net

 SER starts, but I receive the message that my signin failed because
 the service is not running.  SER is running, I id a ps and it show 
 sintances of SER running.  I beleive it is my ser.cfg file.  I am not 
 sure where authhentication configuration items begin and end with what 
 I am doing.  I am not using mysql, but want to use radius 
 authentication. I have my ser.cfg below.

 *Scott Morris*
 Enterprise Network Engineer
 DOE - ORAU / ORISE
 865-576-4672

     #
     # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
     #
     # simple quick-start config script
     #

     # ----------- global configuration parameters 
 ------------------------

     #debug=3         # debug level (cmd line: -dddddddddd)
     #fork=yes
     #log_stderror=no        # (cmd line: -E)

     /* Uncomment these lines to enter debugging mode
     debug=7
     fork=no
     log_stderror=yes
     */
     debug=7
     # fork=no
     # log_stderror=yes

     check_via=no    # (cmd. line: -v)
     dns=no           # (cmd. line: -r)
     rev_dns=no      # (cmd. line: -R)
     port=5060
     children=4
     fifo="/tmp/ser_fifo"
     # alias=orau.gov

     # ------------------ module loading 
 ----------------------------------

     # Uncomment this if you want to use SQL database
     #loadmodule "/usr/lib/ser/modules/mysql.so"

     loadmodule "/usr/lib/ser/modules/sl.so"
     loadmodule "/usr/lib/ser/modules/tm.so"
     loadmodule "/usr/lib/ser/modules/rr.so"
     loadmodule "/usr/lib/ser/modules/maxfwd.so"
     loadmodule "/usr/lib/ser/modules/usrloc.so"
     loadmodule "/usr/lib/ser/modules/registrar.so"

     # Uncomment this if you want digest authentication
     # mysql.so must be loaded !
     #loadmodule "/usr/lib/ser/modules/auth.so"
     #loadmodule "/usr/lib/ser/modules/auth_db.so"
     loadmodule "/usr/lib/ser/modules/auth.so"
     loadmodule "/usr/lib/ser/modules/auth_db.so"
     loadmodule "/usr/lib/ser/modules/auth_radius.so"
     # ----------------- setting module-specific parameters 
 ---------------

     # -- usrloc params --

     modparam("usrloc", "db_mode",   0)

     # Uncomment this if you want to use SQL database
     # for persistent storage and comment the previous line
     #modparam("usrloc", "db_mode", 2)

     # -- auth params --
     # Uncomment if you are using auth module
     #
     modparam("auth_db", "calculate_ha1", yes)
     #
     # If you set "calculate_ha1" parameter to yes (which true in this
     config),
     # uncomment also the following parameter)
     #
     modparam("auth_db", "password_column", "password")

     # -- rr params --
     # add value to ;lr param to make some broken UAs happy
     modparam("rr", "enable_full_lr", 1)

     # --auth_radius params
     modparam("auth_radius", "radius_config",
     "/etc/radiusclient/radiusclient.conf")
     modparam("auth_radius", "service_type", 15)
     # -------------------------  request routing logic 
 -------------------

     # main routing logic

     route{

             # initial sanity checks -- messages with
             # max_forwards==0, or excessively long requests
             if (!mf_process_maxfwd_header("10")) {
                     sl_send_reply("483","Too Many Hops");
                     break;
             };
             if ( msg:len > max_len ) {
                     sl_send_reply("513", "Message too big");
                     break;
             };

             # we record-route all messages -- to make sure that
             # subsequent messages will go through our proxy; that's
             # particularly good if upstream and downstream entities
             # use different transport protocol
             record_route();
             # loose-route processing
             if (loose_route()) {
                     t_relay();
                     break;
             };

             # if the request is for other domain use UsrLoc
             # (in case, it does not work, use the following command
             # with proper names and addresses in it)
             if (uri==myself) {

                     if (method=="REGISTER") {

     # Uncomment this if you want to use digest authentication
                             if (!radius_www_authorize("iptel.org")) {
                                     www_challenge("iptel.org", "0");

                                     break;
                             };

                             save("location");
                             break;
                     };

                     # native SIP destinations are handled using our
     USRLOC DB
                     if (!lookup("location")) {
                             sl_send_reply("404", "Not Found");
                             break;
                     };
             };
             # forward to current uri now; use stateful forwarding; that
             # works reliably even if we forward from TCP to UDP
             if (!t_relay()) {
                     sl_reply_error();
             };

     }

-----------------------------------------------------------------------
-

_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

RE: [Serusers] radius issue