Hello Daniel-Constantin Mierla & List
Very interesting that when I've commented out the line about to authentification, e.g:
if (!radius_www_authorize("fptnet.vn")) { www_challenge("fptnet.vn", "0"); break; };
it works ! SIPPC can registred with SER !
What am I wrong ? Please HELP ! Multiple thanks & regards, Anton
----- Original Message ----- From: "Anton" antontran@fptnet.com.vn To: daniel@iptel.org Cc: serusers@lists.iptel.org Sent: Monday, March 15, 2004 11:34 AM Subject: Re: [Serusers] SER & freeradius !
Hello Daniel-Constantin Mierla & List
I've followed your advice, and still not see any reply from ser when
monitor
net traffic by ethereal .
Please, help me configure SER. Thank you very much & best regard Anton
PS: Here is my ser.cfg:
debug=3 fork=yes log_stderror=yes
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo" alias="fptnet.vn" alias="hnluat.edu" alias="sgluat.edu" alias="sg.fptnet.com" alias="fptnet.com"
#loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" #loadmodule "/usr/local/lib/ser/modules/uri_radius.so" #loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/auth.so" #loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" #loadmodule "/usr/local/lib/ser/modules/acc.so" loadmodule "/usr/local/lib/ser/modules/xlog.so"
modparam("usrloc", "db_mode", 0) #modparam("uri_radius", "service_type", 11) modparam("rr", "enable_full_lr", 1) modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") #modparam("acc", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") #modparam("xlog", "buf_size", 8192)
### #modparam("acc", "log_level", 1) #modparam("acc", "log_flag", 1) #modparam("acc", "radius_flag", 1) modparam("tm", "fr_inv_timer", 15 ) modparam("tm", "fr_timer", 10 ) modparam("auth", "secret", "testing123") modparam("auth_radius", "service_type", 15) ###
route{
if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; # if ( msg:len > max_len ) { # sl_send_reply("513", "Message too big"); # break; # };
record_route(); if (loose_route()) { t_relay(); break; };
if (uri==myself) { xlog("L_ERR", " method <%rm> <%fu> <%tu>\n"); if (method=="REGISTER") { # if (!www_authorize("mydomain", "subscriber")) { if (!radius_www_authorize("fptnet.vn")) { www_challenge("fptnet.vn", "0"); break; };
save("location"); break; };
setflag(1); if (method=="INVITE") record_route();
if (method=="REGISTER") { log(1, "REGISTER received\n"); } else { log(1, "non-REGISTER received\n"); }; if (uri=~"sip:.*[@:]fptnet.vn") { log(1, "request for fptnet.vn\n"); } else { log(1, "request for other domain received\n"); };
if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; #}; if (!t_relay()) { sl_reply_error(); };
}; }
=============================
----- Original Message ----- From: "Daniel-Constantin Mierla" daniel@iptel.org To: "Anton" antontran@fptnet.com.vn Cc: serusers@lists.iptel.org Sent: Friday, March 12, 2004 5:07 PM Subject: Re: [Serusers] SER & freeradius !
Hello, it might be possible that the condition uri=~"fptnet.vn" does not match. It is better to use uri==myself and put alias="fptnet.vn" and other hostnames you may have just below the line fifo="/tmp/ser_fifo".
If still doesnt work, watch the network (using ngrep or ethereal) and see how the SIP messages are routed. Also you can set log_stderror=yes, start ser from a console and you will be able to see lot of debug
messages.
.Daniel
On 3/12/2004 4:22 AM, Anton wrote:
Hello List,
Please help me! I've installed Ser & followed the RADIUS Howto in ser website. Every thing seems to run, but radius is idle all the time, SIPPS cannot registre with SER.
Here is my ser.cfg file
What I'm wrong ? Any info is appreciated, Best regards, Anton
=============================ser.cfg file ===============
debug=7 fork=yes log_stderror=no
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo"
#loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" #loadmodule "/usr/local/lib/ser/modules/uri_radius.so" #loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/auth.so" #loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" #loadmodule "/usr/local/lib/ser/modules/acc.so" loadmodule "/usr/local/lib/ser/modules/xlog.so"
modparam("usrloc", "db_mode", 0) #modparam("uri_radius", "service_type", 11) modparam("rr", "enable_full_lr", 1) modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") #modparam("acc", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") #modparam("xlog", "buf_size", 8192)
### #modparam("acc", "log_level", 1) #modparam("acc", "log_flag", 1) #modparam("acc", "radius_flag", 1) modparam("tm", "fr_inv_timer", 15 ) modparam("tm", "fr_timer", 10 ) modparam("auth", "secret", "testing123") modparam("auth_radius", "service_type", 15) ###
route{
if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; };# if ( msg:len > max_len ) { # sl_send_reply("513", "Message too big"); # break; # };
record_route(); if (loose_route()) { t_relay(); break; }; if (uri=~"fptnet.vn") { xlog("L_ERR", " method <%rm> <%fu> <%tu>\n"); if (method=="REGISTER") {# if (!www_authorize("mydomain", "subscriber")) { if (!radius_www_authorize("fptnet.com.vn")) { www_challenge("fptnet.com.vn", "0"); break; };
save("location"); break; }; setflag(1); if (method=="INVITE") record_route(); if (method=="REGISTER") { log(1, "REGISTER received\n"); } else { log(1, "non-REGISTER received\n"); }; if (uri=~"sip:.*[@:]fptnet.vn") { log(1, "request for fptnet.vn\n"); } else { log(1, "request for other domain received\n"); };if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; #}; if (!t_relay()) { sl_reply_error(); };
}; }
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Send us a sample of REGISTER/401 sequence that SIPPC sends to ser when the authentication is on.
.Daniel
On 3/15/2004 8:20 AM, Anton wrote:
Hello Daniel-Constantin Mierla & List
Very interesting that when I've commented out the line about to authentification, e.g:
if (!radius_www_authorize("fptnet.vn")) { www_challenge("fptnet.vn", "0"); break; };
it works ! SIPPC can registred with SER !
What am I wrong ? Please HELP ! Multiple thanks & regards, Anton
----- Original Message ----- From: "Anton" antontran@fptnet.com.vn To: daniel@iptel.org Cc: serusers@lists.iptel.org Sent: Monday, March 15, 2004 11:34 AM Subject: Re: [Serusers] SER & freeradius !
Hello Daniel-Constantin Mierla & List
I've followed your advice, and still not see any reply from ser when
monitor
net traffic by ethereal .
Please, help me configure SER. Thank you very much & best regard Anton
PS: Here is my ser.cfg:
debug=3 fork=yes log_stderror=yes
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo" alias="fptnet.vn" alias="hnluat.edu" alias="sgluat.edu" alias="sg.fptnet.com" alias="fptnet.com"
#loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" #loadmodule "/usr/local/lib/ser/modules/uri_radius.so" #loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/auth.so" #loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" #loadmodule "/usr/local/lib/ser/modules/acc.so" loadmodule "/usr/local/lib/ser/modules/xlog.so"
modparam("usrloc", "db_mode", 0) #modparam("uri_radius", "service_type", 11) modparam("rr", "enable_full_lr", 1) modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") #modparam("acc", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") #modparam("xlog", "buf_size", 8192)
### #modparam("acc", "log_level", 1) #modparam("acc", "log_flag", 1) #modparam("acc", "radius_flag", 1) modparam("tm", "fr_inv_timer", 15 ) modparam("tm", "fr_timer", 10 ) modparam("auth", "secret", "testing123") modparam("auth_radius", "service_type", 15) ###
route{
if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; # if ( msg:len > max_len ) { # sl_send_reply("513", "Message too big"); # break; # };
record_route(); if (loose_route()) { t_relay(); break; };
if (uri==myself) { xlog("L_ERR", " method <%rm> <%fu> <%tu>\n"); if (method=="REGISTER") { # if (!www_authorize("mydomain", "subscriber")) { if (!radius_www_authorize("fptnet.vn")) { www_challenge("fptnet.vn", "0"); break; };
save("location"); break; };
setflag(1); if (method=="INVITE") record_route();
if (method=="REGISTER") { log(1, "REGISTER received\n"); } else { log(1, "non-REGISTER received\n"); }; if (uri=~"sip:.*[@:]fptnet.vn") { log(1, "request for fptnet.vn\n"); } else { log(1, "request for other domain received\n"); };
if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; #}; if (!t_relay()) { sl_reply_error(); };
}; }
=============================
----- Original Message ----- From: "Daniel-Constantin Mierla" daniel@iptel.org To: "Anton" antontran@fptnet.com.vn Cc: serusers@lists.iptel.org Sent: Friday, March 12, 2004 5:07 PM Subject: Re: [Serusers] SER & freeradius !
Hello, it might be possible that the condition uri=~"fptnet.vn" does not match. It is better to use uri==myself and put alias="fptnet.vn" and other hostnames you may have just below the line fifo="/tmp/ser_fifo".
If still doesnt work, watch the network (using ngrep or ethereal) and see how the SIP messages are routed. Also you can set log_stderror=yes, start ser from a console and you will be able to see lot of debug
messages.
.Daniel
On 3/12/2004 4:22 AM, Anton wrote:
Hello List,
Please help me! I've installed Ser & followed the RADIUS Howto in ser website. Every thing seems to run, but radius is idle all the time, SIPPS cannot registre with SER.
Here is my ser.cfg file
What I'm wrong ? Any info is appreciated, Best regards, Anton
=============================ser.cfg file ===============
debug=7 fork=yes log_stderror=no
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo"
#loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" #loadmodule "/usr/local/lib/ser/modules/uri_radius.so" #loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/auth.so" #loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" #loadmodule "/usr/local/lib/ser/modules/acc.so" loadmodule "/usr/local/lib/ser/modules/xlog.so"
modparam("usrloc", "db_mode", 0) #modparam("uri_radius", "service_type", 11) modparam("rr", "enable_full_lr", 1) modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") #modparam("acc", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") #modparam("xlog", "buf_size", 8192)
### #modparam("acc", "log_level", 1) #modparam("acc", "log_flag", 1) #modparam("acc", "radius_flag", 1) modparam("tm", "fr_inv_timer", 15 ) modparam("tm", "fr_timer", 10 ) modparam("auth", "secret", "testing123") modparam("auth_radius", "service_type", 15) ###
route{
if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; # if ( msg:len > max_len ) { # sl_send_reply("513", "Message too big"); # break; # };
record_route(); if (loose_route()) { t_relay(); break; }; if (uri=~"fptnet.vn") { xlog("L_ERR", " method <%rm> <%fu> <%tu>\n"); if (method=="REGISTER") {# if (!www_authorize("mydomain", "subscriber")) { if (!radius_www_authorize("fptnet.com.vn")) { www_challenge("fptnet.com.vn", "0"); break; };
save("location"); break; }; setflag(1); if (method=="INVITE") record_route(); if (method=="REGISTER") { log(1, "REGISTER received\n"); } else { log(1, "non-REGISTER received\n"); }; if (uri=~"sip:.*[@:]fptnet.vn") { log(1, "request for fptnet.vn\n"); } else { log(1, "request for other domain received\n"); };if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; #}; if (!t_relay()) { sl_reply_error(); };
}; }
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Anton -
Daniel-Constantin Mierla