New subject: [Serusers] SER & freeradius !

15 Mar 2004


      Hello Daniel-Constantin Mierla & List
Very interesting that when I've commented out the line about to
authentification, e.g:
if (!radius_www_authorize("fptnet.vn")) {
     www_challenge("fptnet.vn", "0");
     break;
    };
it works ! SIPPC can registred with SER !
What am I wrong ?
Please HELP !
Multiple thanks & regards,
Anton
----- Original Message ----- 
From: "Anton" antontran@fptnet.com.vn
To: daniel@iptel.org
Cc: serusers@lists.iptel.org
Sent: Monday, March 15, 2004 11:34 AM
Subject: Re: [Serusers] SER & freeradius !
...
Hello Daniel-Constantin Mierla & List
I've followed your advice, and still not see any reply from ser when
monitor
...
net traffic by ethereal .
Please, help me configure SER.
Thank you very much & best regard
Anton
PS:  Here is my ser.cfg:
debug=3
fork=yes
log_stderror=yes
check_via=no # (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
alias="fptnet.vn"
alias="hnluat.edu"
alias="sgluat.edu"
alias="sg.fptnet.com"
alias="fptnet.com"
#loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
#loadmodule "/usr/local/lib/ser/modules/uri_radius.so"
#loadmodule "/usr/local/lib/ser/modules/uri.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
#loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
#loadmodule "/usr/local/lib/ser/modules/acc.so"
loadmodule "/usr/local/lib/ser/modules/xlog.so"
modparam("usrloc", "db_mode",   0)
#modparam("uri_radius", "service_type", 11)
modparam("rr", "enable_full_lr", 1)
modparam("auth_radius", "radius_config",
"/usr/local/etc/radiusclient/radiusclient.conf")
#modparam("acc", "radius_config",
"/usr/local/etc/radiusclient/radiusclient.conf")
#modparam("xlog", "buf_size", 8192)
###
#modparam("acc", "log_level", 1)
#modparam("acc", "log_flag", 1)
#modparam("acc", "radius_flag", 1)
modparam("tm", "fr_inv_timer", 15 )
modparam("tm", "fr_timer", 10 )
modparam("auth", "secret", "testing123")
modparam("auth_radius", "service_type", 15)
###
route{
if (!mf_process_maxfwd_header("10")) {
  sl_send_reply("483","Too Many Hops");
  break;
 };
# if ( msg:len > max_len ) {
#  sl_send_reply("513", "Message too big");
#  break;
# };
record_route();
 if (loose_route()) {
  t_relay();
  break;
 };
if (uri==myself) {
  xlog("L_ERR", " method <%rm> <%fu> <%tu>\n");
  if (method=="REGISTER") {
   # if (!www_authorize("mydomain", "subscriber")) {
   if (!radius_www_authorize("fptnet.vn")) {
    www_challenge("fptnet.vn", "0");
    break;
   };
save("location");
   break;
  };
setflag(1);
  if (method=="INVITE") record_route();
if (method=="REGISTER") {
         log(1, "REGISTER received\n");
         } else {
                 log(1, "non-REGISTER received\n");
         };
         if (uri=~"sip:.*[@:]fptnet.vn") {
                 log(1, "request for fptnet.vn\n");
         } else {
                 log(1, "request for other domain received\n");
         };
if (!lookup("location")) {
   sl_send_reply("404", "Not Found");
   break;
  };
 #};
  if (!t_relay()) {
   sl_reply_error();
  };
};
}
=============================
----- Original Message ----- 
From: "Daniel-Constantin Mierla" daniel@iptel.org
To: "Anton" antontran@fptnet.com.vn
Cc: serusers@lists.iptel.org
Sent: Friday, March 12, 2004 5:07 PM
Subject: Re: [Serusers] SER & freeradius !
...
Hello,
it might be possible that the condition uri=~"fptnet.vn" does not match.
It is better to use uri==myself and put alias="fptnet.vn" and other
hostnames you may have just below the line fifo="/tmp/ser_fifo".
If still doesnt work, watch the network (using ngrep or ethereal) and
see how the SIP messages are routed. Also you can set log_stderror=yes,
start ser from a console and you will be able to see lot of debug
messages.
...
.Daniel
On 3/12/2004 4:22 AM, Anton wrote:
...
Hello List,
Please help me!
I've installed Ser & followed the RADIUS Howto in ser website.
Every thing seems to run, but radius is idle all the time, SIPPS
cannot registre with SER.
Here is my ser.cfg file
What I'm wrong ?
Any info is appreciated,
Best regards,
Anton
=============================ser.cfg file ===============
debug=7
fork=yes
log_stderror=no
check_via=no # (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
#loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
#loadmodule "/usr/local/lib/ser/modules/uri_radius.so"
#loadmodule "/usr/local/lib/ser/modules/uri.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
#loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
#loadmodule "/usr/local/lib/ser/modules/acc.so"
loadmodule "/usr/local/lib/ser/modules/xlog.so"
modparam("usrloc", "db_mode",   0)
#modparam("uri_radius", "service_type", 11)
modparam("rr", "enable_full_lr", 1)
modparam("auth_radius", "radius_config",
"/usr/local/etc/radiusclient/radiusclient.conf")
#modparam("acc", "radius_config",
"/usr/local/etc/radiusclient/radiusclient.conf")
#modparam("xlog", "buf_size", 8192)
###
#modparam("acc", "log_level", 1)
#modparam("acc", "log_flag", 1)
#modparam("acc", "radius_flag", 1)
modparam("tm", "fr_inv_timer", 15 )
modparam("tm", "fr_timer", 10 )
modparam("auth", "secret", "testing123")
modparam("auth_radius", "service_type", 15)
###
route{
if (!mf_process_maxfwd_header("10")) {
      sl_send_reply("483","Too Many Hops");
      break;
 };

# if ( msg:len > max_len ) {
#  sl_send_reply("513", "Message too big");
#  break;
# };
 record_route();
 if (loose_route()) {
      t_relay();
      break;
 };

 if (uri=~"fptnet.vn") {
      xlog("L_ERR", " method <%rm> <%fu> <%tu>\n");
      if (method=="REGISTER") {

# if (!www_authorize("mydomain", "subscriber")) {
               if (!radius_www_authorize("fptnet.com.vn")) {
                    www_challenge("fptnet.com.vn", "0");
                    break;
               };
           save("location");
           break;
      };

      setflag(1);
      if (method=="INVITE") record_route();

      if (method=="REGISTER") {
         log(1, "REGISTER received\n");
         } else {
             log(1, "non-REGISTER received\n");
         };
     if (uri=~"sip:.*[@:]fptnet.vn") {
             log(1, "request for fptnet.vn\n");
     } else {
             log(1, "request for other domain received\n");
     };


if (!lookup("location")) {
   sl_send_reply("404", "Not Found");
   break;
  };
 #};
  if (!t_relay()) {
   sl_reply_error();
  };
};
}

...
...

Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers