Hi, I am trying to configure openser + freeradius for authentication & accounting. I have my freeradius configured with openldap and it's working successfully. tested with radclient -f digest 127.0.0.1:1812 auth testing123 results are successfull. However I cannot get it to work with openser. I see nothing happening in my "/usr/sbin/radius -X" output coming from openser when i try to register. My enviroment was tested on Fedora 8 and Fedora 9 both with rpm's and same results. auth_radius:radius_authorize_sterman: rc_auth failed no output is seen in my /usr/sbin/radius -X Below please find my openser.cfg & radiusclient.conf & servers ######## radiusclient.conf # General settings # specify which authentication comes first respectively which # authentication is used. possible values are: "radius" and "local". # if you specify "radius,local" then the RADIUS server is asked # first then the local one. if only one keyword is specified only # this server is asked. auth_order radius,local # maximum login tries a user has login_tries 4 # timeout for all login tries # if this time is exceeded the user is kicked out login_timeout 60 # name of the nologin file which when it exists disables logins. # it may be extended by the ttyname which will result in # a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable # logins on /dev/ttyS2) nologin /etc/nologin # name of the issue file. it's only display when no username is passed # on the radlogin command line issue /etc/radiusclient-ng/issue # RADIUS settings # RADIUS server to use for authentication requests. this config # item can appear more then one time. if multiple servers are # defined they are tried in a round robin fashion if one # server is not answering. # optionally you can specify a the port number on which is remote # RADIUS listens separated by a colon from the hostname. if # no port is specified /etc/services is consulted of the radius # service. if this fails also a compiled in default is used. authserver 127.0.0.1 authserver 10.0.0.10 authserver localhost # RADIUS server to use for accouting requests. All that I # said for authserver applies, too. # acctserver 127.0.0.1:1813 # file holding shared secrets used for the communication # between the RADIUS client and server servers /etc/radiusclient-ng/servers # dictionary of allowed attributes and values # just like in the normal RADIUS distributions #dictionary /usr/share/radiusclient-ng/dictionary dictionary /etc/radiusclient-ng/dictionary.openser # program to call for a RADIUS authenticated login login_radius /usr/sbin/login.radius # file which holds sequence number for communication with the # RADIUS server seqfile /var/run/radius.seq # file which specifies mapping between ttyname and NAS-Port attribute mapfile /etc/radiusclient-ng/port-id-map # default authentication realm to append to all usernames if no # realm was explicitly specified by the user # the radiusd directly form Livingston doesnt use any realms, so leave # it blank then default_realm # time to wait for a reply from the RADIUS server radius_timeout 10 # resend request this many times before trying the next server radius_retries 3 # local address from which radius packets have to be sent bindaddr * # LOCAL settings # program to execute for local login # it must support the -f flag for preauthenticated login login_local /bin/login ######################################################## #/etc/radiusclient-ng/servers #Server Name or Client/Server pair Key #---------------- --------------- #portmaster.elemental.net hardlyasecret #portmaster2.elemental.net donttellanyone localhost testing123 127.0.0.1 testing123 10.0.0.10 testing123 ####################################################### ##########openser.cfg # -- rr params -- debug=3 log_stderror=yes log_facility=LOG_LOCAL0 fork=yes children=4 port=5060 # ------------------ module loading ---------------------------------- mpath="/usr/lib/openser/modules/" loadmodule "mysql.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "avpops.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "xlog.so" loadmodule "uri.so" loadmodule "auth.so" loadmodule "auth_radius.so" loadmodule "mi_fifo.so" modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo") # ----------------- setting module-specific parameters --------------- # -- usrloc params -- modparam("usrloc","db_url","mysql://openser:openser@localhost/openser") modparam("usrloc", "db_mode", 2) # -- acc params -- modparam("auth_radius","radius_config","/etc/radiusclient-ng/radiusclient.conf") # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # ------------------------- request routing logic ------------------- # main routing logic route{ # authenticate registers if (method=="REGISTER") { if (!radius_www_authorize("")) { www_challenge("", "0"); exit; }; save("location"); exit; }; route(1); } # generic forward route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; exit; } # Thanks for your help SJX