I can't have the lines of a linksys pap authenticate on ser, but only if the backend is radius, seems it doesn't like the uri: sip:172.18.1.12 part of the SIP request, with Xlite that part reads uri: sip:2klab.net and radius authenticates ok.
with a mysql backend for auth both uri authenticates well, so I think I'm missing something in radius configuration. (I've followed the RADIUS_howto on iptel.org)
from ser.cfg :
if (uri==myself) {
if (method=="REGISTER") {
if (!radius_www_authorize("2klab.net")) { www_challenge("2klab.net", "0"); break; };
save("location"); break; };
lookup("aliases");
# native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; };
This is the log for a succesful register with mysql auth backend :
6(1885) SIP Request: 6(1885) method: <REGISTER> 6(1885) uri: sip:172.18.1.12 6(1885) version: <SIP/2.0> 6(1885) parse_headers: flags=1 6(1885) Found param type 232, <branch> = <z9hG4bK-1741b415>; state=16 6(1885) end of header reached, state=5 6(1885) parse_headers: Via found, flags=1 6(1885) parse_headers: this is the first via 6(1885) After parse_msg... 6(1885) preparing to run routing scripts... 6(1885) parse_headers: flags=128 6(1885) end of header reached, state=9 6(1885) DEBUG: get_hdr_field: <To> [29]; uri=[sip:2002@172.18.1.12] 6(1885) DEBUG: to body [2002 sip:2002@172.18.1.12 6(1885) get_hdr_field: cseq <CSeq>: <2> <REGISTER> 6(1885) DEBUG:maxfwd:is_maxfwd_present: value = 70 6(1885) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 6(1885) grep_sock_info - checking if host==us: 11==11 && [172.18.1.12] == [172.18.1.12] 6(1885) grep_sock_info - checking if port 5060 matches port 5060 6(1885) parse_headers: flags=4096 6(1885) check_nonce(): comparing [42f6ef654b9c6efc04d7e468746d818f8e1633ab] and [42f6ef654b9c6efc04d7e468746d818f8e1633ab] 6(1885) HA1 string calculated: 9b7a9697157ad673ed341c1aca7c12c5 6(1885) check_response(): Our result = '1f77523c69a80ae921d5e05d8a5e0fcd' 6(1885) check_response(): Authorization is OK 6(1885) save_rpid(): rpid value is '' 6(1885) parse_headers: flags=-1 6(1885) DEBUG: get_hdr_body : content_length=0 6(1885) found end of header 6(1885) parse_headers: flags=33554432 6(1885) build_contact(): Created Contact HF: Contact: sip:2002@172.18.1.13:5061;expires=3600 6(1885) parse_headers: flags=-1 6(1885) check_via_address(172.18.1.13, 172.18.1.13, 0) 6(1885) DEBUG:destroy_avp_list: destroying list (nil) 6(1885) receive_msg: cleaning up
And this one for an unsuccesful register from the same pap client, but radius backend :
9(2042) SIP Request: 9(2042) method: <REGISTER> 9(2042) uri: sip:172.18.1.12 9(2042) version: <SIP/2.0> 9(2042) parse_headers: flags=1 9(2042) Found param type 232, <branch> = <z9hG4bK-80868dab>; state=16 9(2042) end of header reached, state=5 9(2042) parse_headers: Via found, flags=1 9(2042) parse_headers: this is the first via 9(2042) After parse_msg... 9(2042) preparing to run routing scripts... 9(2042) parse_headers: flags=128 9(2042) end of header reached, state=9 9(2042) DEBUG: get_hdr_field: <To> [29]; uri=[sip:2002@172.18.1.12] 9(2042) DEBUG: to body [2002 sip:2002@172.18.1.12 9(2042) get_hdr_field: cseq <CSeq>: <3> <REGISTER> 9(2042) DEBUG:maxfwd:is_maxfwd_present: value = 70 9(2042) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 9(2042) grep_sock_info - checking if host==us: 11==11 && [172.18.1.12] == [172.18.1.12] 9(2042) grep_sock_info - checking if port 5060 matches port 5060 9(2042) parse_headers: flags=4096 9(2042) check_nonce(): comparing [42f6f2f3e9dd51cad68be2927d5863727cd3798a] and [42f6f2f3e9dd51cad68be2927d5863727cd3798a] 9(2042) authorize(): Credentials realm and URI host do not match 9(2042) build_auth_hf(): 'WWW-Authenticate: Digest realm="2klab.net", nonce="42f6f2f3e9dd51cad68be2927d5863727cd3798a" 9(2042) parse_headers: flags=-1 9(2042) DEBUG: get_hdr_body : content_length=0 9(2042) found end of header 9(2042) check_via_address(172.18.1.13, 172.18.1.13, 0) 9(2042) DEBUG:destroy_avp_list: destroying list (nil) 9(2042) receive_msg: cleaning up
seems Xlite sends my domain as uri, and radius likes it :
4(2034) SIP Request: 4(2034) method: <REGISTER> 4(2034) uri: sip:2klab.net 4(2034) version: <SIP/2.0> 4(2034) parse_headers: flags=1 4(2034) Found param type 235, <rport> = <n/a>; state=6 4(2034) Found param type 232, <branch> = <z9hG4bK461FD1B046D3D5FB1FE0012188DF1BB8>; state=16 4(2034) end of header reached, state=5 4(2034) parse_headers: Via found, flags=1 4(2034) parse_headers: this is the first via 4(2034) After parse_msg... 4(2034) preparing to run routing scripts... 4(2034) parse_headers: flags=128 4(2034) end of header reached, state=9 4(2034) DEBUG: get_hdr_field: <To> [29]; uri=[sip:user1@2klab.net] 4(2034) DEBUG: to body [user1 sip:user1@2klab.net 4(2034) get_hdr_field: cseq <CSeq>: <2352> <REGISTER> 4(2034) DEBUG:maxfwd:is_maxfwd_present: value = 70 4(2034) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16 4(2034) grep_sock_info - checking if host==us: 9==11 && [2klab.net] == [172.18.1.12] 4(2034) grep_sock_info - checking if port 5060 matches port 5060 4(2034) grep_sock_info - checking if host==us: 9==11 && [2klab.net] == [172.18.1.12] 4(2034) grep_sock_info - checking if port 5060 matches port 5060 4(2034) check_nonce(): comparing [42f6f204483c60785f0ffd667859ed55b34fad23] and [42f6f204483c60785f0ffd667859ed55b34fad23] 4(2034) radius_authorize_sterman(): Success 4(2034) save_rpid(): rpid value is '' 4(2034) parse_headers: flags=-1 4(2034) DEBUG: get_hdr_body : content_length=0 4(2034) found end of header 4(2034) parse_headers: flags=33554432 4(2034) build_contact(): Created Contact HF: Contact: sip:user1@172.18.1.10:5060;expires=1800 4(2034) parse_headers: flags=-1 4(2034) check_via_address(172.18.1.10, 172.18.1.10, 0) 4(2034) DEBUG:destroy_avp_list: destroying list (nil) 4(2034) receive_msg: cleaning up
-
Simone Cittadini