14 Apr
2005
14 Apr
'05
7:16 a.m.
Hi all
I need a little help with that.
I have installation of ser-0.8.14 and freeradius1.02.
I am checking my register requests with ngrep and it's coming on port
5060 with no problem. The problem is authentication, I can't
authenticate users through radius, freeradius working properly i
checked that with radiusclient, but the register request is not going
through authentication in the radius.( I don't see anything happens in
the radius logs)
If there any way to debug the ser ( i have debug=9 inside ser.cfg). In
order to see what's happening when the request is coming, and if it's
going to the radius or not.
ser.cfg
-----------------------------------
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
--------------------
modparamd"auth_radius",
"radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
modparam("auth_radius", "service_type", 15)
----------------------
if (method=="REGISTER") {
log(1, "REGISTER: Authenticating user\n");
if (!radius_www_authorize("")) {
log(1, "REGISTER: challenging user\n");
www_challenge("", "0");
break;
};
setflag(1);
save("location");
sl_send_reply("200","ok");
break;
};
------------------------
Thanks for any help.
14 Apr
14 Apr
8:08 a.m.
Double-check all your RADIUS config files. Make sure that your authserver
and accserver are set correctly in the radiusclient.conf (especially if the
RADIUS server is on a different machine). Also check the server.conf in
radiusclient-ng and clients.conf in freeredius to make sure that
server/client definitions (including shared key) are correct. The thing that
got me (I run RADIUS on a different server) was the bindaddr parameter in
radiusclient.conf. By default, it only sends RADIUS packets via localhost
(127.0.0.1). I had to set this paramater to the IP address of my NIC.
----- Original Message -----
From: "Alex" <alexandergav(a)gmail.com>
To: <serusers(a)lists.iptel.org>
Sent: Thursday, April 14, 2005 3:16 PM
Subject: [Serusers] Register authentication with ser.
Hi all
I need a little help with that.
I have installation of ser-0.8.14 and freeradius1.02.
I am checking my register requests with ngrep and it's coming on port
5060 with no problem. The problem is authentication, I can't
authenticate users through radius, freeradius working properly i
checked that with radiusclient, but the register request is not going
through authentication in the radius.( I don't see anything happens in
the radius logs)
If there any way to debug the ser ( i have debug=9 inside ser.cfg). In
order to see what's happening when the request is coming, and if it's
going to the radius or not.
ser.cfg
-----------------------------------
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
--------------------
modparamd"auth_radius",
"radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
modparam("auth_radius", "service_type", 15)
----------------------
if (method=="REGISTER") {
log(1, "REGISTER: Authenticating user\n");
if (!radius_www_authorize("")) {
log(1, "REGISTER: challenging user\n");
www_challenge("", "0");
break;
};
setflag(1);
save("location");
sl_send_reply("200","ok");
break;
};
------------------------
Thanks for any help.
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
8:23 a.m.
I am running freeradius on the same host.
authserver localhost
acctserver localhost
the secret is correct.
I checked the radius configuration with radclient (radclient -f digest
localhost auth <secret>) and it's working fine, i see the process in
the logs.
but it's like the the ser not talking to the radius. (BTW i tried to
change the localhost in radiusclient.conf to my ip address of the NIC
- and it's the same nothing happens in the radius when the register
request coming)
here some debug maybe it can help.
----------------------------------------------------------
14(1036) parse_headers: flags=-1
14(1036) check_via_address(62.219.158.191, 62.219.158.191, 1)
14(1036) DEBUG:destroy_avp_list: destroing list (nil)
14(1036) receive_msg: cleaning up
9(1012) SIP Request:
9(1012) method: <REGISTER>
9(1012) uri: <sip:xxx.xxx.xxx.xxx>
9(1012) version: <SIP/2.0>
9(1012) parse_headers: flags=1
9(1012) Found param type 232, <branch> = <z9hG4bKfc5751413c832e6d>;
state=16
9(1012) end of header reached, state=5
9(1012) parse_headers: Via found, flags=1
9(1012) parse_headers: this is the first via
9(1012) After parse_msg...
9(1012) preparing to run routing scripts...
9(1012) REGISTER: Authenticating user
9(1012) parse_headers: flags=4
9(1012) end of header reached, state=9
9(1012) DEBUG: get_hdr_field: <To> [45];
uri=[sip:phonenumber@xxx.xxx.xxx.xxx;user=phone]
9(1012) DEBUG: to body [<sip:phonenumber@xxx.xxx.xxx.xxx;user=phone>
]
9(1012) parse_headers: flags=4096
9(1012) get_hdr_field: cseq <CSeq>: <103> <REGISTER>
9(1012) DEBUG: get_hdr_body : content_length=0
9(1012) found end of header
9(1012) pre_auth(): Credentials with given realm not found
9(1012) REGISTER: challenging user
9(1012) build_auth_hf(): 'WWW-Authenticate: Digest
realm="xxx.xxx.xxx.xxx",
nonce="425e063022afc1142ed6730d46da41692ff3ed57"
Thanks for any help.
On 4/14/05, Rod Bacon <rod.bacon(a)empoweredcomms.com.au> wrote:
Double-check all your RADIUS config files. Make sure
that your authserver
and accserver are set correctly in the radiusclient.conf (especially if the
RADIUS server is on a different machine). Also check the server.conf in
radiusclient-ng and clients.conf in freeredius to make sure that
server/client definitions (including shared key) are correct. The thing that
got me (I run RADIUS on a different server) was the bindaddr parameter in
radiusclient.conf. By default, it only sends RADIUS packets via localhost
(127.0.0.1). I had to set this paramater to the IP address of my NIC.
----- Original Message -----
From: "Alex" <alexandergav(a)gmail.com>
To: <serusers(a)lists.iptel.org>
Sent: Thursday, April 14, 2005 3:16 PM
Subject: [Serusers] Register authentication with ser.
Hi all
I need a little help with that.
I have installation of ser-0.8.14 and freeradius1.02.
I am checking my register requests with ngrep and it's coming on port
5060 with no problem. The problem is authentication, I can't
authenticate users through radius, freeradius working properly i
checked that with radiusclient, but the register request is not going
through authentication in the radius.( I don't see anything happens in
the radius logs)
If there any way to debug the ser ( i have debug=9 inside ser.cfg). In
order to see what's happening when the request is coming, and if it's
going to the radius or not.
ser.cfg
-----------------------------------
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
--------------------
modparamd"auth_radius",
"radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
modparam("auth_radius", "service_type", 15)
----------------------
if (method=="REGISTER") {
log(1, "REGISTER: Authenticating user\n");
if (!radius_www_authorize("")) {
log(1, "REGISTER: challenging user\n");
www_challenge("", "0");
break;
};
setflag(1);
save("location");
sl_send_reply("200","ok");
break;
};
------------------------
Thanks for any help.
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
8:38 a.m.
Alex,
If that's all the debug output you got, ser has just sent the challenge to
yuor client, but it never answers. It's only on the answer to the challenge
that the request is sent to RADIUS.
g-)
Alex wrote:
I am running freeradius on the same host.
authserver localhost
acctserver localhost
the secret is correct.
I checked the radius configuration with radclient (radclient -f digest
localhost auth <secret>) and it's working fine, i see the process in
the logs.
but it's like the the ser not talking to the radius. (BTW i tried to
change the localhost in radiusclient.conf to my ip address of the NIC
- and it's the same nothing happens in the radius when the register
request coming)
here some debug maybe it can help.
----------------------------------------------------------
14(1036) parse_headers: flags=-1
14(1036) check_via_address(62.219.158.191, 62.219.158.191, 1)
14(1036) DEBUG:destroy_avp_list: destroing list (nil)
14(1036) receive_msg: cleaning up
9(1012) SIP Request:
9(1012) method: <REGISTER>
9(1012) uri: <sip:xxx.xxx.xxx.xxx>
9(1012) version: <SIP/2.0>
9(1012) parse_headers: flags=1
9(1012) Found param type 232, <branch> = <z9hG4bKfc5751413c832e6d>;
state=16
9(1012) end of header reached, state=5
9(1012) parse_headers: Via found, flags=1
9(1012) parse_headers: this is the first via
9(1012) After parse_msg...
9(1012) preparing to run routing scripts...
9(1012) REGISTER: Authenticating user
9(1012) parse_headers: flags=4
9(1012) end of header reached, state=9
9(1012) DEBUG: get_hdr_field: <To> [45];
uri=[sip:phonenumber@xxx.xxx.xxx.xxx;user=phone]
9(1012) DEBUG: to body [<sip:phonenumber@xxx.xxx.xxx.xxx;user=phone>
]
9(1012) parse_headers: flags=4096
9(1012) get_hdr_field: cseq <CSeq>: <103> <REGISTER>
9(1012) DEBUG: get_hdr_body : content_length=0
9(1012) found end of header
9(1012) pre_auth(): Credentials with given realm not found
9(1012) REGISTER: challenging user
9(1012) build_auth_hf(): 'WWW-Authenticate: Digest
realm="xxx.xxx.xxx.xxx",
nonce="425e063022afc1142ed6730d46da41692ff3ed57"
Thanks for any help.
On 4/14/05, Rod Bacon <rod.bacon(a)empoweredcomms.com.au> wrote:
Double-check all your RADIUS config files. Make
sure that your
authserver and accserver are set correctly in the radiusclient.conf
(especially if the RADIUS server is on a different machine). Also
check the server.conf in radiusclient-ng and clients.conf in
freeredius to make sure that server/client definitions (including
shared key) are correct. The thing that got me (I run RADIUS on a
different server) was the bindaddr parameter in radiusclient.conf.
By default, it only sends RADIUS packets via localhost (127.0.0.1).
I had to set this paramater to the IP address of my NIC.
----- Original Message -----
From: "Alex" <alexandergav(a)gmail.com>
To: <serusers(a)lists.iptel.org>
Sent: Thursday, April 14, 2005 3:16 PM
Subject: [Serusers] Register authentication with ser.
Hi all
I need a little help with that.
I have installation of ser-0.8.14 and freeradius1.02.
I am checking my register requests with ngrep and it's coming on port
5060 with no problem. The problem is authentication, I can't
authenticate users through radius, freeradius working properly i
checked that with radiusclient, but the register request is not going
through authentication in the radius.( I don't see anything happens
in
the radius logs)
If there any way to debug the ser ( i have debug=9 inside ser.cfg).
In order to see what's happening when the request is coming, and if
it's
going to the radius or not.
ser.cfg
-----------------------------------
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
--------------------
modparamd"auth_radius",
"radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
modparam("auth_radius", "service_type", 15)
----------------------
if (method=="REGISTER") {
log(1, "REGISTER: Authenticating user\n");
if (!radius_www_authorize("")) {
log(1, "REGISTER: challenging user\n");
www_challenge("", "0");
break;
};
setflag(1);
save("location");
sl_send_reply("200","ok");
break;
};
------------------------
Thanks for any help.
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
8:51 a.m.
you wrote:
Also check the server.conf in
radiusclient-ng
i didn't install radiusclient-ng , i have the radiusclient-4.8 so i
checked the radiusclient.conf and the servers files, and it's seems to
be ok.
inside servers :
localhost testing123
myip testing123
so it's should be ok .
here is complete package in the debug mode:
----------------------------------------------------------------
11(1423) SIP Request:
11(1423) method: <REGISTER>
11(1423) uri: <sip:xxx.xxx.xxx.xxx>
11(1423) version: <SIP/2.0>
11(1423) parse_headers: flags=1
11(1423) Found param type 232, <branch> = <z9hG4bK27c3a8b5c5f359db>; state=16
11(1423) end of header reached, state=5
11(1423) parse_headers: Via found, flags=1
11(1423) parse_headers: this is the first via
11(1423) After parse_msg...
11(1423) preparing to run routing scripts...
11(1423) REGISTER: Authenticating user
11(1423) parse_headers: flags=4
11(1423) end of header reached, state=9
11(1423) DEBUG: get_hdr_field: <To> [45];
uri=[sip:phone@xxx.xxx.xxx.xxx;user=phone]
11(1423) DEBUG: to body [<sip:phone@xxx.xxx.xxx.xxx;user=phone>
]
11(1423) parse_headers: flags=4096
11(1423) get_hdr_field: cseq <CSeq>: <103> <REGISTER>
11(1423) DEBUG: get_hdr_body : content_length=0
11(1423) found end of header
11(1423) pre_auth(): Credentials with given realm not found
11(1423) REGISTER: challenging user
11(1423) build_auth_hf(): 'WWW-Authenticate: Digest
realm="xxx.xxx.xxx.xxx",
nonce="425e12fd95d65923d13f0b1524cae6f6347f53c4"
'
11(1423) parse_headers: flags=-1
11(1423) check_via_address(62.219.158.191, 62.219.158.191, 1)
11(1423) DEBUG:destroy_avp_list: destroing list (nil)
11(1423) receive_msg: cleaning up
On 4/14/05, Greger V. Teigre <greger(a)teigre.com> wrote:
Alex,
If that's all the debug output you got, ser has just sent the challenge to
yuor client, but it never answers. It's only on the answer to the challenge
that the request is sent to RADIUS.
g-)
Alex wrote:
I am running freeradius on the same host.
authserver localhost
acctserver localhost
the secret is correct.
I checked the radius configuration with radclient (radclient -f digest
localhost auth <secret>) and it's working fine, i see the process in
the logs.
but it's like the the ser not talking to the radius. (BTW i tried to
change the localhost in radiusclient.conf to my ip address of the NIC
- and it's the same nothing happens in the radius when the register
request coming)
here some debug maybe it can help.
----------------------------------------------------------
14(1036) parse_headers: flags=-1
14(1036) check_via_address(62.219.158.191, 62.219.158.191, 1)
14(1036) DEBUG:destroy_avp_list: destroing list (nil)
14(1036) receive_msg: cleaning up
9(1012) SIP Request:
9(1012) method: <REGISTER>
9(1012) uri: <sip:xxx.xxx.xxx.xxx>
9(1012) version: <SIP/2.0>
9(1012) parse_headers: flags=1
9(1012) Found param type 232, <branch> = <z9hG4bKfc5751413c832e6d>;
state=16
9(1012) end of header reached, state=5
9(1012) parse_headers: Via found, flags=1
9(1012) parse_headers: this is the first via
9(1012) After parse_msg...
9(1012) preparing to run routing scripts...
9(1012) REGISTER: Authenticating user
9(1012) parse_headers: flags=4
9(1012) end of header reached, state=9
9(1012) DEBUG: get_hdr_field: <To> [45];
uri=[sip:phonenumber@xxx.xxx.xxx.xxx;user=phone]
9(1012) DEBUG: to body [<sip:phonenumber@xxx.xxx.xxx.xxx;user=phone>
]
9(1012) parse_headers: flags=4096
9(1012) get_hdr_field: cseq <CSeq>: <103> <REGISTER>
9(1012) DEBUG: get_hdr_body : content_length=0
9(1012) found end of header
9(1012) pre_auth(): Credentials with given realm not found
9(1012) REGISTER: challenging user
9(1012) build_auth_hf(): 'WWW-Authenticate: Digest
realm="xxx.xxx.xxx.xxx",
nonce="425e063022afc1142ed6730d46da41692ff3ed57"
Thanks for any help.
On 4/14/05, Rod Bacon <rod.bacon(a)empoweredcomms.com.au> wrote:
Double-check all your RADIUS config files. Make
sure that your
authserver and accserver are set correctly in the radiusclient.conf
(especially if the RADIUS server is on a different machine). Also
check the server.conf in radiusclient-ng and clients.conf in
freeredius to make sure that server/client definitions (including
shared key) are correct. The thing that got me (I run RADIUS on a
different server) was the bindaddr parameter in radiusclient.conf.
By default, it only sends RADIUS packets via localhost (127.0.0.1).
I had to set this paramater to the IP address of my NIC.
----- Original Message -----
From: "Alex" <alexandergav(a)gmail.com>
To: <serusers(a)lists.iptel.org>
Sent: Thursday, April 14, 2005 3:16 PM
Subject: [Serusers] Register authentication with ser.
Hi all
I need a little help with that.
I have installation of ser-0.8.14 and freeradius1.02.
I am checking my register requests with ngrep and it's coming on port
5060 with no problem. The problem is authentication, I can't
authenticate users through radius, freeradius working properly i
checked that with radiusclient, but the register request is not going
through authentication in the radius.( I don't see anything happens
in
the radius logs)
If there any way to debug the ser ( i have debug=9 inside ser.cfg).
In order to see what's happening when the request is coming, and if
it's
going to the radius or not.
ser.cfg
-----------------------------------
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
--------------------
modparamd"auth_radius",
"radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
modparam("auth_radius", "service_type", 15)
----------------------
if (method=="REGISTER") {
log(1, "REGISTER: Authenticating user\n");
if (!radius_www_authorize("")) {
log(1, "REGISTER: challenging user\n");
www_challenge("", "0");
break;
};
setflag(1);
save("location");
sl_send_reply("200","ok");
break;
};
------------------------
Thanks for any help.
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
7172
days inactive
7172
days old
4 comments
3 participants
participants (3)
-
Alex -
Greger V. Teigre -
Rod Bacon