Hi all
I need a little help with that. I have installation of ser-0.8.14 and freeradius1.02.
I am checking my register requests with ngrep and it's coming on port 5060 with no problem. The problem is authentication, I can't authenticate users through radius, freeradius working properly i checked that with radiusclient, but the register request is not going through authentication in the radius.( I don't see anything happens in the radius logs)
If there any way to debug the ser ( i have debug=9 inside ser.cfg). In order to see what's happening when the request is coming, and if it's going to the radius or not.
ser.cfg ----------------------------------- loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" -------------------- modparamd"auth_radius", "radius_config","/usr/local/etc/radiusclient/radiusclient.conf") modparam("auth_radius", "service_type", 15) ----------------------
if (method=="REGISTER") { log(1, "REGISTER: Authenticating user\n"); if (!radius_www_authorize("")) { log(1, "REGISTER: challenging user\n"); www_challenge("", "0"); break; }; setflag(1); save("location"); sl_send_reply("200","ok"); break; };
------------------------
Thanks for any help.
Double-check all your RADIUS config files. Make sure that your authserver and accserver are set correctly in the radiusclient.conf (especially if the RADIUS server is on a different machine). Also check the server.conf in radiusclient-ng and clients.conf in freeredius to make sure that server/client definitions (including shared key) are correct. The thing that got me (I run RADIUS on a different server) was the bindaddr parameter in radiusclient.conf. By default, it only sends RADIUS packets via localhost (127.0.0.1). I had to set this paramater to the IP address of my NIC.
----- Original Message ----- From: "Alex" alexandergav@gmail.com To: serusers@lists.iptel.org Sent: Thursday, April 14, 2005 3:16 PM Subject: [Serusers] Register authentication with ser.
Hi all
I need a little help with that. I have installation of ser-0.8.14 and freeradius1.02.
I am checking my register requests with ngrep and it's coming on port 5060 with no problem. The problem is authentication, I can't authenticate users through radius, freeradius working properly i checked that with radiusclient, but the register request is not going through authentication in the radius.( I don't see anything happens in the radius logs)
If there any way to debug the ser ( i have debug=9 inside ser.cfg). In order to see what's happening when the request is coming, and if it's going to the radius or not.
ser.cfg ----------------------------------- loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" -------------------- modparamd"auth_radius", "radius_config","/usr/local/etc/radiusclient/radiusclient.conf") modparam("auth_radius", "service_type", 15) ----------------------
if (method=="REGISTER") { log(1, "REGISTER: Authenticating user\n"); if (!radius_www_authorize("")) { log(1, "REGISTER: challenging user\n"); www_challenge("", "0"); break; }; setflag(1); save("location"); sl_send_reply("200","ok"); break; };
------------------------
Thanks for any help.
_______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
I am running freeradius on the same host. authserver localhost acctserver localhost
the secret is correct. I checked the radius configuration with radclient (radclient -f digest localhost auth <secret>) and it's working fine, i see the process in the logs. but it's like the the ser not talking to the radius. (BTW i tried to change the localhost in radiusclient.conf to my ip address of the NIC - and it's the same nothing happens in the radius when the register request coming)
here some debug maybe it can help. ---------------------------------------------------------- 14(1036) parse_headers: flags=-1 14(1036) check_via_address(62.219.158.191, 62.219.158.191, 1) 14(1036) DEBUG:destroy_avp_list: destroing list (nil) 14(1036) receive_msg: cleaning up 9(1012) SIP Request: 9(1012) method: <REGISTER> 9(1012) uri: sip:xxx.xxx.xxx.xxx 9(1012) version: <SIP/2.0> 9(1012) parse_headers: flags=1 9(1012) Found param type 232, <branch> = <z9hG4bKfc5751413c832e6d>; state=16 9(1012) end of header reached, state=5 9(1012) parse_headers: Via found, flags=1 9(1012) parse_headers: this is the first via 9(1012) After parse_msg... 9(1012) preparing to run routing scripts... 9(1012) REGISTER: Authenticating user 9(1012) parse_headers: flags=4 9(1012) end of header reached, state=9 9(1012) DEBUG: get_hdr_field: <To> [45]; uri=[sip:phonenumber@xxx.xxx.xxx.xxx;user=phone] 9(1012) DEBUG: to body [sip:phonenumber@xxx.xxx.xxx.xxx;user=phone ]
9(1012) parse_headers: flags=4096 9(1012) get_hdr_field: cseq <CSeq>: <103> <REGISTER> 9(1012) DEBUG: get_hdr_body : content_length=0 9(1012) found end of header 9(1012) pre_auth(): Credentials with given realm not found 9(1012) REGISTER: challenging user 9(1012) build_auth_hf(): 'WWW-Authenticate: Digest realm="xxx.xxx.xxx.xxx", nonce="425e063022afc1142ed6730d46da41692ff3ed57"
Thanks for any help.
On 4/14/05, Rod Bacon rod.bacon@empoweredcomms.com.au wrote:
Double-check all your RADIUS config files. Make sure that your authserver and accserver are set correctly in the radiusclient.conf (especially if the RADIUS server is on a different machine). Also check the server.conf in radiusclient-ng and clients.conf in freeredius to make sure that server/client definitions (including shared key) are correct. The thing that got me (I run RADIUS on a different server) was the bindaddr parameter in radiusclient.conf. By default, it only sends RADIUS packets via localhost (127.0.0.1). I had to set this paramater to the IP address of my NIC.
----- Original Message ----- From: "Alex" alexandergav@gmail.com To: serusers@lists.iptel.org Sent: Thursday, April 14, 2005 3:16 PM Subject: [Serusers] Register authentication with ser.
Hi all
I need a little help with that. I have installation of ser-0.8.14 and freeradius1.02.
I am checking my register requests with ngrep and it's coming on port 5060 with no problem. The problem is authentication, I can't authenticate users through radius, freeradius working properly i checked that with radiusclient, but the register request is not going through authentication in the radius.( I don't see anything happens in the radius logs)
If there any way to debug the ser ( i have debug=9 inside ser.cfg). In order to see what's happening when the request is coming, and if it's going to the radius or not.
ser.cfg
loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
modparamd"auth_radius", "radius_config","/usr/local/etc/radiusclient/radiusclient.conf") modparam("auth_radius", "service_type", 15)
if (method=="REGISTER") { log(1, "REGISTER: Authenticating user\n"); if (!radius_www_authorize("")) { log(1, "REGISTER: challenging user\n"); www_challenge("", "0"); break; }; setflag(1); save("location"); sl_send_reply("200","ok"); break; };
Thanks for any help.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Alex, If that's all the debug output you got, ser has just sent the challenge to yuor client, but it never answers. It's only on the answer to the challenge that the request is sent to RADIUS. g-)
Alex wrote:
I am running freeradius on the same host. authserver localhost acctserver localhost
the secret is correct. I checked the radius configuration with radclient (radclient -f digest localhost auth <secret>) and it's working fine, i see the process in the logs. but it's like the the ser not talking to the radius. (BTW i tried to change the localhost in radiusclient.conf to my ip address of the NIC
- and it's the same nothing happens in the radius when the register
request coming)
here some debug maybe it can help.
14(1036) parse_headers: flags=-1 14(1036) check_via_address(62.219.158.191, 62.219.158.191, 1) 14(1036) DEBUG:destroy_avp_list: destroing list (nil) 14(1036) receive_msg: cleaning up 9(1012) SIP Request: 9(1012) method: <REGISTER> 9(1012) uri: sip:xxx.xxx.xxx.xxx 9(1012) version: <SIP/2.0> 9(1012) parse_headers: flags=1 9(1012) Found param type 232, <branch> = <z9hG4bKfc5751413c832e6d>; state=16 9(1012) end of header reached, state=5 9(1012) parse_headers: Via found, flags=1 9(1012) parse_headers: this is the first via 9(1012) After parse_msg... 9(1012) preparing to run routing scripts... 9(1012) REGISTER: Authenticating user 9(1012) parse_headers: flags=4 9(1012) end of header reached, state=9 9(1012) DEBUG: get_hdr_field: <To> [45]; uri=[sip:phonenumber@xxx.xxx.xxx.xxx;user=phone] 9(1012) DEBUG: to body [sip:phonenumber@xxx.xxx.xxx.xxx;user=phone ]
9(1012) parse_headers: flags=4096 9(1012) get_hdr_field: cseq <CSeq>: <103> <REGISTER> 9(1012) DEBUG: get_hdr_body : content_length=0 9(1012) found end of header 9(1012) pre_auth(): Credentials with given realm not found 9(1012) REGISTER: challenging user 9(1012) build_auth_hf(): 'WWW-Authenticate: Digest realm="xxx.xxx.xxx.xxx", nonce="425e063022afc1142ed6730d46da41692ff3ed57"
Thanks for any help.
On 4/14/05, Rod Bacon rod.bacon@empoweredcomms.com.au wrote:
Double-check all your RADIUS config files. Make sure that your authserver and accserver are set correctly in the radiusclient.conf (especially if the RADIUS server is on a different machine). Also check the server.conf in radiusclient-ng and clients.conf in freeredius to make sure that server/client definitions (including shared key) are correct. The thing that got me (I run RADIUS on a different server) was the bindaddr parameter in radiusclient.conf. By default, it only sends RADIUS packets via localhost (127.0.0.1). I had to set this paramater to the IP address of my NIC.
----- Original Message ----- From: "Alex" alexandergav@gmail.com To: serusers@lists.iptel.org Sent: Thursday, April 14, 2005 3:16 PM Subject: [Serusers] Register authentication with ser.
Hi all
I need a little help with that. I have installation of ser-0.8.14 and freeradius1.02.
I am checking my register requests with ngrep and it's coming on port 5060 with no problem. The problem is authentication, I can't authenticate users through radius, freeradius working properly i checked that with radiusclient, but the register request is not going through authentication in the radius.( I don't see anything happens in the radius logs)
If there any way to debug the ser ( i have debug=9 inside ser.cfg). In order to see what's happening when the request is coming, and if it's going to the radius or not.
ser.cfg
loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
modparamd"auth_radius", "radius_config","/usr/local/etc/radiusclient/radiusclient.conf") modparam("auth_radius", "service_type", 15)
if (method=="REGISTER") { log(1, "REGISTER: Authenticating user\n"); if (!radius_www_authorize("")) { log(1, "REGISTER: challenging user\n"); www_challenge("", "0"); break; }; setflag(1); save("location"); sl_send_reply("200","ok"); break; };
Thanks for any help.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
you wrote: Also check the server.conf in radiusclient-ng
i didn't install radiusclient-ng , i have the radiusclient-4.8 so i checked the radiusclient.conf and the servers files, and it's seems to be ok. inside servers :
localhost testing123 myip testing123
so it's should be ok .
here is complete package in the debug mode: ---------------------------------------------------------------- 11(1423) SIP Request: 11(1423) method: <REGISTER> 11(1423) uri: sip:xxx.xxx.xxx.xxx 11(1423) version: <SIP/2.0> 11(1423) parse_headers: flags=1 11(1423) Found param type 232, <branch> = <z9hG4bK27c3a8b5c5f359db>; state=16 11(1423) end of header reached, state=5 11(1423) parse_headers: Via found, flags=1 11(1423) parse_headers: this is the first via 11(1423) After parse_msg... 11(1423) preparing to run routing scripts... 11(1423) REGISTER: Authenticating user 11(1423) parse_headers: flags=4 11(1423) end of header reached, state=9 11(1423) DEBUG: get_hdr_field: <To> [45]; uri=[sip:phone@xxx.xxx.xxx.xxx;user=phone] 11(1423) DEBUG: to body [sip:phone@xxx.xxx.xxx.xxx;user=phone ] 11(1423) parse_headers: flags=4096 11(1423) get_hdr_field: cseq <CSeq>: <103> <REGISTER> 11(1423) DEBUG: get_hdr_body : content_length=0 11(1423) found end of header 11(1423) pre_auth(): Credentials with given realm not found 11(1423) REGISTER: challenging user 11(1423) build_auth_hf(): 'WWW-Authenticate: Digest realm="xxx.xxx.xxx.xxx", nonce="425e12fd95d65923d13f0b1524cae6f6347f53c4" ' 11(1423) parse_headers: flags=-1 11(1423) check_via_address(62.219.158.191, 62.219.158.191, 1) 11(1423) DEBUG:destroy_avp_list: destroing list (nil) 11(1423) receive_msg: cleaning up
On 4/14/05, Greger V. Teigre greger@teigre.com wrote:
Alex, If that's all the debug output you got, ser has just sent the challenge to yuor client, but it never answers. It's only on the answer to the challenge that the request is sent to RADIUS. g-)
Alex wrote:
I am running freeradius on the same host. authserver localhost acctserver localhost
the secret is correct. I checked the radius configuration with radclient (radclient -f digest localhost auth <secret>) and it's working fine, i see the process in the logs. but it's like the the ser not talking to the radius. (BTW i tried to change the localhost in radiusclient.conf to my ip address of the NIC
- and it's the same nothing happens in the radius when the register
request coming)
here some debug maybe it can help.
14(1036) parse_headers: flags=-1 14(1036) check_via_address(62.219.158.191, 62.219.158.191, 1) 14(1036) DEBUG:destroy_avp_list: destroing list (nil) 14(1036) receive_msg: cleaning up 9(1012) SIP Request: 9(1012) method: <REGISTER> 9(1012) uri: sip:xxx.xxx.xxx.xxx 9(1012) version: <SIP/2.0> 9(1012) parse_headers: flags=1 9(1012) Found param type 232, <branch> = <z9hG4bKfc5751413c832e6d>; state=16 9(1012) end of header reached, state=5 9(1012) parse_headers: Via found, flags=1 9(1012) parse_headers: this is the first via 9(1012) After parse_msg... 9(1012) preparing to run routing scripts... 9(1012) REGISTER: Authenticating user 9(1012) parse_headers: flags=4 9(1012) end of header reached, state=9 9(1012) DEBUG: get_hdr_field: <To> [45]; uri=[sip:phonenumber@xxx.xxx.xxx.xxx;user=phone] 9(1012) DEBUG: to body [sip:phonenumber@xxx.xxx.xxx.xxx;user=phone ]
9(1012) parse_headers: flags=4096 9(1012) get_hdr_field: cseq <CSeq>: <103> <REGISTER> 9(1012) DEBUG: get_hdr_body : content_length=0 9(1012) found end of header 9(1012) pre_auth(): Credentials with given realm not found 9(1012) REGISTER: challenging user 9(1012) build_auth_hf(): 'WWW-Authenticate: Digest realm="xxx.xxx.xxx.xxx", nonce="425e063022afc1142ed6730d46da41692ff3ed57"
Thanks for any help.
On 4/14/05, Rod Bacon rod.bacon@empoweredcomms.com.au wrote:
Double-check all your RADIUS config files. Make sure that your authserver and accserver are set correctly in the radiusclient.conf (especially if the RADIUS server is on a different machine). Also check the server.conf in radiusclient-ng and clients.conf in freeredius to make sure that server/client definitions (including shared key) are correct. The thing that got me (I run RADIUS on a different server) was the bindaddr parameter in radiusclient.conf. By default, it only sends RADIUS packets via localhost (127.0.0.1). I had to set this paramater to the IP address of my NIC.
----- Original Message ----- From: "Alex" alexandergav@gmail.com To: serusers@lists.iptel.org Sent: Thursday, April 14, 2005 3:16 PM Subject: [Serusers] Register authentication with ser.
Hi all
I need a little help with that. I have installation of ser-0.8.14 and freeradius1.02.
I am checking my register requests with ngrep and it's coming on port 5060 with no problem. The problem is authentication, I can't authenticate users through radius, freeradius working properly i checked that with radiusclient, but the register request is not going through authentication in the radius.( I don't see anything happens in the radius logs)
If there any way to debug the ser ( i have debug=9 inside ser.cfg). In order to see what's happening when the request is coming, and if it's going to the radius or not.
ser.cfg
loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
modparamd"auth_radius", "radius_config","/usr/local/etc/radiusclient/radiusclient.conf") modparam("auth_radius", "service_type", 15)
if (method=="REGISTER") { log(1, "REGISTER: Authenticating user\n"); if (!radius_www_authorize("")) { log(1, "REGISTER: challenging user\n"); www_challenge("", "0"); break; }; setflag(1); save("location"); sl_send_reply("200","ok"); break; };
Thanks for any help.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Alex -
Greger V. Teigre -
Rod Bacon