16 Dec
2003
16 Dec
'03
8:02 p.m.
Hi,
I am having problem getting radius accounting to work. My problem is that
radius detail file is not written to /var/log/radius/radacct/ in fact there
is no radius accounting at all, strangely I do have radius.log (radius setup
seems to be fine as I could get detail accounting from my dialup NAS) I am
running "ser-0.8.11, freeradius-0.9.3 & radiusclient-0.3.2".
Here is my ser.cfg
#
# $Id: ser.cfg,v 1.21.2.1 2003/07/30 16:46:18 andrei Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
debug=9 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no # (cmd line: -E)
/* Uncomment these lines to enter debugging mode
debug=9
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
#port=5060
#children=4
fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
#loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/acc.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
#loadmodule "/usr/local/lib/ser/modules/auth.so"
#loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
#modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
#modparam("auth_db", "calculate_ha1", yes)
modparam("auth_radius", "radius_config",
"/usr/local/etc/radiusclient/radiusclient.conf")
modparam("acc", "radius_config",
"/usr/local/etc/radiusclient/radiusclient.conf")
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
#modparam("auth_db", "password_column", "password")
modparam("auth_radius", "service_type", 15)
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# related to radius acct
modparam("acc", "log_level", 1)
modparam("acc", "radius_flag", 1)
modparam("acc", "radius_missed_flag", 3)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if (len_gt( max_len )) {
sl_send_reply("513", "Message too big");
break;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
# if (uri==myself) {
if (uri=~"") {
if (method=="REGISTER") {
log(1, "Register: Authenticating user\n");
# Uncomment this if you want to use digest authentication
if (!radius_www_authorize("")) {
log(1, "Register: Challenging user\n");
www_challenge("", "0");
break;
};
save("location");
break;
};
if (method=="INVITE") {
log(1, "INVITE\n");
setflag(1); /* set for accounting (the same value as in
log_flag!) */
};
if (method=="MESSAGE") {
log(1, "MESSAGE\n");
setflag(1); /* set for accounting (the same value as in
log_flag!) */
};
if (method=="BYE" || method=="CANCEL") {
log (1, "BYE or CANCEL\n");
setflag(1);
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
Suggestions anyone??
Regards,
Anthony
18 Dec
18 Dec
10:36 p.m.
Hello,
does your radius server gets any radius messages from ser ? Try to start
the radius server with -X parameter, the server will stay in foreground
and print a lot of debugging information.
Try to make a call then to see if there is any communication between
radiusclient library and radius server.
Also check the radius howto available at http://iptel.org/ser
Jan.
On 16-12 13:02, Anthony Law wrote:
Hi,
I am having problem getting radius accounting to work. My problem is that
radius detail file is not written to /var/log/radius/radacct/ in fact there
is no radius accounting at all, strangely I do have radius.log (radius setup
seems to be fine as I could get detail accounting from my dialup NAS) I am
running "ser-0.8.11, freeradius-0.9.3 & radiusclient-0.3.2".
Here is my ser.cfg
#
# $Id: ser.cfg,v 1.21.2.1 2003/07/30 16:46:18 andrei Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
debug=9 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no # (cmd line: -E)
/* Uncomment these lines to enter debugging mode
debug=9
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
#port=5060
#children=4
fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
#loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/acc.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
#loadmodule "/usr/local/lib/ser/modules/auth.so"
#loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
#modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
#modparam("auth_db", "calculate_ha1", yes)
modparam("auth_radius", "radius_config",
"/usr/local/etc/radiusclient/radiusclient.conf")
modparam("acc", "radius_config",
"/usr/local/etc/radiusclient/radiusclient.conf")
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
#modparam("auth_db", "password_column", "password")
modparam("auth_radius", "service_type", 15)
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# related to radius acct
modparam("acc", "log_level", 1)
modparam("acc", "radius_flag", 1)
modparam("acc", "radius_missed_flag", 3)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if (len_gt( max_len )) {
sl_send_reply("513", "Message too big");
break;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
# if (uri==myself) {
if (uri=~"") {
if (method=="REGISTER") {
log(1, "Register: Authenticating user\n");
# Uncomment this if you want to use digest authentication
if (!radius_www_authorize("")) {
log(1, "Register: Challenging user\n");
www_challenge("", "0");
break;
};
save("location");
break;
};
if (method=="INVITE") {
log(1, "INVITE\n");
setflag(1); /* set for accounting (the same value as in
log_flag!) */
};
if (method=="MESSAGE") {
log(1, "MESSAGE\n");
setflag(1); /* set for accounting (the same value as in
log_flag!) */
};
if (method=="BYE" || method=="CANCEL") {
log (1, "BYE or CANCEL\n");
setflag(1);
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
Suggestions anyone??
Regards,
Anthony
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
19 Dec
19 Dec
10:59 p.m.
Hi,
Here is the output from starting radius with -X, does it look good? I kind
of notice that the NAS-IP-Address is form 127.0.0.1, shouldn't it come from
192.168.1.94, (my server running ser)?? I am still not able to get radius to
report accounting records. I am without START or STOP record. I have re-read
radius-how to again and I am sure I followed all steps mentioned. I have
even gone back to recomplie acc.so again. Any more suggestions? Do you think
my previous ser.cfg looks Ok?
rad_recv: Access-Request packet from host 192.168.1.94:38881, id=122,
length=191
User-Name = "317(a)abc.com"
Digest-Attributes = 0x0a05333137
Digest-Attributes = 0x010d616363657373762e636f6d
Digest-Attributes =
0x022a3366653335653538396665373766653531613961323634386162323666613834656461
3031633732
Digest-Attributes = 0x04117369703a616363657373762e636f6d
Digest-Attributes = 0x030a5245474953544552
Digest-Response = "e14e2d008b655cebbb738e38833003a1"
Service-Type = IAPP-Register
Sip-Uri-User = "317"
NAS-IP-Address = 127.0.0.1
NAS-Port = 5060
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "eap" returns noop for request 2
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "317"
Digest-Realm = "abc.com"
Digest-Nonce = "3fe35e589fe77fe51a9a2648ab26fa84eda01c72"
Digest-URI = "sip:abc.com"
Digest-Method = "REGISTER"
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok for request 2
rlm_realm: Looking up realm "abc.com" for User-Name =
"317(a)abc.com"
rlm_realm: No such realm "abc.com"
modcall[authorize]: module "suffix" returns noop for request 2
users: Matched 317(a)abc.com at 1
modcall[authorize]: module "files" returns ok for request 2
modcall[authorize]: module "mschap" returns noop for request 2
modcall: group authorize returns ok for request 2
rad_check_password: Found Auth-Type Digest
auth: type "digest"
modcall: entering group authenticate for request 2
A1 = 317:abc.com:1234
A2 = REGISTER:sip:abc.com
KD =
456084ff9475e53e7dec297e96ff648d:3fe35e589fe77fe51a9a2648ab26fa84eda01c72:01
de61682c4ba42a1136eb32515fa714
modcall[authenticate]: module "digest" returns ok for request 2
modcall: group authenticate returns ok for request 2
radius_xlat: 'Authtnticated'
Login OK: [317(a)abc.com/<no User-Password attribute>] (from client sushi port
5060)
Sending Access-Accept of id 122 to 192.168.1.94:38881
Reply-Message = "Authtnticated"
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 122 with timestamp 3fe36696
Nothing to do. Sleeping until we see a request.
Regards,
Anthony
----- Original Message -----
From: "Jan Janak" <jan(a)iptel.org>
To: "Anthony Law" <anthonyl(a)accessv.com>
Cc: "Mailing List Ser" <serusers(a)lists.iptel.org>
Sent: Thursday, December 18, 2003 3:36 PM
Subject: Re: [Serusers] radius accounting issue
Hello,
does your radius server gets any radius messages from ser ? Try to start
the radius server with -X parameter, the server will stay in foreground
and print a lot of debugging information.
Try to make a call then to see if there is any communication between
radiusclient library and radius server.
Also check the radius howto available at http://iptel.org/ser
Jan.
On 16-12 13:02, Anthony Law wrote:
> Hi,
>
> I am having problem getting radius accounting to work. My problem is
that
> radius detail file is not written to
/var/log/radius/radacct/ in fact
there
> is no radius accounting at all, strangely I do
have radius.log (radius
setup
> seems to be fine as I could get detail accounting
from my dialup NAS) I
am
> running "ser-0.8.11, freeradius-0.9.3 &
radiusclient-0.3.2".
> Here is my ser.cfg
>
> #
> # $Id: ser.cfg,v 1.21.2.1 2003/07/30 16:46:18 andrei Exp $
> #
> # simple quick-start config script
> #
>
> # ----------- global configuration parameters ------------------------
>
> debug=9 # debug level (cmd line: -dddddddddd)
> fork=yes
> log_stderror=no # (cmd line: -E)
>
> /* Uncomment these lines to enter debugging mode
> debug=9
> fork=no
> log_stderror=yes
> */
>
> check_via=no # (cmd. line: -v)
> dns=no # (cmd. line: -r)
> rev_dns=no # (cmd. line: -R)
> #port=5060
> #children=4
> fifo="/tmp/ser_fifo"
>
> # ------------------ module loading ----------------------------------
>
> # Uncomment this if you want to use SQL database
> #loadmodule "/usr/local/lib/ser/modules/mysql.so"
>
> loadmodule "/usr/local/lib/ser/modules/sl.so"
> loadmodule "/usr/local/lib/ser/modules/tm.so"
> loadmodule "/usr/local/lib/ser/modules/rr.so"
> loadmodule "/usr/local/lib/ser/modules/acc.so"
> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> loadmodule "/usr/local/lib/ser/modules/registrar.so"
>
> # Uncomment this if you want digest authentication
> # mysql.so must be loaded !
> #loadmodule "/usr/local/lib/ser/modules/auth.so"
> #loadmodule "/usr/local/lib/ser/modules/auth_db.so"
> loadmodule "/usr/local/lib/ser/modules/auth.so"
> loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
>
> # ----------------- setting module-specific parameters ---------------
>
> # -- usrloc params --
>
> modparam("usrloc", "db_mode", 0)
>
> # Uncomment this if you want to use SQL database
> # for persistent storage and comment the previous line
> #modparam("usrloc", "db_mode", 2)
>
> # -- auth params --
> # Uncomment if you are using auth module
> #
> #modparam("auth_db", "calculate_ha1", yes)
> modparam("auth_radius", "radius_config",
> "/usr/local/etc/radiusclient/radiusclient.conf")
> modparam("acc", "radius_config",
> "/usr/local/etc/radiusclient/radiusclient.conf")
>
> # If you set "calculate_ha1" parameter to yes (which true in this
config),
> # uncomment also the following parameter)
> #
> #modparam("auth_db", "password_column", "password")
> modparam("auth_radius", "service_type", 15)
>
> # -- rr params --
> # add value to ;lr param to make some broken UAs happy
> modparam("rr", "enable_full_lr", 1)
>
> # related to radius acct
> modparam("acc", "log_level", 1)
> modparam("acc", "radius_flag", 1)
> modparam("acc", "radius_missed_flag", 3)
>
> # ------------------------- request routing logic -------------------
>
> # main routing logic
>
> route{
>
> # initial sanity checks -- messages with
> # max_forwards==0, or excessively long requests
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> break;
> };
> if (len_gt( max_len )) {
> sl_send_reply("513", "Message too big");
> break;
> };
>
> # we record-route all messages -- to make sure that
> # subsequent messages will go through our proxy; that's
> # particularly good if upstream and downstream entities
> # use different transport protocol
> record_route();
> # loose-route processing
> if (loose_route()) {
> t_relay();
> break;
> };
>
> # if the request is for other domain use UsrLoc
> # (in case, it does not work, use the following command
> # with proper names and addresses in it)
> # if (uri==myself) {
> if (uri=~"") {
> if (method=="REGISTER") {
> log(1, "Register: Authenticating user\n");
> # Uncomment this if you want to use digest authentication
> if (!radius_www_authorize("")) {
> log(1, "Register: Challenging user\n");
> www_challenge("", "0");
> break;
> };
>
> save("location");
> break;
> };
>
> if (method=="INVITE") {
>
> log(1, "INVITE\n");
> setflag(1); /* set for accounting (the same value as in
> log_flag!) */
> };
>
> if (method=="MESSAGE") {
> log(1, "MESSAGE\n");
> setflag(1); /* set for accounting (the same value as in
> log_flag!) */
> };
>
> if (method=="BYE" || method=="CANCEL") {
> log (1, "BYE or CANCEL\n");
> setflag(1);
> };
> # native SIP destinations are handled using our USRLOC
DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
Suggestions anyone??
Regards,
Anthony
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
3 Jan
3 Jan
9:29 p.m.
It looks ok, radius server authenticated the user sucessfully and send a
positive reply back to 192.168.1.94:38881, this is probably where
radiusclient library of ser is listening.
If ser didn't authorize the user then make sure that you have proper
shared secred, and that the secret is for the IP ser is running on.
Jan.
On 19-12 15:59, Anthony Law wrote:
Hi,
Here is the output from starting radius with -X, does it look good? I kind
of notice that the NAS-IP-Address is form 127.0.0.1, shouldn't it come from
192.168.1.94, (my server running ser)?? I am still not able to get radius to
report accounting records. I am without START or STOP record. I have re-read
radius-how to again and I am sure I followed all steps mentioned. I have
even gone back to recomplie acc.so again. Any more suggestions? Do you think
my previous ser.cfg looks Ok?
rad_recv: Access-Request packet from host 192.168.1.94:38881, id=122,
length=191
User-Name = "317(a)abc.com"
Digest-Attributes = 0x0a05333137
Digest-Attributes = 0x010d616363657373762e636f6d
Digest-Attributes =
0x022a3366653335653538396665373766653531613961323634386162323666613834656461
3031633732
Digest-Attributes = 0x04117369703a616363657373762e636f6d
Digest-Attributes = 0x030a5245474953544552
Digest-Response = "e14e2d008b655cebbb738e38833003a1"
Service-Type = IAPP-Register
Sip-Uri-User = "317"
NAS-IP-Address = 127.0.0.1
NAS-Port = 5060
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "eap" returns noop for request 2
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "317"
Digest-Realm = "abc.com"
Digest-Nonce = "3fe35e589fe77fe51a9a2648ab26fa84eda01c72"
Digest-URI = "sip:abc.com"
Digest-Method = "REGISTER"
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok for request 2
rlm_realm: Looking up realm "abc.com" for User-Name =
"317(a)abc.com"
rlm_realm: No such realm "abc.com"
modcall[authorize]: module "suffix" returns noop for request 2
users: Matched 317(a)abc.com at 1
modcall[authorize]: module "files" returns ok for request 2
modcall[authorize]: module "mschap" returns noop for request 2
modcall: group authorize returns ok for request 2
rad_check_password: Found Auth-Type Digest
auth: type "digest"
modcall: entering group authenticate for request 2
A1 = 317:abc.com:1234
A2 = REGISTER:sip:abc.com
KD =
456084ff9475e53e7dec297e96ff648d:3fe35e589fe77fe51a9a2648ab26fa84eda01c72:01
de61682c4ba42a1136eb32515fa714
modcall[authenticate]: module "digest" returns ok for request 2
modcall: group authenticate returns ok for request 2
radius_xlat: 'Authtnticated'
Login OK: [317(a)abc.com/<no User-Password attribute>] (from client sushi port
5060)
Sending Access-Accept of id 122 to 192.168.1.94:38881
Reply-Message = "Authtnticated"
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 122 with timestamp 3fe36696
Nothing to do. Sleeping until we see a request.
Regards,
Anthony
----- Original Message -----
From: "Jan Janak" <jan(a)iptel.org>
To: "Anthony Law" <anthonyl(a)accessv.com>
Cc: "Mailing List Ser" <serusers(a)lists.iptel.org>
Sent: Thursday, December 18, 2003 3:36 PM
Subject: Re: [Serusers] radius accounting issue
Hello,
does your radius server gets any radius messages from ser ? Try to start
the radius server with -X parameter, the server will stay in foreground
and print a lot of debugging information.
Try to make a call then to see if there is any communication between
radiusclient library and radius server.
Also check the radius howto available at http://iptel.org/ser
Jan.
On 16-12 13:02, Anthony Law wrote:
> Hi,
>
> I am having problem getting radius accounting to work. My problem is
that
> radius detail file is not written to
/var/log/radius/radacct/ in fact
there
> is no radius accounting at all, strangely I
do have radius.log (radius
setup
> seems to be fine as I could get detail
accounting from my dialup NAS) I
am
> running "ser-0.8.11, freeradius-0.9.3
& radiusclient-0.3.2".
> Here is my ser.cfg
>
> #
> # $Id: ser.cfg,v 1.21.2.1 2003/07/30 16:46:18 andrei Exp $
> #
> # simple quick-start config script
> #
>
> # ----------- global configuration parameters ------------------------
>
> debug=9 # debug level (cmd line: -dddddddddd)
> fork=yes
> log_stderror=no # (cmd line: -E)
>
> /* Uncomment these lines to enter debugging mode
> debug=9
> fork=no
> log_stderror=yes
> */
>
> check_via=no # (cmd. line: -v)
> dns=no # (cmd. line: -r)
> rev_dns=no # (cmd. line: -R)
> #port=5060
> #children=4
> fifo="/tmp/ser_fifo"
>
> # ------------------ module loading ----------------------------------
>
> # Uncomment this if you want to use SQL database
> #loadmodule "/usr/local/lib/ser/modules/mysql.so"
>
> loadmodule "/usr/local/lib/ser/modules/sl.so"
> loadmodule "/usr/local/lib/ser/modules/tm.so"
> loadmodule "/usr/local/lib/ser/modules/rr.so"
> loadmodule "/usr/local/lib/ser/modules/acc.so"
> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> loadmodule "/usr/local/lib/ser/modules/registrar.so"
>
> # Uncomment this if you want digest authentication
> # mysql.so must be loaded !
> #loadmodule "/usr/local/lib/ser/modules/auth.so"
> #loadmodule "/usr/local/lib/ser/modules/auth_db.so"
> loadmodule "/usr/local/lib/ser/modules/auth.so"
> loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
>
> # ----------------- setting module-specific parameters ---------------
>
> # -- usrloc params --
>
> modparam("usrloc", "db_mode", 0)
>
> # Uncomment this if you want to use SQL database
> # for persistent storage and comment the previous line
> #modparam("usrloc", "db_mode", 2)
>
> # -- auth params --
> # Uncomment if you are using auth module
> #
> #modparam("auth_db", "calculate_ha1", yes)
> modparam("auth_radius", "radius_config",
> "/usr/local/etc/radiusclient/radiusclient.conf")
> modparam("acc", "radius_config",
> "/usr/local/etc/radiusclient/radiusclient.conf")
>
> # If you set "calculate_ha1" parameter to yes (which true in this
config),
> # uncomment also the following parameter)
> #
> #modparam("auth_db", "password_column", "password")
> modparam("auth_radius", "service_type", 15)
>
> # -- rr params --
> # add value to ;lr param to make some broken UAs happy
> modparam("rr", "enable_full_lr", 1)
>
> # related to radius acct
> modparam("acc", "log_level", 1)
> modparam("acc", "radius_flag", 1)
> modparam("acc", "radius_missed_flag", 3)
>
> # ------------------------- request routing logic -------------------
>
> # main routing logic
>
> route{
>
> # initial sanity checks -- messages with
> # max_forwards==0, or excessively long requests
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> break;
> };
> if (len_gt( max_len )) {
> sl_send_reply("513", "Message too big");
> break;
> };
>
> # we record-route all messages -- to make sure that
> # subsequent messages will go through our proxy; that's
> # particularly good if upstream and downstream entities
> # use different transport protocol
> record_route();
> # loose-route processing
> if (loose_route()) {
> t_relay();
> break;
> };
>
> # if the request is for other domain use UsrLoc
> # (in case, it does not work, use the following command
> # with proper names and addresses in it)
> # if (uri==myself) {
> if (uri=~"") {
> if (method=="REGISTER") {
> log(1, "Register: Authenticating user\n");
> # Uncomment this if you want to use digest authentication
> if (!radius_www_authorize("")) {
> log(1, "Register: Challenging user\n");
> www_challenge("", "0");
> break;
> };
>
> save("location");
> break;
> };
>
> if (method=="INVITE") {
>
> log(1, "INVITE\n");
> setflag(1); /* set for accounting (the same value as in
> log_flag!) */
> };
>
> if (method=="MESSAGE") {
> log(1, "MESSAGE\n");
> setflag(1); /* set for accounting (the same value as in
> log_flag!) */
> };
>
> if (method=="BYE" || method=="CANCEL") {
> log (1, "BYE or CANCEL\n");
> setflag(1);
> };
> # native SIP destinations are handled using our USRLOC
DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
Suggestions anyone??
Regards,
Anthony
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
19 Dec
19 Dec
5:45 p.m.
On Tue, 16 Dec 2003, Anthony Law wrote:
Hi,
I am having problem getting radius accounting to work. My problem is that
radius detail file is not written to /var/log/radius/radacct/ in fact there
is no radius accounting at all, strangely I do have radius.log (radius setup
seems to be fine as I could get detail accounting from my dialup NAS) I am
running "ser-0.8.11, freeradius-0.9.3 & radiusclient-0.3.2".
Here is my ser.cfg
Hi !
Did you solve you problem ?
I have this same problem like you but I use 0.8.12
I checked things about it Jan wrote and I see
that i don't have connection with radius server
But test connection (described in radius-howto) works
Any ideas ??
Thanks
Adnrzej
7632
days inactive
7650
days old
4 comments
3 participants
participants (3)
-
Anthony Law -
Jan Janak -
radan