Have you got any message is syslog coming from
radiusclient-ng
library? The FreeRadius server reports ok for authentication.
Cheers,
Daniel
On 03/30/06 05:15, Nguyen Duc Phi wrote:
I config openser authenticate from Radius. when
softphone register
to openser, Freeradius response "Sending Access-Accept" but openser
inform "ERROR:auth_radius:radius_authorize_sterman: rc_auth failed"
So softphone not registered. I search this title in google and find
on "*OpenSER Users Mailing List*", I didnt find solution to fix
problem. Could someone help me fix this problem ?
Here is list of product's version I used.
openser-1.0.1
OS : CentOS-4 x86_64
radiusclient-ng-0.5.2
freeradius-1.0.5
openser show debug :
8(8985) parse_headers: flags=ffffffffffffffff
8(8985) check_via_address(192.168.212.123, 192.168.212.123, 0)
8(8985) DEBUG:destroy_avp_list: destroying list (nil)
8(8985) receive_msg: cleaning up
7(8982) SIP Request:
7(8982) method: <REGISTER>
7(8982) uri: <sip:vdc.com.vn>
7(8982) version: <SIP/2.0>
7(8982) parse_headers: flags=2
7(8982) DEBUG: get_hdr_body : content_length=0
7(8982) get_hdr_field: cseq <CSeq>: <2> <REGISTER>
7(8982) DEBUG:parse_to:end of header reached, state=9
7(8982) DEBUG: get_hdr_field: <To> [23]; uri=[sip:5001@vdc.com.vn]
7(8982) DEBUG: to body [<sip:5001@vdc.com.vn>
]
7(8982) Found param type 235, <rport> = <n/a>; state=6
7(8982) Found param type 232, <branch> =
<z9hG4bKc0a8d47b0131c9b1442b39c80000367c00000003>; state=16
7(8982) end of header reached, state=5
7(8982) parse_headers: Via found, flags=2
7(8982) parse_headers: this is the first via
7(8982) After parse_msg...
7(8982) preparing to run routing scripts...
7(8982) DEBUG:maxfwd:is_maxfwd_present: value = 70
7(8982) parse_headers: flags=200
7(8982) found end of header
7(8982) find_first_route: No Route headers found
7(8982) loose_route: There is no Route HF
7(8982) grep_sock_info - checking if host==us: 10==9 &&
[vdc.com.vn] == [127.0.0.1]
7(8982) grep_sock_info - checking if port 5060 matches port 5060
7(8982) grep_sock_info - checking if host==us: 10==13 &&
[vdc.com.vn] == [192.168.212.9]
7(8982) grep_sock_info - checking if port 5060 matches port 5060
7(8982) grep_sock_info - checking if host==us: 10==9 &&
[vdc.com.vn] == [127.0.0.1]
7(8982) grep_sock_info - checking if port 5060 matches port 5060
7(8982) grep_sock_info - checking if host==us: 10==13 &&
[vdc.com.vn] == [192.168.212.9]
7(8982) grep_sock_info - checking if port 5060 matches port 5060
7(8982) grep_sock_info - checking if host==us: 10==9 &&
[vdc.com.vn] == [127.0.0.1]
7(8982) grep_sock_info - checking if port 5060 matches port 5060
7(8982) grep_sock_info - checking if host==us: 10==13 &&
[vdc.com.vn] == [192.168.212.9]
7(8982) grep_sock_info - checking if port 5060 matches port 5060
7(8982) grep_sock_info - checking if host==us: 10==9 &&
[vdc.com.vn] == [127.0.0.1]
7(8982) grep_sock_info - checking if port 5060 matches port 5060
7(8982) grep_sock_info - checking if host==us: 10==13 &&
[vdc.com.vn] == [192.168.212.9]
7(8982) grep_sock_info - checking if port 5060 matches port 5060
7(8982) check_nonce(): comparing
[442b360523cece6362803c97fa7fb10b37680cd8] and
[442b360523cece6362803c97fa7fb10b37680cd8]
7(8982) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed
7(8982) build_auth_hf(): 'WWW-Authenticate: Digest
realm="vdc.com.vn", nonce="442b360523cece6362803c97fa7fb10b37680cd8"
'
7(8982) parse_headers: flags=ffffffffffffffff
7(8982) check_via_address(192.168.212.123, 192.168.212.123, 0)
7(8982) DEBUG:destroy_avp_list: destroying list (nil)
7(8982) receive_msg: cleaning up
Radius show debug:
rad_recv: Access-Request packet from host 192.168.212.9:32826,
id=205, length=203
User-Name = "5001(a)vdc.com.vn <mailto:5001@vdc.com.vn>"
Digest-Attributes = 0x0a0635303031
Digest-Attributes = 0x010c7664632e636f6d2e766e
Digest-Attributes =
0x022a34343262333630353233636563653633363238303363393766613766623130623337363830636438
Digest-Attributes = 0x04107369703a7664632e636f6d2e766e
Digest-Attributes = 0x030a5245474953544552
Digest-Response = "1c3d532fc6c1c37004c6df6027e6242c"
Service-Type = 0x0000000f00000000
Sip-Uri-User = "5001"
NAS-Port = 0x000013c400000000
NAS-IP-Address = 0xc0a8d40900000000
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
hints: Matched DEFAULT at 82
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "5001"
Digest-Realm = "vdc.com.vn"
Digest-Nonce = "442b360523cece6362803c97fa7fb10b37680cd8"
Digest-URI = "sip:vdc.com.vn"
Digest-Method = "REGISTER"
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok for request 0
rlm_realm: No '@' <mailto:%27@%27> in User-Name = "5001",
looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
radius_xlat: '5001'
rlm_sql (sql): sql_set_user escaped user --> '5001'
radius_xlat: 'SELECT 1 as id,'5001' as UserName,'User-Password' as
Attribute,subscriber_password as Value,'==' as op FROM subscribers
WHERE subscriber_username = '5001'AND subscriber_status=1'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat: ''
radius_xlat: 'SELECT 1 as id,'5001' as UserName,'Session-Timeout'
as Attribute,getSessionTime('5001','')as Value,'=' as op FROM
dual'
radius_xlat: ''
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type DIGEST
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
A1 = 5001:vdc.com.vn:test
A2 = REGISTER:sip:vdc.com.vn
H(A1) = 454e15015603bd4bd79faf0c5ddd3346
H(A2) = ac5bd79ed3d6bd2bddcb1cffafbbd09a
KD =
454e15015603bd4bd79faf0c5ddd3346:442b360523cece6362803c97fa7fb10b37680cd8:ac5bd79ed3d6bd2bddcb1cffafbbd09a
EXPECTED 1c3d532fc6c1c37004c6df6027e6242c
RECEIVED 1c3d532fc6c1c37004c6df6027e6242c
modcall[authenticate]: module "digest" returns ok for request 0
modcall: group authenticate returns ok for request 0
Login OK: [5001] (from client 192.168.212.9 port 3134307025)
Sending Access-Accept of id 205 to 192.168.212.9:32826
Session-Timeout = 60
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 205 with timestamp 442b3adf
Nothing to do. Sleeping until we see a request.
Best regards,
Nguyen
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users