Hi all,
I'm trying to configure SER 0.8.14 to use authentication with NavisRadius 4.5.0.
On my X-Lite (X-Lite v2.0 Build 1103m) client I'm getting "Login Failed! Contact Network Admin."
I'm getting following message from NavisRadius. Why? => Reply-Message = "No check.password"
I would be very grateful if someone could look at my ser.cfg and output from NavisRadius.
Best regards
**************************************************************************** *
This is what I get on RADIUS server (different from SER machine)
Client:
Client-Class = "#default"
Nas_Port_Normalization = off
Radius_Remove_Trailing_Nul = TRUE
Radius_Append_Trailing_Nul = FALSE
Auto_Remove_Check_Items = TRUE
Check_Authenticators = TRUE
Session_Time_From_Time_Of_Day = FALSE
Radius_Charset = "UTF8"
Client-Class = "video"
Client-Dictionary = "draft_ietf_radext_digest_auth_01"
**** dictionary of radiusclient on SER machine is adjusted to dictionary of RADIUS, and RADIUS can recognize attributes - except if I MUST run sterman_aaa_sip_00 on NavisRadius???? I attached dictionary in radiusclient to this message ****
Client-Secret = <hidden>
Request:
User-Name = "djovanov.srce"
Digest-Username = "djovanov.srce"
Digest-Realm = "srce.hr"
Digest-Nonce = "427b5aa983df858da94c50d1f8132a69e3e703ad"
Digest-URI = "sip:srce.hr"
Digest-Method = "REGISTER"
Digest-Response = "ca6202fe55c51501295a9bc6ab325420"
Service-Type = IAPP-Register
Anonymous = v0-a208-646A6F76616E6F7669632E73726365
**** RADIUS doesn't recognize code 208, which is Sip-Uri-User ****
****Am I missing Digest-Algorithm? Why SER doesn't send this attribute?****
NAS-IP-Address = 161.53.0.131
NAS-Port = 5060
Packet:
Client-Name = "161.53.0.131"
Packet-Type = Access-Request
Packet-Identifier = 213
Packet-Length = 197
Packet-Authenticator = 2B25D6D4934B930EB21F8E1B6AEFFE50
Source-Address = 161.53.0.131
Source-Port = 33159
Destination-Address = 0.0.0.0
Destination-Port = 1812
Receipt-Time = "2005/05/06 13:44:32"
Full-User-Name = "djovanov.srce"
Base-User-Name = "djovanov.srce"
Normalized-Nas-Port = 5060
19 <engine.worker.0> -> checkDigest[AuthHttpDigest]
19 <plugin.AuthHttpDigest.checkDigest> FAILURE -- No check.password
20 <engine.worker.0> Variable group trace
Reply:
Reply-Message = "No check.password"
**** this is message is which I get from NavisRadius ****
**************************************************************************** ************
This is my ser.cfg
fifo_db_url="mysql://ser:heslo@localhost/ser"
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/group.so"
loadmodule "/usr/local/lib/ser/modules/uri.so"
loadmodule "/usr/local/lib/ser/modules/uri_radius.so"
loadmodule "/usr/local/lib/ser/modules/group_radius.so"
loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
loadmodule "/usr/local/lib/ser/modules/msilo.so"
modparam("usrloc", "db_url", "mysql://ser:heslo@localhost/ser")
modparam("usrloc", "db_mode", 2)
modparam("usrloc", "timer_interval", 10)
modparam("rr", "enable_full_lr", 1)
modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient-ng/radiusclient.conf")
modparam("auth_radius", "service_type", 15)
modparam("group_radius", "use_domain", 0)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!radius_www_authorize("")) {
www_challenge("", "0");
break;
};
save("location");
break;
};
lookup("aliases");
if (!uri==myself) {
append_hf("P-hint: outbound alias\r\n");
route(1);
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
This seems to be a NavisRadius problem. You should ask on a list for that software. However, this: <plugin.AuthHttpDigest.checkDigest> FAILURE -- No check.password
tells you that the radius server cannot find a password that can be used with the AuthHttpDigest algorithm. How you set it, I don't know for NavisRadius. g-)
---- Original Message ---- From: davor jovanovic To: serusers@lists.iptel.org Sent: Wednesday, May 11, 2005 02:25 PM Subject: [Serusers] SER and NavisRadius not working
Hi all,
I'm trying to configure SER 0.8.14 to use authentication with NavisRadius 4.5.0. On my X-Lite (X-Lite v2.0 Build 1103m) client I'm getting "Login Failed! Contact Network Admin."
I'm getting following message from NavisRadius. Why? => Reply-Message = "No check.password"
I would be very grateful if someone could look at my ser.cfg and output from NavisRadius.
Best regards
This is what I get on RADIUS server (different from SER machine)
Client: Client-Class = "#default" Nas_Port_Normalization = off Radius_Remove_Trailing_Nul = TRUE Radius_Append_Trailing_Nul = FALSE Auto_Remove_Check_Items = TRUE Check_Authenticators = TRUE Session_Time_From_Time_Of_Day = FALSE Radius_Charset = "UTF8" Client-Class = "video" Client-Dictionary = "draft_ietf_radext_digest_auth_01" **** dictionary of radiusclient on SER machine is adjusted to dictionary of RADIUS, and RADIUS can recognize attributes - except if I MUST run sterman_aaa_sip_00 on NavisRadius???? I attached dictionary in radiusclient to this message **** Client-Secret = <hidden>
Request: User-Name = "djovanov.srce" Digest-Username = "djovanov.srce" Digest-Realm = "srce.hr" Digest-Nonce = "427b5aa983df858da94c50d1f8132a69e3e703ad" Digest-URI = "sip:srce.hr" Digest-Method = "REGISTER" Digest-Response = "ca6202fe55c51501295a9bc6ab325420" Service-Type = IAPP-Register Anonymous = v0-a208-646A6F76616E6F7669632E73726365 **** RADIUS doesn't recognize code 208, which is Sip-Uri-User **** ****Am I missing Digest-Algorithm? Why SER doesn't send this attribute?**** NAS-IP-Address = 161.53.0.131 NAS-Port = 5060
Packet: Client-Name = "161.53.0.131" Packet-Type = Access-Request Packet-Identifier = 213 Packet-Length = 197 Packet-Authenticator = 2B25D6D4934B930EB21F8E1B6AEFFE50 Source-Address = 161.53.0.131 Source-Port = 33159 Destination-Address = 0.0.0.0 Destination-Port = 1812 Receipt-Time = "2005/05/06 13:44:32" Full-User-Name = "djovanov.srce" Base-User-Name = "djovanov.srce" Normalized-Nas-Port = 5060
19 <engine.worker.0> -> checkDigest[AuthHttpDigest] 19 <plugin.AuthHttpDigest.checkDigest> FAILURE -- No check.password 20 <engine.worker.0> Variable group trace
Reply: Reply-Message = "No check.password" **** this is message is which I get from NavisRadius ****
This is my ser.cfg
fifo_db_url="mysql://ser:heslo@localhost/ser"
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/textops.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/group.so" loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/uri_radius.so" loadmodule "/usr/local/lib/ser/modules/group_radius.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
loadmodule "/usr/local/lib/ser/modules/msilo.so"
modparam("usrloc", "db_url", "mysql://ser:heslo@localhost/ser") modparam("usrloc", "db_mode", 2) modparam("usrloc", "timer_interval", 10)
modparam("rr", "enable_full_lr", 1)
modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient-ng/radiusclient.conf") modparam("auth_radius", "service_type", 15) modparam("group_radius", "use_domain", 0)
if (uri==myself) {
if (method=="REGISTER") { # Uncomment this if you want to use digest authentication if (!radius_www_authorize("")) { www_challenge("", "0"); break; }; save("location"); break; }; lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); break; }; # native SIP destinations are handled using ourUSRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; };
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
davor jovanovic -
Greger V. Teigre