18 Jul
2007
18 Jul
'07
12:51 p.m.
Hi Dan,
I am running in debug mode, here is the output of FreeRadius which seems fine to me:
rad_recv: Access-Request packet from host 192.168.2.80:35223, id=250, length=232
User-Name = "101(a)openser.org"
Digest-Attributes = 0x0a05313031
Digest-Attributes = 0x010d6f70656e7365722e6f7267
Digest-Attributes =
0x022a34363961626230616465333832613934646432333533636264663264666438336231353933663564
Digest-Attributes = 0x04127369703a3139322e3136382e322e3830
Digest-Attributes = 0x030a5245474953544552
Digest-Attributes = 0x050661757468
Digest-Attributes = 0x090a3030303030303930
Digest-Attributes = 0x081235343038316466316439623562383564
Digest-Response = "d3ff78d09d9b2cefdce0c975b3c6fd26"
Service-Type = IAPP-Register
X-Ascend-PW-Lifetime = 0x313031
NAS-Port = 5060
NAS-IP-Address = 192.168.2.80
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1124
modcall[authorize]: module "preprocess" returns ok for request 1124
radius_xlat:
'/usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716'
rlm_detail:
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716
modcall[authorize]: module "auth_log" returns ok for request 1124
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok for request 1124
users: Matched entry 101(a)openser.org at line 53
modcall[authorize]: module "files" returns ok for request 1124
modcall: leaving group authorize (returns ok) for request 1124
rad_check_password: Found Auth-Type DIGEST
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1124
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "101"
Digest-Realm = "openser.org"
Digest-Nonce = "469abb0ade382a94dd2353cbdf2dfd83b1593f5d"
Digest-URI = "sip:192.168.2.80"
Digest-Method = "REGISTER"
Digest-QOP = "auth"
Digest-Nonce-Count = "00000090"
Digest-CNonce = "54081df1d9b5b85d"
A1 = 101:openser.org:101
A2 = REGISTER:sip:192.168.2.80
H(A1) = f195c177997cee336c919be9279c5703
H(A2) = 046d0643f281affab19fe62ffc848ab5
KD =
f195c177997cee336c919be9279c5703:469abb0ade382a94dd2353cbdf2dfd83b1593f5d:00000090:54081df1d9b5b85d:auth:046d0643f281affab19fe62ffc848ab5
EXPECTED d3ff78d09d9b2cefdce0c975b3c6fd26
RECEIVED d3ff78d09d9b2cefdce0c975b3c6fd26
modcall[authenticate]: module "digest" returns ok for request 1124
modcall: leaving group authenticate (returns ok) for request 1124
Login OK: [101(a)openser.org/<no User-Password attribute>] (from client 192.168.2.80
port 5060)
Sending Access-Accept of id 250 to 192.168.2.80 port 35223
Finished request 1124
Going to the next request
Waking up in 6 seconds...
Z2L
----- Original Message -----
From: "Dan-Cristian Bogos" <dan.bogos(a)gmail.com>
To: openser(a)zap2link.com
Sent: Wednesday, July 18, 2007 1:53:14 PM (GMT+0200) Asia/Jerusalem
Subject: Re: [OpenSER-Users] Radius integration issue
Hi,
try running FreeRADIUS in debug mode, this will tell u more info
regarding the cause of failure.
To run FreeRADIUS in debug start it with -X option.
Let us know about the results.
Cheers,
DanB
On 7/18/07, OpenSER ML <openser(a)zap2link.com> wrote:
Hi All,
I'm trying to connect OpenSER with FreeRadius. I've managed to get the digest
authentication
going correctly, having the Radius respond with LOGIN OK for the requests that are in the
users file. However, although the authentication process appears to succeed, the IP phone
doesn't register to the OpenSER server.
The following can be seen in the debug:
0(17821) SIP Request:
0(17821) method: <REGISTER>
0(17821) uri: <sip:192.168.2.80>
0(17821) version: <SIP/2.0>
0(17821) parse_headers: flags=2
0(17821) Found param type 232, <branch> = <z9hG4bK4d7202f23b6595fc>;
state=16
0(17821) end of header reached, state=5
0(17821) parse_headers: Via found, flags=2
0(17821) parse_headers: this is the first via
0(17821) After parse_msg...
0(17821) preparing to run routing scripts...
0(17821) parse_headers: flags=100
0(17821) DEBUG:parse_to:end of header reached, state=10
0(17821) DBUG:parse_to: display={}, ruri={sip:101@192.168.2.80;user=phone}
0(17821) DEBUG: get_hdr_field: <To> [35]; uri=[sip:101@192.168.2.80;user=phone]
0(17821) DEBUG: to body [<sip:101@192.168.2.80;user=phone>
]
0(17821) get_hdr_field: cseq <CSeq>: <20048> <REGISTER>
0(17821) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(17821) parse_headers: flags=200
0(17821) DEBUG: get_hdr_body : content_length=0
0(17821) found end of header
0(17821) find_first_route: No Route headers found
0(17821) loose_route: There is no Route HF
0(17821) grep_sock_info - checking if host==us: 12==12 && [192.168.2.80] ==
[192.168.2.80]
0(17821) grep_sock_info - checking if port 5060 matches port 5060
0(17821) grep_sock_info - checking if host==us: 12==12 && [192.168.2.80] ==
[192.168.2.80]
0(17821) grep_sock_info - checking if port 5060 matches port 5060
0(17821) check_nonce(): comparing [469aba5f4ff6b78f7b9588ad19fc0ab514e709da] and
[469aba5f4ff6b78f7b9588ad19fc0ab514e709da]
0(17821) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed
0(17821) build_auth_hf(): 'WWW-Authenticate: Digest realm="openser.org",
nonce="469aba5f4ff6b78f7b9588ad19fc0ab514e709da", qop="auth"
'
0(17821) parse_headers: flags=ffffffffffffffff
0(17821) check_via_address(192.168.2.101, 192.168.2.101, 0)
0(17821) DEBUG:destroy_avp_list: destroying list (nil)
0(17821) receive_msg: cleaning up
As you can surely see, the ERROR is somewhere in the authorization status. Now,
I've verified
the secret key between the machine, and all seems to be in place - any pointers will be
highly appreciated.
Z2L
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
18 Jul
18 Jul
1:02 p.m.
New subject: [OpenSER-Users] Radius integration issue
Can u post your openser configuration + version also? From the debug u
sent it all looks fine except the error.
DanB
On 7/18/07, OpenSER ML <openser(a)zap2link.com> wrote:
Hi Dan,
I am running in debug mode, here is the output of FreeRadius which seems fine to me:
rad_recv: Access-Request packet from host 192.168.2.80:35223, id=250, length=232
User-Name = "101(a)openser.org"
Digest-Attributes = 0x0a05313031
Digest-Attributes = 0x010d6f70656e7365722e6f7267
Digest-Attributes =
0x022a34363961626230616465333832613934646432333533636264663264666438336231353933663564
Digest-Attributes = 0x04127369703a3139322e3136382e322e3830
Digest-Attributes = 0x030a5245474953544552
Digest-Attributes = 0x050661757468
Digest-Attributes = 0x090a3030303030303930
Digest-Attributes = 0x081235343038316466316439623562383564
Digest-Response = "d3ff78d09d9b2cefdce0c975b3c6fd26"
Service-Type = IAPP-Register
X-Ascend-PW-Lifetime = 0x313031
NAS-Port = 5060
NAS-IP-Address = 192.168.2.80
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1124
modcall[authorize]: module "preprocess" returns ok for request 1124
radius_xlat:
'/usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716'
rlm_detail:
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716
modcall[authorize]: module "auth_log" returns ok for request 1124
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok for request 1124
users: Matched entry 101(a)openser.org at line 53
modcall[authorize]: module "files" returns ok for request 1124
modcall: leaving group authorize (returns ok) for request 1124
rad_check_password: Found Auth-Type DIGEST
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1124
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "101"
Digest-Realm = "openser.org"
Digest-Nonce = "469abb0ade382a94dd2353cbdf2dfd83b1593f5d"
Digest-URI = "sip:192.168.2.80"
Digest-Method = "REGISTER"
Digest-QOP = "auth"
Digest-Nonce-Count = "00000090"
Digest-CNonce = "54081df1d9b5b85d"
A1 = 101:openser.org:101
A2 = REGISTER:sip:192.168.2.80
H(A1) = f195c177997cee336c919be9279c5703
H(A2) = 046d0643f281affab19fe62ffc848ab5
KD =
f195c177997cee336c919be9279c5703:469abb0ade382a94dd2353cbdf2dfd83b1593f5d:00000090:54081df1d9b5b85d:auth:046d0643f281affab19fe62ffc848ab5
EXPECTED d3ff78d09d9b2cefdce0c975b3c6fd26
RECEIVED d3ff78d09d9b2cefdce0c975b3c6fd26
modcall[authenticate]: module "digest" returns ok for request 1124
modcall: leaving group authenticate (returns ok) for request 1124
Login OK: [101(a)openser.org/<no User-Password attribute>] (from client 192.168.2.80
port 5060)
Sending Access-Accept of id 250 to 192.168.2.80 port 35223
Finished request 1124
Going to the next request
Waking up in 6 seconds...
Z2L
----- Original Message -----
From: "Dan-Cristian Bogos" <dan.bogos(a)gmail.com>
To: openser(a)zap2link.com
Sent: Wednesday, July 18, 2007 1:53:14 PM (GMT+0200) Asia/Jerusalem
Subject: Re: [OpenSER-Users] Radius integration issue
Hi,
try running FreeRADIUS in debug mode, this will tell u more info
regarding the cause of failure.
To run FreeRADIUS in debug start it with -X option.
Let us know about the results.
Cheers,
DanB
On 7/18/07, OpenSER ML <openser(a)zap2link.com> wrote:
Hi All,
I'm trying to connect OpenSER with FreeRadius. I've managed to get the digest
authentication
going correctly, having the Radius respond with LOGIN OK for the requests that are in the
users file. However, although the authentication process appears to succeed, the IP phone
doesn't register to the OpenSER server.
The following can be seen in the debug:
0(17821) SIP Request:
0(17821) method: <REGISTER>
0(17821) uri: <sip:192.168.2.80>
0(17821) version: <SIP/2.0>
0(17821) parse_headers: flags=2
0(17821) Found param type 232, <branch> = <z9hG4bK4d7202f23b6595fc>;
state=16
0(17821) end of header reached, state=5
0(17821) parse_headers: Via found, flags=2
0(17821) parse_headers: this is the first via
0(17821) After parse_msg...
0(17821) preparing to run routing scripts...
0(17821) parse_headers: flags=100
0(17821) DEBUG:parse_to:end of header reached, state=10
0(17821) DBUG:parse_to: display={}, ruri={sip:101@192.168.2.80;user=phone}
0(17821) DEBUG: get_hdr_field: <To> [35]; uri=[sip:101@192.168.2.80;user=phone]
0(17821) DEBUG: to body [<sip:101@192.168.2.80;user=phone>
]
0(17821) get_hdr_field: cseq <CSeq>: <20048> <REGISTER>
0(17821) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(17821) parse_headers: flags=200
0(17821) DEBUG: get_hdr_body : content_length=0
0(17821) found end of header
0(17821) find_first_route: No Route headers found
0(17821) loose_route: There is no Route HF
0(17821) grep_sock_info - checking if host==us: 12==12 && [192.168.2.80] ==
[192.168.2.80]
0(17821) grep_sock_info - checking if port 5060 matches port 5060
0(17821) grep_sock_info - checking if host==us: 12==12 && [192.168.2.80] ==
[192.168.2.80]
0(17821) grep_sock_info - checking if port 5060 matches port 5060
0(17821) check_nonce(): comparing [469aba5f4ff6b78f7b9588ad19fc0ab514e709da] and
[469aba5f4ff6b78f7b9588ad19fc0ab514e709da]
0(17821) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed
0(17821) build_auth_hf(): 'WWW-Authenticate: Digest realm="openser.org",
nonce="469aba5f4ff6b78f7b9588ad19fc0ab514e709da", qop="auth"
'
0(17821) parse_headers: flags=ffffffffffffffff
0(17821) check_via_address(192.168.2.101, 192.168.2.101, 0)
0(17821) DEBUG:destroy_avp_list: destroying list (nil)
0(17821) receive_msg: cleaning up
As you can surely see, the ERROR is somewhere in the authorization status. Now,
I've verified
the secret key between the machine, and all seems to be in place - any pointers will be
highly appreciated.
Z2L
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
1:21 p.m.
New subject: [OpenSER-Users] Radius integration issue
Hi Dan,
I modified my config to use a realm called sip.greenfieldtech.net, but the situation
remains.
Here is the config file:
#
# $Id$
#
# radius config script
#
# ----------- global configuration parameters ------------------------
debug=9 # debug level (cmd line: -dddddddddd)
fork=no
log_stderror=yes # (cmd line: -E)
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
listen=udp:192.168.2.80
#alias="openser.org"
#fifo="/tmp/openser_fifo"
# ------------------ module loading ----------------------------------
mpath="/usr/local/lib/openser/modules"
loadmodule "mysql.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "avpops.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "xlog.so"
loadmodule "uri.so"
loadmodule "acc.so"
loadmodule "auth.so"
loadmodule "auth_radius.so"
loadmodule "group_radius.so"
loadmodule "avp_radius.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc","db_url","mysql://openser:openserrw@localhost/openser")
modparam("usrloc", "db_mode", 2)
# -- acc params --
#modparam("acc", "radius_flag", 1)
#modparam("acc", "radius_missed_flag", 2)
#modparam("acc", "log_flag", 1)
#modparam("acc", "log_missed_flag", 1)
#modparam("acc", "service_type", 15)
#modparam("acc", "radius_extra",
"Sip-Src-IP=$si;Sip-Src-Port=$sp")
modparam("auth_radius|group_radius|avp_radius",
"radius_config","/etc/radiusclient/radiusclient.conf")
# -- group_radius params --
modparam("group_radius", "use_domain", 0)
# -- avpops params --
avp_aliases="day=i:101;time=i:102"
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
modparam("usrloc", "use_domain", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# check if user is suspended
#if(is_method("REGISTER|INVITE|MESSAGE|OPTIONS|SUBSCRIBE"))
#{
# if (radius_is_user_in("From", "suspended")) {
# sl_send_reply("403", "Forbidden - suspended");
# exit;
# };
#};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER")
record_route();
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
if(is_method("BYE"))
{ # log it all the time
#acc_rad_request("200 ok");
#acc_log_request("200 ok");
}
route(1);
};
if(is_method("INVITE") && !has_totag())
{ # set the acc flags
setflag(1);
setflag(2);
};
if (!uri==myself) {
# check if user is allowed to do voip calls to other domains
if(is_method("INVITE|MESSAGE")) {
if (!radius_is_user_in("From", "voip")) {
sl_send_reply("403", "Forbidden VoIP");
exit;
};
};
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
route(1);
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
# authenticate registers
if (method=="REGISTER") {
if (!radius_www_authorize("sip.greenfieldtech.net")) {
www_challenge("sip.greenfieldtech.net", "1");
exit;
};
if (radius_www_authorize("sip.greenfieldtech.net")) {
sl_send_reply("200", "ok");
exit;
};
# check the src ip address
#if(!avp_check("$avp(i:2)", "eq/$src_ip/ig"))
#{
# sl_send_reply("403", "Forbidden IP");
# exit;
#};
save("location");
exit;
};
# calls to pstn
if(uri=~"sip:00[1-9][0-9]+@") {
if(is_method("INVITE") && !has_totag()) {
if (!radius_is_user_in("From", "pstn")) {
sl_send_reply("403", "Forbidden PSTN");
exit;
};
};
# set gateway address
rewritehostport("10.10.10.10:5090");
route(1);
};
# load callee's avps
if(avp_load_radius("callee"))
{
# check if user has time filter enabled
#if(avp_check($avp("i:3"), $avp("eq/i:1")))
#{
# print time in an avp
# avp_printf("i:100", "$Tf");
# extract day
# avp_subst("i:100/i:101", "/(.{3}) .+/*\1*/");
# if(!avp_check("i:6", "fm/$day")) {
# sl_send_reply("403", "Forbidden - day");
# exit;
# };
# # extract 'hours:minutes'
# avp_subst("i:100/i:102", "/(.{10}) (.{5}):.+/\2/");
# if((is_avp_set("i:4") && avp_check("i:4",
"gt/$time"))
# || (is_avp_set("i:5") && avp_check("i:5",
"lt/$time"))) {
# sl_send_reply("403", "Forbidden - time");
# exit;
# };
#};
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
# log to acc as missed call
#acc_rad_request("404 Not Found");
#acc_log_request("404 Not Found");
sl_send_reply("404", "Not Found");
exit;
};
append_hf("P-hint: usrloc applied\r\n");
};
route(1);
}
# generic forward
route[1] {
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
exit;
}
#
Version is 1.2.1
Z2L
----- Original Message -----
From: "Dan-Cristian Bogos" <dan.bogos(a)gmail.com>
To: openser(a)zap2link.com
Cc: "users" <users(a)openser.org>
Sent: Wednesday, July 18, 2007 2:02:11 PM (GMT+0200) Asia/Jerusalem
Subject: Re: [OpenSER-Users] Radius integration issue
Can u post your openser configuration + version also? From the debug u
sent it all looks fine except the error.
DanB
On 7/18/07, OpenSER ML <openser(a)zap2link.com> wrote:
Hi Dan,
I am running in debug mode, here is the output of FreeRadius which seems fine to me:
rad_recv: Access-Request packet from host 192.168.2.80:35223, id=250, length=232
User-Name = "101(a)openser.org"
Digest-Attributes = 0x0a05313031
Digest-Attributes = 0x010d6f70656e7365722e6f7267
Digest-Attributes =
0x022a34363961626230616465333832613934646432333533636264663264666438336231353933663564
Digest-Attributes = 0x04127369703a3139322e3136382e322e3830
Digest-Attributes = 0x030a5245474953544552
Digest-Attributes = 0x050661757468
Digest-Attributes = 0x090a3030303030303930
Digest-Attributes = 0x081235343038316466316439623562383564
Digest-Response = "d3ff78d09d9b2cefdce0c975b3c6fd26"
Service-Type = IAPP-Register
X-Ascend-PW-Lifetime = 0x313031
NAS-Port = 5060
NAS-IP-Address = 192.168.2.80
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1124
modcall[authorize]: module "preprocess" returns ok for request 1124
radius_xlat:
'/usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716'
rlm_detail:
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716
modcall[authorize]: module "auth_log" returns ok for request 1124
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok for request 1124
users: Matched entry 101(a)openser.org at line 53
modcall[authorize]: module "files" returns ok for request 1124
modcall: leaving group authorize (returns ok) for request 1124
rad_check_password: Found Auth-Type DIGEST
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1124
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "101"
Digest-Realm = "openser.org"
Digest-Nonce = "469abb0ade382a94dd2353cbdf2dfd83b1593f5d"
Digest-URI = "sip:192.168.2.80"
Digest-Method = "REGISTER"
Digest-QOP = "auth"
Digest-Nonce-Count = "00000090"
Digest-CNonce = "54081df1d9b5b85d"
A1 = 101:openser.org:101
A2 = REGISTER:sip:192.168.2.80
H(A1) = f195c177997cee336c919be9279c5703
H(A2) = 046d0643f281affab19fe62ffc848ab5
KD =
f195c177997cee336c919be9279c5703:469abb0ade382a94dd2353cbdf2dfd83b1593f5d:00000090:54081df1d9b5b85d:auth:046d0643f281affab19fe62ffc848ab5
EXPECTED d3ff78d09d9b2cefdce0c975b3c6fd26
RECEIVED d3ff78d09d9b2cefdce0c975b3c6fd26
modcall[authenticate]: module "digest" returns ok for request 1124
modcall: leaving group authenticate (returns ok) for request 1124
Login OK: [101(a)openser.org/<no User-Password attribute>] (from client 192.168.2.80
port 5060)
Sending Access-Accept of id 250 to 192.168.2.80 port 35223
Finished request 1124
Going to the next request
Waking up in 6 seconds...
Z2L
----- Original Message -----
From: "Dan-Cristian Bogos" <dan.bogos(a)gmail.com>
To: openser(a)zap2link.com
Sent: Wednesday, July 18, 2007 1:53:14 PM (GMT+0200) Asia/Jerusalem
Subject: Re: [OpenSER-Users] Radius integration issue
Hi,
try running FreeRADIUS in debug mode, this will tell u more info
regarding the cause of failure.
To run FreeRADIUS in debug start it with -X option.
Let us know about the results.
Cheers,
DanB
On 7/18/07, OpenSER ML <openser(a)zap2link.com> wrote:
Hi All,
I'm trying to connect OpenSER with FreeRadius. I've managed to get the digest
authentication
going correctly, having the Radius respond with LOGIN OK for the requests that are in the
users file. However, although the authentication process appears to succeed, the IP phone
doesn't register to the OpenSER server.
The following can be seen in the debug:
0(17821) SIP Request:
0(17821) method: <REGISTER>
0(17821) uri: <sip:192.168.2.80>
0(17821) version: <SIP/2.0>
0(17821) parse_headers: flags=2
0(17821) Found param type 232, <branch> = <z9hG4bK4d7202f23b6595fc>;
state=16
0(17821) end of header reached, state=5
0(17821) parse_headers: Via found, flags=2
0(17821) parse_headers: this is the first via
0(17821) After parse_msg...
0(17821) preparing to run routing scripts...
0(17821) parse_headers: flags=100
0(17821) DEBUG:parse_to:end of header reached, state=10
0(17821) DBUG:parse_to: display={}, ruri={sip:101@192.168.2.80;user=phone}
0(17821) DEBUG: get_hdr_field: <To> [35]; uri=[sip:101@192.168.2.80;user=phone]
0(17821) DEBUG: to body [<sip:101@192.168.2.80;user=phone>
]
0(17821) get_hdr_field: cseq <CSeq>: <20048> <REGISTER>
0(17821) DEBUG:maxfwd:is_maxfwd_present: value = 70
0(17821) parse_headers: flags=200
0(17821) DEBUG: get_hdr_body : content_length=0
0(17821) found end of header
0(17821) find_first_route: No Route headers found
0(17821) loose_route: There is no Route HF
0(17821) grep_sock_info - checking if host==us: 12==12 && [192.168.2.80] ==
[192.168.2.80]
0(17821) grep_sock_info - checking if port 5060 matches port 5060
0(17821) grep_sock_info - checking if host==us: 12==12 && [192.168.2.80] ==
[192.168.2.80]
0(17821) grep_sock_info - checking if port 5060 matches port 5060
0(17821) check_nonce(): comparing [469aba5f4ff6b78f7b9588ad19fc0ab514e709da] and
[469aba5f4ff6b78f7b9588ad19fc0ab514e709da]
0(17821) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed
0(17821) build_auth_hf(): 'WWW-Authenticate: Digest realm="openser.org",
nonce="469aba5f4ff6b78f7b9588ad19fc0ab514e709da", qop="auth"
'
0(17821) parse_headers: flags=ffffffffffffffff
0(17821) check_via_address(192.168.2.101, 192.168.2.101, 0)
0(17821) DEBUG:destroy_avp_list: destroying list (nil)
0(17821) receive_msg: cleaning up
As you can surely see, the ERROR is somewhere in the authorization status. Now,
I've verified
the secret key between the machine, and all seems to be in place - any pointers will be
highly appreciated.
Z2L
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
6344
days inactive
6344
days old
2 comments
2 participants
participants (2)
-
Dan-Cristian Bogos -
OpenSER ML