14 Jun
2006
14 Jun
'06
5:28 p.m.
Hi,
I have followed the Intrsuctions on setting up FreeRADIUS with OpenSER.
(http://openser.org/docs/openser-radius-1.0.x.html)
But the server doesn't allow the registration:
Config:
============================================================================
====================
# $Id$
#
# radius config script
#
# ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd)
fork=no
log_stderror=yes # (cmd line: -E)
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
listen=udp:192.168.10.18
alias="openser.org"
alias="mydomain.com"
#fifo="/tmp/openser_fifo"
# ------------------ module loading ----------------------------------
mpath="/usr/local/lib/openser/modules/"
loadmodule "mysql.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "avpops.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "xlog.so"
loadmodule "uri.so"
loadmodule "acc.so"
loadmodule "auth.so"
loadmodule "auth_radius.so"
loadmodule "group_radius.so"
loadmodule "avp_radius.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc","db_url","mysql://openser:openserrw@localhost/openser")
modparam("usrloc", "db_mode", 2)
# -- acc params --
modparam("acc", "radius_flag", 1)
modparam("acc", "radius_missed_flag", 2)
modparam("acc", "log_flag", 1)
modparam("acc", "log_missed_flag", 1)
modparam("acc", "service_type", 15)
modparam("acc", "radius_extra",
"Sip-Src-IP=$si;Sip-Src-Port=$sp")
modparam("acc|auth_radius|group_radius|avp_radius", "radius_config",
"/usr/local/etc/radiusclient-ng/radiusclient.conf")
# -- group_radius params --
modparam("group_radius", "use_domain", 1)
# -- avpops params --
modparam("avpops", "avp_aliases", "day=i:101;time=i:102")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# check if user is suspended
if(is_method("REGISTER|INVITE|MESSAGE|OPTIONS|SUBSCRIBE"))
{
if (radius_is_user_in("From", "suspended")) {
sl_send_reply("403", "Forbidden - suspended");
exit;
};
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER")
record_route();
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
if(is_method("BYE"))
{ # log it all the time
acc_rad_request("200 ok");
acc_log_request("200 ok");
}
route(1);
};
if(is_method("INVITE") && !has_totag())
{ # set the acc flags
setflag(1);
setflag(2);
};
if (!uri==myself) {
# check if user is allowed to do voip calls to other domains
if(is_method("INVITE|MESSAGE")) {
if (!radius_is_user_in("From", "voip")) {
sl_send_reply("403", "Forbidden VoIP");
exit;
};
};
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
route(1);
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
# authenticate registers
if (method=="REGISTER") {
if (!radius_www_authorize("mydomain.com")) {
www_challenge("mydomain.com", "0");
exit;
};
# check the src ip address
if(!avp_check("i:2", "eq/$src_ip/ig"))
{
sl_send_reply("403", "Forbidden IP");
exit;
};
save("location");
exit;
};
# calls to pstn
if(uri=~"sip:00[1-9][0-9]+@") {
if(is_method("INVITE") && !has_totag()) {
if (!radius_is_user_in("From", "pstn")) {
sl_send_reply("403", "Forbidden PSTN");
exit;
};
};
# set gateway address
rewritehostport("192.168.10.18:5090");
route(1);
};
# load callee's avps
if(avp_load_radius("callee"))
{
# check if user has time filter enabled
if(avp_check("i:3", "eq/i:1"))
{
# print time in an avp
avp_printf("i:100", "$Tf");
# extract day
avp_subst("i:100/i:101", "/(.{3}) .+/*\1*/");
if(!avp_check("i:6", "fm/$day")) {
sl_send_reply("403", "Forbidden - day");
exit;
};
# extract 'hours:minutes'
avp_subst("i:100/i:102", "/(.{10}) (.{5}):.+/\2/");
if((is_avp_set("i:4") && avp_check("i:4",
"gt/$time"))
|| (is_avp_set("i:5") && avp_check("i:5",
"lt/$time"))) {
sl_send_reply("403", "Forbidden - time");
exit;
};
};
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
# log to acc as missed call
acc_rad_request("404 Not Found");
acc_log_request("404 Not Found");
sl_send_reply("404", "Not Found");
exit;
};
append_hf("P-hint: usrloc applied\r\n");
};
route(1);
}
# generic forward
route[1] {
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
exit;
}
#
============================================================================
====================
Users file on RADIUS:
### --- avps ---
101(a)mydomain.com Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
Sip-Avp += "#3#1",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Fri"
102(a)mydomain.com Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
Sip-Avp += "#3#1",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Free"
DEFAULT Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
### --- group checking ---
### --- user 101 ---
101(a)mydomain.com Auth-Type := Accept, Sip-Group == "voip", Service-Type ==
"Group-Check"
Reply-Message = "Authorized"
101(a)mydomain.com Auth-Type := Accept, Sip-Group == "pstn", Service-Type ==
"Group-Check"
Reply-Message = "Authorized"
### --- user 102 ---
102(a)mydomain.com Auth-Type := Accept, Sip-Group == "voip", Service-Type ==
"Group-Check"
Reply-Message = "Authorized"
DEFAULT Auth-Type := Reject, Service-Type == "Group-Check"
### --- user authentication ---
101(a)mydomain.com Auth-Type := Digest, User-Password == "101"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:101",
Sip-Avp += "#2:192.168.10.17",
# Sip-Avp += "#2:192.168.2.11"
102(a)mydomain.com Auth-Type := Digest, User-Password == "102"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:102",
# Sip-Avp += "#2:192.168.2.12"
============================================================================
====================
And bellow is the dubug from radiusd -X and openser -E -ddddddd:
OpenSER Debug:
*****************************
0(4084) SIP Request:
0(4084) method: <REGISTER>
0(4084) uri: <sip:mydomain.com>
0(4084) version: <SIP/2.0>
0(4084) parse_headers: flags=2
0(4084) DEBUG:parse_to:end of header reached, state=8
0(4084) DEBUG: get_hdr_field: <To> [19]; uri=[sip:101@mydomain.com]
0(4084) DEBUG: to body [sip:101@mydomain.com
]
0(4084) get_hdr_field: cseq <Cseq>: <2> <REGISTER>
0(4084) Found param type 232, <branch> =
<z9hG4bK-eb137d5b6c8524d7c778e5629555a97e>; state=16
0(4084) end of header reached, state=5
0(4084) parse_headers: Via found, flags=2
0(4084) parse_headers: this is the first via
0(4084) After parse_msg...
0(4084) preparing to run routing scripts...
0(4084) DEBUG:maxfwd:is_maxfwd_present: value = 20
0(4084) DEBUG: add_param: tag=30167a95
0(4084) DEBUG:parse_to:end of header reached, state=29
0(4084) radius_is_user_in(): Failure
0(4084) parse_headers: flags=200
0(4084) DEBUG: get_hdr_body : content_length=0
0(4084) found end of header
0(4084) find_first_route: No Route headers found
0(4084) loose_route: There is no Route HF
0(4084) grep_sock_info - checking if host==us: 9==10 && [mydomain.com] ==
[192.168.10.18]
0(4084) grep_sock_info - checking if port 5060 matches port 5060
0(4084) grep_sock_info - checking if host==us: 9==10 && [mydomain.com] ==
[192.168.10.18]
0(4084) grep_sock_info - checking if port 5060 matches port 5060
0(4084) check_nonce(): comparing [448fe8934593e3e7780fffee019ce58577231baf]
and [448fe8934593e3e7780fffee019ce58577231baf]
0(4084) DEBUG:auth_radius:radius_authorize_sterman: Success
0(4084) DEBUG:auth_radius:generate_avps: getting SIP AVPs from avpair 225
0(4084) DEBUG:auth_radius:extract_avp: string is <rpid:101>
0(4084) DEBUG:auth_radius:extract_avp: AVP name is <rpid>
0(4084) DEBUG:auth_radius:extract_avp: AVP val is <101>
0(4084) DEBUG:auth_radius:generate_avps: AVP 'rpid'/0='101'/0 has been
added
0(4084) DEBUG:auth_radius:extract_avp: string is <#2:192.168.10.17>
0(4084) DEBUG:auth_radius:extract_avp: AVP name is <2>
0(4084) DEBUG:auth_radius:extract_avp: AVP val is <192.168.10.17>
0(4084) DEBUG:auth_radius:generate_avps: AVP 'null'/2='192.168.10.17'/0
has
been added
0(4084) DEBUG:avpops:check_avp: check <192.168.10.17> against
<192.168.10.17> as str
0(4084) parse_headers: flags=ffffffffffffffff
0(4084) parse_headers: flags=4000000
0(4084) build_contact(): Created Contact HF: Contact:
<sip:101@192.168.10.17;LINEID=6f5beb97d08670a1c8328ce1526ae928>;expires=300
0(4084) parse_headers: flags=ffffffffffffffff
0(4084) check_via_address(192.168.10.17, 192.168.10.17, 0)
0(4084) DEBUG:destroy_avp_list: destroying list 0xb60f0a50
0(4084) receive_msg: cleaning up
1(4086) build_recv_sock: <192.168.10.18_5060>
*******************************
RADIUS Debug:
*******************************
rad_recv: Access-Request packet from host 127.0.0.1:32900, id=196,
length=185
User-Name = "101(a)shatel.ir"
Digest-Attributes = 0x0a05313031
Digest-Attributes = 0x010b73686174656c2e6972
Digest-Attributes =
0x022a3434386666316666393332663830393337613034373266333837363163353036656166
3636613934
Digest-Attributes = 0x040f7369703a73686174656c2e6972
Digest-Attributes = 0x030a5245474953544552
Digest-Response = "7a3f00f697286dd95c5aa654a9662dea"
Service-Type = Sip-Session
Sip-Uri-User = "101"
NAS-Port = 5060
NAS-IP-Address = 127.0.0.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 100
modcall[authorize]: module "preprocess" returns ok for request 100
modcall[authorize]: module "chap" returns noop for request 100
modcall[authorize]: module "mschap" returns noop for request 100
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok for request 100
rlm_realm: Looking up realm "shatel.ir" for User-Name =
"101(a)shatel.ir"
rlm_realm: No such realm "shatel.ir"
modcall[authorize]: module "suffix" returns noop for request 100
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 100
users: Matched entry DEFAULT at line 152
users: Matched entry 101(a)shatel.ir at line 255
modcall[authorize]: module "files" returns ok for request 100
modcall: leaving group authorize (returns ok) for request 100
rad_check_password: Found Auth-Type Digest
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 100
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "101"
Digest-Realm = "shatel.ir"
Digest-Nonce = "448ff1ff932f80937a0472f38761c506eaf66a94"
Digest-URI = "sip:shatel.ir"
Digest-Method = "REGISTER"
A1 = 101:shatel.ir:101
A2 = REGISTER:sip:shatel.ir
H(A1) = a5d8cf73217ea46c8fd8ca5da1c6a2e3
H(A2) = 27e9df2d1a7ed715c7204d1316039120
KD =
a5d8cf73217ea46c8fd8ca5da1c6a2e3:448ff1ff932f80937a0472f38761c506eaf66a94:27
e9df2d1a7ed715c7204d1316039120
EXPECTED 7a3f00f697286dd95c5aa654a9662dea
RECEIVED 7a3f00f697286dd95c5aa654a9662dea
modcall[authenticate]: module "digest" returns ok for request 100
modcall: leaving group authenticate (returns ok) for request 100
radius_xlat: 'Authenticated'
Sending Access-Accept of id 196 to 127.0.0.1 port 32900
Reply-Message = "Authenticated"
SIP-AVP += "rpid:101"
SIP-AVP += "#2:85.15.7.17"
Finished request 100
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32901, id=197, length=64
User-Name = "101(a)shatel.ir"
Sip-Group = "suspended"
Service-Type = Group-Check
NAS-Port = 0
NAS-IP-Address = 127.0.0.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 101
modcall[authorize]: module "preprocess" returns ok for request 101
modcall[authorize]: module "chap" returns noop for request 101
modcall[authorize]: module "mschap" returns noop for request 101
modcall[authorize]: module "digest" returns noop for request 101
rlm_realm: Looking up realm "shatel.ir" for User-Name =
"101(a)shatel.ir"
rlm_realm: No such realm "shatel.ir"
modcall[authorize]: module "suffix" returns noop for request 101
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 101
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 252
modcall[authorize]: module "files" returns ok for request 101
modcall: leaving group authorize (returns ok) for request 101
rad_check_password: Found Auth-Type Reject
rad_check_password: Auth-Type = Reject, rejecting user
auth: Failed to validate the user.
Delaying request 101 for 1 seconds
Finished request 101
Any thoughts?
Thanks,
Hamid
15 Jun
15 Jun
3:49 p.m.
Take a look on the user credentials on Radius DB. Radius is rejecting the
authentication, so there should be some mismatch between Your login
credentials and what Radius has in its DB.
Try to run this command and see what's the result (linux version):
radiusclient -f <conf-dir-of-radiusclient-ng>/radiusclient.conf -p 123
'User-Name=some(a)valid.user' 'Password=Guess';echo $?
It should return:
Reply-Message = 'Authenticated'
Edson.
_____
From: users-bounces(a)openser.org [mailto:users-bounces@openser.org] On Behalf
Of Hamid Ali Asgari
Sent: quarta-feira, 14 de junho de 2006 11:29
To: users(a)openser.org
Subject: [Users] SIP Clients Can't REGISTER
Hi,
I have followed the Intrsuctions on setting up FreeRADIUS with OpenSER.
(http://openser.org/docs/openser-radius-1.0.x.html)
But the server doesn't allow the registration:
Config:
============================================================================
====================
# $Id$
#
# radius config script
#
# ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd)
fork=no
log_stderror=yes # (cmd line: -E)
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
listen=udp:192.168.10.18
alias="openser.org"
alias="mydomain.com"
#fifo="/tmp/openser_fifo"
# ------------------ module loading ----------------------------------
mpath="/usr/local/lib/openser/modules/"
loadmodule "mysql.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "avpops.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "xlog.so"
loadmodule "uri.so"
loadmodule "acc.so"
loadmodule "auth.so"
loadmodule "auth_radius.so"
loadmodule "group_radius.so"
loadmodule "avp_radius.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc","db_url","mysql://openser:openserrw@localhost/openser")
modparam("usrloc", "db_mode", 2)
# -- acc params --
modparam("acc", "radius_flag", 1)
modparam("acc", "radius_missed_flag", 2)
modparam("acc", "log_flag", 1)
modparam("acc", "log_missed_flag", 1)
modparam("acc", "service_type", 15)
modparam("acc", "radius_extra",
"Sip-Src-IP=$si;Sip-Src-Port=$sp")
modparam("acc|auth_radius|group_radius|avp_radius", "radius_config",
"/usr/local/etc/radiusclient-ng/radiusclient.conf")
# -- group_radius params --
modparam("group_radius", "use_domain", 1)
# -- avpops params --
modparam("avpops", "avp_aliases", "day=i:101;time=i:102")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# check if user is suspended
if(is_method("REGISTER|INVITE|MESSAGE|OPTIONS|SUBSCRIBE"))
{
if (radius_is_user_in("From", "suspended")) {
sl_send_reply("403", "Forbidden - suspended");
exit;
};
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER")
record_route();
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
if(is_method("BYE"))
{ # log it all the time
acc_rad_request("200 ok");
acc_log_request("200 ok");
}
route(1);
};
if(is_method("INVITE") && !has_totag())
{ # set the acc flags
setflag(1);
setflag(2);
};
if (!uri==myself) {
# check if user is allowed to do voip calls to other domains
if(is_method("INVITE|MESSAGE")) {
if (!radius_is_user_in("From", "voip")) {
sl_send_reply("403", "Forbidden VoIP");
exit;
};
};
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
route(1);
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
# authenticate registers
if (method=="REGISTER") {
if (!radius_www_authorize("mydomain.com")) {
www_challenge("mydomain.com", "0");
exit;
};
# check the src ip address
if(!avp_check("i:2", "eq/$src_ip/ig"))
{
sl_send_reply("403", "Forbidden IP");
exit;
};
save("location");
exit;
};
# calls to pstn
if(uri=~"sip:00[1-9][0-9]+@") {
if(is_method("INVITE") && !has_totag()) {
if (!radius_is_user_in("From", "pstn")) {
sl_send_reply("403", "Forbidden PSTN");
exit;
};
};
# set gateway address
rewritehostport("192.168.10.18:5090");
route(1);
};
# load callee's avps
if(avp_load_radius("callee"))
{
# check if user has time filter enabled
if(avp_check("i:3", "eq/i:1"))
{
# print time in an avp
avp_printf("i:100", "$Tf");
# extract day
avp_subst("i:100/i:101", "/(.{3}) .+/*\1*/");
if(!avp_check("i:6", "fm/$day")) {
sl_send_reply("403", "Forbidden - day");
exit;
};
# extract 'hours:minutes'
avp_subst("i:100/i:102", "/(.{10}) (.{5}):.+/\2/");
if((is_avp_set("i:4") && avp_check("i:4",
"gt/$time"))
|| (is_avp_set("i:5") && avp_check("i:5",
"lt/$time"))) {
sl_send_reply("403", "Forbidden - time");
exit;
};
};
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
# log to acc as missed call
acc_rad_request("404 Not Found");
acc_log_request("404 Not Found");
sl_send_reply("404", "Not Found");
exit;
};
append_hf("P-hint: usrloc applied\r\n");
};
route(1);
}
# generic forward
route[1] {
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
exit;
}
#
============================================================================
====================
Users file on RADIUS:
### --- avps ---
101(a)mydomain.com Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
Sip-Avp += "#3#1",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Fri"
102(a)mydomain.com Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
Sip-Avp += "#3#1",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Free"
DEFAULT Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
### --- group checking ---
### --- user 101 ---
101(a)mydomain.com Auth-Type := Accept, Sip-Group == "voip", Service-Type ==
"Group-Check"
Reply-Message = "Authorized"
101(a)mydomain.com Auth-Type := Accept, Sip-Group == "pstn", Service-Type ==
"Group-Check"
Reply-Message = "Authorized"
### --- user 102 ---
102(a)mydomain.com Auth-Type := Accept, Sip-Group == "voip", Service-Type ==
"Group-Check"
Reply-Message = "Authorized"
DEFAULT Auth-Type := Reject, Service-Type == "Group-Check"
### --- user authentication ---
101(a)mydomain.com Auth-Type := Digest, User-Password == "101"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:101",
Sip-Avp += "#2:192.168.10.17",
# Sip-Avp += "#2:192.168.2.11"
102(a)mydomain.com Auth-Type := Digest, User-Password == "102"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:102",
# Sip-Avp += "#2:192.168.2.12"
============================================================================
====================
And bellow is the dubug from radiusd -X and openser -E -ddddddd:
OpenSER Debug:
*****************************
0(4084) SIP Request:
0(4084) method: <REGISTER>
0(4084) uri: <sip:mydomain.com>
0(4084) version: <SIP/2.0>
0(4084) parse_headers: flags=2
0(4084) DEBUG:parse_to:end of header reached, state=8
0(4084) DEBUG: get_hdr_field: <To> [19]; uri=[sip:101@mydomain.com]
0(4084) DEBUG: to body [sip:101@mydomain.com
]
0(4084) get_hdr_field: cseq <Cseq>: <2> <REGISTER>
0(4084) Found param type 232, <branch> =
<z9hG4bK-eb137d5b6c8524d7c778e5629555a97e>; state=16
0(4084) end of header reached, state=5
0(4084) parse_headers: Via found, flags=2
0(4084) parse_headers: this is the first via
0(4084) After parse_msg...
0(4084) preparing to run routing scripts...
0(4084) DEBUG:maxfwd:is_maxfwd_present: value = 20
0(4084) DEBUG: add_param: tag=30167a95
0(4084) DEBUG:parse_to:end of header reached, state=29
0(4084) radius_is_user_in(): Failure
0(4084) parse_headers: flags=200
0(4084) DEBUG: get_hdr_body : content_length=0
0(4084) found end of header
0(4084) find_first_route: No Route headers found
0(4084) loose_route: There is no Route HF
0(4084) grep_sock_info - checking if host==us: 9==10 && [mydomain.com] ==
[192.168.10.18]
0(4084) grep_sock_info - checking if port 5060 matches port 5060
0(4084) grep_sock_info - checking if host==us: 9==10 && [mydomain.com] ==
[192.168.10.18]
0(4084) grep_sock_info - checking if port 5060 matches port 5060
0(4084) check_nonce(): comparing [448fe8934593e3e7780fffee019ce58577231baf]
and [448fe8934593e3e7780fffee019ce58577231baf]
0(4084) DEBUG:auth_radius:radius_authorize_sterman: Success
0(4084) DEBUG:auth_radius:generate_avps: getting SIP AVPs from avpair 225
0(4084) DEBUG:auth_radius:extract_avp: string is <rpid:101>
0(4084) DEBUG:auth_radius:extract_avp: AVP name is <rpid>
0(4084) DEBUG:auth_radius:extract_avp: AVP val is <101>
0(4084) DEBUG:auth_radius:generate_avps: AVP 'rpid'/0='101'/0 has been
added
0(4084) DEBUG:auth_radius:extract_avp: string is <#2:192.168.10.17>
0(4084) DEBUG:auth_radius:extract_avp: AVP name is <2>
0(4084) DEBUG:auth_radius:extract_avp: AVP val is <192.168.10.17>
0(4084) DEBUG:auth_radius:generate_avps: AVP 'null'/2='192.168.10.17'/0
has
been added
0(4084) DEBUG:avpops:check_avp: check <192.168.10.17> against
<192.168.10.17> as str
0(4084) parse_headers: flags=ffffffffffffffff
0(4084) parse_headers: flags=4000000
0(4084) build_contact(): Created Contact HF: Contact:
<sip:101@192.168.10.17;LINEID=6f5beb97d08670a1c8328ce1526ae928>;expires=300
0(4084) parse_headers: flags=ffffffffffffffff
0(4084) check_via_address(192.168.10.17, 192.168.10.17, 0)
0(4084) DEBUG:destroy_avp_list: destroying list 0xb60f0a50
0(4084) receive_msg: cleaning up
1(4086) build_recv_sock: <192.168.10.18_5060>
*******************************
RADIUS Debug:
*******************************
rad_recv: Access-Request packet from host 127.0.0.1:32900, id=196,
length=185
User-Name = "101(a)shatel.ir"
Digest-Attributes = 0x0a05313031
Digest-Attributes = 0x010b73686174656c2e6972
Digest-Attributes =
0x022a3434386666316666393332663830393337613034373266333837363163353036656166
3636613934
Digest-Attributes = 0x040f7369703a73686174656c2e6972
Digest-Attributes = 0x030a5245474953544552
Digest-Response = "7a3f00f697286dd95c5aa654a9662dea"
Service-Type = Sip-Session
Sip-Uri-User = "101"
NAS-Port = 5060
NAS-IP-Address = 127.0.0.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 100
modcall[authorize]: module "preprocess" returns ok for request 100
modcall[authorize]: module "chap" returns noop for request 100
modcall[authorize]: module "mschap" returns noop for request 100
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok for request 100
rlm_realm: Looking up realm "shatel.ir" for User-Name =
"101(a)shatel.ir"
rlm_realm: No such realm "shatel.ir"
modcall[authorize]: module "suffix" returns noop for request 100
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 100
users: Matched entry DEFAULT at line 152
users: Matched entry 101(a)shatel.ir at line 255
modcall[authorize]: module "files" returns ok for request 100
modcall: leaving group authorize (returns ok) for request 100
rad_check_password: Found Auth-Type Digest
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 100
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "101"
Digest-Realm = "shatel.ir"
Digest-Nonce = "448ff1ff932f80937a0472f38761c506eaf66a94"
Digest-URI = "sip:shatel.ir"
Digest-Method = "REGISTER"
A1 = 101:shatel.ir:101
A2 = REGISTER:sip:shatel.ir
H(A1) = a5d8cf73217ea46c8fd8ca5da1c6a2e3
H(A2) = 27e9df2d1a7ed715c7204d1316039120
KD =
a5d8cf73217ea46c8fd8ca5da1c6a2e3:448ff1ff932f80937a0472f38761c506eaf66a94:27
e9df2d1a7ed715c7204d1316039120
EXPECTED 7a3f00f697286dd95c5aa654a9662dea
RECEIVED 7a3f00f697286dd95c5aa654a9662dea
modcall[authenticate]: module "digest" returns ok for request 100
modcall: leaving group authenticate (returns ok) for request 100
radius_xlat: 'Authenticated'
Sending Access-Accept of id 196 to 127.0.0.1 port 32900
Reply-Message = "Authenticated"
SIP-AVP += "rpid:101"
SIP-AVP += "#2:85.15.7.17"
Finished request 100
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32901, id=197, length=64
User-Name = "101(a)shatel.ir"
Sip-Group = "suspended"
Service-Type = Group-Check
NAS-Port = 0
NAS-IP-Address = 127.0.0.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 101
modcall[authorize]: module "preprocess" returns ok for request 101
modcall[authorize]: module "chap" returns noop for request 101
modcall[authorize]: module "mschap" returns noop for request 101
modcall[authorize]: module "digest" returns noop for request 101
rlm_realm: Looking up realm "shatel.ir" for User-Name =
"101(a)shatel.ir"
rlm_realm: No such realm "shatel.ir"
modcall[authorize]: module "suffix" returns noop for request 101
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 101
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 252
modcall[authorize]: module "files" returns ok for request 101
modcall: leaving group authorize (returns ok) for request 101
rad_check_password: Found Auth-Type Reject
rad_check_password: Auth-Type = Reject, rejecting user
auth: Failed to validate the user.
Delaying request 101 for 1 seconds
Finished request 101
Any thoughts?
Thanks,
Hamid
16 Jun
16 Jun
4:03 a.m.
If you take a look at the radius debug, you will see that the radius does
authenticate the user first and then ejects in the second auth.. Does it
have anything to do with the Sip-Group = "suspended" entry?
Interesting point is that everything is exactly like the examples on the
tutorial.
Thanks,
Hamid
rad_recv: Access-Request packet from host 127.0.0.1:32900, id=196,
length=185
User-Name = "101(a)mydomain.com"
Digest-Attributes = 0x0a05313031
Digest-Attributes = 0x010b73686174656c2e6972
Digest-Attributes =
0x022a3434386666316666393332663830393337613034373266333837363163353036656166
3636613934
Digest-Attributes = 0x040f7369703a73686174656c2e6972
Digest-Attributes = 0x030a5245474953544552
Digest-Response = "7a3f00f697286dd95c5aa654a9662dea"
Service-Type = Sip-Session
Sip-Uri-User = "101"
NAS-Port = 5060
NAS-IP-Address = 127.0.0.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 100
modcall[authorize]: module "preprocess" returns ok for request 100
modcall[authorize]: module "chap" returns noop for request 100
modcall[authorize]: module "mschap" returns noop for request 100
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok for request 100
rlm_realm: Looking up realm "mydomain.com" for User-Name =
"101(a)mydomain.com"
rlm_realm: No such realm "mydomain.com"
modcall[authorize]: module "suffix" returns noop for request 100
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 100
users: Matched entry DEFAULT at line 152
users: Matched entry 101(a)mydomain.com at line 255
modcall[authorize]: module "files" returns ok for request 100
modcall: leaving group authorize (returns ok) for request 100
rad_check_password: Found Auth-Type Digest
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 100
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "101"
Digest-Realm = "mydomain.com"
Digest-Nonce = "448ff1ff932f80937a0472f38761c506eaf66a94"
Digest-URI = "sip:mydomain.com"
Digest-Method = "REGISTER"
A1 = 101:mydomain.com:101
A2 = REGISTER:sip:mydomain.com
H(A1) = a5d8cf73217ea46c8fd8ca5da1c6a2e3
H(A2) = 27e9df2d1a7ed715c7204d1316039120
KD =
a5d8cf73217ea46c8fd8ca5da1c6a2e3:448ff1ff932f80937a0472f38761c506eaf66a94:27
e9df2d1a7ed715c7204d1316039120
EXPECTED 7a3f00f697286dd95c5aa654a9662dea
RECEIVED 7a3f00f697286dd95c5aa654a9662dea
modcall[authenticate]: module "digest" returns ok for request 100
modcall: leaving group authenticate (returns ok) for request 100
radius_xlat: 'Authenticated'
Sending Access-Accept of id 196 to 127.0.0.1 port 32900
Reply-Message = "Authenticated"
SIP-AVP += "rpid:101"
SIP-AVP += "#2:192.168.10.17"
Finished request 100
---------------------------------------------
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32901, id=197, length=64
User-Name = "101(a)mydomain.com"
Sip-Group = "suspended"
Service-Type = Group-Check
NAS-Port = 0
NAS-IP-Address = 127.0.0.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 101
modcall[authorize]: module "preprocess" returns ok for request 101
modcall[authorize]: module "chap" returns noop for request 101
modcall[authorize]: module "mschap" returns noop for request 101
modcall[authorize]: module "digest" returns noop for request 101
rlm_realm: Looking up realm "mydomain.com" for User-Name =
"101(a)mydomain.com"
rlm_realm: No such realm "mydomain.com"
modcall[authorize]: module "suffix" returns noop for request 101
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 101
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 252
modcall[authorize]: module "files" returns ok for request 101
modcall: leaving group authorize (returns ok) for request 101
rad_check_password: Found Auth-Type Reject
rad_check_password: Auth-Type = Reject, rejecting user
auth: Failed to validate the user.
Delaying request 101 for 1 seconds
Finished request 101
_____
From: Edson [mailto:4lists@gmail.com]
Sent: Thursday, June 15, 2006 4:19 PM
To: 'Hamid Ali Asgari'; users(a)openser.org
Subject: RE: [Users] SIP Clients Can't REGISTER
Take a look on the user credentials on Radius DB. Radius is rejecting the
authentication, so there should be some mismatch between Your login
credentials and what Radius has in its DB.
Try to run this command and see what's the result (linux version):
radiusclient -f <conf-dir-of-radiusclient-ng>/radiusclient.conf -p 123
'User-Name=some(a)valid.user' 'Password=Guess';echo $?
It should return:
Reply-Message = 'Authenticated'
Edson.
6:35 a.m.
What's the result from the 'RadiusClient' that I suggest?
Edson.
_____
From: Hamid Ali Asgari [mailto:Hamid@Parnak.com]
Sent: quinta-feira, 15 de junho de 2006 22:03
To: 'Edson'; users(a)openser.org
Subject: RE: [Users] SIP Clients Can't REGISTER
If you take a look at the radius debug, you will see that the radius does
authenticate the user first and then ejects in the second auth.. Does it
have anything to do with the Sip-Group = "suspended" entry?
Interesting point is that everything is exactly like the examples on the
tutorial.
Thanks,
Hamid
rad_recv: Access-Request packet from host 127.0.0.1:32900, id=196,
length=185
User-Name = "101(a)mydomain.com"
Digest-Attributes = 0x0a05313031
Digest-Attributes = 0x010b73686174656c2e6972
Digest-Attributes =
0x022a3434386666316666393332663830393337613034373266333837363163353036656166
3636613934
Digest-Attributes = 0x040f7369703a73686174656c2e6972
Digest-Attributes = 0x030a5245474953544552
Digest-Response = "7a3f00f697286dd95c5aa654a9662dea"
Service-Type = Sip-Session
Sip-Uri-User = "101"
NAS-Port = 5060
NAS-IP-Address = 127.0.0.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 100
modcall[authorize]: module "preprocess" returns ok for request 100
modcall[authorize]: module "chap" returns noop for request 100
modcall[authorize]: module "mschap" returns noop for request 100
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok for request 100
rlm_realm: Looking up realm "mydomain.com" for User-Name =
"101(a)mydomain.com"
rlm_realm: No such realm "mydomain.com"
modcall[authorize]: module "suffix" returns noop for request 100
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 100
users: Matched entry DEFAULT at line 152
users: Matched entry 101(a)mydomain.com at line 255
modcall[authorize]: module "files" returns ok for request 100
modcall: leaving group authorize (returns ok) for request 100
rad_check_password: Found Auth-Type Digest
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 100
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "101"
Digest-Realm = "mydomain.com"
Digest-Nonce = "448ff1ff932f80937a0472f38761c506eaf66a94"
Digest-URI = "sip:mydomain.com"
Digest-Method = "REGISTER"
A1 = 101:mydomain.com:101
A2 = REGISTER:sip:mydomain.com
H(A1) = a5d8cf73217ea46c8fd8ca5da1c6a2e3
H(A2) = 27e9df2d1a7ed715c7204d1316039120
KD =
a5d8cf73217ea46c8fd8ca5da1c6a2e3:448ff1ff932f80937a0472f38761c506eaf66a94:27
e9df2d1a7ed715c7204d1316039120
EXPECTED 7a3f00f697286dd95c5aa654a9662dea
RECEIVED 7a3f00f697286dd95c5aa654a9662dea
modcall[authenticate]: module "digest" returns ok for request 100
modcall: leaving group authenticate (returns ok) for request 100
radius_xlat: 'Authenticated'
Sending Access-Accept of id 196 to 127.0.0.1 port 32900
Reply-Message = "Authenticated"
SIP-AVP += "rpid:101"
SIP-AVP += "#2:192.168.10.17"
Finished request 100
---------------------------------------------
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32901, id=197, length=64
User-Name = "101(a)mydomain.com"
Sip-Group = "suspended"
Service-Type = Group-Check
NAS-Port = 0
NAS-IP-Address = 127.0.0.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 101
modcall[authorize]: module "preprocess" returns ok for request 101
modcall[authorize]: module "chap" returns noop for request 101
modcall[authorize]: module "mschap" returns noop for request 101
modcall[authorize]: module "digest" returns noop for request 101
rlm_realm: Looking up realm "mydomain.com" for User-Name =
"101(a)mydomain.com"
rlm_realm: No such realm "mydomain.com"
modcall[authorize]: module "suffix" returns noop for request 101
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 101
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 252
modcall[authorize]: module "files" returns ok for request 101
modcall: leaving group authorize (returns ok) for request 101
rad_check_password: Found Auth-Type Reject
rad_check_password: Auth-Type = Reject, rejecting user
auth: Failed to validate the user.
Delaying request 101 for 1 seconds
Finished request 101
_____
From: Edson [mailto:4lists@gmail.com]
Sent: Thursday, June 15, 2006 4:19 PM
To: 'Hamid Ali Asgari'; users(a)openser.org
Subject: RE: [Users] SIP Clients Can't REGISTER
Take a look on the user credentials on Radius DB. Radius is rejecting the
authentication, so there should be some mismatch between Your login
credentials and what Radius has in its DB.
Try to run this command and see what's the result (linux version):
radiusclient -f <conf-dir-of-radiusclient-ng>/radiusclient.conf -p 123
'User-Name=some(a)valid.user' 'Password=Guess';echo $?
It should return:
Reply-Message = 'Authenticated'
Edson.
18 Jun
18 Jun
12:23 p.m.
Hi,
I get the following:
[root@localhost radiusclient-ng]# radiusclient -f
/usr/local/etc/radiusclient-ng/radiusclient.conf
'User-Name=101(a)mydomain.com' 'Password=101';echo $?
Reply-Message = 'Authenticated'
1
I guess the radiusclient is working fine since I am receiving the RADIUS
packets on the freeradius debugs.
I suspect the following entries in the debug:
rad_recv: Access-Request packet from host 127.0.0.1:32901, id=197, length=64
User-Name = "101@mydomain"
Sip-Group = "suspended"
Service-Type = Group-Check
NAS-Port = 0
NAS-IP-Address = 127.0.0.1
Why is openser setting the group to SUSPENDED???? Since there is no group
named suspended on the radius that may be the reason the radius is
rejecting:
RADIUS Users file:
### --- avps ---
101(a)mydomain.com Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
Sip-Avp += "#3#1",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Fri"
102(a)mydomain.com Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
Sip-Avp += "#3#1",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Free"
DEFAULT Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
### --- group checking ---
### --- user 101 ---
101(a)mydomain.com Auth-Type := Accept, Sip-Group == "voip", Service-Type ==
"Group-Check"
Reply-Message = "Authorized"
101(a)mydomain.com Auth-Type := Accept, Sip-Group == "suspended", Service-Type
== "Group-Check"
Reply-Message = "Authorized"
101(a)mydomain.com Auth-Type := Accept, Sip-Group == "pstn", Service-Type ==
"Group-Check"
Reply-Message = "Authorized"
### --- user 102 ---
102(a)mydomain.com Auth-Type := Accept, Sip-Group == "voip", Service-Type ==
"Group-Check"
Reply-Message = "Authorized"
DEFAULT Auth-Type := Reject, Service-Type == "Group-Check"
### --- user authentication ---
101(a)mydomain.com Auth-Type := Digest, User-Password == "101"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:101",
Sip-Avp += "#2:192.168.10.17",
# Sip-Avp += "#2:192.168.2.11"
102(a)mydomain.com Auth-Type := Digest, User-Password == "102"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:102",
# Sip-Avp += "#2:192.168.2.12"
_____
From: Edson [mailto:4lists@gmail.com]
Sent: Thursday, June 15, 2006 4:19 PM
To: 'Hamid Ali Asgari'; users(a)openser.org
Subject: RE: [Users] SIP Clients Can't REGISTER
Take a look on the user credentials on Radius DB. Radius is rejecting the
authentication, so there should be some mismatch between Your login
credentials and what Radius has in its DB.
Try to run this command and see what's the result (linux version):
radiusclient -f <conf-dir-of-radiusclient-ng>/radiusclient.conf -p 123
'User-Name=some(a)valid.user' 'Password=Guess';echo $?
It should return:
Reply-Message = 'Authenticated'
Edson.
19 Jun
19 Jun
12:23 p.m.
If look carefully in the configuration file of the tutorial, it checks
for users belonging to "suspended" group. As you have in 'users' file:
101(a)mydomain.com Auth-Type := Accept, Sip-Group == "suspended",
Service-Type == "Group-Check"
Reply-Message = "Authorized"
means that user 101 is in suspended group and it is not allowed to
register or initiate calls. So remove this line for your 'users' file.
Also, when you test, just watch the network traffic on you sip server,
it will reveal the reply code so you can spot easily which statement was
hit in the config file: ngrep -d any port 5060
Cheers,
Daniel
On 06/18/06 12:23, Hamid Ali Asgari wrote:
Hi,
I get the following:
[root@localhost radiusclient-ng]# radiusclient -f
/usr/local/etc/radiusclient-ng/radiusclient.conf
'User-Name=101(a)mydomain.com' 'Password=101';echo $?
Reply-Message = 'Authenticated'
1
I guess the radiusclient is working fine since I am receiving the
RADIUS packets on the freeradius debugs.
I suspect the following entries in the debug:
rad_recv: Access-Request packet from host 127.0.0.1:32901, id=197,
length=64
User-Name = "101@mydomain"
Sip-Group = "*suspended*"
Service-Type = Group-Check
NAS-Port = 0
NAS-IP-Address = 127.0.0.1
Why is openser setting the group to SUSPENDED???? Since there is no
group named _suspended_ on the radius that may be the reason the
radius is rejecting:
RADIUS Users file:
### --- avps ---
101(a)mydomain.com Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
Sip-Avp += "#3#1",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Fri"
102(a)mydomain.com Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
Sip-Avp += "#3#1",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Free"
DEFAULT Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
### --- group checking ---
### --- user 101 ---
101(a)mydomain.com Auth-Type := Accept, Sip-Group == "voip",
Service-Type == "Group-Check"
Reply-Message = "Authorized"
101(a)mydomain.com Auth-Type := Accept, Sip-Group == "suspended",
Service-Type == "Group-Check"
Reply-Message = "Authorized"
101(a)mydomain.com Auth-Type := Accept, Sip-Group == "pstn",
Service-Type == "Group-Check"
Reply-Message = "Authorized"
### --- user 102 ---
102(a)mydomain.com Auth-Type := Accept, Sip-Group == "voip",
Service-Type == "Group-Check"
Reply-Message = "Authorized"
DEFAULT Auth-Type := Reject, Service-Type == "Group-Check"
### --- user authentication ---
101(a)mydomain.com Auth-Type := Digest, User-Password == "101"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:101",
Sip-Avp += "#2:192.168.10.17",
# Sip-Avp += "#2:192.168.2.11"
102(a)mydomain.com Auth-Type := Digest, User-Password == "102"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:102",
# Sip-Avp += "#2:192.168.2.12"
------------------------------------------------------------------------
*From:* Edson [mailto:4lists@gmail.com]
*Sent:* Thursday, June 15, 2006 4:19 PM
*To:* 'Hamid Ali Asgari'; users(a)openser.org
*Subject:* RE: [Users] SIP Clients Can't REGISTER
Take a look on the user credentials on Radius DB… Radius is rejecting
the authentication, so there should be some mismatch between Your
login credentials and what Radius has in its DB.
Try to run this command and see what’s the result (linux version):
radiusclient -f <conf-dir-of-radiusclient-ng>/radiusclient.conf -p 123
'User-Name=some(a)valid.user' 'Password=Guess';echo $?
It should return:
Reply-Message = 'Authenticated'
Edson.
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
6734
days inactive
6739
days old
5 comments
3 participants
participants (3)
-
Daniel-Constantin Mierla -
Edson -
Hamid Ali Asgari