[OpenSIPS-Users] No RADIUS traffic

Uwe Kastens kiste at kiste.org
Fri Jun 5 11:28:17 CEST 2009 

Hi,

I do not have that login.radius on my system - I think its not used with
opensips. I would say there might be an permissions issue. I can
remember I had lots of trouble, cause I don't wanted to run everything
as root:root.


My setup looks like that

seqfile         /var/run/opensips/radius.seq with
-rw-r--r-- 1 opensips opensips

and

drwxr-xr-x  opensips opensips  /etc/radiusclient-ng

BR

Uwe



Leon Li schrieb:
> There is no such a file in the directory. Will it be generated by
> radiusclient-ng?
> 
> Also, the radiusclient.conf shows:
>> # program to call for a RADIUS authenticated login
>>
>> login_radius    /usr/local/sbin/login.radius
> 
> I checked /usr/local/sbin/login.radius, but it is only a dummy script.
> How it can be changed?
> 
> Thanks,
> Leon 
> 
> -----Original Message-----
> From: Uwe Kastens [mailto:kiste at kiste.org] 
> Sent: Thursday, 4 June 2009 5:12 PM
> To: Leon Li
> Cc: users at lists.opensips.org
> Subject: Re: [OpenSIPS-Users] No RADIUS traffic
> 
> Hi,
> 
> If I remember it correctly I had the same problem some day and it was
> caused by wrong permissions on /var/run/radius.seq.
> 
> Just a guess
> 
> BR
> 
> Uwe
> 
> 
> Leon Li schrieb:
>> Hi,
>>
>>  
>>
>> I am try to use RADIUS server. However, after configuration, I found
>> there is no RADIUS traffic at all.
>>
>>  
>>
>> Log shows:
>>
>> Jun  4 06:45:59  /usr/local/sbin/openser[396]: rc_avpair_new: unknown
>> attribute 5
>>
>> Jun  4 06:45:59  /usr/local/sbin/openser[396]:
>> ERROR:auth_radius:radius_authorize_sterman: rc_auth failed
>>
>>  
>>
>> But nothing on RADIUS server end.
>>
>>  
>>
>> OpenSIPs + radiusclient-ng on one box and RADIUS is on another.
>>
>>  
>>
>> My radiusclient.conf is like:
>>
>>  
>>
>> # General settings
>>
>>  
>>
>> # specify which authentication comes first respectively which
>>
>> # authentication is used. possible values are: "radius" and "local".
>>
>> # if you specify "radius,local" then the RADIUS server is asked
>>
>> # first then the local one. if only one keyword is specified only
>>
>> # this server is asked.
>>
>> auth_order      radius,local
>>
>>  
>>
>> # maximum login tries a user has
>>
>> login_tries     4
>>
>>  
>>
>> # timeout for all login tries
>>
>> # if this time is exceeded the user is kicked out
>>
>> login_timeout   60
>>
>>  
>>
>> # name of the nologin file which when it exists disables logins.
>>
>> # it may be extended by the ttyname which will result in
>>
>> # a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable
>>
>> # logins on /dev/ttyS2)
>>
>> nologin /etc/nologin
>>
>>  
>>
>> # name of the issue file. it's only display when no username is passed
>>
>> # on the radlogin command line
>>
>> issue   /usr/local/etc/radiusclient-ng/issue
>>
>>  
>>
>> # RADIUS settings
>>
>>  
>>
>> # RADIUS server to use for authentication requests. this config
>>
>> # item can appear more then one time. if multiple servers are
>>
>> # defined they are tried in a round robin fashion if one
>>
>> # server is not answering.
>>
>> # optionally you can specify a the port number on which is remote
>>
>> # RADIUS listens separated by a colon from the hostname. if
>>
>> # no port is specified /etc/services is consulted of the radius
>>
>> # service. if this fails also a compiled in default is used.
>>
>> authserver      202.158.212.103:1812
>>
>>  
>>
>> # RADIUS server to use for accouting requests. All that I
>>
>> # said for authserver applies, too.
>>
>> #
>>
>> acctserver      202.158.212.103:1813
>>
>>  
>>
>> # file holding shared secrets used for the communication
>>
>> # between the RADIUS client and server
>>
>> servers         /usr/local/etc/radiusclient-ng/servers
>>
>>  
>>
>> # dictionary of allowed attributes and values
>>
>> # just like in the normal RADIUS distributions
>>
>> dictionary      /usr/local/etc/radiusclient-ng/dictionary
>>
>>  
>>
>> # program to call for a RADIUS authenticated login
>>
>> login_radius    /usr/local/sbin/login.radius
>>
>>  
>>
>> # file which holds sequence number for communication with the
>>
>> # RADIUS server
>>
>> seqfile         /var/run/radius.seq
>>
>>  
>>
>> # file which specifies mapping between ttyname and NAS-Port attribute
>>
>> mapfile         /usr/local/etc/radiusclient-ng/port-id-map
>>
>>  
>>
>> # default authentication realm to append to all usernames if no
>>
>> # realm was explicitly specified by the user
>>
>> # the radiusd directly form Livingston doesnt use any realms, so leave
>>
>> # it blank then
>>
>> default_realm
>>
>> #aarnet.edu.au
>>
>>  
>>
>> # time to wait for a reply from the RADIUS server
>>
>> radius_timeout  10
>>
>>  
>>
>> # resend request this many times before trying the next server
>>
>> radius_retries  3
>>
>>  
>>
>> # local address from which radius packets have to be sent
>>
>> bindaddr *
>>
>>  
>>
>> # LOCAL settings
>>
>>  
>>
>> # program to execute for local login
>>
>> # it must support the -f flag for preauthenticated login
>>
>> login_local     /bin/login
>>
>>  
>>
>> Any suggestion will be appreciated.
>>
>>  
>>
>> Thanks
>>
>> Leon
>>
>>  
>>
>>  
>>
>>
>>
> ------------------------------------------------------------------------
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> 
> 


-- 

kiste lat: 54.322684, lon: 10.13586

More information about the Users mailing list