[OpenSIPS-Users] No RADIUS traffic

Leon Li Leon.Li at aarnet.edu.au
Wed Jun 17 02:40:56 CEST 2009


Hi Ashwini,

 

I have added param for aut_radius, but no luck. L

 

Why do I need mysql.so if the radius server will host all users
credential?

 

Regards,

Leon 

 

From: ASHWINI NAIDU [mailto:ashwini.naidu at gmail.com] 
Sent: Monday, 15 June 2009 2:52 PM
To: Leon Li
Cc: Uwe Kastens; users at lists.opensips.org
Subject: Re: [OpenSIPS-Users] No RADIUS traffic

 

 

On Mon, Jun 15, 2009 at 10:19 AM, ASHWINI NAIDU
<ashwini.naidu at gmail.com> wrote:

hi leon,

But i do not see your openser communicating with radiusclient.

modparam("auth_radius", "radius_config",
"/etc/radiusclient-ng/radiusclient.conf")

mention the path of radiusclient.conf properly. 



Your mysql support is also commented. 

loadmodule "mysql.so" 




	 

	
	
	
	
	
	  

	On Mon, Jun 15, 2009 at 5:13 AM, Leon Li <Leon.Li at aarnet.edu.au>
wrote:

	Here it is.
	
	####### Global Parameters #########
	
	debug=3
	log_stderror=no
	log_facility=LOG_LOCAL0
	
	fork=yes
	children=4
	
	/* uncomment the following lines to enable debugging */
	debug=6
	fork=no
	log_stderror=yes
	
	/* uncomment the next line to disable TCP (default on) */
	#disable_tcp=yes
	
	/* uncomment the next line to enable the auto temporary
blacklisting of
	  not available destinations (default disabled) */
	#disable_dns_blacklist=no
	
	/* uncomment the next line to enable IPv6 lookup after IPv4 dns
	  lookup failures (default disabled) */ #dns_try_ipv6=yes
	
	/* uncomment the next line to disable the auto discovery of
local
	aliases
	  based on revers DNS on IPs (default on) */ #auto_aliases=no
	
	/* uncomment the following lines to enable TLS support  (default
off) */
	#disable_tls = no #listen = tls:your_IP:5061 #tls_verify_server
= 1
	#tls_verify_client = 1 #tls_require_client_certificate = 0
#tls_method =
	TLSv1 #tls_certificate =
"/usr/local/etc/openser/tls/user/user-cert.pem"
	#tls_private_key =
"/usr/local/etc/openser/tls/user/user-privkey.pem"
	#tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
	
	listen=202.158.197.134
	port=5060
	
	/* uncomment and configure the following line if you want
openser to
	  bind on a specific interface/port/proto (default bind on all
	available) */ #listen=udp:192.168.1.2:5060
	
	
	####### Modules Section ########
	
	#set module path
	mpath="/usr/local/lib/openser/modules/"
	
	/* uncomment next line for MySQL DB support */ #loadmodule
"mysql.so"
	loadmodule "sl.so"
	loadmodule "tm.so"
	loadmodule "rr.so"
	loadmodule "maxfwd.so"
	loadmodule "usrloc.so"
	loadmodule "registrar.so"
	loadmodule "textops.so"
	loadmodule "mi_fifo.so"
	loadmodule "uri_db.so"
	loadmodule "uri.so"
	loadmodule "xlog.so"
	loadmodule "acc.so"
	/* uncomment next lines for MySQL based authentication support
	  NOTE: a DB (like mysql) module must be also loaded */
loadmodule
	"auth.so"
	loadmodule "auth_radius.so"
	#loadmodule "auth_db.so"
	/* uncomment next line for aliases support
	  NOTE: a DB (like mysql) module must be also loaded */
#loadmodule
	"alias_db.so"
	/* uncomment next line for multi-domain support
	  NOTE: a DB (like mysql) module must be also loaded
	  NOTE: be sure and enable multi-domain support in all used
modules
	        (see "multi-module params" section ) */ #loadmodule
"domain.so"
	/* uncomment the next two lines for presence server support
	  NOTE: a DB (like mysql) module must be also loaded */
#loadmodule
	"presence.so"
	#loadmodule "presence_xml.so"
	
	
	# ----------------- setting module-specific parameters
---------------
	
	
	# ----- mi_fifo params -----
	modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
	
	
	# ----- rr params -----
	# add value to ;lr param to cope with most of the UAs
modparam("rr",
	"enable_full_lr", 1) # do not append from tag to the RR (no need
for
	this script) modparam("rr", "append_fromtag", 0)
	
	
	# ----- rr params -----
	modparam("registrar", "method_filtering", 1)
	/* uncomment the next line to disable parallel forking via
location */ #
	modparam("registrar", "append_branches", 0)
	/* uncomment the next line not to allow more than 10 contacts
per AOR */
	#modparam("registrar", "max_contacts", 10)
	
	
	# ----- uri_db params -----
	/* by default we disable the DB support in the module as we do
not need
	it
	  in this configuration */
	modparam("uri_db", "use_uri_table", 0)
	modparam("uri_db", "db_url", "")
	
	
	# ----- acc params -----
	/* what sepcial events should be accounted ? */ modparam("acc",
	"early_media", 1) modparam("acc", "report_ack", 1)
modparam("acc",
	"report_cancels", 1)
	/* by default ww do not adjust the direct of the sequential
requests.
	  if you enable this parameter, be sure the enable
"append_fromtag"
	  in "rr" module */
	modparam("acc", "detect_direction", 0)
	/* account triggers (flags) */
	modparam("acc", "failed_transaction_flag", 3) modparam("acc",
	"log_flag", 1) modparam("acc", "log_missed_flag", 2)
	/* uncomment the following lines to enable DB accounting also */
	modparam("acc", "db_flag", 1) modparam("acc", "db_missed_flag",
2)
	
	# ----- multi-module params -----
	/* uncomment the following line if you want to enable
multi-domain
	support
	  in the modules (dafault off) */
	#modparam("alias_db|auth_db|usrloc|uri_db", "use_domain", 1)
	
	####### Routing Logic ########
	
	
	# main request routing logic
	
	route{
	
	       if (!mf_process_maxfwd_header("10")) {
	               sl_send_reply("483","Too Many Hops");
	               exit;
	       }
	
	       if (has_totag()) {
	               # sequential request withing a dialog should
	               # take the path determined by record-routing
	               if (loose_route()) {
	                       if (is_method("BYE")) {
	                               setflag(1); # do accouting ...
	                               setflag(3); # ... even if the
	transaction fails
	                       }
	                       route(1);
	               } else {
	                       /* uncomment the following lines if you
want to
	enable presence */
	                       ##if (is_method("SUBSCRIBE") && $rd ==
	"your.server.ip.address") {
	                       ##      # in-dialog subscribe requests
	                       ##      route(2);
	                       ##      exit;
	                       ##}
	                       if ( is_method("ACK") ) {
	                               if ( t_check_trans() ) {
	                                       # non loose-route, but
stateful
	ACK; must be an ACK after a 487 or e.g. 404 from upstream server
	                                       t_relay();
	                                       exit;
	                               } else {
	                                       # ACK without matching
	transaction ... ignore and discard.\n");
	                                       exit;
	                               }
	                       }
	                       sl_send_reply("404","Not here");
	               }
	               exit;
	       }
	
	       #initial requests
	
	       # CANCEL processing
	       if (is_method("CANCEL"))
	       {
	               if (t_check_trans())
	                       t_relay();
	               exit;
	       }
	
	       t_check_trans();
	
	       # authenticate if from local subscriber (uncomment to
enable
	auth)
	       ##if (!(method=="REGISTER") && from_uri==myself)
	       ##{
	       ##      if (!proxy_authorize("", "subscriber")) {
	       ##              proxy_challenge("", "0");
	       ##              exit;
	       ##      }
	       ##      if (!check_from()) {
	       ##              sl_send_reply("403","Forbidden auth ID");
	       ##              exit;
	       ##      }
	       ##
	       ##      consume_credentials();
	       ##      # caller authenticated
	       ##}
	
	       # record routing
	       if (!is_method("REGISTER|MESSAGE"))
	               record_route();
	
	       # account only INVITEs
	       if (is_method("INVITE")) {
	               setflag(1); # do accouting
	       }
	       if (!uri==myself)
	       /* replace with following line if multi-domain support is
used
	*/
	       ##if (!is_uri_host_local())
	       {
	               append_hf("P-hint: outbound\r\n");
	               # if you have some interdomain connections via
TLS
	               ##if($rd=="tls_domain1.net") {
	               ##      t_relay("tls:domain1.net");
	               ##      exit;
	               ##} else if($rd=="tls_domain2.net") {
	               ##      t_relay("tls:domain2.net");
	               ##      exit;
	               ##}
	               route(1);
	       }
	
	       # requests for my domain
	
	       /* uncomment this if you want to enable presence server
	          and comment the next 'if' block
	          NOTE: uncomment also the definition of route[2] from
below
	*/
	       ##if( is_method("PUBLISH|SUBSCRIBE"))
	       ##              route(2);
	
	       if (is_method("PUBLISH"))
	       {
	               sl_send_reply("503", "Service Unavailable");
	               exit;
	       }
	
	
	       if (is_method("REGISTER"))
	       {
	               # authenticate the REGISTER requests (uncomment
to
	enable auth)
	               ##if (!www_authorize("", "subscriber"))
	               ##{
	               ##      www_challenge("", "0");
	               ##      exit;
	               ##}
	               ##
	               ##if (!check_to())
	               ##{
	               ##      sl_send_reply("403","Forbidden auth ID");
	               ##      exit;
	               ##}
	
	               xlog("L_INFO", "REGISTER for ($fU) $ru\n");
	               if (!radius_www_authorize(""))
	               {
	                       log(1, "Proxy Authentication Required
	(Digest)\n");
	                       www_challenge("", "0");
	                       exit;
	               };
	
	               if (!save("location"))
	                       sl_reply_error();
	
	               exit;
	       }
	
	       if ($rU==NULL) {
	               # request with no Username in RURI
	               sl_send_reply("484","Address Incomplete");
	               exit;
	       }
	
	       # apply DB based aliases (uncomment to enable)
	       ##alias_db_lookup("dbaliases");
	
	       if (!lookup("location")) {
	               switch ($retcode) {
	                       case -1:
	                       case -3:
	                               t_newtran();
	                               t_reply("404", "Not Found");
	                               exit;
	                       case -2:
	                               sl_send_reply("405", "Method Not
	Allowed");
	                               exit;
	               }
	       }
	
	       # when routing via usrloc, log the missed calls also
	       setflag(2);
	
	       route(1);
	}
	
	
	route[1] {
	       # for INVITEs enable some additional helper routes
	       if (is_method("INVITE")) {
	               t_on_branch("2");
	               t_on_reply("2");
	               t_on_failure("1");
	       }
	
	       if (!t_relay()) {
	               sl_reply_error();
	       };
	       exit;
	}
	
	branch_route[2] {
	       xlog("new branch at $ru\n");
	}
	
	
	onreply_route[2] {
	       xlog("incoming reply\n");
	}
	
	
	failure_route[1] {
	       if (t_was_cancelled()) {
	               exit;
	       }
	
	       # uncomment the following lines if you want to block
client
	       # redirect based on 3xx replies.
	       ##if (t_check_status("3[0-9][0-9]")) {
	       ##t_reply("404","Not found");
	       ##      exit;
	       ##}
	
	       # uncomment the following lines if you want to redirect
the
	failed
	       # calls to a different new destination
	       ##if (t_check_status("486|408")) {
	       ##      sethostport("192.168.2.100:5060");
	       ##      append_branch();
	       ##      # do not set the missed call flag again
	       ##      t_relay();
	       ##}

	}
	
	Regards,
	Leon
	
	-----Original Message-----
	From: Uwe Kastens [mailto:kiste at kiste.org]

	Sent: Friday, 12 June 2009 4:51 PM
	To: Leon Li
	Cc: users at lists.opensips.org
	Subject: Re: [OpenSIPS-Users] No RADIUS traffic
	
	Hi,

	This is strange. Could you post your opensips.cfg or send it to
me
	directly?
	
	BR
	
	Uwe
	
	
	

	_______________________________________________
	Users mailing list
	Users at lists.opensips.org
	http://lists.opensips.org/cgi-bin/mailman/listinfo/users

	
	
	

	-- 
	Thanking You,
	Ashwini BR Naidu




-- 
Thanking You,
Ashwini BR Naidu

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20090617/58a5f3b1/attachment-0001.htm 


More information about the Users mailing list