[OpenSIPS-Users] Registration via RADIUS

Hanie Maghsoudy h.maghsoudy at gmail.com
Mon Oct 1 13:39:35 CEST 2012


Dear all,

I want to register some users in OpenSIPs. When I use db mode it's totally
OK. Users register and could make calls. But when I set radius
configuration (using this
<http://www.opensips.org/Resources/DocsTutRadius>document), the user
doesn't register and FreeRadius keeps printing these
messages:


Info: [digest] Checking for correctly formatted Digest-Attributes
Info: [digest] Digest-Attributes look OK.  Converting them to something
more usful.
        Digest-User-Name = "101"
        Digest-Realm = "192.168.X.X"
        Digest-Nonce = "5069765300000000af31f979191ab899f5f9fc41ed941449"
        Digest-URI = "sip:192.168.X.X"
        Digest-Method = "REGISTER"
        Digest-QOP = "auth"
        Digest-Nonce-Count = "00000001"
        Digest-CNonce = "8277adcf0b"
Info: [digest] Adding Auth-Type = DIGEST
Info: ++[digest] returns ok
Info: [suffix] Looking up realm "192.168.X.X" for User-Name =
"101 at 192.168.X.X"
Info: [suffix] Found realm "192.168.X.X"
Info: [suffix] Adding Realm = "192.168.X.X"
Info: [suffix] Authentication realm is LOCAL.
Info: ++[suffix] returns ok
Info: [eap] No EAP-Message, not doing EAP
Info: ++[eap] returns noop
Info: [files] users: Matched entry 101 at 192.168.X.X at line 22
Info: ++[files] returns ok
Info: ++[expiration] returns noop
Info: ++[logintime] returns noop
Info: [pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
Info: ++[pap] returns noop
Info: Found Auth-Type = DIGEST
Info: # Executing group from file /etc/freeradius/sites-enabled/default
Info: +- entering group DIGEST {...}
*Auth: [digest] Cleartext-Password or Digest-HA1 is required for
authentication.*
Info: ++[digest] returns invalid
Info: Failed to authenticate the user.
Auth: Login incorrect: [101 at 192.168.X.X/<via Auth-Type = Digest>] (from
client OpenSIPS port 0)
Info: Using Post-Auth-Type Reject
Info: # Executing group from file /etc/freeradius/sites-enabled/default
Info: +- entering group REJECT {...}
Info: [attr_filter.access_reject]    expand: %{User-Name} -> 101 at 192.168.X.X


And here is my opensips.cfg:

.....
loadmodule "acc.so"
modparam("acc", "early_media", 0)
modparam("acc", "report_cancels", 0)
modparam("acc", "detect_direction", 0)
modparam("acc", "failed_transaction_flag", 3)
modparam("acc", "log_flag", 1)
modparam("acc", "log_missed_flag", 2)
loadmodule "auth.so"
loadmodule "aaa_radius.so"
loadmodule "auth_aaa.so"
modparam("auth", "calculate_ha1", 1)
modparam("auth_aaa", "aaa_url",
"radius:/etc/radiusclient-ng/radiusclient.conf")
route{
        if ( !(is_method("REGISTER")  ) ) {
                if (from_uri==myself)
                {
                        if (!aaa_proxy_authorize("")) {
                                proxy_challenge("", "1");
                                exit;
                        }
                        consume_credentials();
                } else {
                        if (!uri==myself) {
                                send_reply("403","Rely forbidden");
                                exit;
                        }
               }
        }
....
        if (is_method("REGISTER"))
        {
                if (!aaa_www_authorize(""))
                {
                        www_challenge("", "1");
                        exit;
                }
                if (   0 ) setflag(7);
                if (!save("location"))
                        sl_reply_error();
                exit;
        }
....


And in freeradius/users I have:

.....

101 at 192.168.X.X Auth-Type := Digest, Cleartext-Password == "101"
        Reply-Message = "Authenticated"

Would you please help me to solve the problem?

Thanks,
Hanie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20121001/aab16642/attachment.htm>


More information about the Users mailing list