[OpenSIPS-Users] Registration via RADIUS

Hanie Maghsoudy h.maghsoudy at gmail.com
Wed Oct 3 12:59:22 CEST 2012


Hi all,

Does anyone have a clue on this?
I'm pretty sure I'm doing something wrong, but I can not find it. I believe
that either OpenSIPs configuration or radiusclient-ng's could be incorrect.

Thanks

On Mon, Oct 1, 2012 at 3:09 PM, Hanie Maghsoudy <h.maghsoudy at gmail.com>wrote:

> Dear all,
>
> I want to register some users in OpenSIPs. When I use db mode it's totally
> OK. Users register and could make calls. But when I set radius
> configuration (using this<http://www.opensips.org/Resources/DocsTutRadius>document), the user doesn't register and FreeRadius keeps printing these
> messages:
>
>
> Info: [digest] Checking for correctly formatted Digest-Attributes
> Info: [digest] Digest-Attributes look OK.  Converting them to something
> more usful.
>         Digest-User-Name = "101"
>         Digest-Realm = "192.168.X.X"
>         Digest-Nonce = "5069765300000000af31f979191ab899f5f9fc41ed941449"
>         Digest-URI = "sip:192.168.X.X"
>         Digest-Method = "REGISTER"
>         Digest-QOP = "auth"
>         Digest-Nonce-Count = "00000001"
>         Digest-CNonce = "8277adcf0b"
> Info: [digest] Adding Auth-Type = DIGEST
> Info: ++[digest] returns ok
> Info: [suffix] Looking up realm "192.168.X.X" for User-Name =
> "101 at 192.168.X.X"
> Info: [suffix] Found realm "192.168.X.X"
> Info: [suffix] Adding Realm = "192.168.X.X"
> Info: [suffix] Authentication realm is LOCAL.
> Info: ++[suffix] returns ok
> Info: [eap] No EAP-Message, not doing EAP
> Info: ++[eap] returns noop
> Info: [files] users: Matched entry 101 at 192.168.X.X at line 22
> Info: ++[files] returns ok
> Info: ++[expiration] returns noop
> Info: ++[logintime] returns noop
> Info: [pap] WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
> Info: ++[pap] returns noop
> Info: Found Auth-Type = DIGEST
> Info: # Executing group from file /etc/freeradius/sites-enabled/default
> Info: +- entering group DIGEST {...}
> *Auth: [digest] Cleartext-Password or Digest-HA1 is required for
> authentication.*
> Info: ++[digest] returns invalid
> Info: Failed to authenticate the user.
> Auth: Login incorrect: [101 at 192.168.X.X/<via Auth-Type = Digest>] (from
> client OpenSIPS port 0)
> Info: Using Post-Auth-Type Reject
> Info: # Executing group from file /etc/freeradius/sites-enabled/default
> Info: +- entering group REJECT {...}
> Info: [attr_filter.access_reject]    expand: %{User-Name} ->
> 101 at 192.168.X.X
>
>
> And here is my opensips.cfg:
>
> .....
> loadmodule "acc.so"
> modparam("acc", "early_media", 0)
> modparam("acc", "report_cancels", 0)
> modparam("acc", "detect_direction", 0)
> modparam("acc", "failed_transaction_flag", 3)
> modparam("acc", "log_flag", 1)
> modparam("acc", "log_missed_flag", 2)
> loadmodule "auth.so"
> loadmodule "aaa_radius.so"
> loadmodule "auth_aaa.so"
> modparam("auth", "calculate_ha1", 1)
> modparam("auth_aaa", "aaa_url",
> "radius:/etc/radiusclient-ng/radiusclient.conf")
> route{
>         if ( !(is_method("REGISTER")  ) ) {
>                 if (from_uri==myself)
>                 {
>                         if (!aaa_proxy_authorize("")) {
>                                 proxy_challenge("", "1");
>                                 exit;
>                         }
>                         consume_credentials();
>                 } else {
>                         if (!uri==myself) {
>                                 send_reply("403","Rely forbidden");
>                                 exit;
>                         }
>                }
>         }
> ....
>         if (is_method("REGISTER"))
>         {
>                 if (!aaa_www_authorize(""))
>                 {
>                         www_challenge("", "1");
>                         exit;
>                 }
>                 if (   0 ) setflag(7);
>                 if (!save("location"))
>                         sl_reply_error();
>                 exit;
>         }
> ....
>
>
> And in freeradius/users I have:
>
> .....
>
> 101 at 192.168.X.X Auth-Type := Digest, Cleartext-Password == "101"
>         Reply-Message = "Authenticated"
>
> Would you please help me to solve the problem?
>
> Thanks,
> Hanie
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20121003/dc5e2f86/attachment.htm>


More information about the Users mailing list