[OpenSIPS-Users] Registration via RADIUS

Binan AL Halabi binanalhalabi at yahoo.com
Wed Oct 3 13:18:25 CEST 2012 

look for the type of password you want to use whether plaintext or HA

modparam("auth", "calculate_ha1", 1) # plaintext password
modparam("auth", "calculate_ha1", 0) # pre-calculated HA1

//Binan




________________________________
 From: Hanie Maghsoudy <h.maghsoudy at gmail.com>
To: users at lists.opensips.org 
Sent: Wednesday, October 3, 2012 12:59 PM
Subject: Re: [OpenSIPS-Users] Registration via RADIUS
 

Hi all,

Does anyone have a clue on this?
I'm pretty sure I'm doing something wrong, but I can not find it. I believe that either OpenSIPs configuration or radiusclient-ng's could be incorrect.

Thanks


On Mon, Oct 1, 2012 at 3:09 PM, Hanie Maghsoudy <h.maghsoudy at gmail.com> wrote:

Dear all,
>
>I want to register some users in OpenSIPs. When I use db mode it's totally OK. Users register and could make calls. But when I set radius configuration (using this document), the user doesn't register and FreeRadius keeps printing these messages:
>
>
>Info: [digest] Checking for correctly formatted Digest-Attributes
>Info: [digest] Digest-Attributes look OK.  Converting them to something more usful.
>        Digest-User-Name = "101"
>        Digest-Realm = "192.168.X.X"
>        Digest-Nonce = "5069765300000000af31f979191ab899f5f9fc41ed941449"
>        Digest-URI = "sip:192.168.X.X"
>        Digest-Method = "REGISTER"
>        Digest-QOP = "auth"
>        Digest-Nonce-Count = "00000001"
>        Digest-CNonce = "8277adcf0b"
>Info: [digest] Adding Auth-Type = DIGEST
>Info: ++[digest] returns ok
>Info: [suffix] Looking up realm "192.168.X.X" for User-Name = "101 at 192.168.X.X"
>Info: [suffix] Found realm "192.168.X.X"
>Info: [suffix] Adding Realm = "192.168.X.X"
>Info: [suffix] Authentication realm is LOCAL.
>Info: ++[suffix] returns ok
>Info: [eap] No EAP-Message, not doing EAP
>Info: ++[eap] returns noop
>Info: [files] users: Matched entry 101 at 192.168.X.X at line 22
>Info: ++[files] returns ok
>Info: ++[expiration] returns noop
>Info: ++[logintime] returns noop
>Info: [pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
>Info: ++[pap] returns noop
>Info: Found Auth-Type = DIGEST
>Info: # Executing group from file /etc/freeradius/sites-enabled/default
>Info: +- entering group DIGEST {...}
>Auth: [digest] Cleartext-Password or Digest-HA1 is required for authentication.
>Info: ++[digest] returns invalid
>Info: Failed to authenticate the user.
>Auth: Login incorrect: [101 at 192.168.X.X/<via Auth-Type = Digest>] (from client OpenSIPS port 0)
>Info: Using Post-Auth-Type Reject
>Info: # Executing group from file /etc/freeradius/sites-enabled/default
>Info: +- entering group REJECT {...}
>Info: [attr_filter.access_reject]    expand: %{User-Name} -> 101 at 192.168.X.X
>
>
>And here is my opensips.cfg:
>
>.....
>loadmodule "acc.so"
>modparam("acc", "early_media", 0)
>modparam("acc", "report_cancels", 0)
>modparam("acc", "detect_direction", 0)
>modparam("acc", "failed_transaction_flag", 3)
>modparam("acc", "log_flag", 1)
>modparam("acc", "log_missed_flag", 2)
>loadmodule "auth.so"
>loadmodule "aaa_radius.so"
>loadmodule "auth_aaa.so"
>modparam("auth", "calculate_ha1", 1)
>modparam("auth_aaa", "aaa_url", "radius:/etc/radiusclient-ng/radiusclient.conf")
>route{
>        if ( !(is_method("REGISTER")  ) ) {
>                if (from_uri==myself)
>                {
>                        if (!aaa_proxy_authorize("")) {
>                                proxy_challenge("", "1");
>                                exit;
>                        }
>                        consume_credentials();
>                } else {
>                        if (!uri==myself) {
>                                send_reply("403","Rely forbidden");
>                                exit;
>                        }
>               }
>        }
>....
>        if (is_method("REGISTER"))
>        {
>                if (!aaa_www_authorize(""))
>                {
>                        www_challenge("", "1");
>                        exit;
>                }
>                if (   0 ) setflag(7);
>                if (!save("location"))
>                        sl_reply_error();
>                exit;
>        }
>....
>
>
>And in freeradius/users I have:
>
>.....
>
>101 at 192.168.X.X Auth-Type := Digest, Cleartext-Password == "101"
>        Reply-Message = "Authenticated"
>
>Would you please help me to solve the problem?
>
>Thanks,
>Hanie
>
>
>

_______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20121003/d3dc43be/attachment-0001.htm>

More information about the Users mailing list