[OpenSIPS-Users] Problem using radius_send_auth

John Quick john.quick at smartvox.co.uk
Mon Mar 24 18:23:17 CET 2014


Hi Quasim,

I appreciate your help. However, I am not using FreeRadius as the Radius
server and have already got all the basic dictionaries loaded (like
dictionary.opensips, dictionary.sip)
aaa_www_authorize and writing of Radius CDR's is working ok. That is not the
problem.

It is only when I try to use the radius_send_auth(set1, set2) function that
I had problems.
Please can you confirm if you have used this function?

I just tried a change to the dictionaries I use. No longer using
dictionary.rfc2869. Instead using dictionary.rfc2865.
In set1, the attribs that are sent to the server, I now specify 'User-Name'
and 'User-Password'. This seems to have fixed the problem whereby OpenSIPS
required the Message-Authenticator attribute. However, to get
dictionary.rfc2865 to work, I had to comment out all the attributes of type
"octets".

I still have the second problem: OpenSIPS and radiusclient-ng does not
recognise the attribute type "octets".

John Quick
Smartvox Limited


From: qasimakhan at gmail.com [mailto:qasimakhan at gmail.com] 
Sent: 24 March 2014 16:27
To: john.quick at smartvox.co.uk
Cc: OpenSIPS users mailling list
Subject: Re: [OpenSIPS-Users] Problem using radius_send_auth

hmm... here are the settings that i am using that works perfectly for me:
These files are required on opensips radiusclient-ng side:
/etc/radiusclient-ng/dictionary
...
$INCLUDE        /etc/radiusclient-ng/dictionary.sip
...
ATTRIBUTE       User-Name               1       string
ATTRIBUTE       Password                2       string
ATTRIBUTE       CHAP-Password           3       string
...
/etc/radiusclient-ng/dictionary.sip (This is the opensips dictionary)
## $Id: dictionary.opensips 7139 2010-08-17 14:06:00Z razvancrainea $
...
ATTRIBUTE Sip-Uri-User         208  string     # Proprietary, auth_radius
ATTRIBUTE Sip-Group            211  string     # Proprietary, group_radius
ATTRIBUTE Sip-Rpid             213  string     # Proprietary, auth_radius
ATTRIBUTE SIP-AVP              225  string     # Proprietary, avp_radius
ATTRIBUTE Sip-Call-Duration    227  integer
ATTRIBUTE Sip-Call-Setuptime   228  integer
...

On freeradius end:
/usr/local/etc/raddb

$INCLUDE        /usr/local/share/freeradius/dictionary


/usr/local/share/freeradius/dictionary
...
$INCLUDE dictionary.sip
...

/usr/local/share/freeradius/dictionary.sip (This is the opensips dictionary)

## $Id: dictionary.opensips 7139 2010-08-17 14:06:00Z razvancrainea $
...
P.S. If you need these dictionary files just PM me and i will send them to
you i think these are not required on the forum it will just clutter things
if anything.

Regards,
Qasim

On Mon, Mar 24, 2014 at 6:05 PM, John Quick <john.quick at smartvox.co.uk>
wrote:
I am already using the opensips dictionary.
It does not contain the Message-Authenticator attribute.

When I do not use dictionary.rfc2869, I get this error every time the
radius_send_auth function is called:
rc_avpair_gen: received unknown attribute 80 of length 18: 0x..

When I include dictionary.rfc2869, I get this error on startup:
rc_read_dictionary: invalid type on line 13 of dictionary
/usr/local/etc/radiusclient-ng/dictionary.rfc2869

John


From: qasimakhan at gmail.com [mailto:qasimakhan at gmail.com]
Sent: 24 March 2014 11:57
To: john.quick at smartvox.co.uk; OpenSIPS users mailling list
Subject: Re: [OpenSIPS-Users] Problem using radius_send_auth

Try using opensips dictionary.
Regards,
Qasim


On Mon, Mar 24, 2014 at 4:37 PM, John Quick <john.quick at smartvox.co.uk>
wrote:
I'm using OpenSIPS version 1.8.2 with radiusclient-ng.
I need to be able to make custom radius authentication requests using
radius_send_auth (a function in the aaa_radius module).

The first time I tried, it failed and reported an error that
Message-Authenticator was an unknown attribute.
I found the missing attribute in dictionary.rfc2869, but when I include this
dictionary, OpenSIPS fails to start and reports an error that seems to point
to the "octets" attribute type being unrecognised.

Any help with this would be greatly appreciated.

John Quick
Smartvox Limited
Web: www.smartvox.co.uk




_______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users








More information about the Users mailing list