[Users] Radius Authentication

Edson 4lists at gmail.com
Tue Mar 7 03:16:09 CET 2006 

I run it, now with FreeRadius in debug mode (see results in attached file),
but nothing changed... I run with the two versions of radiusclient that I
have...

Any idea?

Edson.

PS: in attached file, You will find debug from OpenSER, FreeRadius and logs
from /var/log/message and
/var/log/radius/radacct/127.0.0.1/reply-detail-20060306.

> -----Original Message-----
> From: Daniel-Constantin Mierla [mailto:daniel at voice-system.ro]
> Sent: sábado, 4 de março de 2006 08:24
> To: Edson
> Cc: 'OpenSER (E-mail)'
> Subject: Re: [Users] Radius Authentication
> 
> Hello,
> 
> On 03/03/06 02:57, Edson wrote:
> > The working SER installation uses radiusclient-ng 0.5.0-1. It was
> compiled
> > after a CVS download maded on the beginning on jun/2005. Unfortunatly I
> miss
> > the source code and am using an i686-RPM derived from that code.
> >
> > I already try to use this RPM (version 0.5.0-1) on the Xeon machine. The
> > results are the same. Just same message on /var/log/messages:
> >
> > "Mar  2 21:45:54 sip openser: rc_check_reply: received invalid reply
> digest
> > from RADIUS server"
> >
> can you run the radius server in debug mode to see there what messages
> you get. Also, check the /var/log/syslog or /var/log/messages to see
> other error messages printed by radiusclient-ng library when you use
> debug mode with openser.
> 
> Cheers,
> Daniel
> 
> > When I start "openser -TDdd I see:
> > ...
> >  0(16385) get_hdr_field: cseq <CSeq>: <4> <REGISTER>
> >  0(16385) DEBUG:maxfwd:is_maxfwd_present: value = 70
> >  0(16385) parse_headers: flags=200
> >  0(16385) DEBUG: get_hdr_body : content_length=0
> >  0(16385) found end of header
> >  0(16385) find_first_route: No Route headers found
> >  0(16385) loose_route: There is no Route HF
> >  0(16385) grep_sock_info - checking if host==us: 13==13 &&
> [ZZZ.ZZ.ZZZ.39]
> > == [ZZZ.ZZ.ZZZ.39]
> >  0(16385) grep_sock_info - checking if port 5060 matches port 5060
> >  0(16385) parse_headers: flags=ffffffffffffffff
> >  0(16385) check_via_address(XXX.XX.XXX.120, 172.27.248.6, 0)
> >  0(16385) lookup(): '' Not found in usrloc
> >  0(16385) check_nonce(): comparing
> > [440792edd872b52b27f6dbee8ab2af7f61016704] and
> > [440792edd872b52b27f6dbee8ab2af7f61016704]
> >
> >  0(16385) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed
> >
> >  0(16385) build_auth_hf(): 'WWW-Authenticate: Digest
> realm="ZZZ.ZZ.ZZZ.39",
> > nonce="440792eeec1cb5b22b20c18355c2a9a71eeb1af7"'
> >  0(16385) parse_headers: flags=ffffffffffffffff
> >  0(16385) check_via_address(XXX.XX.XXX.120, 172.27.248.6, 0)
> >  0(16385) DEBUG:destroy_avp_list: destroying list (nil)
> >  0(16385) receive_msg: cleaning up
> > ...
> > I double checked all the "dictionary" definitions, triple checked my
> OpenSER
> > and Radiusclient-NG config and were not able to find the mistake.
> >
> > So I'm really out of ideas... Maybe is the return value
> ("Authenticated")
> > illegal?
> >
> > Edson.
> >
> >
> >> -----Original Message-----
> >> From: Daniel-Constantin Mierla [mailto:daniel at voice-system.ro]
> >> Sent: quinta-feira, 2 de março de 2006 09:29
> >> To: Edson
> >> Cc: 'OpenSER (E-mail)'
> >> Subject: Re: [Users] Radius Authentication
> >>
> >> Hello,
> >>
> >> the error:
> >>
> >> Mar  1 15:41:43 dell openser-TEST[20789]: rc_check_reply: received
> invalid
> >> reply digest from RADIUS server
> >>
> >> comes from the radiusclient-ng library, in file "lib/sendserver.c" at
> >> line 498. Did you use the same version of radiusclient-ng before?
> >>
> >> Cheers,
> >> Daniel
> >>
> >> On 03/01/06 22:23, Edson wrote:
> >>
> >>> Hi, Guys...
> >>>
> >>> As the MySQL problem is aparently solved I’m facing a Radius issue

> I'm
> >>>
> >> using FreeRadius 1.0.4, RadiusCliente-NG 0.5.2 and OpenSER 1.0.1.
> >>
> >>> If I duplicate the configs used with SER (and that it works fine) I’m
> >>>
> >> unable to authenticate my UA (the same that authenticate with SER). The
> >> message with “debug=4” is:
> >>
> >>> Mar  1 15:41:43 dell openser-TEST[20789]: check_nonce(): comparing
> >>>
> >> [4405ec129258d5cf9c016ade69cf37e33b5af52b] and
> >> [4405ec129258d5cf9c016ade69cf37e33b5af52b]
> >>
> >>> Mar  1 15:41:43 dell openser-TEST[20789]: rc_check_reply: received
> >>>
> >> invalid reply digest from RADIUS server
> >>
> >>> Mar  1 15:41:43 dell openser-TEST[20789]:
> >>>
> >> ERROR:auth_radius:radius_authorize_sterman: rc_auth failed
> >>
> >>> So I supposed that there were some failed configuration, I looked at
> my
> >>>
> >> “radiusd.conf” and finded:
> >>
> >>>   modules {
> >>>   ...
> >>>     digest {
> >>>     }
> >>>   ...
> >>>   }
> >>>   authorize {
> >>>           preprocess
> >>>           auth_log
> >>>           suffix
> >>>           digest
> >>>           sql
> >>>   }
> >>>   authenticate {
> >>>           digest
> >>>   }
> >>>
> >>> As my FreeRadius back-end is a MySQL database, the 'sql' statement in
> >>>
> >> authorize seems ok. And so do 'digest' in 'autheticate' section.
> >>
> >>> The question remains: Why are OpenSER complain on Radius response?
> Maybe
> >>>
> >> it's because of the sterman schema (?)....
> >>
> >>> Anyway, I try to test the server using the radtest tool. The output
> >>>
> >> seems good to me:
> >>
> >>> # radtest 8201 at DOMAIN.VALID 8201 127.0.0.1 12345 MyServerPassword
> >>> Sending Access-Request of id 255 to 127.0.0.1:1812
> >>>         User-Name = "8201 at DOMAIN.VALID"
> >>>         User-Password = "8201"
> >>>         NAS-IP-Address = sip
> >>>         NAS-Port = 12345
> >>> rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=255,
> >>>
> >> length=35
> >>
> >>>         Reply-Message = "Authenticated"
> >>>
> >>> So I discard FreeRadius config. Is this related on the value of
> “Reply-
> >>>
> >> Message”? I already read all Radius material that I found on OpenSER
> web-
> >> page

> >>
> >>> What am I doing wrong? What am I missing? As this same configs work
> with
> >>>
> >> SER 0.9.2, why did it not with OpenSER 1.0.x?
> >>
> >>> Edson.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> Users mailing list
> >>> Users at openser.org
> >>> http://openser.org/cgi-bin/mailman/listinfo/users
> >>>
> >>>
> >>>
> >
> >
> >
-------------- next part --------------
A non-text attachment was scrubbed...
Name: radius-log - 23.zip
Type: application/x-zip-compressed
Size: 8669 bytes
Desc: not available
Url : http://lists.kamailio.org/pipermail/users/attachments/20060306/5d566346/attachment.bin

More information about the Users mailing list