[OpenSER-Users] Radius integration issue

OpenSER ML openser at zap2link.com
Wed Jul 18 12:51:16 CEST 2007


Hi Dan,

  I am running in debug mode, here is the output of FreeRadius which seems fine to me:

rad_recv: Access-Request packet from host 192.168.2.80:35223, id=250, length=232
        User-Name = "101 at openser.org"
        Digest-Attributes = 0x0a05313031
        Digest-Attributes = 0x010d6f70656e7365722e6f7267
        Digest-Attributes = 0x022a34363961626230616465333832613934646432333533636264663264666438336231353933663564
        Digest-Attributes = 0x04127369703a3139322e3136382e322e3830
        Digest-Attributes = 0x030a5245474953544552
        Digest-Attributes = 0x050661757468
        Digest-Attributes = 0x090a3030303030303930
        Digest-Attributes = 0x081235343038316466316439623562383564
        Digest-Response = "d3ff78d09d9b2cefdce0c975b3c6fd26"
        Service-Type = IAPP-Register
        X-Ascend-PW-Lifetime = 0x313031
        NAS-Port = 5060
        NAS-IP-Address = 192.168.2.80
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1124
  modcall[authorize]: module "preprocess" returns ok for request 1124
radius_xlat:  '/usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716'
rlm_detail: /usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716
  modcall[authorize]: module "auth_log" returns ok for request 1124
rlm_digest: Adding Auth-Type = DIGEST
  modcall[authorize]: module "digest" returns ok for request 1124
    users: Matched entry 101 at openser.org at line 53
  modcall[authorize]: module "files" returns ok for request 1124
modcall: leaving group authorize (returns ok) for request 1124
  rad_check_password:  Found Auth-Type DIGEST
auth: type "digest"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1124
    rlm_digest: Converting Digest-Attributes to something sane...
        Digest-User-Name = "101"
        Digest-Realm = "openser.org"
        Digest-Nonce = "469abb0ade382a94dd2353cbdf2dfd83b1593f5d"
        Digest-URI = "sip:192.168.2.80"
        Digest-Method = "REGISTER"
        Digest-QOP = "auth"
        Digest-Nonce-Count = "00000090"
        Digest-CNonce = "54081df1d9b5b85d"
A1 = 101:openser.org:101
A2 = REGISTER:sip:192.168.2.80
H(A1) = f195c177997cee336c919be9279c5703
H(A2) = 046d0643f281affab19fe62ffc848ab5
KD = f195c177997cee336c919be9279c5703:469abb0ade382a94dd2353cbdf2dfd83b1593f5d:00000090:54081df1d9b5b85d:auth:046d0643f281affab19fe62ffc848ab5
EXPECTED d3ff78d09d9b2cefdce0c975b3c6fd26
RECEIVED d3ff78d09d9b2cefdce0c975b3c6fd26
  modcall[authenticate]: module "digest" returns ok for request 1124
modcall: leaving group authenticate (returns ok) for request 1124
Login OK: [101 at openser.org/<no User-Password attribute>] (from client 192.168.2.80 port 5060)
Sending Access-Accept of id 250 to 192.168.2.80 port 35223
Finished request 1124
Going to the next request
Waking up in 6 seconds...


Z2L
----- Original Message -----
From: "Dan-Cristian Bogos" <dan.bogos at gmail.com>
To: openser at zap2link.com
Sent: Wednesday, July 18, 2007 1:53:14 PM (GMT+0200) Asia/Jerusalem
Subject: Re: [OpenSER-Users] Radius integration issue

Hi,

try running FreeRADIUS in debug mode, this will tell u more info
regarding the cause of failure.
To run FreeRADIUS in debug start it with -X option.

Let us know about the results.

Cheers,
DanB

On 7/18/07, OpenSER ML <openser at zap2link.com> wrote:
> Hi All,
>
>   I'm trying to connect OpenSER with FreeRadius. I've managed to get the digest authentication
> going correctly, having the Radius respond with LOGIN OK for the requests that are in the users file. However, although the authentication process appears to succeed, the IP phone doesn't register to the OpenSER server.
>
>   The following can be seen in the debug:
>
>  0(17821) SIP Request:
>  0(17821)  method:  <REGISTER>
>  0(17821)  uri:     <sip:192.168.2.80>
>  0(17821)  version: <SIP/2.0>
>  0(17821) parse_headers: flags=2
>  0(17821) Found param type 232, <branch> = <z9hG4bK4d7202f23b6595fc>; state=16
>  0(17821) end of header reached, state=5
>  0(17821) parse_headers: Via found, flags=2
>  0(17821) parse_headers: this is the first via
>  0(17821) After parse_msg...
>  0(17821) preparing to run routing scripts...
>  0(17821) parse_headers: flags=100
>  0(17821) DEBUG:parse_to:end of header reached, state=10
>  0(17821) DBUG:parse_to: display={}, ruri={sip:101 at 192.168.2.80;user=phone}
>  0(17821) DEBUG: get_hdr_field: <To> [35]; uri=[sip:101 at 192.168.2.80;user=phone]
>  0(17821) DEBUG: to body [<sip:101 at 192.168.2.80;user=phone>
> ]
>  0(17821) get_hdr_field: cseq <CSeq>: <20048> <REGISTER>
>  0(17821) DEBUG:maxfwd:is_maxfwd_present: value = 70
>  0(17821) parse_headers: flags=200
>  0(17821) DEBUG: get_hdr_body : content_length=0
>  0(17821) found end of header
>  0(17821) find_first_route: No Route headers found
>  0(17821) loose_route: There is no Route HF
>  0(17821) grep_sock_info - checking if host==us: 12==12 &&  [192.168.2.80] == [192.168.2.80]
>  0(17821) grep_sock_info - checking if port 5060 matches port 5060
>  0(17821) grep_sock_info - checking if host==us: 12==12 &&  [192.168.2.80] == [192.168.2.80]
>  0(17821) grep_sock_info - checking if port 5060 matches port 5060
>  0(17821) check_nonce(): comparing [469aba5f4ff6b78f7b9588ad19fc0ab514e709da] and [469aba5f4ff6b78f7b9588ad19fc0ab514e709da]
>  0(17821) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed
>  0(17821) build_auth_hf(): 'WWW-Authenticate: Digest realm="openser.org", nonce="469aba5f4ff6b78f7b9588ad19fc0ab514e709da", qop="auth"
> '
>  0(17821) parse_headers: flags=ffffffffffffffff
>  0(17821) check_via_address(192.168.2.101, 192.168.2.101, 0)
>  0(17821) DEBUG:destroy_avp_list: destroying list (nil)
>  0(17821) receive_msg: cleaning up
>
>   As you can surely see, the ERROR is somewhere in the authorization status. Now, I've verified
> the secret key between the machine, and all seems to be in place - any pointers will be highly appreciated.
>
> Z2L
>
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
>





More information about the Users mailing list