[OpenSIPS-Users] consume_credentials doesn't work with auth_radius module

Robert Borz robert.borz at web.de
Wed Jan 21 17:41:23 CET 2009


Hi,

I'm using OpenSER 1.3.2 (because I have to) with the auth_radius module to authorize users against a FreeRADIUS server. Capturing the SIP packets showed, that consume_credentials() doesn't remove the "Proxy-Authorization" header field containing the challenged credentials.

Further is_present_hf("Proxy-Authorization") returns true, also if there is no Proxy-Authorization header field in the message, which leads to the following ERROR:

Jan 21 17:28:48 sip0 /usr/sbin/openser[3982]: ERROR:auth:consume_credentials: no authorized credentials found (error in scripts)

Do I have to use www_authorize() and proxy_authorize() to get consume_credentials() working?

I need to authenticate against a FreeRADIUS server, what is a common alternative to consume_credentials and why doesn't the is_present_hf() function work as expected?

Any help would be really appreciated...
Thanks a lot!

Robert.


Here's the base-outbound part of my current configuration, adapted from the sip:wizard from sip:wise:

route[3]
{
        if (isbflagset(6)) {
                if (!isflagset(22) && !search("^Content-Length:[ ]*0")) {
                        setflag(22);
                        force_rtp_proxy();
                }

                t_on_reply("2");

        } else {
                t_on_reply("1");
        }

        if (!isflagset(21)) {
                t_on_failure("2");
        }

        if (isflagset(29)) {
                append_branch();
        }

        if (is_present_hf("Proxy-Authorization")) {
xlog("L_ERR", "==========> is_present_hf=TRUE");
                consume_credentials();
                append_hf("P-hint: credentials should be removed.\r\n");
        }
if (!is_present_hf("Proxy-Authorization")) {
xlog("L_ERR", "==========> is_present_hf=FALSE");
}

        xlog("L_INFO", "Request leaving server, D-URI='$du' - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");
        # no 100 (we already sent it) and no DNS blacklisting
        if (!t_relay("0x05")) {
                sl_reply_error();
                if(is_method("INVITE") && isbflagset(6)) {
                        unforce_rtp_proxy();
                }
        }

        exit;
}





More information about the Users mailing list