[OpenSIPS-Users] Registration via RADIUS

Binan AL Halabi binanalhalabi at yahoo.com
Thu Oct 4 12:06:24 CEST 2012


hi Hannie,

- Delete this  "Auth-Type := Digest"  from users file (http://deployingradius.com/documents/configuration/auth_type.html)

- Delete  this modparam("auth", "calculate_ha1", 1) from the configuration file (it is not related)

//Binan


________________________________
 Från: Hanie Maghsoudy <h.maghsoudy at gmail.com>
Till: Binan AL Halabi <binanalhalabi at yahoo.com> 
Kopia: OpenSIPS users mailling list <users at lists.opensips.org> 
Skickat: torsdag, 4 oktober 2012 7:09
Ämne: Re: [OpenSIPS-Users] Registration via RADIUS
 

Free Radius users:

DEFAULT Framed-Protocol == PPP
        Framed-Protocol = PPP,
        Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP"
        Framed-Protocol = SLIP,
        Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
        Framed-Protocol = SLIP


101 at 192.168.X.X Auth-Type := Digest, Cleartext-Password == "101"
        Reply-Message = "Authenticated-101 at 192.168.X.X"

101 at 192.168.X.X Auth-Type := Digest, Digest-HA1 == "e0f4a1a0ac0b3ee6dd7d58a8c70ff5cf"
        Reply-Message = "Authenticated-101 at 192.168.X.X-HA1"

101 Auth-Type := Digest, Cleartext-Password == "101"
        Reply-Message = "Authenticated-101"

101 Auth-Type := Digest, Digest-HA1 == "018dd754fd71ea9d7b19bf37ce5c8152"
        Reply-Message = "Authenticated-101-HA1"



Free Radius clients.conf:

client localhost {
        secret = radi
        shortname = OpenSIPS
        nastype = cisco
}

Also I've tested with nastype = other.


radiusclient.conf is the default configuration of radiusclient-ng, and in servers I have: 

localhost       radi

Binan, please let me know if I should mention somting else.

Thanks,
Hanie




On Wed, Oct 3, 2012 at 5:41 PM, Binan AL Halabi <binanalhalabi at yahoo.com> wrote:


>
>Post your Radius configuration.
>
>
>//Binan
>
>
>________________________________
> Från: Hanie Maghsoudy <h.maghsoudy at gmail.com>
>Till: Binan AL Halabi <binanalhalabi at yahoo.com>; OpenSIPS users mailling list <users at lists.opensips.org> 
>Skickat: onsdag, 3 oktober 2012 14:10
>Ämne: Re: [OpenSIPS-Users] Registration via RADIUS
> 
>
>
>Thanks Binan for the reply.
>I tested both and none of them works.
>
>
>On Wed, Oct 3, 2012 at 2:48 PM, Binan AL Halabi <binanalhalabi at yahoo.com> wrote:
>
>look for the type of password you want to use whether plaintext or HA
>>
>>modparam("auth", "calculate_ha1", 1) # plaintext password
>>modparam("auth", "calculate_ha1", 0) # pre-calculated HA1
>>
>>//Binan
>>
>>
>>
>>
>>
>>
>>________________________________
>> From: Hanie Maghsoudy <h.maghsoudy at gmail.com>
>>To: users at lists.opensips.org 
>>Sent: Wednesday, October 3, 2012 12:59 PM
>>Subject: Re: [OpenSIPS-Users] Registration via RADIUS
>> 
>>
>>
>>Hi all,
>>
>>Does anyone have a clue on this?
>>I'm pretty sure I'm doing something wrong, but I can not find it. I believe that either OpenSIPs configuration or radiusclient-ng's could be incorrect.
>>
>>Thanks
>>
>>
>>On Mon, Oct 1, 2012 at 3:09 PM, Hanie Maghsoudy <h.maghsoudy at gmail.com> wrote:
>>
>>Dear all,
>>>
>>>I want to register some users in OpenSIPs. When I use db mode it's totally OK. Users register and could make calls. But when I set radius configuration (using this document), the user doesn't register and FreeRadius keeps printing these messages:
>>>
>>>
>>>Info: [digest] Checking for correctly formatted Digest-Attributes
>>>Info: [digest] Digest-Attributes look OK.  Converting them to something more usful.
>>>        Digest-User-Name = "101"
>>>        Digest-Realm = "192.168.X.X"
>>>        Digest-Nonce = "5069765300000000af31f979191ab899f5f9fc41ed941449"
>>>        Digest-URI = "sip:192.168.X.X"
>>>        Digest-Method = "REGISTER"
>>>        Digest-QOP = "auth"
>>>        Digest-Nonce-Count = "00000001"
>>>        Digest-CNonce = "8277adcf0b"
>>>Info: [digest] Adding Auth-Type = DIGEST
>>>Info: ++[digest] returns ok
>>>Info: [suffix] Looking up realm "192.168.X.X" for User-Name = "101 at 192.168.X.X"
>>>Info: [suffix] Found realm "192.168.X.X"
>>>Info: [suffix] Adding Realm = "192.168.X.X"
>>>Info: [suffix] Authentication realm is LOCAL.
>>>Info: ++[suffix] returns ok
>>>Info: [eap] No EAP-Message, not doing EAP
>>>Info: ++[eap] returns noop
>>>Info: [files] users: Matched entry 101 at 192.168.X.X at line 22
>>>Info: ++[files] returns ok
>>>Info: ++[expiration] returns noop
>>>Info: ++[logintime] returns noop
>>>Info: [pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
>>>Info: ++[pap] returns noop
>>>Info: Found Auth-Type = DIGEST
>>>Info: # Executing group from file /etc/freeradius/sites-enabled/default
>>>Info: +- entering group DIGEST {...}
>>>Auth: [digest] Cleartext-Password or Digest-HA1 is required for authentication.
>>>Info: ++[digest] returns invalid
>>>Info: Failed to authenticate the user.
>>>Auth: Login incorrect: [101 at 192.168.X.X/<via Auth-Type = Digest>] (from client OpenSIPS port 0)
>>>Info: Using Post-Auth-Type Reject
>>>Info: # Executing group from file /etc/freeradius/sites-enabled/default
>>>Info: +- entering group REJECT {...}
>>>Info: [attr_filter.access_reject]    expand: %{User-Name} -> 101 at 192.168.X.X
>>>
>>>
>>>And here is my opensips.cfg:
>>>
>>>.....
>>>loadmodule "acc.so"
>>>modparam("acc", "early_media", 0)
>>>modparam("acc", "report_cancels", 0)
>>>modparam("acc", "detect_direction", 0)
>>>modparam("acc", "failed_transaction_flag", 3)
>>>modparam("acc", "log_flag", 1)
>>>modparam("acc", "log_missed_flag", 2)
>>>loadmodule "auth.so"
>>>loadmodule "aaa_radius.so"
>>>loadmodule "auth_aaa.so"
>>>modparam("auth", "calculate_ha1", 1)
>>>modparam("auth_aaa", "aaa_url", "radius:/etc/radiusclient-ng/radiusclient.conf")
>>>route{
>>>        if ( !(is_method("REGISTER")  ) ) {
>>>                if (from_uri==myself)
>>>                {
>>>                        if (!aaa_proxy_authorize("")) {
>>>                                proxy_challenge("", "1");
>>>                                exit;
>>>                        }
>>>                        consume_credentials();
>>>                } else {
>>>                        if (!uri==myself) {
>>>                                send_reply("403","Rely forbidden");
>>>                                exit;
>>>                        }
>>>               }
>>>        }
>>>....
>>>        if (is_method("REGISTER"))
>>>        {
>>>                if (!aaa_www_authorize(""))
>>>                {
>>>                        www_challenge("", "1");
>>>                        exit;
>>>                }
>>>                if (   0 ) setflag(7);
>>>                if (!save("location"))
>>>                        sl_reply_error();
>>>                exit;
>>>        }
>>>....
>>>
>>>
>>>And in freeradius/users I have:
>>>
>>>.....
>>>
>>>101 at 192.168.X.X Auth-Type := Digest, Cleartext-Password == "101"
>>>        Reply-Message = "Authenticated"
>>>
>>>Would you please help me to solve the problem?
>>>
>>>Thanks,
>>>Hanie
>>>
>>>
>>>
>>
>>_______________________________________________
>>Users mailing list
>>Users at lists.opensips.org
>>http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>>_______________________________________________
>>Users mailing list
>>Users at lists.opensips.org
>>http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20121004/7c9549c7/attachment.htm>


More information about the Users mailing list