You need to check the dictionaries on your kamailio server. Mos likely something is miss configured there. Check what value do you have for "User-Name" and see if you have any duplicates for that value.
Regards, Ovidiu Sas On Sat, Mar 5, 2011 at 2:32 AM, Kosilov Fedor <dangerko...@gmail.com> wrote: > Again for testing, I pointed Kamailio directly to my billing radius, > bypassing Freeradius. The situation is the same, so the problem is > definitely not with the Freeradius server. > > 2011/3/5 Kosilov Fedor <dangerko...@gmail.com> >> >> Hello, Daniel, thank you for your attention to my problem. >> >> I actually don't need accounting support, I just want to implement an >> authorization using radius. >> But for testing purposes, I loaded the acc module and set "radius_extra" >> param. Nothing has changed. >> >> Here is a part of my config: >> >> >> ... >> modparam("acc", "radius_config", "/etc/radiusclient-ng/radiusclient.conf") >> modparam("acc", "radius_extra", "User-Name=$Au") >> ... >> modparam("auth_radius", "radius_config", >> "/etc/radiusclient-ng/radiusclient.conf") >> modparam("auth_radius", "auth_extra", "NAS-Identifier=$var(ident)") >> ... >> route { >> #Definitions >> $var(ident) = "kamserv.example.com"; >> ... >> route(3); #Auth >> ... >> } >> >> ... >> >> route[3] { >> if (is_method("REGISTER")) >> { >> if (is_from_local()) { >> if (!radius_www_authorize("$td")) >> { >> www_challenge("$sel(to.uri.host)", "1"); >> exit; >> } else { >> >> avp_db_delete("$sel(to.uri)","$avp(s:ip)"); >> >> avp_db_delete("$sel(to.uri)","$avp(s:dpid)"); >> >> avp_db_delete("$sel(to.uri)","$avp(s:fr_timer)"); >> >> avp_db_delete("$sel(to.uri)","$avp(s:calls_limit)"); >> >> avp_db_store("$sel(to.uri)","$avp(s:ip)"); >> >> avp_db_store("$sel(to.uri)","$avp(s:dpid)"); >> >> avp_db_store("$sel(to.uri)","$avp(s:fr_timer)"); >> >> avp_db_store("$sel(to.uri)","$avp(s:calls_limit)"); >> >> if >> ($au!=$sel(to.uri.user))||($au!=$sel(from.uri.user)) { >> sl_send_reply("403","Forbidden >> auth ID"); >> exit; >> } else { >> if ($avp(s:ip)!='any' && >> $sel(src.ip)!=$avp(s:ip)) { >> >> sl_send_reply("403","Forbidden"); >> exit; >> } >> } >> } >> >> } else { >> sl_send_reply("403","Forbidden"); >> exit; >> } >> } else { >> if ($sel(src.ip)=="192.168.0.2") { >> return; >> } else if (is_from_local()) { >> if >> (!radius_proxy_authorize("$sel(from.uri.host)","$sel(from.uri.user)")) { >> proxy_challenge("$sel(from.uri.host)", >> "1"); >> exit; >> } >> if ($avp(s:ip)!='any' && $sel(src.ip)!=$avp(s:ip)) >> { >> sl_send_reply("403","Forbidden"); >> exit; >> } >> >> if (is_method("PUBLISH")) >> { >> if ($au!=$sel(to.uri.user)) { >> sl_send_reply("403","Forbidden >> auth ID"); >> exit; >> } >> } else if ($au!=$sel(from.uri.user)) { >> sl_send_reply("403","Forbidden auth ID"); >> exit; >> } >> consume_credentials(); >> } else { >> sl_send_reply("403","Forbidden"); >> exit; >> } >> } >> } >> ... >> >> And again a part of the freeradius log: >> >> rad_recv: Access-Request packet from host 127.0.0.1 port 58933, id=135, >> length=298 >> User-Name = "2219...@example.com" >> Digest-Attributes = 0x0a0932323139303031 >> Digest-Attributes = 0x01106c696e6b2d726567696f6e2e7275 >> Digest-Attributes = >> 0x0222545848676630317833314f7076767759512b6b73674c63554d51784f6c347634 >> Digest-Attributes = 0x04147369703a6c696e6b2d726567696f6e2e7275 >> Digest-Attributes = 0x030a5245474953544552 >> Digest-Attributes = 0x050661757468 >> Digest-Attributes = 0x090a3030303030303031 >> Digest-Attributes = 0x080c39636238383130616531 >> Digest-Response = "efdcf92b58f694b97928856614057436" >> Service-Type = Sip-Session >> Sip-Uri-User = "2219001" >> User-Name = "call-id=zomdnicqsndxrnh@koffe-work" >> NAS-Identifier = "kamserv.example.com" >> NAS-Port = 5060 >> NAS-IP-Address = 127.0.0.1 >> >> >> Regards, >> Fedor. >> >> >> >> 2011/3/5 Daniel-Constantin Mierla <mico...@gmail.com> >>> >>> Hello, >>> >>> what is the value of parameter radius_extra for acc module? >>> >>> Cheers, >>> Daniel >>> >>> On 3/4/11 1:06 PM, Kosilov Fedor wrote: >>> >>> Hello List! >>> >>> I'm trying to set up authorization with our billing proprietary radius >>> server, using Freeradius as a proxy. Currently I'm experiencing the >>> following problem: >>> >>> The Access-Request packet, sent by Kamailio, contains two User-Name >>> attribute records >>> Here is a log from the Freeradius server: >>> >>> rad_recv: Access-Request packet from host 127.0.0.1 port 59294, id=112, >>> length=298 >>> User-Name = "2219...@example.com" >>> Digest-Attributes = 0x0a0932323139303031 >>> Digest-Attributes = 0x01106c696e6b2d726567696f6e2e7275 >>> Digest-Attributes = >>> 0x022254584452634531773045524b7368796f30684a70544f4f6a69424d386b32534a >>> Digest-Attributes = 0x04147369703a6c696e6b2d726567696f6e2e7275 >>> Digest-Attributes = 0x030a5245474953544552 >>> Digest-Attributes = 0x050661757468 >>> Digest-Attributes = 0x090a3030303030303031 >>> Digest-Attributes = 0x080c32383034636535373032 >>> Digest-Response = "e79b47955c02401fe52d05f7956609aa" >>> Service-Type = Sip-Session >>> Sip-Uri-User = "2219001" >>> User-Name = "call-id=domcmqmnychbwlp@koffe-work" >>> NAS-Identifier = "kamserv.example.com" >>> NAS-Port = 5060 >>> NAS-IP-Address = 127.0.0.1 >>> # Executing section authorize from file >>> /etc/freeradius/sites-enabled/default >>> +- entering group authorize {...} >>> ++[preprocess] returns ok >>> ++[chap] returns noop >>> ++[mschap] returns noop >>> [digest] Checking for correctly formatted Digest-Attributes >>> [digest] Digest-Attributes look OK. Converting them to something more >>> usful. >>> Digest-User-Name = "2219001" >>> Digest-Realm = "example.com" >>> Digest-Nonce = "TXDRcE1w0ERKshyo0hJpTOOjiBM8k2SJ" >>> Digest-URI = "sip:example.com" >>> Digest-Method = "REGISTER" >>> Digest-QOP = "auth" >>> Digest-Nonce-Count = "00000001" >>> Digest-CNonce = "2804ce5702" >>> [digest] Adding Auth-Type = DIGEST >>> ++[digest] returns ok >>> [suffix] Looking up realm "example.com" for User-Name = >>> "2219...@example.com" >>> [suffix] Found realm "example.com" >>> [suffix] Adding Realm = "example.com" >>> [suffix] Proxying request from user 2219001 to realm example.com >>> [suffix] Preparing to proxy authentication request to realm "example.com" >>> ++[suffix] returns updated >>> [eap] No EAP-Message, not doing EAP >>> ++[eap] returns noop >>> ++[files] returns noop >>> ++[expiration] returns noop >>> ++[logintime] returns noop >>> ++[pap] returns noop >>> Sending Access-Request of id 250 to 127.0.0.1 port 1822 >>> User-Name = "2219...@example.com" >>> Digest-Attributes = 0x0a0932323139303031 >>> Digest-Attributes = 0x01106c696e6b2d726567696f6e2e7275 >>> Digest-Attributes = >>> 0x022254584452634531773045524b7368796f30684a70544f4f6a69424d386b32534a >>> Digest-Attributes = 0x04147369703a6c696e6b2d726567696f6e2e7275 >>> Digest-Attributes = 0x030a5245474953544552 >>> Digest-Attributes = 0x050661757468 >>> Digest-Attributes = 0x090a3030303030303031 >>> Digest-Attributes = 0x080c32383034636535373032 >>> Digest-Response = "e79b47955c02401fe52d05f7956609aa" >>> Service-Type = Sip-Session >>> Sip-Uri-User = "2219001" >>> User-Name = "call-id=domcmqmnychbwlp@koffe-work" >>> NAS-Identifier = "kamserv.example.com" >>> NAS-Port = 5060 >>> NAS-IP-Address = 127.0.0.1 >>> Proxy-State = 0x313132 >>> Proxying request 1 to home server 127.0.0.1 port 1822 >>> >>> As I understand, this second User-Name attribute has to be a call-id >>> attribute. >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >>> sr-users@lists.sip-router.org >>> >>> >>> >>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users >>> >>> -- >>> Daniel-Constantin Mierla >>> http://www.asipto.com > > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > > _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users