Hi!
I'm using openser CVS and try to deliver the rpid using auth_radius. But
the rpid never appears in the AVPs. Also other AVP-SIP attributes
(e.g. SIP-AVP = #101:TEST) do not appear in the AVP.
Filling AVPs in the .cfg using avp_write("$ruri/username","$ruser");
works fine and are printed with avp_print.
Any ideas how I can track down this problem?
thanks
klaus
The radius server responds with a SIP-AVP (225) attribute (verfied with
tcpdump):
rpid:<sip:[EMAIL PROTECTED]>
my cfg snippet (full config attached):
if (!radius_proxy_authorize("")) {
xlog("L_WARN","wrong or no credentials - challenging client ...");
proxy_challenge("", "0");
exit;
};
xlog("L_WARN","start avp_print()-");
avp_print();
xlog("L_WARN","stop avp_print()--");
the debug log:
8(5807) checking REGISTER authentication ... 8(5807) check_nonce():
comparing [42e78dca8153d605c63042be302f64af00e1abfc] and
[42e78dca8153d605c63042be302f64af00e1abfc]
8(5807) DEBUG:auth_radius:radius_authorize_sterman: Success
8(5807) xl_printf: final buffer length 37
8(5807) start avp_print() - 8(5807) xl_printf: final buffer length 37
8(5807) stop avp_print() -- 8(5807) xl_printf: final buffer length 58
#
# $Id: openser.cfg,v 1.1.1.1 2005/06/13 16:47:30 bogdan_iancu Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd)
#fork=yes
#log_stderror=no # (cmd line: -E)
/* Uncomment these lines to enter debugging mode
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
#port=5060
#children=4
fifo="/tmp/openser_fifo"
listen=1.2.3.83:5060
log_facility=LOG_LOCAL4 # /var/log/openser.log
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
#loadmodule "/usr/local/lib/ser/modules/mysql.so"
mpath="/usr/lib/openser/modules"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "xlog.so"
loadmodule "postgres.so"
loadmodule "domain.so"
loadmodule "alias_db.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "auth.so"
loadmodule "auth_radius.so"
loadmodule "avpops.so"
# ----------------- setting module-specific parameters ---------------
# database configuration
modparam("usrloc", "db_url", "postgres://openser:[EMAIL
PROTECTED]/openser")
modparam("domain|uri_db|alias_db", "db_url", "postgres://openserro:[EMAIL
PROTECTED]/openser")
# radius configuration
modparam("auth_radius", "radius_config", "/etc/openser/radiusclient.conf")
# multi domain configuration
modparam("domain", "db_mode", 1) # Use caching in domain module
modparam("alias_db|usrloc|registrar", "use_domain", 1) # group, group_radius,
speeddial, uri_db, avpops
# -- usrloc params --
modparam("usrloc", "db_mode", 1) # 0=no DB, 1 = write through, 2=caching
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# AVPs
# I:101 = cbcprefix
# call by call provider prefix
# I:102 = ruser
# userpart in request uri
# I:103 = rdomain
# domainpart in request uri
# I:104 = dummy1
# I:105 = dummy2
#
modparam("avpops","avp_aliases","cbcprefix=I:101;ruser=I:102;rdomain=I:103;dummy1=I:104;dummy2=I:105")
# ------------------------- request routing logic -------------------
# main routing logic
route{
xlog("L_WARN","[$Tf] $rm $ru ($fu --> $tu)");
#xlog("L_WARN","reference to message buffer: $mb");
xlog("L_WARN","playing around with avps...");
avp_write("$ruri/username","$ruser");
avp_write("$ruri/domain","$rdomain");
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
xlog("L_WARN","too many hops, reply with 483 ...");
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
xlog("L_WARN","message too big, reply with 513 ...");
sl_send_reply("513", "Message too big");
exit;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!is_method("REGISTER")) {
record_route();
}
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
log(1,"loose_route processing ...");
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
exit;
};
if (!is_method("REGISTER|CANCEL|ACK|BYE|OPTIONS|INFO")) {
if (is_from_local()) {
xlog("L_WARN","checking authentication ...");
# digest authentication
if (!radius_proxy_authorize("")) {
xlog("L_WARN","wrong or no credentials -
challenging client ...");
proxy_challenge("", "0");
exit;
};
xlog("L_WARN","start avp_print()--------");
avp_print();
xlog("L_WARN","stop avp_print()---------");
consume_credentials();
xlog("L_WARN","username/password correct ...");
log(1,"adding rpid header ...");
append_rpid_hf();
}
}
if (!is_uri_host_local()) {
log(1,"outbound request ...");
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
route(1);
exit;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (is_uri_host_local()) {
if (is_method("REGISTER")) {
if (is_from_local()) {
log(1,"processing REGISTER ...");
xlog("L_WARN","checking REGISTER authentication
...");
# digest authentication
if (!radius_www_authorize("")) {
xlog("L_WARN","wrong or no credentials
in REGISTER - challenging client ...");
www_challenge("", "0");
exit;
};
xlog("L_WARN","start avp_print() of
REGISTER--------");
avp_print();
xlog("L_WARN","stop avp_print() of
REGISTER---------");
consume_credentials();
xlog("L_WARN","username/password correct in
REGISTER, saving location ...");
save("location");
exit;
} else {
xlog("L_WARN","REGISTER for unknown domain
received, reply with 403 ...");
sl_send_reply("403","Use your own proxy");
exit;
}
};
lookup("aliases");
if (!is_uri_host_local()) {
append_hf("P-hint: outbound alias\r\n");
route(1);
exit;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
# send to at43 main proxy
xlog("L_WARN","user not found, forwarding to main
proxy ...");
t_relay_to_udp("1.2.3.160", "5060");
#sl_send_reply("404", "Not Found");
exit;
};
};
append_hf("P-hint: usrloc applied\r\n");
route(1);
}
route[1]
{
xlog("L_WARN","route[1] entered ...");
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
xlog("L_WARN","t_relay the request ...");
if (!t_relay()) {
sl_reply_error();
};
xlog("L_WARN","... leaving route[1]");
}
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
