Hi Velimir,
not an expert on RADIUS, but my guess the problem is in the RADIUS
server configuration - it should not request authentication for the
"Service-Type = Group-Check"
regards,
bogdan
Velimir Novkovic wrote:
Hi,
I run SER with Radius/MySQL for authentication and accounting.
Things are pretty much in place except for group checking. I have
something like this in my ser.cfg:
……..
modparam("auth_radius", "radius_config",
"/etc/radiusclient-ng/radiusclient.conf")
modparam("group_radius", "use_domain", 1)
………..
if (uri=~"^sip:[0-9]{8}@") { # Domestic PSTN
if (!radius_is_user_in("credentials", "ld")) {
sl_send_reply("403", "No permission for domestic calls");
return;
};
route(4);
return;
};
…………
When I look at Radius debug log I can see that when ser sends a
request to radius, radius wants to do digest on it and then the
complete request fails and call can’t go through. Output looks
something like this:
……
rad_recv: Access-Request packet from host 127.0.0.1:34027, id=18,
length=72
User-Name = "[EMAIL PROTECTED]"
Sip-Group = "voicemail"
Service-Type = Group-Check
NAS-Port = 0
NAS-IP-Address = 127.0.0.1
Processing the authorize section of radiusd.conf
….
** bunch of sql statements …..
….
modcall: group authorize returns ok for request 17
rad_check_password: Found Auth-Type Digest
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
ERROR: No Digest-Nonce: Cannot perform Digest authentication
modcall[authenticate]: module "digest" returns invalid for request 17
modcall: group authenticate returns invalid for request 17
auth: Failed to validate the user.
In databases I have following:
mysql> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = '[EMAIL PROTECTED]' ORDER BY id;
+----+-----------------------+--------------+-------------+----+
| id | UserName | Attribute | Value | op |
+----+-----------------------+--------------+-------------+----+
| 18 | [EMAIL PROTECTED] | Service-Type | Group-Check | := |
+----+-----------------------+--------------+-------------+----+
1 row in set (0.00 sec)
mysql> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = '[EMAIL PROTECTED]' ORDER BY id;
+----+-----------------------+---------------+------------------------------------+----+
| id | UserName | Attribute | Value | op |
+----+-----------------------+---------------+------------------------------------+----+
| 23 | [EMAIL PROTECTED] | User-Password |
$1$d7XAeahG$9f17cb8JaKj8R1z9GpwG4/ | := |
| 25 | [EMAIL PROTECTED] | Sip-Rpid | 81000 | = |
| 30 | [EMAIL PROTECTED] | Auth-Type | Digest | := |
+----+-----------------------+---------------+------------------------------------+----+
mysql> SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FR
OM radgroupcheck,usergroup WHERE usergroup.Username =
'[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.G
roupName ORDER BY radgroupcheck.id;
+----+-----------+-----------+--------+----+
| id | GroupName | Attribute | Value | op |
+----+-----------+-----------+--------+----+
| 12 | voicemail | Auth-Type | Accept | := |
+----+-----------+-----------+--------+----+
Has anyone had a chance to do something like this with success? I am
stuck at the moment – any help is greatly appreciated.
Thanks.
/Vel
------------------------------------------------------------------------
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
