Hi! I still have this same problem with our attempt to move from SER to OpenSER. Everything is fine, but Radius authentication. We have a Xeon (64 bits off course) machine and find this very same problem.
At my first thread to this list Daniel point me many checks and I look for the same things pointed now. I including changed the source (in an ugly way) of RadiusClient-NG to register, when in DEBUG mode, the shared key used. It's ok. The thread stopped when a closer look on the codes appears as the only solution. As I'm not a programmer I couldn't go further. Maybe Daniel's HOW-TO would help us to find out the problem. Wait to see... ;) Edson. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Klaus Darilion > Sent: quinta-feira, 30 de março de 2006 09:16 > To: [EMAIL PROTECTED] > Cc: [email protected] > Subject: Re: [Users] Radius Authentication failed ? > > Hi! > > Recently on the ser list someone reported radiusclient-ng problems on 64 > bit solaris (32 bit solaris works). Maybe this is an 64bit issue? > Has someone use radiusclient-ng successful on 64 systems? > > regards > klaus > > Daniel-Constantin Mierla wrote: > > Have you got any message is syslog coming from radiusclient-ng library? > > The FreeRadius server reports ok for authentication. > > > > Cheers, > > Daniel > > > > > > On 03/30/06 05:15, Nguyen Duc Phi wrote: > >> I config openser authenticate from Radius. when softphone register to > >> openser, Freeradius response "Sending Access-Accept" but openser > >> inform "ERROR:auth_radius:radius_authorize_sterman: rc_auth failed" So > >> softphone not registered. I search this title in google and find on > >> "*OpenSER Users Mailing List*", I didnt find solution to fix problem. > >> Could someone help me fix this problem ? > >> > >> Here is list of product's version I used. > >> openser-1.0.1 > >> OS : CentOS-4 x86_64 > >> radiusclient-ng-0.5.2 > >> freeradius-1.0.5 > >> > >> openser show debug : > >> > >> 8(8985) parse_headers: flags=ffffffffffffffff > >> 8(8985) check_via_address(192.168.212.123, 192.168.212.123, 0) > >> 8(8985) DEBUG:destroy_avp_list: destroying list (nil) > >> 8(8985) receive_msg: cleaning up > >> 7(8982) SIP Request: > >> 7(8982) method: <REGISTER> > >> 7(8982) uri: <sip:vdc.com.vn> > >> 7(8982) version: <SIP/2.0> > >> 7(8982) parse_headers: flags=2 > >> 7(8982) DEBUG: get_hdr_body : content_length=0 > >> 7(8982) get_hdr_field: cseq <CSeq>: <2> <REGISTER> > >> 7(8982) DEBUG:parse_to:end of header reached, state=9 > >> 7(8982) DEBUG: get_hdr_field: <To> [23]; uri=[sip:[EMAIL PROTECTED] > >> 7(8982) DEBUG: to body [<sip:[EMAIL PROTECTED]> > >> ] > >> 7(8982) Found param type 235, <rport> = <n/a>; state=6 > >> 7(8982) Found param type 232, <branch> = > >> <z9hG4bKc0a8d47b0131c9b1442b39c80000367c00000003>; state=16 > >> 7(8982) end of header reached, state=5 > >> 7(8982) parse_headers: Via found, flags=2 > >> 7(8982) parse_headers: this is the first via > >> 7(8982) After parse_msg... > >> 7(8982) preparing to run routing scripts... > >> 7(8982) DEBUG:maxfwd:is_maxfwd_present: value = 70 > >> 7(8982) parse_headers: flags=200 > >> 7(8982) found end of header > >> 7(8982) find_first_route: No Route headers found > >> 7(8982) loose_route: There is no Route HF > >> 7(8982) grep_sock_info - checking if host==us: 10==9 && [vdc.com.vn] > >> == [127.0.0.1] > >> 7(8982) grep_sock_info - checking if port 5060 matches port 5060 > >> 7(8982) grep_sock_info - checking if host==us: 10==13 && > >> [vdc.com.vn] == [192.168.212.9] > >> 7(8982) grep_sock_info - checking if port 5060 matches port 5060 > >> 7(8982) grep_sock_info - checking if host==us: 10==9 && [vdc.com.vn] > >> == [127.0.0.1] > >> 7(8982) grep_sock_info - checking if port 5060 matches port 5060 > >> 7(8982) grep_sock_info - checking if host==us: 10==13 && > >> [vdc.com.vn] == [192.168.212.9] > >> 7(8982) grep_sock_info - checking if port 5060 matches port 5060 > >> 7(8982) grep_sock_info - checking if host==us: 10==9 && [vdc.com.vn] > >> == [127.0.0.1] > >> 7(8982) grep_sock_info - checking if port 5060 matches port 5060 > >> 7(8982) grep_sock_info - checking if host==us: 10==13 && > >> [vdc.com.vn] == [192.168.212.9] > >> 7(8982) grep_sock_info - checking if port 5060 matches port 5060 > >> 7(8982) grep_sock_info - checking if host==us: 10==9 && [vdc.com.vn] > >> == [127.0.0.1] > >> 7(8982) grep_sock_info - checking if port 5060 matches port 5060 > >> 7(8982) grep_sock_info - checking if host==us: 10==13 && > >> [vdc.com.vn] == [192.168.212.9] > >> 7(8982) grep_sock_info - checking if port 5060 matches port 5060 > >> 7(8982) check_nonce(): comparing > >> [442b360523cece6362803c97fa7fb10b37680cd8] and > >> [442b360523cece6362803c97fa7fb10b37680cd8] > >> 7(8982) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed > >> 7(8982) build_auth_hf(): 'WWW-Authenticate: Digest > >> realm="vdc.com.vn", nonce="442b360523cece6362803c97fa7fb10b37680cd8" > >> ' > >> 7(8982) parse_headers: flags=ffffffffffffffff > >> 7(8982) check_via_address(192.168.212.123, 192.168.212.123, 0) > >> 7(8982) DEBUG:destroy_avp_list: destroying list (nil) > >> 7(8982) receive_msg: cleaning up > >> > >> Radius show debug: > >> > >> rad_recv: Access-Request packet from host 192.168.212.9:32826, id=205, > >> length=203 > >> User-Name = "[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>" > >> Digest-Attributes = 0x0a0635303031 > >> Digest-Attributes = 0x010c7664632e636f6d2e766e > >> Digest-Attributes = > >> > 0x022a34343262333630353233636563653633363238303363393766613766623130623337 > 363830636438 > >> > >> Digest-Attributes = 0x04107369703a7664632e636f6d2e766e > >> Digest-Attributes = 0x030a5245474953544552 > >> Digest-Response = "1c3d532fc6c1c37004c6df6027e6242c" > >> Service-Type = 0x0000000f00000000 > >> Sip-Uri-User = "5001" > >> NAS-Port = 0x000013c400000000 > >> NAS-IP-Address = 0xc0a8d40900000000 > >> Processing the authorize section of radiusd.conf > >> modcall: entering group authorize for request 0 > >> Invalid operator for item Suffix: reverting to '==' > >> Invalid operator for item Suffix: reverting to '==' > >> Invalid operator for item Suffix: reverting to '==' > >> Invalid operator for item Suffix: reverting to '==' > >> Invalid operator for item Suffix: reverting to '==' > >> Invalid operator for item Suffix: reverting to '==' > >> Invalid operator for item Suffix: reverting to '==' > >> Invalid operator for item Suffix: reverting to '==' > >> hints: Matched DEFAULT at 82 > >> modcall[authorize]: module "preprocess" returns ok for request 0 > >> modcall[authorize]: module "chap" returns noop for request 0 > >> modcall[authorize]: module "mschap" returns noop for request 0 > >> rlm_digest: Converting Digest-Attributes to something sane... > >> Digest-User-Name = "5001" > >> Digest-Realm = "vdc.com.vn" > >> Digest-Nonce = "442b360523cece6362803c97fa7fb10b37680cd8" > >> Digest-URI = "sip:vdc.com.vn" > >> Digest-Method = "REGISTER" > >> rlm_digest: Adding Auth-Type = DIGEST > >> modcall[authorize]: module "digest" returns ok for request 0 > >> rlm_realm: No '@' <mailto:[EMAIL PROTECTED]> in User-Name = "5001", > >> looking > >> up realm NULL > >> rlm_realm: No such realm "NULL" > >> modcall[authorize]: module "suffix" returns noop for request 0 > >> radius_xlat: '5001' > >> rlm_sql (sql): sql_set_user escaped user --> '5001' > >> radius_xlat: 'SELECT 1 as id,'5001' as UserName,'User-Password' as > >> Attribute,subscriber_password as Value,'==' as op FROM subscribers > >> WHERE subscriber_username = '5001'AND subscriber_status=1' > >> rlm_sql (sql): Reserving sql socket id: 4 > >> radius_xlat: '' > >> radius_xlat: 'SELECT 1 as id,'5001' as UserName,'Session-Timeout' as > >> Attribute,getSessionTime('5001','')as Value,'=' as op FROM dual' > >> radius_xlat: '' > >> rlm_sql (sql): Released sql socket id: 4 > >> modcall[authorize]: module "sql" returns ok for request 0 > >> modcall: group authorize returns ok for request 0 > >> rad_check_password: Found Auth-Type DIGEST > >> auth: type "digest" > >> Processing the authenticate section of radiusd.conf > >> modcall: entering group authenticate for request 0 > >> A1 = 5001:vdc.com.vn:test > >> A2 = REGISTER:sip:vdc.com.vn > >> H(A1) = 454e15015603bd4bd79faf0c5ddd3346 > >> H(A2) = ac5bd79ed3d6bd2bddcb1cffafbbd09a > >> KD = > >> > 454e15015603bd4bd79faf0c5ddd3346:442b360523cece6362803c97fa7fb10b37680cd8: > ac5bd79ed3d6bd2bddcb1cffafbbd09a > >> > >> EXPECTED 1c3d532fc6c1c37004c6df6027e6242c > >> RECEIVED 1c3d532fc6c1c37004c6df6027e6242c > >> modcall[authenticate]: module "digest" returns ok for request 0 > >> modcall: group authenticate returns ok for request 0 > >> Login OK: [5001] (from client 192.168.212.9 port 3134307025) > >> Sending Access-Accept of id 205 to 192.168.212.9:32826 > >> Session-Timeout = 60 > >> Finished request 0 > >> Going to the next request > >> --- Walking the entire request list --- > >> Waking up in 6 seconds... > >> --- Walking the entire request list --- > >> Cleaning up request 0 ID 205 with timestamp 442b3adf > >> Nothing to do. Sleeping until we see a request. > >> > >> Best regards, > >> Nguyen > >> ----------------------------------------------------------------------- > - > >> > >> _______________________________________________ > >> Users mailing list > >> [email protected] > >> http://openser.org/cgi-bin/mailman/listinfo/users > >> > > > > _______________________________________________ > > Users mailing list > > [email protected] > > http://openser.org/cgi-bin/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > [email protected] > http://openser.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://openser.org/cgi-bin/mailman/listinfo/users
