Hi Ravi,
Thanks for your help and suggestion. I went through avp
module documentation and figured out that the avp_check syntax in
config.cfg file was incorrect. I changed it as follows and now it's
working,
if(!avp_check("$avp(i:2)", "eq/$avp($src_ip)/ig"))
{
sl_send_reply("403", "Forbidden IP");
exit;
};
But still I get parse error for following 2 statements in
openser.cfg (I commented them to make forward progress). Please advice
modparam("acc", "radius_extra", "Sip-Src-IP=$si;Sip-Src-Port=$sp")
modparam("avpops", "avp_aliases", "day=i:101;time=i:102")
Another thing is I am currently using the file based radius
authentication for the users. (I have created a file called
/usr/local/etc/raddb/users with 2 users). Do you know how to
enable/use radius with user authentication done from a database (i am
using mysql). I couldn't find any documentation for it.
Thanks for the help
- Sanjeev
On 11/6/06, raviprakash sunkara <[EMAIL PROTECTED]> wrote:
Usrs usrloc is comment,
On 11/7/06, Sanjeev Manoli <[EMAIL PROTECTED]> wrote:
> Hi,
> I am getting following errors as seen in /var/log/message while
> running openser with radius integration,
>
*****************************************************************************************
> Nov 6 20:33:45 lx-dev monit[13565]: 'openser' start: /etc/init.d/openser
> Nov 6 20:33:45 lx-dev monit[13565]: 'openser' failed to start
> Nov 6 20:33:45 lx-dev openser: init_tcp: using epoll_lt as the io
> watch method (auto detected)
> Nov 6 20:33:45 lx-dev openser: INFO: statistics manager successfully
> initialized
> Nov 6 20:33:45 lx-dev openser: StateLess module - initializing
> Nov 6 20:33:45 lx-dev openser: TM - initializing...
> Nov 6 20:33:46 lx-dev openser: Maxfwd module- initializing
> Nov 6 20:33:46 lx-dev openser: AVPops - initializing
> Nov 6 20:33:46 lx-dev openser: TextOPS - initializing
> Nov 6 20:33:46 lx-dev openser: ACC - initializing
> Nov 6 20:33:46 lx-dev openser: AUTH module - initializing
> Nov 6 20:33:46 lx-dev openser: xl_parse_item: error - bad parameters
> Nov 6 20:33:46 lx-dev openser: ERROR:avpops:fixup_check_avp: unable
> to get pseudo-variable in P1
> Nov 6 20:33:46 lx-dev openser: ERROR: fix_actions: fixing failed
> (code=-2) at cfg line 146
> Nov 6 20:33:46 lx-dev openser: ERROR: fix_expr : fix_actions error
>
*****************************************************************************************
> I am using openser (Version: openser-1.1.0-tls) and radius server
> (freeradius-1.1.3) along with radiusclient-ng (radiusclient-ng-0.5.2 ).
> I exactly followed the following radius integration documentation
> from openser web site,
> http://openser.org/docs/openser-radius-1.0.x.html
>
> If I remove the radius integration related part from openser.cfg then
> my openser server starts fine, I have tested it with kphone SIP UA and
> it works fine.
>
> One other question is I get parse error for following 2 statements in
> openser.cfg (I commented them to make forward progress). Please advice
> the right syntax to use following modparam statements.
> modparam("acc", "radius_extra",
"Sip-Src-IP=$si;Sip-Src-Port=$sp")
> modparam("avpops", "avp_aliases", "day=i:101;time=i:102")
>
> This is kind of urgent for me and I am clueless at this point so
> really appreciate all your help.
>
> Thanks,
> - San
> P.S. For your reference here is the openser.cfg file that I am using,
> #
> # $Id$
> #
> # radius config script
> #
>
> # ----------- global configuration parameters ------------------------
>
> debug=9 # debug level (cmd line: -dddddddddd)
> fork=no
> log_stderror=no # (cmd line: -E)
>
> check_via=no # (cmd. line: -v)
> dns=no # (cmd. line: -r)
> rev_dns=no # (cmd. line: -R)
> port=5060
> children=4
> listen=udp: 192.168.0.5
> alias="192.168.0.5"
>
> #fifo="/tmp/openser_fifo"
>
> # ------------------ module loading
----------------------------------
> mpath="/usr/local/lib/openser/modules"
>
> loadmodule "mysql.so"
> loadmodule "sl.so"
> loadmodule "tm.so"
> loadmodule "rr.so"
> loadmodule "maxfwd.so"
> loadmodule "avpops.so"
> loadmodule " usrloc.so"
> loadmodule "registrar.so"
> loadmodule "textops.so"
> loadmodule "xlog.so"
> loadmodule "uri.so"
> loadmodule "acc.so"
> loadmodule "auth.so"
> loadmodule "auth_radius.so"
> loadmodule "group_radius.so"
> loadmodule "avp_radius.so"
>
> # ----------------- setting module-specific parameters ---------------
>
> # -- usrloc params --
>
#modparam("usrloc","db_url","mysql://openser:[EMAIL PROTECTED]/openser")
> modparam("usrloc", "db_mode", 2)
>
> # -- acc params --
> modparam("acc", "radius_flag", 1)
> modparam("acc", "radius_missed_flag", 2)
> modparam("acc", "log_flag", 1)
> modparam("acc", "log_missed_flag", 1)
> modparam("acc", "service_type", 15)
> #modparam("acc", "radius_extra",
"Sip-Src-IP=$si;Sip-Src-Port=$sp")
> modparam("acc|auth_radius|group_radius|avp_radius",
"radius_config",
> "/etc/radiusclient-ng/radiusclient.conf")
>
> # -- group_radius params --
> modparam("group_radius", "use_domain", 1)
>
> # -- avpops params --
> #modparam("avpops", "avp_aliases", "day=i:101;time=i:102")
>
> # -- rr params --
> # add value to ;lr param to make some broken UAs happy
> modparam("rr", "enable_full_lr", 1)
>
> # ------------------------- request routing logic
-------------------
>
> # main routing logic
>
> route{
>
> # initial sanity checks -- messages with
> # max_forwards==0, or excessively long requests
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> exit;
> };
>
> if (msg:len >= 2048 ) {
> sl_send_reply("513", "Message too big");
> exit;
> };
>
> # check if user is suspended
>
if(is_method("REGISTER|INVITE|MESSAGE|OPTIONS|SUBSCRIBE"))
> {
> if (radius_is_user_in("From", "suspended")) {
> sl_send_reply("403", "Forbidden -
suspended");
> exit;
> };
> };
>
> # we record-route all messages -- to make sure that
> # subsequent messages will go through our proxy; that's
> # particularly good if upstream and downstream entities
> # use different transport protocol
> if (!method=="REGISTER")
> record_route();
>
> # subsequent messages withing a dialog should take the
> # path determined by record-routing
> if (loose_route()) {
> # mark routing logic in request
> append_hf("P-hint: rr-enforced\r\n");
> if(is_method("BYE"))
> { # log it all the time
> acc_rad_request("200 ok");
> acc_log_request("200 ok");
> }
> route(1);
> };
>
> if(is_method("INVITE") && !has_totag())
> { # set the acc flags
> setflag(1);
> setflag(2);
> };
>
> if (!uri==myself) {
> # check if user is allowed to do voip calls to other domains
> if(is_method("INVITE|MESSAGE")) {
> if (!radius_is_user_in("From", "voip")) {
> sl_send_reply("403", "Forbidden VoIP");
> exit;
> };
> };
> # mark routing logic in request
> append_hf("P-hint: outbound\r\n");
> route(1);
> };
>
> # if the request is for other domain use UsrLoc
> # (in case, it does not work, use the following command
> # with proper names and addresses in it)
> if (uri==myself) {
> # authenticate registers
> if (method=="REGISTER") {
> if (!radius_www_authorize("192.168.0.5")) {
> www_challenge("192.168.0.5", "0");
> exit;
> };
>
> # check the src ip address
Call the method is Wrong , Check the Module doc od avp_radius and Avp,
>
> if(!avp_check("i:2", "eq/$src_ip/ig"))
> {
> sl_send_reply("403", "Forbidden IP");
> exit;
> };
>
> save("location");
> exit;
> };
>
> # calls to pstn
> if(uri=~"sip:00[1-9][0-9]+@") {
> if(is_method("INVITE") && !has_totag()) {
> if (!radius_is_user_in("From", "pstn")) {
> sl_send_reply("403", "Forbidden
PSTN");
> exit;
> };
> };
> # set gateway address
> rewritehostport(" 10.10.10.10:5090");
> route(1);
> };
>
> # load callee's avps
> if(avp_load_radius("callee"))
> {
> # check if user has time filter enabled
> if(avp_check("i:3", "eq/i:1"))
> {
> # print time in an avp
> avp_printf("i:100", "$Tf");
> # extract day
> avp_subst("i:100/i:101", "/(.{3})
.+/*\1*/");
> if(!avp_check("i:6", "fm/$day")) {
> sl_send_reply("403", "Forbidden -
day");
> exit;
> };
> # extract 'hours:minutes'
> avp_subst("i:100/i:102", "/(.{10})
(.{5}):.+/\2/");
> if((is_avp_set("i:4") && avp_check("i:4",
"gt/$time"))
> || (is_avp_set("i:5") && avp_check("i:5", "lt/$time"))) {
> sl_send_reply("403", "Forbidden -
time");
> exit;
> };
> };
> };
>
> # native SIP destinations are handled using our USRLOC DB
> if (!lookup("location")) {
> # log to acc as missed call
> acc_rad_request("404 Not Found");
> acc_log_request("404 Not Found");
> sl_send_reply("404", "Not Found");
> exit;
> };
> append_hf("P-hint: usrloc applied\r\n");
> };
>
> route(1);
> }
>
> # generic forward
> route[1] {
> # send it out now; use stateful forwarding as it works reliably
> # even for UDP2TCP
> if (!t_relay()) {
> sl_reply_error();
> };
> exit;
> }
> #
>
> _______________________________________________
> Users mailing list
> [email protected]
> http://openser.org/cgi-bin/mailman/listinfo/users
>
--
Thanks and Regards
Ravi Prakash Sunkara
[EMAIL PROTECTED]
M:+91 9985077535
O:+91 40 23114549
F:+91 40 40208727
[EMAIL PROTECTED]
www.hyperion-tech.com
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
