Hi Dan,
I am running in debug mode, here is the output of FreeRadius which seems fine
to me:
rad_recv: Access-Request packet from host 192.168.2.80:35223, id=250, length=232
User-Name = "[EMAIL PROTECTED]"
Digest-Attributes = 0x0a05313031
Digest-Attributes = 0x010d6f70656e7365722e6f7267
Digest-Attributes =
0x022a34363961626230616465333832613934646432333533636264663264666438336231353933663564
Digest-Attributes = 0x04127369703a3139322e3136382e322e3830
Digest-Attributes = 0x030a5245474953544552
Digest-Attributes = 0x050661757468
Digest-Attributes = 0x090a3030303030303930
Digest-Attributes = 0x081235343038316466316439623562383564
Digest-Response = "d3ff78d09d9b2cefdce0c975b3c6fd26"
Service-Type = IAPP-Register
X-Ascend-PW-Lifetime = 0x313031
NAS-Port = 5060
NAS-IP-Address = 192.168.2.80
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1124
modcall[authorize]: module "preprocess" returns ok for request 1124
radius_xlat:
'/usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716'
rlm_detail:
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716
modcall[authorize]: module "auth_log" returns ok for request 1124
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok for request 1124
users: Matched entry [EMAIL PROTECTED] at line 53
modcall[authorize]: module "files" returns ok for request 1124
modcall: leaving group authorize (returns ok) for request 1124
rad_check_password: Found Auth-Type DIGEST
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1124
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "101"
Digest-Realm = "openser.org"
Digest-Nonce = "469abb0ade382a94dd2353cbdf2dfd83b1593f5d"
Digest-URI = "sip:192.168.2.80"
Digest-Method = "REGISTER"
Digest-QOP = "auth"
Digest-Nonce-Count = "00000090"
Digest-CNonce = "54081df1d9b5b85d"
A1 = 101:openser.org:101
A2 = REGISTER:sip:192.168.2.80
H(A1) = f195c177997cee336c919be9279c5703
H(A2) = 046d0643f281affab19fe62ffc848ab5
KD =
f195c177997cee336c919be9279c5703:469abb0ade382a94dd2353cbdf2dfd83b1593f5d:00000090:54081df1d9b5b85d:auth:046d0643f281affab19fe62ffc848ab5
EXPECTED d3ff78d09d9b2cefdce0c975b3c6fd26
RECEIVED d3ff78d09d9b2cefdce0c975b3c6fd26
modcall[authenticate]: module "digest" returns ok for request 1124
modcall: leaving group authenticate (returns ok) for request 1124
Login OK: [EMAIL PROTECTED]/<no User-Password attribute>] (from client
192.168.2.80 port 5060)
Sending Access-Accept of id 250 to 192.168.2.80 port 35223
Finished request 1124
Going to the next request
Waking up in 6 seconds...
Z2L
----- Original Message -----
From: "Dan-Cristian Bogos" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Sent: Wednesday, July 18, 2007 1:53:14 PM (GMT+0200) Asia/Jerusalem
Subject: Re: [OpenSER-Users] Radius integration issue
Hi,
try running FreeRADIUS in debug mode, this will tell u more info
regarding the cause of failure.
To run FreeRADIUS in debug start it with -X option.
Let us know about the results.
Cheers,
DanB
On 7/18/07, OpenSER ML <[EMAIL PROTECTED]> wrote:
> Hi All,
>
> I'm trying to connect OpenSER with FreeRadius. I've managed to get the
> digest authentication
> going correctly, having the Radius respond with LOGIN OK for the requests
> that are in the users file. However, although the authentication process
> appears to succeed, the IP phone doesn't register to the OpenSER server.
>
> The following can be seen in the debug:
>
> 0(17821) SIP Request:
> 0(17821) method: <REGISTER>
> 0(17821) uri: <sip:192.168.2.80>
> 0(17821) version: <SIP/2.0>
> 0(17821) parse_headers: flags=2
> 0(17821) Found param type 232, <branch> = <z9hG4bK4d7202f23b6595fc>; state=16
> 0(17821) end of header reached, state=5
> 0(17821) parse_headers: Via found, flags=2
> 0(17821) parse_headers: this is the first via
> 0(17821) After parse_msg...
> 0(17821) preparing to run routing scripts...
> 0(17821) parse_headers: flags=100
> 0(17821) DEBUG:parse_to:end of header reached, state=10
> 0(17821) DBUG:parse_to: display={}, ruri={sip:[EMAIL PROTECTED];user=phone}
> 0(17821) DEBUG: get_hdr_field: <To> [35]; uri=[sip:[EMAIL
> PROTECTED];user=phone]
> 0(17821) DEBUG: to body [<sip:[EMAIL PROTECTED];user=phone>
> ]
> 0(17821) get_hdr_field: cseq <CSeq>: <20048> <REGISTER>
> 0(17821) DEBUG:maxfwd:is_maxfwd_present: value = 70
> 0(17821) parse_headers: flags=200
> 0(17821) DEBUG: get_hdr_body : content_length=0
> 0(17821) found end of header
> 0(17821) find_first_route: No Route headers found
> 0(17821) loose_route: There is no Route HF
> 0(17821) grep_sock_info - checking if host==us: 12==12 && [192.168.2.80] ==
> [192.168.2.80]
> 0(17821) grep_sock_info - checking if port 5060 matches port 5060
> 0(17821) grep_sock_info - checking if host==us: 12==12 && [192.168.2.80] ==
> [192.168.2.80]
> 0(17821) grep_sock_info - checking if port 5060 matches port 5060
> 0(17821) check_nonce(): comparing [469aba5f4ff6b78f7b9588ad19fc0ab514e709da]
> and [469aba5f4ff6b78f7b9588ad19fc0ab514e709da]
> 0(17821) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed
> 0(17821) build_auth_hf(): 'WWW-Authenticate: Digest realm="openser.org",
> nonce="469aba5f4ff6b78f7b9588ad19fc0ab514e709da", qop="auth"
> '
> 0(17821) parse_headers: flags=ffffffffffffffff
> 0(17821) check_via_address(192.168.2.101, 192.168.2.101, 0)
> 0(17821) DEBUG:destroy_avp_list: destroying list (nil)
> 0(17821) receive_msg: cleaning up
>
> As you can surely see, the ERROR is somewhere in the authorization status.
> Now, I've verified
> the secret key between the machine, and all seems to be in place - any
> pointers will be highly appreciated.
>
> Z2L
>
> _______________________________________________
> Users mailing list
> [email protected]
> http://openser.org/cgi-bin/mailman/listinfo/users
>
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
