[OpenSIPS-Users] OpenSIPS with FreeRadius

Saeed Akhtar saeedakhtar.484 at gmail.com
Wed Dec 2 08:32:26 CET 2009


hi,

here is the full back trace from the core dump

Dec  2 12:25:58 [10538] DBG:core:parse_msg: SIP Request:
> Dec  2 12:25:58 [10538] DBG:core:parse_msg:  method:  <REGISTER>
> Dec  2 12:25:58 [10538] DBG:core:parse_msg:  uri:     <sip:192.168.2.17>
> Dec  2 12:25:58 [10538] DBG:core:parse_msg:  version: <SIP/2.0>
> Dec  2 12:25:58 [10538] DBG:core:parse_headers: flags=2
> Dec  2 12:25:58 [10538] DBG:core:parse_via_param: found param type 232,
> <branch> = <z9hG4bK-d8754z-ef5861451000a53e-1---d8754z->; state=6
> Dec  2 12:25:58 [10538] DBG:core:parse_via_param: found param type 235,
> <rport> = <n/a>; state=17
> Dec  2 12:25:58 [10538] DBG:core:parse_via: end of header reached, state=5
> Dec  2 12:25:58 [10538] DBG:core:parse_headers: via found, flags=2
> Dec  2 12:25:58 [10538] DBG:core:parse_headers: this is the first via
> Dec  2 12:25:58 [10538] DBG:core:receive_msg: After parse_msg...
> Dec  2 12:25:58 [10538] DBG:core:receive_msg: preparing to run routing
> scripts...
> Dec  2 12:25:58 [10538] DBG:core:parse_headers: flags=100
> Dec  2 12:25:58 [10538] DBG:maxfwd:is_maxfwd_present: value = 70
> Dec  2 12:25:58 [10538] DBG:core:parse_headers: flags=8
> Dec  2 12:25:58 [10538] DBG:core:parse_to: end of header reached, state=10
> Dec  2 12:25:58 [10538] DBG:core:parse_to: display={"test"}, ruri={
> sip:testdig at 192.168.2.17 <sip%3Atestdig at 192.168.2.17>}
> Dec  2 12:25:58 [10538] DBG:core:get_hdr_field: <To> [34]; uri=[
> sip:testdig at 192.168.2.17 <sip%3Atestdig at 192.168.2.17>]
> Dec  2 12:25:58 [10538] DBG:core:get_hdr_field: to body ["test"<
> sip:testdig at 192.168.2.17 <sip%3Atestdig at 192.168.2.17>>
> ]
> Dec  2 12:25:58 [10538] DBG:uri:has_totag: no totag
> Dec  2 12:25:58 [10538] DBG:core:parse_headers: flags=4000
> Dec  2 12:25:58 [10538] DBG:core:get_hdr_field: cseq <CSeq>: <1> <REGISTER>
> Dec  2 12:25:58 [10538] DBG:core:get_hdr_field: content_length=0
> Dec  2 12:25:58 [10538] DBG:core:get_hdr_field: found end of header
> Dec  2 12:25:58 [10538] DBG:auth:pre_auth: credentials with given realm not
> found
> Dec  2 12:25:58 [10538] DBG:auth:reserve_nonce_index: second= 10,
> sec_monit= -1,  index= 0
> Dec  2 12:25:58 [10538] DBG:auth:build_auth_hf: nonce index= 0
> Dec  2 12:25:58 [10538] DBG:auth:build_auth_hf: 'WWW-Authenticate: Digest
> realm="opensips.org",
> nonce="4b1616a4000000002a7457afce8b4c378c3b47f1081e2649", qop="auth"
> '
> Dec  2 12:25:58 [10538] DBG:core:parse_headers: flags=ffffffffffffffff
> Dec  2 12:25:58 [10538] DBG:core:check_ip_address: params 192.168.2.11,
> 192.168.2.11, 0
> Dec  2 12:25:58 [10538] DBG:core:destroy_avp_list: destroying list (nil)
> Dec  2 12:25:58 [10538] DBG:core:receive_msg: cleaning up
> Dec  2 12:25:59 [10538] DBG:core:parse_msg: SIP Request:
> Dec  2 12:25:59 [10538] DBG:core:parse_msg:  method:  <REGISTER>
> Dec  2 12:25:59 [10538] DBG:core:parse_msg:  uri:     <sip:192.168.2.17>
> Dec  2 12:25:59 [10538] DBG:core:parse_msg:  version: <SIP/2.0>
> Dec  2 12:25:59 [10538] DBG:core:parse_headers: flags=2
> Dec  2 12:25:59 [10538] DBG:core:parse_via_param: found param type 232,
> <branch> = <z9hG4bK-d8754z-be524d49a32c0f64-1---d8754z->; state=6
> Dec  2 12:25:59 [10538] DBG:core:parse_via_param: found param type 235,
> <rport> = <n/a>; state=17
> Dec  2 12:25:59 [10538] DBG:core:parse_via: end of header reached, state=5
> Dec  2 12:25:59 [10538] DBG:core:parse_headers: via found, flags=2
> Dec  2 12:25:59 [10538] DBG:core:parse_headers: this is the first via
> Dec  2 12:25:59 [10538] DBG:core:receive_msg: After parse_msg...
> Dec  2 12:25:59 [10538] DBG:core:receive_msg: preparing to run routing
> scripts...
> Dec  2 12:25:59 [10538] DBG:core:parse_headers: flags=100
> Dec  2 12:25:59 [10538] DBG:maxfwd:is_maxfwd_present: value = 70
> Dec  2 12:25:59 [10538] DBG:core:parse_headers: flags=8
> Dec  2 12:25:59 [10538] DBG:core:parse_to: end of header reached, state=10
> Dec  2 12:25:59 [10538] DBG:core:parse_to: display={"test"}, ruri={
> sip:testdig at 192.168.2.17 <sip%3Atestdig at 192.168.2.17>}
> Dec  2 12:25:59 [10538] DBG:core:get_hdr_field: <To> [34]; uri=[
> sip:testdig at 192.168.2.17 <sip%3Atestdig at 192.168.2.17>]
> Dec  2 12:25:59 [10538] DBG:core:get_hdr_field: to body ["test"<
> sip:testdig at 192.168.2.17 <sip%3Atestdig at 192.168.2.17>>
> ]
> Dec  2 12:25:59 [10538] DBG:uri:has_totag: no totag
> Dec  2 12:25:59 [10538] DBG:core:parse_headers: flags=4000
> Dec  2 12:25:59 [10538] DBG:core:get_hdr_field: cseq <CSeq>: <2> <REGISTER>
> Dec  2 12:25:59 [10538] DBG:auth:check_nonce: comparing
> [4b1616a4000000002a7457afce8b4c378c3b47f1081e2649] and
> [4b1616a4000000002a7457afce8b4c378c3b47f1081e2649]
> Segmentation fault (core dumped)
>

I have used realm "opensips.org" in opensips.cfg file.. and then use
proxy.conf file to redirect this realm to local freeradius server. So it
authenticates it successfully. Here is what freeradius shows

rad_recv: Access-Request packet from host 127.0.0.1 port 41774, id=115,
> length=316
>     User-Name = "testdig at opensips.org"
>     Digest-Attributes = "\n\ttestdig"
>     Digest-Attributes = "\001\016opensips.org"
>     Digest-Attributes =
> "\00224b1616a4000000002a7457afce8b4c378c3b47f1081e2649"
>     Digest-Attributes = "\004\022sip:192.168.2.17"
>     Digest-Attributes = "\003\nREGISTER"
>     Digest-Attributes = "\005\006auth"
>     Digest-Attributes = "\t\n00000001"
>     Digest-Attributes = "\010\"eaa58a56b1d0421506f04fb78b32a5d0"
>     Digest-Response = "735395326ab8b0e3ac525812e289d27f"
>     Service-Type = 0
>     Sip-URI-User = "testdig"
>     Acct-Session-Id = "MGIyODg2MjNkOTQ5ZDI4NDljMjFhMmZkZTQ3YjcxN2I."
>     NAS-Port = 5060
>     NAS-IP-Address = 127.0.0.1
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [digest] Adding Auth-Type = DIGEST
> ++[digest] returns ok
> [suffix] Looking up realm "opensips.org" for User-Name = "
> testdig at opensips.org"
> [suffix] Found realm "opensips.org"
> [suffix] Adding Stripped-User-Name = "testdig"
> [suffix] Adding Realm = "opensips.org"
> [suffix] Authentication realm is LOCAL.
> ++[suffix] returns ok
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> [files] users: Matched entry testdig at line 50
> ++[files] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] Found existing Auth-Type, not changing it.
> ++[pap] returns noop
> Found Auth-Type = digest
> +- entering group authenticate {...}
> [digest]     rlm_digest: Converting Digest-Attributes to something sane...
>     Digest-User-Name = "testdig"
>     Digest-Realm = "opensips.org"
>     Digest-Nonce = "4b1616a4000000002a7457afce8b4c378c3b47f1081e2649"
>     Digest-URI = "sip:192.168.2.17"
>     Digest-Method = "REGISTER"
>     Digest-QOP = "auth"
>     Digest-Nonce-Count = "00000001"
>     Digest-CNonce = "eaa58a56b1d0421506f04fb78b32a5d0"
> [digest] A1 = testdig:opensips.org:1234
> [digest] A2 = REGISTER:sip:192.168.2.17
> H(A1) = 342c87af466ccd667aea44e658cf705b
> H(A2) = 55004f47de60da3a8bf6686388e50a0c
> [digest] KD =
> 342c87af466ccd667aea44e658cf705b:4b1616a4000000002a7457afce8b4c378c3b47f1081e2649:00000001:eaa58a56b1d0421506f04fb78b32a5d0:auth:55004f47de60da3a8bf6686388e50a0c
>
> EXPECTED 735395326ab8b0e3ac525812e289d27f
> RECEIVED 735395326ab8b0e3ac525812e289d27f
> ++[digest] returns ok
> +- entering group post-auth {...}
> ++[exec] returns noop
> Sending Access-Accept of id 115 to 127.0.0.1 port 41774
>     Reply-Message = "OpenSIPS Rules!"
> Finished request 0.
> Going to the next request
>

I hope now someone can help me. Thanks

Regards,

Saeed Akhtar



On Thu, Nov 26, 2009 at 2:44 AM, Saeed Akhtar <saeedakhtar.484 at gmail.com>wrote:

> Thank you. I'll check that in next week. I hope i'll not need any help.
> Thank you for all your help once again
>
> Regards,
>
> Saeed Akhtar
>
>
>
>
> On Wed, Nov 25, 2009 at 8:50 PM, Irina Stanescu <ironmissy at gmail.com>wrote:
>
>> I recommend you to read the documentation of the auth_aaa module
>> http://www.opensips.org/html/docs/modules/devel/auth_aaa.html because you
>> are not using the aaa_www_authorize function correctly (the realm parameter
>> is usually "the domain of the host the server is running on").
>>
>> To find the cause of the seg fault, i need to have a full backtrace from
>> the core dump.
>>
>> Regards,
>> Irina Stanescu
>>
>> On Wed, Nov 25, 2009 at 3:45 PM, Saeed Akhtar <saeedakhtar.484 at gmail.com>wrote:
>>
>>>
>>> Thank you. Now aaa_radius module is there and I've added it in
>>> configuration file. But now I have a new error.  It says:
>>> Nov 25 17:41:06 [30313] ERROR:aaa_radius:mod_init: radius configuration
>>> file not set
>>> Nov 25 17:41:06 [30313] ERROR:core:init_mod: failed to initialize module
>>> aaa_radius
>>> Nov 25 17:41:06 [30313] ERROR:core:main: error while initializing modules
>>>
>>> So I added:
>>> modparam("aaa_radius", "radius_config",
>>> "/etc/radiusclient-ng/radiusclient.conf")
>>> (ref: http://www.opensips.org/Resources/DocsTutRadius)
>>>
>>> and it removed the error.
>>>
>>>
>>> But another problem now:
>>> I added
>>> if (!aaa_www_authorize("opensips.org")) {
>>> www_challenge("opensips.org", "1");
>>> };
>>> in my configuration files.  Then I ran freeradius and opensips and used
>>> xlite sip phone to connect to my test server.
>>> I can see my freeradius that it authenticated my request but my opensips
>>> just closed with this messages in end:
>>>
>>> Nov 25 18:36:43 [6494] DBG:core:get_hdr_field: to body ["testdig"<
>>>> sip:testdig at 192.168.2.18 <sip%3Atestdig at 192.168.2.18>>
>>>> ]
>>>> Nov 25 18:36:43 [6494] DBG:uri:has_totag: no totag
>>>> Nov 25 18:36:43 [6494] DBG:core:parse_headers: flags=4000
>>>> Nov 25 18:36:43 [6494] DBG:core:get_hdr_field: cseq <CSeq>: <1>
>>>> <REGISTER>
>>>> Nov 25 18:36:43 [6494] DBG:core:get_hdr_field: content_length=0
>>>> Nov 25 18:36:43 [6494] DBG:core:get_hdr_field: found end of header
>>>> Nov 25 18:36:43 [6494] DBG:auth:pre_auth: credentials with given realm
>>>> not found
>>>> Nov 25 18:36:43 [6494] DBG:auth:reserve_nonce_index: second= 22,
>>>> sec_monit= -1, index= 6
>>>> Nov 25 18:36:43 [6494] DBG:auth:build_auth_hf: nonce index= 6
>>>> Nov 25 18:36:43 [6494] DBG:auth:build_auth_hf: 'WWW-Authenticate: Digest
>>>> realm="opensips.org",
>>>> nonce="4b0d330900000006867ba8b2cfc8135a697ac20566d6e7e6", qop="auth"
>>>> '
>>>> Nov 25 18:36:43 [6494] DBG:core:parse_headers: flags=ffffffffffffffff
>>>> Nov 25 18:36:43 [6494] DBG:core:check_ip_address: params 192.168.2.12,
>>>> 192.168.2.12, 0
>>>> Nov 25 18:36:43 [6494] DBG:core:destroy_avp_list: destroying list (nil)
>>>> Nov 25 18:36:43 [6494] DBG:core:receive_msg: cleaning up
>>>> Nov 25 18:36:43 [6494] DBG:core:parse_msg: SIP Request:
>>>> Nov 25 18:36:43 [6494] DBG:core:parse_msg: method: <REGISTER>
>>>> Nov 25 18:36:43 [6494] DBG:core:parse_msg: uri: <sip:192.168.2.18>
>>>> Nov 25 18:36:43 [6494] DBG:core:parse_msg: version: <SIP/2.0>
>>>> Nov 25 18:36:43 [6494] DBG:core:parse_headers: flags=2
>>>> Nov 25 18:36:43 [6494] DBG:core:parse_via_param: found param type 232,
>>>> <branch> = <z9hG4bK-d8754z-08647909f42cfa04-1---d8754z->; state=6
>>>> Nov 25 18:36:43 [6494] DBG:core:parse_via_param: found param type 235,
>>>> <rport> = <n/a>; state=17
>>>> Nov 25 18:36:43 [6494] DBG:core:parse_via: end of header reached,
>>>> state=5
>>>> Nov 25 18:36:43 [6494] DBG:core:parse_headers: via found, flags=2
>>>> Nov 25 18:36:43 [6494] DBG:core:parse_headers: this is the first via
>>>> Nov 25 18:36:43 [6494] DBG:core:receive_msg: After parse_msg...
>>>> Nov 25 18:36:43 [6494] DBG:core:receive_msg: preparing to run routing
>>>> scripts...
>>>> Nov 25 18:36:43 [6494] DBG:core:parse_headers: flags=100
>>>> Nov 25 18:36:43 [6494] DBG:maxfwd:is_maxfwd_present: value = 70
>>>> Nov 25 18:36:43 [6494] DBG:core:parse_headers: flags=8
>>>> Nov 25 18:36:43 [6494] DBG:core:parse_to: end of header reached,
>>>> state=10
>>>> Nov 25 18:36:43 [6494] DBG:core:parse_to: display={"testdig"}, ruri={
>>>> sip:testdig at 192.168.2.18 <sip%3Atestdig at 192.168.2.18>}
>>>> Nov 25 18:36:43 [6494] DBG:core:get_hdr_field: <To> [37]; uri=[
>>>> sip:testdig at 192.168.2.18 <sip%3Atestdig at 192.168.2.18>]
>>>> Nov 25 18:36:43 [6494] DBG:core:get_hdr_field: to body ["testdig"<
>>>> sip:testdig at 192.168.2.18 <sip%3Atestdig at 192.168.2.18>>
>>>> ]
>>>> Nov 25 18:36:43 [6494] DBG:uri:has_totag: no totag
>>>> Nov 25 18:36:43 [6494] DBG:core:parse_headers: flags=4000
>>>> Nov 25 18:36:43 [6494] DBG:core:get_hdr_field: cseq <CSeq>: <2>
>>>> <REGISTER>
>>>> Nov 25 18:36:43 [6494] DBG:auth:check_nonce: comparing
>>>> [4b0d330900000006867ba8b2cfc8135a697ac20566d6e7e6] and
>>>> [4b0d330900000006867ba8b2cfc8135a697ac20566d6e7e6]
>>>> Segmentation fault (core dumped)
>>>>
>>>>
>>> 1 thing i didn't include in my freeradius users file is:
>>>
>>>> SIP-AVP = "sems:ann-account_locked",
>>>
>>> and i didn't include following lines in opensips config file too.
>>>
>>>> if (!aaa_proxy_authorize("")) { # Realm and URI user will be
>>>> auto-generated
>>>> proxy_challenge("", "1");
>>>> };
>>>>
>>> if (!aaa_proxy_authorize("$pd", "$pU")) { # Realm and URI user are taken
>>>> proxy_challenge("$pd", "1"); # from P-Preferred-Identity
>>>> };
>>>
>>> because it generated some error. (I can't exactly remember it now).
>>>
>>> Please someone tell me what i did wrong.
>>>
>>> Regards,
>>>
>>> Saeed Akhtar
>>>
>>>
>>>
>>>
>>> On Wed, Nov 25, 2009 at 5:24 PM, Irina Stanescu <ironmissy at gmail.com>wrote:
>>>
>>>> You have to load the aaa_radius module because it provides an
>>>> implementation for the aaa api used by several other modules.
>>>> You did not find the aaa_radius.so because the aaa_radius module is not
>>>> compiled by default.
>>>> You have to compile it yourself ( using make modules
>>>> modules=modules/aaa_radius ).
>>>>
>>>>
>>>> Regards,
>>>>
>>>> Irina Stanescu
>>>>
>>>>
>>>> On Wed, Nov 25, 2009 at 2:19 PM, Saeed Akhtar <
>>>> saeedakhtar.484 at gmail.com> wrote:
>>>>
>>>>>
>>>>> Hi,
>>>>>
>>>>> Thanks for your reply. First time I tried to load aaa_radius module. I
>>>>> used following command:
>>>>> loadmodule "aaa_radius.so"
>>>>> and it gave me error:
>>>>> ERROR:core:yyparse: module 'aaa_radius.so' not found in
>>>>> '/usr/local/lib/opensips/modules/'
>>>>>
>>>>> So i thought that may be aaa_radius module is not exactly a module to
>>>>> load seperatly in opensips. because i couldn't find aaa_radius.so file in my
>>>>> modules folder.
>>>>> Now i think i've done some terribly wrong in installing OpenSIPS with
>>>>> radius access. Can you please help me out to correct it.
>>>>>
>>>>> Regards,
>>>>>
>>>>> Saeed Akhtar
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Nov 25, 2009 at 5:11 PM, Irina Stanescu <ironmissy at gmail.com>wrote:
>>>>>
>>>>>> Hi Saeed,
>>>>>>
>>>>>> Did you load the aaa_radius module?
>>>>>>
>>>>>> Regards,
>>>>>> Irina Stanescu
>>>>>>
>>>>>> On Wed, Nov 25, 2009 at 1:37 PM, Saeed Akhtar <
>>>>>> saeedakhtar.484 at gmail.com> wrote:
>>>>>>
>>>>>>>
>>>>>>> hi all,
>>>>>>>
>>>>>>> i'm trying to connect OpenSIPS with FreeRadius on Ubuntu Server 9.04.
>>>>>>> I've installed radius client and free radius server and then opensips. and
>>>>>>> I've following error lines when i run opensips.
>>>>>>>
>>>>>>> DBG:core:find_*mod_*export: <aaa_*bind_*api> in module aaa_radius
>>>>>>> not found
>>>>>>>
>>>>>>> ERROR:core:aaa_prot: <aaa_radius> has no bind api function
>>>>>>>
>>>>>>> ERROR:acc:init*acc*aaa: AAA protocol bind failure
>>>>>>>
>>>>>>> ERROR:acc:mod_init:failed to init radius
>>>>>>>
>>>>>>> ERROR:core:init_mod: failed to initialize module acc
>>>>>>>
>>>>>>> ERROR:core:main: error while initializeing modules
>>>>>>> Can someone please help me to resolve this issue
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>>
>>>>>>> Saeed Akhtar
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Users mailing list
>>>>>>> Users at lists.opensips.org
>>>>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>> Users at lists.opensips.org
>>>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at lists.opensips.org
>>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opensips.org
>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20091202/7b63915c/attachment-0001.htm 


More information about the Users mailing list