[OpenSIPS-Users] consume_credentials doesn't work with auth_radius module
Robert Borz
robert.borz at web.de
Wed Jan 21 17:41:23 CET 2009
Hi,
I'm using OpenSER 1.3.2 (because I have to) with the auth_radius module to authorize users against a FreeRADIUS server. Capturing the SIP packets showed, that consume_credentials() doesn't remove the "Proxy-Authorization" header field containing the challenged credentials.
Further is_present_hf("Proxy-Authorization") returns true, also if there is no Proxy-Authorization header field in the message, which leads to the following ERROR:
Jan 21 17:28:48 sip0 /usr/sbin/openser[3982]: ERROR:auth:consume_credentials: no authorized credentials found (error in scripts)
Do I have to use www_authorize() and proxy_authorize() to get consume_credentials() working?
I need to authenticate against a FreeRADIUS server, what is a common alternative to consume_credentials and why doesn't the is_present_hf() function work as expected?
Any help would be really appreciated...
Thanks a lot!
Robert.
Here's the base-outbound part of my current configuration, adapted from the sip:wizard from sip:wise:
route[3]
{
if (isbflagset(6)) {
if (!isflagset(22) && !search("^Content-Length:[ ]*0")) {
setflag(22);
force_rtp_proxy();
}
t_on_reply("2");
} else {
t_on_reply("1");
}
if (!isflagset(21)) {
t_on_failure("2");
}
if (isflagset(29)) {
append_branch();
}
if (is_present_hf("Proxy-Authorization")) {
xlog("L_ERR", "==========> is_present_hf=TRUE");
consume_credentials();
append_hf("P-hint: credentials should be removed.\r\n");
}
if (!is_present_hf("Proxy-Authorization")) {
xlog("L_ERR", "==========> is_present_hf=FALSE");
}
xlog("L_INFO", "Request leaving server, D-URI='$du' - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");
# no 100 (we already sent it) and no DNS blacklisting
if (!t_relay("0x05")) {
sl_reply_error();
if(is_method("INVITE") && isbflagset(6)) {
unforce_rtp_proxy();
}
}
exit;
}
More information about the Users
mailing list