[OpenSIPS-Users] No RADIUS traffic
ASHWINI NAIDU
ashwini.naidu at gmail.com
Mon Jun 15 06:49:06 CEST 2009
hi leon,
But i do not see your opensips communicating with radiusclient.
modparam("auth_radius", "radius_config",
"/etc/radiusclient-ng/radiusclient.conf")
mention the path of radiusclient.conf properly.
On Mon, Jun 15, 2009 at 5:13 AM, Leon Li <Leon.Li at aarnet.edu.au> wrote:
> Here it is.
>
> ####### Global Parameters #########
>
> debug=3
> log_stderror=no
> log_facility=LOG_LOCAL0
>
> fork=yes
> children=4
>
> /* uncomment the following lines to enable debugging */
> debug=6
> fork=no
> log_stderror=yes
>
> /* uncomment the next line to disable TCP (default on) */
> #disable_tcp=yes
>
> /* uncomment the next line to enable the auto temporary blacklisting of
> not available destinations (default disabled) */
> #disable_dns_blacklist=no
>
> /* uncomment the next line to enable IPv6 lookup after IPv4 dns
> lookup failures (default disabled) */ #dns_try_ipv6=yes
>
> /* uncomment the next line to disable the auto discovery of local
> aliases
> based on revers DNS on IPs (default on) */ #auto_aliases=no
>
> /* uncomment the following lines to enable TLS support (default off) */
> #disable_tls = no #listen = tls:your_IP:5061 #tls_verify_server = 1
> #tls_verify_client = 1 #tls_require_client_certificate = 0 #tls_method =
> TLSv1 #tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"
> #tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"
> #tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
>
> listen=202.158.197.134
> port=5060
>
> /* uncomment and configure the following line if you want openser to
> bind on a specific interface/port/proto (default bind on all
> available) */ #listen=udp:192.168.1.2:5060
>
>
> ####### Modules Section ########
>
> #set module path
> mpath="/usr/local/lib/openser/modules/"
>
> /* uncomment next line for MySQL DB support */ #loadmodule "mysql.so"
> loadmodule "sl.so"
> loadmodule "tm.so"
> loadmodule "rr.so"
> loadmodule "maxfwd.so"
> loadmodule "usrloc.so"
> loadmodule "registrar.so"
> loadmodule "textops.so"
> loadmodule "mi_fifo.so"
> loadmodule "uri_db.so"
> loadmodule "uri.so"
> loadmodule "xlog.so"
> loadmodule "acc.so"
> /* uncomment next lines for MySQL based authentication support
> NOTE: a DB (like mysql) module must be also loaded */ loadmodule
> "auth.so"
> loadmodule "auth_radius.so"
> #loadmodule "auth_db.so"
> /* uncomment next line for aliases support
> NOTE: a DB (like mysql) module must be also loaded */ #loadmodule
> "alias_db.so"
> /* uncomment next line for multi-domain support
> NOTE: a DB (like mysql) module must be also loaded
> NOTE: be sure and enable multi-domain support in all used modules
> (see "multi-module params" section ) */ #loadmodule "domain.so"
> /* uncomment the next two lines for presence server support
> NOTE: a DB (like mysql) module must be also loaded */ #loadmodule
> "presence.so"
> #loadmodule "presence_xml.so"
>
>
> # ----------------- setting module-specific parameters ---------------
>
>
> # ----- mi_fifo params -----
> modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
>
>
> # ----- rr params -----
> # add value to ;lr param to cope with most of the UAs modparam("rr",
> "enable_full_lr", 1) # do not append from tag to the RR (no need for
> this script) modparam("rr", "append_fromtag", 0)
>
>
> # ----- rr params -----
> modparam("registrar", "method_filtering", 1)
> /* uncomment the next line to disable parallel forking via location */ #
> modparam("registrar", "append_branches", 0)
> /* uncomment the next line not to allow more than 10 contacts per AOR */
> #modparam("registrar", "max_contacts", 10)
>
>
> # ----- uri_db params -----
> /* by default we disable the DB support in the module as we do not need
> it
> in this configuration */
> modparam("uri_db", "use_uri_table", 0)
> modparam("uri_db", "db_url", "")
>
>
> # ----- acc params -----
> /* what sepcial events should be accounted ? */ modparam("acc",
> "early_media", 1) modparam("acc", "report_ack", 1) modparam("acc",
> "report_cancels", 1)
> /* by default ww do not adjust the direct of the sequential requests.
> if you enable this parameter, be sure the enable "append_fromtag"
> in "rr" module */
> modparam("acc", "detect_direction", 0)
> /* account triggers (flags) */
> modparam("acc", "failed_transaction_flag", 3) modparam("acc",
> "log_flag", 1) modparam("acc", "log_missed_flag", 2)
> /* uncomment the following lines to enable DB accounting also */
> modparam("acc", "db_flag", 1) modparam("acc", "db_missed_flag", 2)
>
> # ----- multi-module params -----
> /* uncomment the following line if you want to enable multi-domain
> support
> in the modules (dafault off) */
> #modparam("alias_db|auth_db|usrloc|uri_db", "use_domain", 1)
>
> ####### Routing Logic ########
>
>
> # main request routing logic
>
> route{
>
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> exit;
> }
>
> if (has_totag()) {
> # sequential request withing a dialog should
> # take the path determined by record-routing
> if (loose_route()) {
> if (is_method("BYE")) {
> setflag(1); # do accouting ...
> setflag(3); # ... even if the
> transaction fails
> }
> route(1);
> } else {
> /* uncomment the following lines if you want to
> enable presence */
> ##if (is_method("SUBSCRIBE") && $rd ==
> "your.server.ip.address") {
> ## # in-dialog subscribe requests
> ## route(2);
> ## exit;
> ##}
> if ( is_method("ACK") ) {
> if ( t_check_trans() ) {
> # non loose-route, but stateful
> ACK; must be an ACK after a 487 or e.g. 404 from upstream server
> t_relay();
> exit;
> } else {
> # ACK without matching
> transaction ... ignore and discard.\n");
> exit;
> }
> }
> sl_send_reply("404","Not here");
> }
> exit;
> }
>
> #initial requests
>
> # CANCEL processing
> if (is_method("CANCEL"))
> {
> if (t_check_trans())
> t_relay();
> exit;
> }
>
> t_check_trans();
>
> # authenticate if from local subscriber (uncomment to enable
> auth)
> ##if (!(method=="REGISTER") && from_uri==myself)
> ##{
> ## if (!proxy_authorize("", "subscriber")) {
> ## proxy_challenge("", "0");
> ## exit;
> ## }
> ## if (!check_from()) {
> ## sl_send_reply("403","Forbidden auth ID");
> ## exit;
> ## }
> ##
> ## consume_credentials();
> ## # caller authenticated
> ##}
>
> # record routing
> if (!is_method("REGISTER|MESSAGE"))
> record_route();
>
> # account only INVITEs
> if (is_method("INVITE")) {
> setflag(1); # do accouting
> }
> if (!uri==myself)
> /* replace with following line if multi-domain support is used
> */
> ##if (!is_uri_host_local())
> {
> append_hf("P-hint: outbound\r\n");
> # if you have some interdomain connections via TLS
> ##if($rd=="tls_domain1.net") {
> ## t_relay("tls:domain1.net");
> ## exit;
> ##} else if($rd=="tls_domain2.net") {
> ## t_relay("tls:domain2.net");
> ## exit;
> ##}
> route(1);
> }
>
> # requests for my domain
>
> /* uncomment this if you want to enable presence server
> and comment the next 'if' block
> NOTE: uncomment also the definition of route[2] from below
> */
> ##if( is_method("PUBLISH|SUBSCRIBE"))
> ## route(2);
>
> if (is_method("PUBLISH"))
> {
> sl_send_reply("503", "Service Unavailable");
> exit;
> }
>
>
> if (is_method("REGISTER"))
> {
> # authenticate the REGISTER requests (uncomment to
> enable auth)
> ##if (!www_authorize("", "subscriber"))
> ##{
> ## www_challenge("", "0");
> ## exit;
> ##}
> ##
> ##if (!check_to())
> ##{
> ## sl_send_reply("403","Forbidden auth ID");
> ## exit;
> ##}
>
> xlog("L_INFO", "REGISTER for ($fU) $ru\n");
> if (!radius_www_authorize(""))
> {
> log(1, "Proxy Authentication Required
> (Digest)\n");
> www_challenge("", "0");
> exit;
> };
>
> if (!save("location"))
> sl_reply_error();
>
> exit;
> }
>
> if ($rU==NULL) {
> # request with no Username in RURI
> sl_send_reply("484","Address Incomplete");
> exit;
> }
>
> # apply DB based aliases (uncomment to enable)
> ##alias_db_lookup("dbaliases");
>
> if (!lookup("location")) {
> switch ($retcode) {
> case -1:
> case -3:
> t_newtran();
> t_reply("404", "Not Found");
> exit;
> case -2:
> sl_send_reply("405", "Method Not
> Allowed");
> exit;
> }
> }
>
> # when routing via usrloc, log the missed calls also
> setflag(2);
>
> route(1);
> }
>
>
> route[1] {
> # for INVITEs enable some additional helper routes
> if (is_method("INVITE")) {
> t_on_branch("2");
> t_on_reply("2");
> t_on_failure("1");
> }
>
> if (!t_relay()) {
> sl_reply_error();
> };
> exit;
> }
>
> branch_route[2] {
> xlog("new branch at $ru\n");
> }
>
>
> onreply_route[2] {
> xlog("incoming reply\n");
> }
>
>
> failure_route[1] {
> if (t_was_cancelled()) {
> exit;
> }
>
> # uncomment the following lines if you want to block client
> # redirect based on 3xx replies.
> ##if (t_check_status("3[0-9][0-9]")) {
> ##t_reply("404","Not found");
> ## exit;
> ##}
>
> # uncomment the following lines if you want to redirect the
> failed
> # calls to a different new destination
> ##if (t_check_status("486|408")) {
> ## sethostport("192.168.2.100:5060");
> ## append_branch();
> ## # do not set the missed call flag again
> ## t_relay();
> ##}
> }
>
> Regards,
> Leon
>
> -----Original Message-----
> From: Uwe Kastens [mailto:kiste at kiste.org]
> Sent: Friday, 12 June 2009 4:51 PM
> To: Leon Li
> Cc: users at lists.opensips.org
> Subject: Re: [OpenSIPS-Users] No RADIUS traffic
>
> Hi,
>
> This is strange. Could you post your opensips.cfg or send it to me
> directly?
>
> BR
>
> Uwe
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
--
Thanking You,
Ashwini BR Naidu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20090615/05dbb28b/attachment-0001.htm
More information about the Users
mailing list