[OpenSIPS-Users] No RADIUS traffic
ASHWINI NAIDU
ashwini.naidu at gmail.com
Mon Jun 15 06:51:48 CEST 2009
On Mon, Jun 15, 2009 at 10:19 AM, ASHWINI NAIDU <ashwini.naidu at gmail.com>wrote:
> hi leon,
>
> But i do not see your openser communicating with radiusclient.
>
> modparam("auth_radius", "radius_config",
> "/etc/radiusclient-ng/radiusclient.conf")
>
> mention the path of radiusclient.conf properly.
Your mysql support is also commented.
*loadmodule "mysql.so"*
>
>
>
>
>
>
>
> On Mon, Jun 15, 2009 at 5:13 AM, Leon Li <Leon.Li at aarnet.edu.au> wrote:
>
>> Here it is.
>>
>> ####### Global Parameters #########
>>
>> debug=3
>> log_stderror=no
>> log_facility=LOG_LOCAL0
>>
>> fork=yes
>> children=4
>>
>> /* uncomment the following lines to enable debugging */
>> debug=6
>> fork=no
>> log_stderror=yes
>>
>> /* uncomment the next line to disable TCP (default on) */
>> #disable_tcp=yes
>>
>> /* uncomment the next line to enable the auto temporary blacklisting of
>> not available destinations (default disabled) */
>> #disable_dns_blacklist=no
>>
>> /* uncomment the next line to enable IPv6 lookup after IPv4 dns
>> lookup failures (default disabled) */ #dns_try_ipv6=yes
>>
>> /* uncomment the next line to disable the auto discovery of local
>> aliases
>> based on revers DNS on IPs (default on) */ #auto_aliases=no
>>
>> /* uncomment the following lines to enable TLS support (default off) */
>> #disable_tls = no #listen = tls:your_IP:5061 #tls_verify_server = 1
>> #tls_verify_client = 1 #tls_require_client_certificate = 0 #tls_method =
>> TLSv1 #tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"
>> #tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"
>> #tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
>>
>> listen=202.158.197.134
>> port=5060
>>
>> /* uncomment and configure the following line if you want openser to
>> bind on a specific interface/port/proto (default bind on all
>> available) */ #listen=udp:192.168.1.2:5060
>>
>>
>> ####### Modules Section ########
>>
>> #set module path
>> mpath="/usr/local/lib/openser/modules/"
>>
>> /* uncomment next line for MySQL DB support */ #loadmodule "mysql.so"
>> loadmodule "sl.so"
>> loadmodule "tm.so"
>> loadmodule "rr.so"
>> loadmodule "maxfwd.so"
>> loadmodule "usrloc.so"
>> loadmodule "registrar.so"
>> loadmodule "textops.so"
>> loadmodule "mi_fifo.so"
>> loadmodule "uri_db.so"
>> loadmodule "uri.so"
>> loadmodule "xlog.so"
>> loadmodule "acc.so"
>> /* uncomment next lines for MySQL based authentication support
>> NOTE: a DB (like mysql) module must be also loaded */ loadmodule
>> "auth.so"
>> loadmodule "auth_radius.so"
>> #loadmodule "auth_db.so"
>> /* uncomment next line for aliases support
>> NOTE: a DB (like mysql) module must be also loaded */ #loadmodule
>> "alias_db.so"
>> /* uncomment next line for multi-domain support
>> NOTE: a DB (like mysql) module must be also loaded
>> NOTE: be sure and enable multi-domain support in all used modules
>> (see "multi-module params" section ) */ #loadmodule "domain.so"
>> /* uncomment the next two lines for presence server support
>> NOTE: a DB (like mysql) module must be also loaded */ #loadmodule
>> "presence.so"
>> #loadmodule "presence_xml.so"
>>
>>
>> # ----------------- setting module-specific parameters ---------------
>>
>>
>> # ----- mi_fifo params -----
>> modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
>>
>>
>> # ----- rr params -----
>> # add value to ;lr param to cope with most of the UAs modparam("rr",
>> "enable_full_lr", 1) # do not append from tag to the RR (no need for
>> this script) modparam("rr", "append_fromtag", 0)
>>
>>
>> # ----- rr params -----
>> modparam("registrar", "method_filtering", 1)
>> /* uncomment the next line to disable parallel forking via location */ #
>> modparam("registrar", "append_branches", 0)
>> /* uncomment the next line not to allow more than 10 contacts per AOR */
>> #modparam("registrar", "max_contacts", 10)
>>
>>
>> # ----- uri_db params -----
>> /* by default we disable the DB support in the module as we do not need
>> it
>> in this configuration */
>> modparam("uri_db", "use_uri_table", 0)
>> modparam("uri_db", "db_url", "")
>>
>>
>> # ----- acc params -----
>> /* what sepcial events should be accounted ? */ modparam("acc",
>> "early_media", 1) modparam("acc", "report_ack", 1) modparam("acc",
>> "report_cancels", 1)
>> /* by default ww do not adjust the direct of the sequential requests.
>> if you enable this parameter, be sure the enable "append_fromtag"
>> in "rr" module */
>> modparam("acc", "detect_direction", 0)
>> /* account triggers (flags) */
>> modparam("acc", "failed_transaction_flag", 3) modparam("acc",
>> "log_flag", 1) modparam("acc", "log_missed_flag", 2)
>> /* uncomment the following lines to enable DB accounting also */
>> modparam("acc", "db_flag", 1) modparam("acc", "db_missed_flag", 2)
>>
>> # ----- multi-module params -----
>> /* uncomment the following line if you want to enable multi-domain
>> support
>> in the modules (dafault off) */
>> #modparam("alias_db|auth_db|usrloc|uri_db", "use_domain", 1)
>>
>> ####### Routing Logic ########
>>
>>
>> # main request routing logic
>>
>> route{
>>
>> if (!mf_process_maxfwd_header("10")) {
>> sl_send_reply("483","Too Many Hops");
>> exit;
>> }
>>
>> if (has_totag()) {
>> # sequential request withing a dialog should
>> # take the path determined by record-routing
>> if (loose_route()) {
>> if (is_method("BYE")) {
>> setflag(1); # do accouting ...
>> setflag(3); # ... even if the
>> transaction fails
>> }
>> route(1);
>> } else {
>> /* uncomment the following lines if you want to
>> enable presence */
>> ##if (is_method("SUBSCRIBE") && $rd ==
>> "your.server.ip.address") {
>> ## # in-dialog subscribe requests
>> ## route(2);
>> ## exit;
>> ##}
>> if ( is_method("ACK") ) {
>> if ( t_check_trans() ) {
>> # non loose-route, but stateful
>> ACK; must be an ACK after a 487 or e.g. 404 from upstream server
>> t_relay();
>> exit;
>> } else {
>> # ACK without matching
>> transaction ... ignore and discard.\n");
>> exit;
>> }
>> }
>> sl_send_reply("404","Not here");
>> }
>> exit;
>> }
>>
>> #initial requests
>>
>> # CANCEL processing
>> if (is_method("CANCEL"))
>> {
>> if (t_check_trans())
>> t_relay();
>> exit;
>> }
>>
>> t_check_trans();
>>
>> # authenticate if from local subscriber (uncomment to enable
>> auth)
>> ##if (!(method=="REGISTER") && from_uri==myself)
>> ##{
>> ## if (!proxy_authorize("", "subscriber")) {
>> ## proxy_challenge("", "0");
>> ## exit;
>> ## }
>> ## if (!check_from()) {
>> ## sl_send_reply("403","Forbidden auth ID");
>> ## exit;
>> ## }
>> ##
>> ## consume_credentials();
>> ## # caller authenticated
>> ##}
>>
>> # record routing
>> if (!is_method("REGISTER|MESSAGE"))
>> record_route();
>>
>> # account only INVITEs
>> if (is_method("INVITE")) {
>> setflag(1); # do accouting
>> }
>> if (!uri==myself)
>> /* replace with following line if multi-domain support is used
>> */
>> ##if (!is_uri_host_local())
>> {
>> append_hf("P-hint: outbound\r\n");
>> # if you have some interdomain connections via TLS
>> ##if($rd=="tls_domain1.net") {
>> ## t_relay("tls:domain1.net");
>> ## exit;
>> ##} else if($rd=="tls_domain2.net") {
>> ## t_relay("tls:domain2.net");
>> ## exit;
>> ##}
>> route(1);
>> }
>>
>> # requests for my domain
>>
>> /* uncomment this if you want to enable presence server
>> and comment the next 'if' block
>> NOTE: uncomment also the definition of route[2] from below
>> */
>> ##if( is_method("PUBLISH|SUBSCRIBE"))
>> ## route(2);
>>
>> if (is_method("PUBLISH"))
>> {
>> sl_send_reply("503", "Service Unavailable");
>> exit;
>> }
>>
>>
>> if (is_method("REGISTER"))
>> {
>> # authenticate the REGISTER requests (uncomment to
>> enable auth)
>> ##if (!www_authorize("", "subscriber"))
>> ##{
>> ## www_challenge("", "0");
>> ## exit;
>> ##}
>> ##
>> ##if (!check_to())
>> ##{
>> ## sl_send_reply("403","Forbidden auth ID");
>> ## exit;
>> ##}
>>
>> xlog("L_INFO", "REGISTER for ($fU) $ru\n");
>> if (!radius_www_authorize(""))
>> {
>> log(1, "Proxy Authentication Required
>> (Digest)\n");
>> www_challenge("", "0");
>> exit;
>> };
>>
>> if (!save("location"))
>> sl_reply_error();
>>
>> exit;
>> }
>>
>> if ($rU==NULL) {
>> # request with no Username in RURI
>> sl_send_reply("484","Address Incomplete");
>> exit;
>> }
>>
>> # apply DB based aliases (uncomment to enable)
>> ##alias_db_lookup("dbaliases");
>>
>> if (!lookup("location")) {
>> switch ($retcode) {
>> case -1:
>> case -3:
>> t_newtran();
>> t_reply("404", "Not Found");
>> exit;
>> case -2:
>> sl_send_reply("405", "Method Not
>> Allowed");
>> exit;
>> }
>> }
>>
>> # when routing via usrloc, log the missed calls also
>> setflag(2);
>>
>> route(1);
>> }
>>
>>
>> route[1] {
>> # for INVITEs enable some additional helper routes
>> if (is_method("INVITE")) {
>> t_on_branch("2");
>> t_on_reply("2");
>> t_on_failure("1");
>> }
>>
>> if (!t_relay()) {
>> sl_reply_error();
>> };
>> exit;
>> }
>>
>> branch_route[2] {
>> xlog("new branch at $ru\n");
>> }
>>
>>
>> onreply_route[2] {
>> xlog("incoming reply\n");
>> }
>>
>>
>> failure_route[1] {
>> if (t_was_cancelled()) {
>> exit;
>> }
>>
>> # uncomment the following lines if you want to block client
>> # redirect based on 3xx replies.
>> ##if (t_check_status("3[0-9][0-9]")) {
>> ##t_reply("404","Not found");
>> ## exit;
>> ##}
>>
>> # uncomment the following lines if you want to redirect the
>> failed
>> # calls to a different new destination
>> ##if (t_check_status("486|408")) {
>> ## sethostport("192.168.2.100:5060");
>> ## append_branch();
>> ## # do not set the missed call flag again
>> ## t_relay();
>> ##}
>> }
>>
>> Regards,
>> Leon
>>
>> -----Original Message-----
>> From: Uwe Kastens [mailto:kiste at kiste.org]
>> Sent: Friday, 12 June 2009 4:51 PM
>> To: Leon Li
>> Cc: users at lists.opensips.org
>> Subject: Re: [OpenSIPS-Users] No RADIUS traffic
>>
>> Hi,
>>
>> This is strange. Could you post your opensips.cfg or send it to me
>> directly?
>>
>> BR
>>
>> Uwe
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
>
>
> --
> Thanking You,
> Ashwini BR Naidu
>
--
Thanking You,
Ashwini BR Naidu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20090615/bb8064f5/attachment-0001.htm
More information about the Users
mailing list