[OpenSIPS-Users] No RADIUS traffic

ASHWINI NAIDU ashwini.naidu at gmail.com
Mon Jun 15 06:51:48 CEST 2009


On Mon, Jun 15, 2009 at 10:19 AM, ASHWINI NAIDU <ashwini.naidu at gmail.com>wrote:

> hi leon,
>
> But i do not see your openser communicating with radiusclient.
>
> modparam("auth_radius", "radius_config",
> "/etc/radiusclient-ng/radiusclient.conf")
>
> mention the path of radiusclient.conf properly.



Your mysql support is also commented.

*loadmodule "mysql.so"*




>
>
>
>
>
>
>
> On Mon, Jun 15, 2009 at 5:13 AM, Leon Li <Leon.Li at aarnet.edu.au> wrote:
>
>> Here it is.
>>
>> ####### Global Parameters #########
>>
>> debug=3
>> log_stderror=no
>> log_facility=LOG_LOCAL0
>>
>> fork=yes
>> children=4
>>
>> /* uncomment the following lines to enable debugging */
>> debug=6
>> fork=no
>> log_stderror=yes
>>
>> /* uncomment the next line to disable TCP (default on) */
>> #disable_tcp=yes
>>
>> /* uncomment the next line to enable the auto temporary blacklisting of
>>   not available destinations (default disabled) */
>> #disable_dns_blacklist=no
>>
>> /* uncomment the next line to enable IPv6 lookup after IPv4 dns
>>   lookup failures (default disabled) */ #dns_try_ipv6=yes
>>
>> /* uncomment the next line to disable the auto discovery of local
>> aliases
>>   based on revers DNS on IPs (default on) */ #auto_aliases=no
>>
>> /* uncomment the following lines to enable TLS support  (default off) */
>> #disable_tls = no #listen = tls:your_IP:5061 #tls_verify_server = 1
>> #tls_verify_client = 1 #tls_require_client_certificate = 0 #tls_method =
>> TLSv1 #tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"
>> #tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"
>> #tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
>>
>> listen=202.158.197.134
>> port=5060
>>
>> /* uncomment and configure the following line if you want openser to
>>   bind on a specific interface/port/proto (default bind on all
>> available) */ #listen=udp:192.168.1.2:5060
>>
>>
>> ####### Modules Section ########
>>
>> #set module path
>> mpath="/usr/local/lib/openser/modules/"
>>
>> /* uncomment next line for MySQL DB support */ #loadmodule "mysql.so"
>> loadmodule "sl.so"
>> loadmodule "tm.so"
>> loadmodule "rr.so"
>> loadmodule "maxfwd.so"
>> loadmodule "usrloc.so"
>> loadmodule "registrar.so"
>> loadmodule "textops.so"
>> loadmodule "mi_fifo.so"
>> loadmodule "uri_db.so"
>> loadmodule "uri.so"
>> loadmodule "xlog.so"
>> loadmodule "acc.so"
>> /* uncomment next lines for MySQL based authentication support
>>   NOTE: a DB (like mysql) module must be also loaded */ loadmodule
>> "auth.so"
>> loadmodule "auth_radius.so"
>> #loadmodule "auth_db.so"
>> /* uncomment next line for aliases support
>>   NOTE: a DB (like mysql) module must be also loaded */ #loadmodule
>> "alias_db.so"
>> /* uncomment next line for multi-domain support
>>   NOTE: a DB (like mysql) module must be also loaded
>>   NOTE: be sure and enable multi-domain support in all used modules
>>         (see "multi-module params" section ) */ #loadmodule "domain.so"
>> /* uncomment the next two lines for presence server support
>>   NOTE: a DB (like mysql) module must be also loaded */ #loadmodule
>> "presence.so"
>> #loadmodule "presence_xml.so"
>>
>>
>> # ----------------- setting module-specific parameters ---------------
>>
>>
>> # ----- mi_fifo params -----
>> modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
>>
>>
>> # ----- rr params -----
>> # add value to ;lr param to cope with most of the UAs modparam("rr",
>> "enable_full_lr", 1) # do not append from tag to the RR (no need for
>> this script) modparam("rr", "append_fromtag", 0)
>>
>>
>> # ----- rr params -----
>> modparam("registrar", "method_filtering", 1)
>> /* uncomment the next line to disable parallel forking via location */ #
>> modparam("registrar", "append_branches", 0)
>> /* uncomment the next line not to allow more than 10 contacts per AOR */
>> #modparam("registrar", "max_contacts", 10)
>>
>>
>> # ----- uri_db params -----
>> /* by default we disable the DB support in the module as we do not need
>> it
>>   in this configuration */
>> modparam("uri_db", "use_uri_table", 0)
>> modparam("uri_db", "db_url", "")
>>
>>
>> # ----- acc params -----
>> /* what sepcial events should be accounted ? */ modparam("acc",
>> "early_media", 1) modparam("acc", "report_ack", 1) modparam("acc",
>> "report_cancels", 1)
>> /* by default ww do not adjust the direct of the sequential requests.
>>   if you enable this parameter, be sure the enable "append_fromtag"
>>   in "rr" module */
>> modparam("acc", "detect_direction", 0)
>> /* account triggers (flags) */
>> modparam("acc", "failed_transaction_flag", 3) modparam("acc",
>> "log_flag", 1) modparam("acc", "log_missed_flag", 2)
>> /* uncomment the following lines to enable DB accounting also */
>> modparam("acc", "db_flag", 1) modparam("acc", "db_missed_flag", 2)
>>
>> # ----- multi-module params -----
>> /* uncomment the following line if you want to enable multi-domain
>> support
>>   in the modules (dafault off) */
>> #modparam("alias_db|auth_db|usrloc|uri_db", "use_domain", 1)
>>
>> ####### Routing Logic ########
>>
>>
>> # main request routing logic
>>
>> route{
>>
>>        if (!mf_process_maxfwd_header("10")) {
>>                sl_send_reply("483","Too Many Hops");
>>                exit;
>>        }
>>
>>        if (has_totag()) {
>>                # sequential request withing a dialog should
>>                # take the path determined by record-routing
>>                if (loose_route()) {
>>                        if (is_method("BYE")) {
>>                                setflag(1); # do accouting ...
>>                                setflag(3); # ... even if the
>> transaction fails
>>                        }
>>                        route(1);
>>                } else {
>>                        /* uncomment the following lines if you want to
>> enable presence */
>>                        ##if (is_method("SUBSCRIBE") && $rd ==
>> "your.server.ip.address") {
>>                        ##      # in-dialog subscribe requests
>>                        ##      route(2);
>>                        ##      exit;
>>                        ##}
>>                        if ( is_method("ACK") ) {
>>                                if ( t_check_trans() ) {
>>                                        # non loose-route, but stateful
>> ACK; must be an ACK after a 487 or e.g. 404 from upstream server
>>                                        t_relay();
>>                                        exit;
>>                                } else {
>>                                        # ACK without matching
>> transaction ... ignore and discard.\n");
>>                                        exit;
>>                                }
>>                        }
>>                        sl_send_reply("404","Not here");
>>                }
>>                exit;
>>        }
>>
>>        #initial requests
>>
>>        # CANCEL processing
>>        if (is_method("CANCEL"))
>>        {
>>                if (t_check_trans())
>>                        t_relay();
>>                exit;
>>        }
>>
>>        t_check_trans();
>>
>>        # authenticate if from local subscriber (uncomment to enable
>> auth)
>>        ##if (!(method=="REGISTER") && from_uri==myself)
>>        ##{
>>        ##      if (!proxy_authorize("", "subscriber")) {
>>        ##              proxy_challenge("", "0");
>>        ##              exit;
>>        ##      }
>>        ##      if (!check_from()) {
>>        ##              sl_send_reply("403","Forbidden auth ID");
>>        ##              exit;
>>        ##      }
>>        ##
>>        ##      consume_credentials();
>>        ##      # caller authenticated
>>        ##}
>>
>>        # record routing
>>        if (!is_method("REGISTER|MESSAGE"))
>>                record_route();
>>
>>        # account only INVITEs
>>        if (is_method("INVITE")) {
>>                setflag(1); # do accouting
>>        }
>>        if (!uri==myself)
>>        /* replace with following line if multi-domain support is used
>> */
>>        ##if (!is_uri_host_local())
>>        {
>>                append_hf("P-hint: outbound\r\n");
>>                # if you have some interdomain connections via TLS
>>                ##if($rd=="tls_domain1.net") {
>>                ##      t_relay("tls:domain1.net");
>>                ##      exit;
>>                ##} else if($rd=="tls_domain2.net") {
>>                ##      t_relay("tls:domain2.net");
>>                ##      exit;
>>                ##}
>>                route(1);
>>        }
>>
>>        # requests for my domain
>>
>>        /* uncomment this if you want to enable presence server
>>           and comment the next 'if' block
>>           NOTE: uncomment also the definition of route[2] from  below
>> */
>>        ##if( is_method("PUBLISH|SUBSCRIBE"))
>>        ##              route(2);
>>
>>        if (is_method("PUBLISH"))
>>        {
>>                sl_send_reply("503", "Service Unavailable");
>>                exit;
>>        }
>>
>>
>>        if (is_method("REGISTER"))
>>        {
>>                # authenticate the REGISTER requests (uncomment to
>> enable auth)
>>                ##if (!www_authorize("", "subscriber"))
>>                ##{
>>                ##      www_challenge("", "0");
>>                ##      exit;
>>                ##}
>>                ##
>>                ##if (!check_to())
>>                ##{
>>                ##      sl_send_reply("403","Forbidden auth ID");
>>                ##      exit;
>>                ##}
>>
>>                xlog("L_INFO", "REGISTER for ($fU) $ru\n");
>>                if (!radius_www_authorize(""))
>>                {
>>                        log(1, "Proxy Authentication Required
>> (Digest)\n");
>>                        www_challenge("", "0");
>>                        exit;
>>                };
>>
>>                if (!save("location"))
>>                        sl_reply_error();
>>
>>                exit;
>>        }
>>
>>        if ($rU==NULL) {
>>                # request with no Username in RURI
>>                sl_send_reply("484","Address Incomplete");
>>                exit;
>>        }
>>
>>        # apply DB based aliases (uncomment to enable)
>>        ##alias_db_lookup("dbaliases");
>>
>>        if (!lookup("location")) {
>>                switch ($retcode) {
>>                        case -1:
>>                        case -3:
>>                                t_newtran();
>>                                t_reply("404", "Not Found");
>>                                exit;
>>                        case -2:
>>                                sl_send_reply("405", "Method Not
>> Allowed");
>>                                exit;
>>                }
>>        }
>>
>>        # when routing via usrloc, log the missed calls also
>>        setflag(2);
>>
>>        route(1);
>> }
>>
>>
>> route[1] {
>>        # for INVITEs enable some additional helper routes
>>        if (is_method("INVITE")) {
>>                t_on_branch("2");
>>                t_on_reply("2");
>>                t_on_failure("1");
>>        }
>>
>>        if (!t_relay()) {
>>                sl_reply_error();
>>        };
>>        exit;
>> }
>>
>> branch_route[2] {
>>        xlog("new branch at $ru\n");
>> }
>>
>>
>> onreply_route[2] {
>>        xlog("incoming reply\n");
>> }
>>
>>
>> failure_route[1] {
>>        if (t_was_cancelled()) {
>>                exit;
>>        }
>>
>>        # uncomment the following lines if you want to block client
>>        # redirect based on 3xx replies.
>>        ##if (t_check_status("3[0-9][0-9]")) {
>>        ##t_reply("404","Not found");
>>        ##      exit;
>>        ##}
>>
>>        # uncomment the following lines if you want to redirect the
>> failed
>>        # calls to a different new destination
>>        ##if (t_check_status("486|408")) {
>>        ##      sethostport("192.168.2.100:5060");
>>        ##      append_branch();
>>        ##      # do not set the missed call flag again
>>        ##      t_relay();
>>        ##}
>> }
>>
>> Regards,
>> Leon
>>
>> -----Original Message-----
>> From: Uwe Kastens [mailto:kiste at kiste.org]
>> Sent: Friday, 12 June 2009 4:51 PM
>> To: Leon Li
>> Cc: users at lists.opensips.org
>> Subject: Re: [OpenSIPS-Users] No RADIUS traffic
>>
>> Hi,
>>
>> This is strange. Could you post your opensips.cfg or send it to me
>> directly?
>>
>> BR
>>
>> Uwe
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
>
>
> --
> Thanking You,
> Ashwini BR Naidu
>



-- 
Thanking You,
Ashwini BR Naidu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20090615/bb8064f5/attachment-0001.htm 


More information about the Users mailing list