[OpenSIPS-Users] No RADIUS traffic
Leon Li
Leon.Li at aarnet.edu.au
Wed Jun 17 02:40:56 CEST 2009
Hi Ashwini,
I have added param for aut_radius, but no luck. L
Why do I need mysql.so if the radius server will host all users
credential?
Regards,
Leon
From: ASHWINI NAIDU [mailto:ashwini.naidu at gmail.com]
Sent: Monday, 15 June 2009 2:52 PM
To: Leon Li
Cc: Uwe Kastens; users at lists.opensips.org
Subject: Re: [OpenSIPS-Users] No RADIUS traffic
On Mon, Jun 15, 2009 at 10:19 AM, ASHWINI NAIDU
<ashwini.naidu at gmail.com> wrote:
hi leon,
But i do not see your openser communicating with radiusclient.
modparam("auth_radius", "radius_config",
"/etc/radiusclient-ng/radiusclient.conf")
mention the path of radiusclient.conf properly.
Your mysql support is also commented.
loadmodule "mysql.so"
On Mon, Jun 15, 2009 at 5:13 AM, Leon Li <Leon.Li at aarnet.edu.au>
wrote:
Here it is.
####### Global Parameters #########
debug=3
log_stderror=no
log_facility=LOG_LOCAL0
fork=yes
children=4
/* uncomment the following lines to enable debugging */
debug=6
fork=no
log_stderror=yes
/* uncomment the next line to disable TCP (default on) */
#disable_tcp=yes
/* uncomment the next line to enable the auto temporary
blacklisting of
not available destinations (default disabled) */
#disable_dns_blacklist=no
/* uncomment the next line to enable IPv6 lookup after IPv4 dns
lookup failures (default disabled) */ #dns_try_ipv6=yes
/* uncomment the next line to disable the auto discovery of
local
aliases
based on revers DNS on IPs (default on) */ #auto_aliases=no
/* uncomment the following lines to enable TLS support (default
off) */
#disable_tls = no #listen = tls:your_IP:5061 #tls_verify_server
= 1
#tls_verify_client = 1 #tls_require_client_certificate = 0
#tls_method =
TLSv1 #tls_certificate =
"/usr/local/etc/openser/tls/user/user-cert.pem"
#tls_private_key =
"/usr/local/etc/openser/tls/user/user-privkey.pem"
#tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
listen=202.158.197.134
port=5060
/* uncomment and configure the following line if you want
openser to
bind on a specific interface/port/proto (default bind on all
available) */ #listen=udp:192.168.1.2:5060
####### Modules Section ########
#set module path
mpath="/usr/local/lib/openser/modules/"
/* uncomment next line for MySQL DB support */ #loadmodule
"mysql.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "mi_fifo.so"
loadmodule "uri_db.so"
loadmodule "uri.so"
loadmodule "xlog.so"
loadmodule "acc.so"
/* uncomment next lines for MySQL based authentication support
NOTE: a DB (like mysql) module must be also loaded */
loadmodule
"auth.so"
loadmodule "auth_radius.so"
#loadmodule "auth_db.so"
/* uncomment next line for aliases support
NOTE: a DB (like mysql) module must be also loaded */
#loadmodule
"alias_db.so"
/* uncomment next line for multi-domain support
NOTE: a DB (like mysql) module must be also loaded
NOTE: be sure and enable multi-domain support in all used
modules
(see "multi-module params" section ) */ #loadmodule
"domain.so"
/* uncomment the next two lines for presence server support
NOTE: a DB (like mysql) module must be also loaded */
#loadmodule
"presence.so"
#loadmodule "presence_xml.so"
# ----------------- setting module-specific parameters
---------------
# ----- mi_fifo params -----
modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
# ----- rr params -----
# add value to ;lr param to cope with most of the UAs
modparam("rr",
"enable_full_lr", 1) # do not append from tag to the RR (no need
for
this script) modparam("rr", "append_fromtag", 0)
# ----- rr params -----
modparam("registrar", "method_filtering", 1)
/* uncomment the next line to disable parallel forking via
location */ #
modparam("registrar", "append_branches", 0)
/* uncomment the next line not to allow more than 10 contacts
per AOR */
#modparam("registrar", "max_contacts", 10)
# ----- uri_db params -----
/* by default we disable the DB support in the module as we do
not need
it
in this configuration */
modparam("uri_db", "use_uri_table", 0)
modparam("uri_db", "db_url", "")
# ----- acc params -----
/* what sepcial events should be accounted ? */ modparam("acc",
"early_media", 1) modparam("acc", "report_ack", 1)
modparam("acc",
"report_cancels", 1)
/* by default ww do not adjust the direct of the sequential
requests.
if you enable this parameter, be sure the enable
"append_fromtag"
in "rr" module */
modparam("acc", "detect_direction", 0)
/* account triggers (flags) */
modparam("acc", "failed_transaction_flag", 3) modparam("acc",
"log_flag", 1) modparam("acc", "log_missed_flag", 2)
/* uncomment the following lines to enable DB accounting also */
modparam("acc", "db_flag", 1) modparam("acc", "db_missed_flag",
2)
# ----- multi-module params -----
/* uncomment the following line if you want to enable
multi-domain
support
in the modules (dafault off) */
#modparam("alias_db|auth_db|usrloc|uri_db", "use_domain", 1)
####### Routing Logic ########
# main request routing logic
route{
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
}
if (has_totag()) {
# sequential request withing a dialog should
# take the path determined by record-routing
if (loose_route()) {
if (is_method("BYE")) {
setflag(1); # do accouting ...
setflag(3); # ... even if the
transaction fails
}
route(1);
} else {
/* uncomment the following lines if you
want to
enable presence */
##if (is_method("SUBSCRIBE") && $rd ==
"your.server.ip.address") {
## # in-dialog subscribe requests
## route(2);
## exit;
##}
if ( is_method("ACK") ) {
if ( t_check_trans() ) {
# non loose-route, but
stateful
ACK; must be an ACK after a 487 or e.g. 404 from upstream server
t_relay();
exit;
} else {
# ACK without matching
transaction ... ignore and discard.\n");
exit;
}
}
sl_send_reply("404","Not here");
}
exit;
}
#initial requests
# CANCEL processing
if (is_method("CANCEL"))
{
if (t_check_trans())
t_relay();
exit;
}
t_check_trans();
# authenticate if from local subscriber (uncomment to
enable
auth)
##if (!(method=="REGISTER") && from_uri==myself)
##{
## if (!proxy_authorize("", "subscriber")) {
## proxy_challenge("", "0");
## exit;
## }
## if (!check_from()) {
## sl_send_reply("403","Forbidden auth ID");
## exit;
## }
##
## consume_credentials();
## # caller authenticated
##}
# record routing
if (!is_method("REGISTER|MESSAGE"))
record_route();
# account only INVITEs
if (is_method("INVITE")) {
setflag(1); # do accouting
}
if (!uri==myself)
/* replace with following line if multi-domain support is
used
*/
##if (!is_uri_host_local())
{
append_hf("P-hint: outbound\r\n");
# if you have some interdomain connections via
TLS
##if($rd=="tls_domain1.net") {
## t_relay("tls:domain1.net");
## exit;
##} else if($rd=="tls_domain2.net") {
## t_relay("tls:domain2.net");
## exit;
##}
route(1);
}
# requests for my domain
/* uncomment this if you want to enable presence server
and comment the next 'if' block
NOTE: uncomment also the definition of route[2] from
below
*/
##if( is_method("PUBLISH|SUBSCRIBE"))
## route(2);
if (is_method("PUBLISH"))
{
sl_send_reply("503", "Service Unavailable");
exit;
}
if (is_method("REGISTER"))
{
# authenticate the REGISTER requests (uncomment
to
enable auth)
##if (!www_authorize("", "subscriber"))
##{
## www_challenge("", "0");
## exit;
##}
##
##if (!check_to())
##{
## sl_send_reply("403","Forbidden auth ID");
## exit;
##}
xlog("L_INFO", "REGISTER for ($fU) $ru\n");
if (!radius_www_authorize(""))
{
log(1, "Proxy Authentication Required
(Digest)\n");
www_challenge("", "0");
exit;
};
if (!save("location"))
sl_reply_error();
exit;
}
if ($rU==NULL) {
# request with no Username in RURI
sl_send_reply("484","Address Incomplete");
exit;
}
# apply DB based aliases (uncomment to enable)
##alias_db_lookup("dbaliases");
if (!lookup("location")) {
switch ($retcode) {
case -1:
case -3:
t_newtran();
t_reply("404", "Not Found");
exit;
case -2:
sl_send_reply("405", "Method Not
Allowed");
exit;
}
}
# when routing via usrloc, log the missed calls also
setflag(2);
route(1);
}
route[1] {
# for INVITEs enable some additional helper routes
if (is_method("INVITE")) {
t_on_branch("2");
t_on_reply("2");
t_on_failure("1");
}
if (!t_relay()) {
sl_reply_error();
};
exit;
}
branch_route[2] {
xlog("new branch at $ru\n");
}
onreply_route[2] {
xlog("incoming reply\n");
}
failure_route[1] {
if (t_was_cancelled()) {
exit;
}
# uncomment the following lines if you want to block
client
# redirect based on 3xx replies.
##if (t_check_status("3[0-9][0-9]")) {
##t_reply("404","Not found");
## exit;
##}
# uncomment the following lines if you want to redirect
the
failed
# calls to a different new destination
##if (t_check_status("486|408")) {
## sethostport("192.168.2.100:5060");
## append_branch();
## # do not set the missed call flag again
## t_relay();
##}
}
Regards,
Leon
-----Original Message-----
From: Uwe Kastens [mailto:kiste at kiste.org]
Sent: Friday, 12 June 2009 4:51 PM
To: Leon Li
Cc: users at lists.opensips.org
Subject: Re: [OpenSIPS-Users] No RADIUS traffic
Hi,
This is strange. Could you post your opensips.cfg or send it to
me
directly?
BR
Uwe
_______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
--
Thanking You,
Ashwini BR Naidu
--
Thanking You,
Ashwini BR Naidu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20090617/58a5f3b1/attachment-0001.htm
More information about the Users
mailing list