[OpenSIPS-Users] Registration via RADIUS
Hanie Maghsoudy
h.maghsoudy at gmail.com
Mon Oct 1 13:39:35 CEST 2012
Dear all,
I want to register some users in OpenSIPs. When I use db mode it's totally
OK. Users register and could make calls. But when I set radius
configuration (using this
<http://www.opensips.org/Resources/DocsTutRadius>document), the user
doesn't register and FreeRadius keeps printing these
messages:
Info: [digest] Checking for correctly formatted Digest-Attributes
Info: [digest] Digest-Attributes look OK. Converting them to something
more usful.
Digest-User-Name = "101"
Digest-Realm = "192.168.X.X"
Digest-Nonce = "5069765300000000af31f979191ab899f5f9fc41ed941449"
Digest-URI = "sip:192.168.X.X"
Digest-Method = "REGISTER"
Digest-QOP = "auth"
Digest-Nonce-Count = "00000001"
Digest-CNonce = "8277adcf0b"
Info: [digest] Adding Auth-Type = DIGEST
Info: ++[digest] returns ok
Info: [suffix] Looking up realm "192.168.X.X" for User-Name =
"101 at 192.168.X.X"
Info: [suffix] Found realm "192.168.X.X"
Info: [suffix] Adding Realm = "192.168.X.X"
Info: [suffix] Authentication realm is LOCAL.
Info: ++[suffix] returns ok
Info: [eap] No EAP-Message, not doing EAP
Info: ++[eap] returns noop
Info: [files] users: Matched entry 101 at 192.168.X.X at line 22
Info: ++[files] returns ok
Info: ++[expiration] returns noop
Info: ++[logintime] returns noop
Info: [pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
Info: ++[pap] returns noop
Info: Found Auth-Type = DIGEST
Info: # Executing group from file /etc/freeradius/sites-enabled/default
Info: +- entering group DIGEST {...}
*Auth: [digest] Cleartext-Password or Digest-HA1 is required for
authentication.*
Info: ++[digest] returns invalid
Info: Failed to authenticate the user.
Auth: Login incorrect: [101 at 192.168.X.X/<via Auth-Type = Digest>] (from
client OpenSIPS port 0)
Info: Using Post-Auth-Type Reject
Info: # Executing group from file /etc/freeradius/sites-enabled/default
Info: +- entering group REJECT {...}
Info: [attr_filter.access_reject] expand: %{User-Name} -> 101 at 192.168.X.X
And here is my opensips.cfg:
.....
loadmodule "acc.so"
modparam("acc", "early_media", 0)
modparam("acc", "report_cancels", 0)
modparam("acc", "detect_direction", 0)
modparam("acc", "failed_transaction_flag", 3)
modparam("acc", "log_flag", 1)
modparam("acc", "log_missed_flag", 2)
loadmodule "auth.so"
loadmodule "aaa_radius.so"
loadmodule "auth_aaa.so"
modparam("auth", "calculate_ha1", 1)
modparam("auth_aaa", "aaa_url",
"radius:/etc/radiusclient-ng/radiusclient.conf")
route{
if ( !(is_method("REGISTER") ) ) {
if (from_uri==myself)
{
if (!aaa_proxy_authorize("")) {
proxy_challenge("", "1");
exit;
}
consume_credentials();
} else {
if (!uri==myself) {
send_reply("403","Rely forbidden");
exit;
}
}
}
....
if (is_method("REGISTER"))
{
if (!aaa_www_authorize(""))
{
www_challenge("", "1");
exit;
}
if ( 0 ) setflag(7);
if (!save("location"))
sl_reply_error();
exit;
}
....
And in freeradius/users I have:
.....
101 at 192.168.X.X Auth-Type := Digest, Cleartext-Password == "101"
Reply-Message = "Authenticated"
Would you please help me to solve the problem?
Thanks,
Hanie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20121001/aab16642/attachment.htm>
More information about the Users
mailing list