[OpenSIPS-Users] VB: Registration via RADIUS

Binan AL Halabi binanalhalabi at yahoo.com
Wed Oct 3 18:02:02 CEST 2012


Hi Hanie,

I can't see  modcall[authorize] in debug , so you have to add digest module by uncomment the digest lines in both authenticate{} and authorize{} in config file.

Go through this tutorial : http://www.opensips.org/Resources/DocsTutRadius.


//Binan


________________________________
 Från: Hanie Maghsoudy <h.maghsoudy at gmail.com>
Till: Binan AL Halabi <binanalhalabi at yahoo.com>; OpenSIPS users mailling list <users at lists.opensips.org> 
Skickat: onsdag, 3 oktober 2012 14:10
Ämne: Re: [OpenSIPS-Users] Registration via RADIUS
 

Thanks Binan for the reply.
I tested both and none of them works.


On Wed, Oct 3, 2012 at 2:48 PM, Binan AL Halabi <binanalhalabi at yahoo.com> wrote:

look for the type of password you want to use whether plaintext or HA
>
>modparam("auth", "calculate_ha1", 1) # plaintext password
>modparam("auth", "calculate_ha1", 0) # pre-calculated HA1
>
>//Binan
>
>
>
>
>
>
>________________________________
> From: Hanie Maghsoudy <h.maghsoudy at gmail.com>
>To: users at lists.opensips.org 
>Sent: Wednesday, October 3, 2012 12:59 PM
>Subject: Re: [OpenSIPS-Users] Registration via RADIUS
> 
>
>
>Hi all,
>
>Does anyone have a clue on this?
>I'm pretty sure I'm doing something wrong, but I can not find it. I believe that either OpenSIPs configuration or radiusclient-ng's could be incorrect.
>
>Thanks
>
>
>On Mon, Oct 1, 2012 at 3:09 PM, Hanie Maghsoudy <h.maghsoudy at gmail.com> wrote:
>
>Dear all,
>>
>>I want to register some users in OpenSIPs. When I use db mode it's totally OK. Users register and could make calls. But when I set radius configuration (using this document), the user doesn't register and FreeRadius keeps printing these messages:
>>
>>
>>Info: [digest] Checking for correctly formatted Digest-Attributes
>>Info: [digest] Digest-Attributes look OK.  Converting them to something more usful.
>>        Digest-User-Name = "101"
>>        Digest-Realm = "192.168.X.X"
>>        Digest-Nonce = "5069765300000000af31f979191ab899f5f9fc41ed941449"
>>        Digest-URI = "sip:192.168.X.X"
>>        Digest-Method = "REGISTER"
>>        Digest-QOP = "auth"
>>        Digest-Nonce-Count = "00000001"
>>        Digest-CNonce = "8277adcf0b"
>>Info: [digest] Adding Auth-Type = DIGEST
>>Info: ++[digest] returns ok
>>Info: [suffix] Looking up realm "192.168.X.X" for User-Name = "101 at 192.168.X.X"
>>Info: [suffix] Found realm "192.168.X.X"
>>Info: [suffix] Adding Realm = "192.168.X.X"
>>Info: [suffix] Authentication realm is LOCAL.
>>Info: ++[suffix] returns ok
>>Info: [eap] No EAP-Message, not doing EAP
>>Info: ++[eap] returns noop
>>Info: [files] users: Matched entry 101 at 192.168.X.X at line 22
>>Info: ++[files] returns ok
>>Info: ++[expiration] returns noop
>>Info: ++[logintime] returns noop
>>Info: [pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
>>Info: ++[pap] returns noop
>>Info: Found Auth-Type = DIGEST
>>Info: # Executing group from file /etc/freeradius/sites-enabled/default
>>Info: +- entering group DIGEST {...}
>>Auth: [digest] Cleartext-Password or Digest-HA1 is required for authentication.
>>Info: ++[digest] returns invalid
>>Info: Failed to authenticate the user.
>>Auth: Login incorrect: [101 at 192.168.X.X/<via Auth-Type = Digest>] (from client OpenSIPS port 0)
>>Info: Using Post-Auth-Type Reject
>>Info: # Executing group from file /etc/freeradius/sites-enabled/default
>>Info: +- entering group REJECT {...}
>>Info: [attr_filter.access_reject]    expand: %{User-Name} -> 101 at 192.168.X.X
>>
>>
>>And here is my opensips.cfg:
>>
>>.....
>>loadmodule "acc.so"
>>modparam("acc", "early_media", 0)
>>modparam("acc", "report_cancels", 0)
>>modparam("acc", "detect_direction", 0)
>>modparam("acc", "failed_transaction_flag", 3)
>>modparam("acc", "log_flag", 1)
>>modparam("acc", "log_missed_flag", 2)
>>loadmodule "auth.so"
>>loadmodule "aaa_radius.so"
>>loadmodule "auth_aaa.so"
>>modparam("auth", "calculate_ha1", 1)
>>modparam("auth_aaa", "aaa_url", "radius:/etc/radiusclient-ng/radiusclient.conf")
>>route{
>>        if ( !(is_method("REGISTER")  ) ) {
>>                if (from_uri==myself)
>>                {
>>                        if (!aaa_proxy_authorize("")) {
>>                                proxy_challenge("", "1");
>>                                exit;
>>                        }
>>                        consume_credentials();
>>                } else {
>>                        if (!uri==myself) {
>>                                send_reply("403","Rely forbidden");
>>                                exit;
>>                        }
>>               }
>>        }
>>....
>>        if (is_method("REGISTER"))
>>        {
>>                if (!aaa_www_authorize(""))
>>                {
>>                        www_challenge("", "1");
>>                        exit;
>>                }
>>                if (   0 ) setflag(7);
>>                if (!save("location"))
>>                        sl_reply_error();
>>                exit;
>>        }
>>....
>>
>>
>>And in freeradius/users I have:
>>
>>.....
>>
>>101 at 192.168.X.X Auth-Type := Digest, Cleartext-Password == "101"
>>        Reply-Message = "Authenticated"
>>
>>Would you please help me to solve the problem?
>>
>>Thanks,
>>Hanie
>>
>>
>>
>
>_______________________________________________
>Users mailing list
>Users at lists.opensips.org
>http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
>_______________________________________________
>Users mailing list
>Users at lists.opensips.org
>http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>



_______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20121003/8ca34dc5/attachment-0001.htm>


More information about the Users mailing list