[OpenSIPS-Users] Registration via RADIUS

Hanie Maghsoudy h.maghsoudy at gmail.com
Thu Oct 4 07:09:55 CEST 2012 

Free Radius users:

DEFAULT Framed-Protocol == PPP
        Framed-Protocol = PPP,
        Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP"
        Framed-Protocol = SLIP,
        Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
        Framed-Protocol = SLIP


101 at 192.168.X.X Auth-Type := Digest, Cleartext-Password == "101"
        Reply-Message = "Authenticated-101 at 192.168.X.X"

101 at 192.168.X.X Auth-Type := Digest, Digest-HA1 ==
"e0f4a1a0ac0b3ee6dd7d58a8c70ff5cf"
        Reply-Message = "Authenticated-101 at 192.168.X.X-HA1"

101 Auth-Type := Digest, Cleartext-Password == "101"
        Reply-Message = "Authenticated-101"

101 Auth-Type := Digest, Digest-HA1 == "018dd754fd71ea9d7b19bf37ce5c8152"
        Reply-Message = "Authenticated-101-HA1"



Free Radius clients.conf:

client localhost {
        secret = radi
        shortname = OpenSIPS
        nastype = cisco
}

Also I've tested with nastype = other.


radiusclient.conf is the default configuration of radiusclient-ng, and in
servers I have:

localhost       radi

Binan, please let me know if I should mention somting else.

Thanks,
Hanie



On Wed, Oct 3, 2012 at 5:41 PM, Binan AL Halabi <binanalhalabi at yahoo.com>wrote:

>
> Post your Radius configuration.
>
> //Binan
>   ------------------------------
> *Från:* Hanie Maghsoudy <h.maghsoudy at gmail.com>
> *Till:* Binan AL Halabi <binanalhalabi at yahoo.com>; OpenSIPS users
> mailling list <users at lists.opensips.org>
> *Skickat:* onsdag, 3 oktober 2012 14:10
> *Ämne:* Re: [OpenSIPS-Users] Registration via RADIUS
>
> Thanks Binan for the reply.
> I tested both and none of them works.
>
> On Wed, Oct 3, 2012 at 2:48 PM, Binan AL Halabi <binanalhalabi at yahoo.com>wrote:
>
> look for the type of password you want to use whether plaintext or HA
>
> modparam("auth", "calculate_ha1", 1) # plaintext password
> modparam("auth", "calculate_ha1", 0) # pre-calculated HA1
>
> //Binan
>
>
>   ------------------------------
> *From:* Hanie Maghsoudy <h.maghsoudy at gmail.com>
> *To:* users at lists.opensips.org
> *Sent:* Wednesday, October 3, 2012 12:59 PM
> *Subject:* Re: [OpenSIPS-Users] Registration via RADIUS
>
> Hi all,
>
> Does anyone have a clue on this?
> I'm pretty sure I'm doing something wrong, but I can not find it. I
> believe that either OpenSIPs configuration or radiusclient-ng's could be
> incorrect.
>
> Thanks
>
> On Mon, Oct 1, 2012 at 3:09 PM, Hanie Maghsoudy <h.maghsoudy at gmail.com>wrote:
>
> Dear all,
>
> I want to register some users in OpenSIPs. When I use db mode it's totally
> OK. Users register and could make calls. But when I set radius
> configuration (using this<http://www.opensips.org/Resources/DocsTutRadius>document), the user doesn't register and FreeRadius keeps printing these
> messages:
>
>
> Info: [digest] Checking for correctly formatted Digest-Attributes
> Info: [digest] Digest-Attributes look OK.  Converting them to something
> more usful.
>         Digest-User-Name = "101"
>         Digest-Realm = "192.168.X.X"
>         Digest-Nonce = "5069765300000000af31f979191ab899f5f9fc41ed941449"
>         Digest-URI = "sip:192.168.X.X"
>         Digest-Method = "REGISTER"
>         Digest-QOP = "auth"
>         Digest-Nonce-Count = "00000001"
>         Digest-CNonce = "8277adcf0b"
> Info: [digest] Adding Auth-Type = DIGEST
> Info: ++[digest] returns ok
> Info: [suffix] Looking up realm "192.168.X.X" for User-Name =
> "101 at 192.168.X.X"
> Info: [suffix] Found realm "192.168.X.X"
> Info: [suffix] Adding Realm = "192.168.X.X"
> Info: [suffix] Authentication realm is LOCAL.
> Info: ++[suffix] returns ok
> Info: [eap] No EAP-Message, not doing EAP
> Info: ++[eap] returns noop
> Info: [files] users: Matched entry 101 at 192.168.X.X at line 22
> Info: ++[files] returns ok
> Info: ++[expiration] returns noop
> Info: ++[logintime] returns noop
> Info: [pap] WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
> Info: ++[pap] returns noop
> Info: Found Auth-Type = DIGEST
> Info: # Executing group from file /etc/freeradius/sites-enabled/default
> Info: +- entering group DIGEST {...}
> *Auth: [digest] Cleartext-Password or Digest-HA1 is required for
> authentication.*
> Info: ++[digest] returns invalid
> Info: Failed to authenticate the user.
> Auth: Login incorrect: [101 at 192.168.X.X/<via Auth-Type = Digest>] (from
> client OpenSIPS port 0)
> Info: Using Post-Auth-Type Reject
> Info: # Executing group from file /etc/freeradius/sites-enabled/default
> Info: +- entering group REJECT {...}
> Info: [attr_filter.access_reject]    expand: %{User-Name} ->
> 101 at 192.168.X.X
>
>
> And here is my opensips.cfg:
>
> .....
> loadmodule "acc.so"
> modparam("acc", "early_media", 0)
> modparam("acc", "report_cancels", 0)
> modparam("acc", "detect_direction", 0)
> modparam("acc", "failed_transaction_flag", 3)
> modparam("acc", "log_flag", 1)
> modparam("acc", "log_missed_flag", 2)
> loadmodule "auth.so"
> loadmodule "aaa_radius.so"
> loadmodule "auth_aaa.so"
> modparam("auth", "calculate_ha1", 1)
> modparam("auth_aaa", "aaa_url",
> "radius:/etc/radiusclient-ng/radiusclient.conf")
> route{
>         if ( !(is_method("REGISTER")  ) ) {
>                 if (from_uri==myself)
>                 {
>                         if (!aaa_proxy_authorize("")) {
>                                 proxy_challenge("", "1");
>                                 exit;
>                         }
>                         consume_credentials();
>                 } else {
>                         if (!uri==myself) {
>                                 send_reply("403","Rely forbidden");
>                                 exit;
>                         }
>                }
>         }
> ....
>         if (is_method("REGISTER"))
>         {
>                 if (!aaa_www_authorize(""))
>                 {
>                         www_challenge("", "1");
>                         exit;
>                 }
>                 if (   0 ) setflag(7);
>                 if (!save("location"))
>                         sl_reply_error();
>                 exit;
>         }
> ....
>
>
> And in freeradius/users I have:
>
> .....
>
> 101 at 192.168.X.X Auth-Type := Digest, Cleartext-Password == "101"
>         Reply-Message = "Authenticated"
>
> Would you please help me to solve the problem?
>
> Thanks,
> Hanie
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20121004/227f5469/attachment.htm>

More information about the Users mailing list