[OpenSIPS-Users] Radius auth / opensips last version : not working anymore ?

Bogdan-Andrei Iancu bogdan at opensips.org
Fri Nov 1 12:47:23 CET 2013 

Hello Samuel,

Using the aaa_www_authorize() function from script ?

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com


On 10/30/2013 04:25 PM, Samuel Muller wrote:
> Hello,
>
> I'm trying actually to update OpenSips to the v.1.10-tls, and now
> radius auth is not working anymore : radius server is rejecting the
> request.
> "Auth: [digest] Cleartext-Password or Digest-HA1 is required for
> authentication."
>
> environment : new registrar server in a dev environment.
>
> 1/ configs are exactly the same (strict copy of everything) - except
> necessary changes from opensips 1.8.1 to opensips 1.10 (alphanumerical
> flags, and so on)
> 2/ the os is a new one : updated squeeze to wheezy (so several libs
> are updated, like openssl, ...)
> 3/ libradiusclient-ng is the same version (0.5.6-1.1), dics are identical
> 4/ the auth is made against the same freeradius server used in the
> production (so, same sip accounts, etc ... in the back-end)
>
>
> ==> Radius server logs : <==
>
> Wed Oct 30 13:51:43 2013
>     Packet-Type = Access-Request
>     User-Name = "10133 at anydomain.com"
>     Digest-Attributes = "\n\00710133"
>     Digest-Attributes = "\001\025anydomain.com"
>     Digest-Attributes = "\002252710f0c0000000380e712a81e132fb9fb25b6e7079a90ea"
>     Digest-Attributes = "\004\031sip:anydomain.com"
>     Digest-Attributes = "\003\nREGISTER"
>     Digest-Attributes = "\005\006auth"
>     Digest-Attributes = "\t\n00000001"
>     Digest-Attributes = "\010\n718b1c07"
>     Digest-Response = "9c080c96ce9f553af167d96b9045605f"
>     Service-Type = Sip-Session
>     Sip-URI-User = "10133"
>     Acct-Session-Id = "e3d46f526b7a-zfy2ru5j4wxb"
>     Cisco-AVPair = "call-id=e3d46f526b7a-zfy2ru5j4wxb"
>     NAS-Port-Id = 5060
>     NAS-IP-Address = 10.10.10.100
>
> Wed Oct 30 13:51:43 2013 : Auth: [digest] Cleartext-Password or
> Digest-HA1 is required for authentication.
> Wed Oct 30 13:51:43 2013 : Auth: Login incorrect:
> [10133 at anydomain.com/<via Auth-Type = DIGEST>] (from client
> registrar.anydomain.com port 5060)
>
>
> ==> Opensips debug logs <==
>
> REGISTER sip:anydomain.com SIP/2.0
> Via: SIP/2.0/UDP
> 10.0.0.10:5060;branch=z9hG4bK42a7.81e32d7403fde0265a279f6f1af9f223.0
> v: SIP/2.0/UDP 192.168.1.61:3072;received=172.21.8.126;branch=z9hG4bK-pg3sz33w7irx;rport=19779
> f: "Red is Dead" <sip:10133 at anydomain.com>;tag=0vc6kaq7q7
> t: "Red is Dead" <sip:10133 at anydomain.com>
> i: e3d46f526b7a-zfy2ru5j4wxb
> CSeq: 812 REGISTER
> Max-Forwards: 32
> m: <sip:10133 at 192.168.1.61:3072>;reg-id=1;q=1.0
> User-Agent: snom821/8.7.3.19
> Allow-Events: dialog
> X-Real-IP: 192.168.1.61
> Supported: path
> Authorization: Digest
> username="10133",realm="anydomain.com",nonce="52710e8300000000bf18b8ca585d8021ac4de4bf5c6c5111",uri="sip:anydomain.com",qop=auth,nc=00000001,cnonce="19ec9410",response="89bf7e58d81541ea6d3d4cf643d7d0e1",algorithm=MD5
> Expires: 360
> l: 0
> P-Visited-Network-ID: 5411
> Path: <sip:10.0.0.10;lr;received=sip:172.21.8.126:19779>
>
> Oct 30 13:49:25 registrar opensips[17021]: DBG:auth:check_nonce:
> comparing [52710e8300000000bf18b8ca585d8021ac4de4bf5c6c5111] and
> [52710e8300000000bf18b8ca585d8021ac4de4bf5c6c5111]
> Oct 30 13:49:26 registrar opensips[17021]:
> DBG:aaa_radius:rad_send_message: rc_auth function succeded with result
> REJECT_RC
> Oct 30 13:49:26 registrar opensips[17021]:
> ERROR:auth_aaa:aaa_authorize_sterman: authorization failed
> Oct 30 13:49:26 registrar opensips[17021]:
> DBG:auth:reserve_nonce_index: second= 0, sec_monit= -1,  index= 1
> Oct 30 13:49:26 registrar opensips[17021]: DBG:auth:build_auth_hf:
> nonce index= 1
> Oct 30 13:49:26 registrar opensips[17021]: DBG:auth:build_auth_hf:
> 'WWW-Authenticate: Digest realm="anydomain.com",
> nonce="52710e840000000161b61dea385526f8bf7ca0e47041e8c6", qop="auth"
>
>
> If anyone has any idea, thanks a lot !
>
>
> Samuel MULLER
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

More information about the Users mailing list