[OpenSIPS-Users] need help with radius authentication

Andres Moya andres.moya.i at gmail.com
Wed Mar 11 23:58:41 CET 2015 

Hello, 

First time on the list. Was able to solve problem by documentation before, but now completely confused.

I am trying to learn authentication against radius server. 


[root at rad47 /]# rpm -qa | grep opensips
opensips-aaa_radius-1.11.3-1.el6.x86_64
opensips-yum-releases-1.11-1.el6.noarch
opensips-auth_aaa-1.11.3-1.el6.x86_64
opensips-1.11.3-1.el6.x86_64

Added in config file: 
loadmodule "auth.so"
loadmodule "auth_aaa.so"
loadmodule "aaa_radius.so"
modparam("auth_aaa", "aaa_url", "radius:/etc/radiusclient-ng/radiusclient.conf")

Created route from some examples and calling it from main route:
route[AUTH] {

        if (is_method("REGISTER") || from_uri==myself)
        {
                # authenticate requests
                if (!aaa_www_authorize("172.21.7.47")) {
                        www_challenge("$fd", "0");
                        exit;
                }
                # user authenticated - remove auth header
                if(!is_method("REGISTER|PUBLISH"))
                        consume_credentials();
        }
        # if caller is not local subscriber, then check if it calls
        # a local destination, otherwise deny, not an open relay here
        if (from_uri!=myself && uri!=myself)
        {
                sl_send_reply("403","Not relaying");
                exit;
        }

        return;
}

[root at rad47 /]# cat /etc/radiusclient-ng/radiusclient.conf | grep -v ^#
auth_order      radius,local
login_tries     4
login_timeout   60
nologin /etc/nologin
issue   /etc/radiusclient-ng/issue
authserver      127.0.0.1:1812
acctserver      127.0.0.1:1813
servers         /etc/radiusclient-ng/servers
dictionary      /etc/radiusclient-ng/dictionary
login_radius    /usr/sbin/login.radius
seqfile /etc/opensips/radius.seq
mapfile         /etc/radiusclient-ng/port-id-map
default_realm
radius_timeout  10
radius_retries  3
bindaddr *
login_local     /bin/login

Then i run opensips it initialize ok. Then i try to register it challenge me ok. But there is no request done to RADIUS over network, and client keep sending REGISTER in response 401 Unauthorized.
There is nothing in logs. I’ve run out of ideas. Please someone help.

Regards
Andres
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150311/f1ae4eff/attachment.htm>

More information about the Users mailing list