Re: [OpenSIPS-Users] ACC_RADIUS makes opensips crash
Hello Denis,
Is the cisco specific dictionary included in the dictionary of the
RADIUS server too?
Also, to be able to extract a certain AVP from a RADIUS reply, you
need to make sure you have configured the server to return the
attributes you want. You can find a brief tutorial on this here [1].
Regards,
Irina Stanescu
[1] http://www.opensips.org/Resources/DocsTutRadius#toc4
On Fri, Jul 16, 2010 at 12:20 PM, Denis Putyato denis7...@mail.ru wrote:
Hello, Irina
Now it works, thank you. But, if you don't mind, one more question about
RADIUS.
I want to use Cisco dictionary for auth. subscribers.
Dictionary is a main file used for radius in my opensips. I insert into this
file such string $INCLUDE /etc/radiusclient-ng/dictionary.cisco where
dictionary.cisco is a cisco specific dictionary.
a little part of opensips.cfg
{...
...
modparam(aaa_radius, sets, set1 = (User-Name = $avp(i:20),
User-Password=$avp(i:50)))
modparam(aaa_radius, sets, set2 = (Cisco-AVPair = $var(duration)))
...
...
radius_send_auth(set1,set2);
...
...
}
After made a call I can see such string in syslog
/usr/local/opensips/sbin/opensips[7435]: ERROR:aaa_radius:send_auth_func:
attribute was not found in received radius message
# cat /etc/radiusclient-ng/dictionary.cisco | grep Cisco
...
VENDOR Cisco 9
BEGIN-VENDOR Cisco
ATTRIBUTE Cisco-AVPair 1 string
vendor=Cisco
...
-Original Message-
From: users-boun...@lists.opensips.org
[mailto:users-boun...@lists.opensips.org] On Behalf Of Irina Stanescu
Sent: Thursday, July 15, 2010 6:11 PM
To: OpenSIPS users mailling list
Subject: Re: [OpenSIPS-Users] ACC_RADIUS makes opensips crash
Hello Denis,
I think the problem in you case is that the radius dictionary does not
contain an entry for SIP-AVP, and that is why attr is null, causing the
crash.
I added a fix on the trunk and i also attached the patch to this email in
case you don't use the trunk version. Please let me know if there are any
other issues.
Regards,
Irina Stanescu
On Thu, Jul 15, 2010 at 3:29 PM, Denis Putyato denis7...@mail.ru wrote:
Bogdan, i made another call which makes opensips crash
...
Core was generated by `/usr/local/opensips/sbin/opensips -P
/var/run/opensips.pid'.
Program terminated with signal 11, Segmentation fault.
[New process 8833]
#0 0xb7a0adf1 in send_auth_func (msg=0x81c113c, s1=0x81bcd34,
s2=0x81bcd48) at aaa_radius.c:369
369 for(; (vp = rc_avpair_get(vp, attr-value, 0)); vp =
vp-next)
(gdb) bt
#0 0xb7a0adf1 in send_auth_func (msg=0x81c113c, s1=0x81bcd34,
s2=0x81bcd48) at aaa_radius.c:369
#1 0x08056111 in do_action (a=0x81b7404, msg=0x81c113c) at
action.c:967
#2 0x08054f9e in run_action_list (a=0x81b5e14, msg=0x81c113c) at
action.c:139
#3 0x08057f97 in do_action (a=0x81b7680, msg=0x81c113c) at
action.c:706
#4 0x08054f9e in run_action_list (a=0x81b5938, msg=0x81c113c) at
action.c:139
#5 0x08057946 in do_action (a=0x81aa660, msg=0x81c113c) at
action.c:119
#6 0x08054f9e in run_action_list (a=0x81aa660, msg=0x81c113c) at
action.c:139
#7 0x08057f97 in do_action (a=0x81aa758, msg=0x81c113c) at
action.c:706
#8 0x08054f9e in run_action_list (a=0x81aa758, msg=0x81c113c) at
action.c:139
#9 0x08057f97 in do_action (a=0x81aaff4, msg=0x81c113c) at
action.c:706 #10 0x08054f9e in run_action_list (a=0x81aaff4,
msg=0x81c113c) at action.c:139
#11 0x08057f97 in do_action (a=0x81ac2d8, msg=0x81c113c) at
action.c:706
#12 0x08054f9e in run_action_list (a=0x81a9f24, msg=0x81c113c) at
action.c:139
#13 0x08057946 in do_action (a=0x81b428c, msg=0x81c113c) at
action.c:119
#14 0x08054f9e in run_action_list (a=0x81b1ab0, msg=0x81c113c) at
action.c:139
#15 0x08057946 in do_action (a=0x81b1308, msg=0x81c113c) at
action.c:119
#16 0x08054f9e in run_action_list (a=0x81b1308, msg=0x81c113c) at
action.c:139
#17 0x08057f97 in do_action (a=0x81b14cc, msg=0x81c113c) at
action.c:706
#18 0x08054f9e in run_action_list (a=0x81b0a70, msg=0x81c113c) at
action.c:139
#19 0x08057946 in do_action (a=0x81b078c, msg=0x81c113c) at
action.c:119 #20 0x08054f9e in run_action_list (a=0x81ad9e0,
msg=0x81c113c) at action.c:139
#21 0x08057946 in do_action (a=0x81ad50c, msg=0x81c113c) at
action.c:119
#22 0x08054f9e in run_action_list (a=0x81aca9c, msg=0x81c113c) at
action.c:139
#23 0x08057946 in do_action (a=0x81a9cb4, msg=0x81c113c) at
action.c:119
#24 0x08054f9e in run_action_list (a=0x81a6c50, msg=0x81c113c) at
action.c:139
#25 0x08057f97 in do_action (a=0x81a9d8c, msg=0x81c113c) at
action.c:706
#26 0x08054f9e in run_action_list (a=0x81a47e0, msg=0x81c113c) at
action.c:139
#27 0x080590bf in run_top_route (a=0x81a47e0, msg=0x81c113c) at
action.c:119
#28 0x08098b9c in receive_msg (
buf=0x8178200 INVITE sip:4483...@213.170.75.90:5060
SIP/2.0\r\nVia: SIP/2.0/UDP
213.170.75.90:5050;branch=z9hG4bK6912c413;rport\r\nMax
Re: [OpenSIPS-Users] ACC_RADIUS makes opensips crash
Hello Denis, I think the problem in you case is that the radius dictionary does not contain an entry for SIP-AVP, and that is why attr is null, causing the crash. I added a fix on the trunk and i also attached the patch to this email in case you don't use the trunk version. Please let me know if there are any other issues. Regards, Irina Stanescu On Thu, Jul 15, 2010 at 3:29 PM, Denis Putyato denis7...@mail.ru wrote: Bogdan, i made another call which makes opensips crash ... Core was generated by `/usr/local/opensips/sbin/opensips -P /var/run/opensips.pid'. Program terminated with signal 11, Segmentation fault. [New process 8833] #0 0xb7a0adf1 in send_auth_func (msg=0x81c113c, s1=0x81bcd34, s2=0x81bcd48) at aaa_radius.c:369 369 for(; (vp = rc_avpair_get(vp, attr-value, 0)); vp = vp-next) (gdb) bt #0 0xb7a0adf1 in send_auth_func (msg=0x81c113c, s1=0x81bcd34, s2=0x81bcd48) at aaa_radius.c:369 #1 0x08056111 in do_action (a=0x81b7404, msg=0x81c113c) at action.c:967 #2 0x08054f9e in run_action_list (a=0x81b5e14, msg=0x81c113c) at action.c:139 #3 0x08057f97 in do_action (a=0x81b7680, msg=0x81c113c) at action.c:706 #4 0x08054f9e in run_action_list (a=0x81b5938, msg=0x81c113c) at action.c:139 #5 0x08057946 in do_action (a=0x81aa660, msg=0x81c113c) at action.c:119 #6 0x08054f9e in run_action_list (a=0x81aa660, msg=0x81c113c) at action.c:139 #7 0x08057f97 in do_action (a=0x81aa758, msg=0x81c113c) at action.c:706 #8 0x08054f9e in run_action_list (a=0x81aa758, msg=0x81c113c) at action.c:139 #9 0x08057f97 in do_action (a=0x81aaff4, msg=0x81c113c) at action.c:706 #10 0x08054f9e in run_action_list (a=0x81aaff4, msg=0x81c113c) at action.c:139 #11 0x08057f97 in do_action (a=0x81ac2d8, msg=0x81c113c) at action.c:706 #12 0x08054f9e in run_action_list (a=0x81a9f24, msg=0x81c113c) at action.c:139 #13 0x08057946 in do_action (a=0x81b428c, msg=0x81c113c) at action.c:119 #14 0x08054f9e in run_action_list (a=0x81b1ab0, msg=0x81c113c) at action.c:139 #15 0x08057946 in do_action (a=0x81b1308, msg=0x81c113c) at action.c:119 #16 0x08054f9e in run_action_list (a=0x81b1308, msg=0x81c113c) at action.c:139 #17 0x08057f97 in do_action (a=0x81b14cc, msg=0x81c113c) at action.c:706 #18 0x08054f9e in run_action_list (a=0x81b0a70, msg=0x81c113c) at action.c:139 #19 0x08057946 in do_action (a=0x81b078c, msg=0x81c113c) at action.c:119 #20 0x08054f9e in run_action_list (a=0x81ad9e0, msg=0x81c113c) at action.c:139 #21 0x08057946 in do_action (a=0x81ad50c, msg=0x81c113c) at action.c:119 #22 0x08054f9e in run_action_list (a=0x81aca9c, msg=0x81c113c) at action.c:139 #23 0x08057946 in do_action (a=0x81a9cb4, msg=0x81c113c) at action.c:119 #24 0x08054f9e in run_action_list (a=0x81a6c50, msg=0x81c113c) at action.c:139 #25 0x08057f97 in do_action (a=0x81a9d8c, msg=0x81c113c) at action.c:706 #26 0x08054f9e in run_action_list (a=0x81a47e0, msg=0x81c113c) at action.c:139 #27 0x080590bf in run_top_route (a=0x81a47e0, msg=0x81c113c) at action.c:119 #28 0x08098b9c in receive_msg ( buf=0x8178200 INVITE sip:4483...@213.170.75.90:5060 SIP/2.0\r\nVia: SIP/2.0/UDP 213.170.75.90:5050;branch=z9hG4bK6912c413;rport\r\nMax-Forwards: 70\r\nFrom: \3364079\ sip:3364...@213.170.75.90:5050;tag=as477593c3\r\nTo: ..., len=826, rcv_info=0xbfeaed48) at receive.c:162 #29 0x080da834 in udp_rcv_loop () at udp_server.c:492 #30 0x0806ee80 in main (argc=3, argv=0xbfeaeee4) at main.c:818 (gdb) print vp $1 = (VALUE_PAIR *) 0x854c8f8 (gdb) print attr $2 = (DICT_ATTR *) 0x0 (gdb) -Original Message- From: users-boun...@lists.opensips.org [mailto:users-boun...@lists.opensips.org] On Behalf Of Bogdan-Andrei Iancu Sent: Thursday, July 15, 2010 3:48 PM To: OpenSIPS users mailling list Subject: Re: [OpenSIPS-Users] ACC_RADIUS makes opensips crash Hi Denis, That's perfect - thank you. Could you print in GDB the following values : vp , attr. Regards, Bogdan Denis Putyato wrote: Hello, Bogdan Is this information you asked? gdb /usr/local/opensips/sbin/opensips /core GNU gdb 6.8-debian Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as i486-linux-gnu... warning: Can't read pathname for load map: Input/output error. ... ... Core was generated by `/usr/local/opensips/sbin/opensips -P /var/run/opensips.pid'. Program terminated with signal 11, Segmentation fault. [New process 24328] #0 0xb79b7df1 in send_auth_func (msg=0x81c0fd4, s1=0x81bcbcc, s2=0x81bcbe0) at aaa_radius.c:369 369 for(; (vp = rc_avpair_get(vp, attr-value, 0)); vp = vp-next) (gdb) bt #0 0xb79b7df1 in send_auth_func (msg=0x81c0fd4, s1=0x81bcbcc, s2=0x81bcbe0) at aaa_radius.c:369 #1 0x08056111 in do_action
Re: [OpenSIPS-Users] Issue with permission module in opensip 1.6
Hi Jai,
As you suggested, i added the id of the entry to the debug info for
ignored entries .
Also, i committed a fix for the other problem you had with
check_source_address. Please update from SVN and let me know if you find
any other issues.
Regards,
Irina Stanescu
Jai Rangi wrote:
Excellent, I owe you one.
As always users always want more and more ;)
I got this in the logs when I try to
Dec 10 13:55:02 [11176] DBG:permissions:reload_address_table: invalid
ip field in address table, ignoring entry 0
Dec 10 13:55:02 [11176] DBG:permissions:reload_address_table: invalid
ip field in address table, ignoring entry 1
Here ID or IPAddress will be more useful for debugging purpose.
Here is the trace for the failing call form same IP.
Dec 10 14:03:09 [11772] DBG:core:parse_via: end of header reached, state=5
Dec 10 14:03:09 [11772] DBG:core:parse_headers: via found, flags=200
Dec 10 14:03:09 [11772] DBG:core:get_hdr_field: content_length=235
Dec 10 14:03:09 [11772] DBG:core:get_hdr_field: found end of header
Dec 10 14:03:09 [11772] DBG:rr:find_first_route: No Route headers found
Dec 10 14:03:09 [11772] DBG:rr:loose_route: There is no Route HF
source ip is 65.211.120.237 and protocol is udp avp is null
Dec 10 14:03:09 [11772] DBG:permissions:check_src_addr_3: Looking for
: 0, 65.211.120.237, 5060, 1 in tables
Dec 10 14:03:09 [11772] DBG:permissions:hash_match: no match in the
hash table
Dec 10 14:03:09 [11772] DBG:permissions:match_subnet_table: subnet
table is empty
Monitor Request not from trusted source from
sip:+19496794...@199.173.94.144:5060;user=phone to
sip:+19493334...@209.216.2.213:5060;user=phone;transport=UDP from IP
65.211.120.237 Dec 10 14:03:09 [11772] DBG:core:parse_headers:
flags=
Dec 10 14:03:09 [11772] DBG:core:parse_headers: flags=
Dec 10 14:03:09 [11772] DBG:core:check_ip_address: params
65.211.120.237, 65.211.120.237, 0
Dec 10 14:03:09 [11772] DBG:core:destroy_avp_list: destroying list (nil)
Dec 10 14:03:09 [11772] DBG:core:receive_msg: cleaning up
Dec 10 14:03:09 [11771] DBG:core:parse_msg: SIP Request:
Dump from address cache
../../sbin/opensipsctl fifo address_dump | grep 65.211.120.237
12 65.211.120.237,0, 0, 0, ^sip:.*$, NULL
Code in cfg file
xlog( source ip is $si and protocol is $proto avp is $avp(i:9));
if (check_source_address(0,$avp(i:9))) {
Same Call from other IP works juts IP
Dec 10 14:08:16 [11776] DBG:rr:loose_route: There is no Route HF
source ip is 65.217.40.210 and protocol is udp avp is null
Dec 10 14:08:16 [11776] DBG:permissions:check_src_addr_3: Looking for
: 0, 65.217.40.210, 5060, 1 in tables
Dec 10 14:08:16 [11776] DBG:permissions:hash_match: match found in the
hash table
../../sbin/opensipsctl fifo address_dump | grep 65.217.40.210
9 65.217.40.210,0, 0, 0, ^sip:.*$, NULL
Best,
-Jai
On Thu, Dec 10, 2009 at 8:19 AM, Irina Stanescu
istane...@opensips.org mailto:istane...@opensips.org wrote:
Hi Jai,
I modified the permissions module so that now any invalid db entry
from
the address table is skipped.
I committed the change on trunk and also on the 1.6 branch.
About the other issue you have found, what does the log say?
Regards,
Irina Stanescu
Jai Rangi wrote:
Bogda,
Wow that was quick. Thank you,
I found one more issue,
I have this entry in address table
944 0 65.211.120.237 32 0 any ^sip:.*$
/NULL/ 0 some
descriptiond
Here is a check in my route block
if (check_source_address(0,$avp(i:9))) {
t_rely();
} else {
xlog(Monitor Request not from trusted source from $fu to $ru from
IP $si );
sl_send_reply(403, Forbidden, we dont trust you);
}
../../sbin/opensipsctl fifo address_dump | grep 65.211.120.237
12 65.211.120.237,0, 0, 0, ^sip:.*$, NULL
I always get 403.
Is there a limit in address table.
-Jai
On Thu, Dec 10, 2009 at 12:24 AM, Bogdan-Andrei Iancu
bog...@voice-system.ro mailto:bog...@voice-system.ro
mailto:bog...@voice-system.ro mailto:bog...@voice-system.ro
wrote:
Hi Jai,
I think you are correct - the permission table should also
be more
permissive when comes to the errors and skip bogus entries.
I will ask
the maintainer (Irina) to fix this problem.
Thanks for the report,
Bogdan
Jai Rangi wrote:
Not sure if this this the right place for this post. May
be I should
post it on developers mailing list. Please suggest.
Just installed opensip1.6 with Mysql, drouting and permissions
module.
Did not take long to get it configure and get it going.
Documentations
Re: [OpenSIPS-Users] Issue with permission module in opensip 1.6
Hi Jai,
I modified the permissions module so that now any invalid db entry from
the address table is skipped.
I committed the change on trunk and also on the 1.6 branch.
About the other issue you have found, what does the log say?
Regards,
Irina Stanescu
Jai Rangi wrote:
Bogda,
Wow that was quick. Thank you,
I found one more issue,
I have this entry in address table
944 0 65.211.120.237 32 0 any ^sip:.*$/NULL/
0 some
descriptiond
Here is a check in my route block
if (check_source_address(0,$avp(i:9))) {
t_rely();
} else {
xlog(Monitor Request not from trusted source from $fu to $ru from
IP $si );
sl_send_reply(403, Forbidden, we dont trust you);
}
../../sbin/opensipsctl fifo address_dump | grep 65.211.120.237
12 65.211.120.237,0, 0, 0, ^sip:.*$, NULL
I always get 403.
Is there a limit in address table.
-Jai
On Thu, Dec 10, 2009 at 12:24 AM, Bogdan-Andrei Iancu
bog...@voice-system.ro mailto:bog...@voice-system.ro wrote:
Hi Jai,
I think you are correct - the permission table should also be more
permissive when comes to the errors and skip bogus entries. I will ask
the maintainer (Irina) to fix this problem.
Thanks for the report,
Bogdan
Jai Rangi wrote:
Not sure if this this the right place for this post. May be I should
post it on developers mailing list. Please suggest.
Just installed opensip1.6 with Mysql, drouting and permissions
module.
Did not take long to get it configure and get it going.
Documentations
is wonderful.
While testing I noticed that,
1. If there is any invalid entry in dr_routing tables, and I reload
the dr_routing it spit the error for the mistyped/wrong entry and
loads rest of the valid entries. Same thing with startup.
Opensip will
start up just fine even if there are some invalid rules in the table
and throws the error with ruleid.
2. On the other hand address table does not work that way. If
there is
any space (Typo) in the IP address, opensip wont start and wont
reload
the address table.
I have to put the valid IP address, there is not option for dynamic
domain names. (For people who does not have static IP). Not only
that
it does not even tell which IP has a problem that makes it even
harder
to debug when you have thousands of IPs in the trusted tables.
I was wondering if there is a work around for this. I would like
opensip to startup (or successful address_reload) with all the valid
entries and throw an error for invalid entries. Also having the
ability to add an domain would be nice.
Any thoughts??
-Jai
___
Users mailing list
Users@lists.opensips.org mailto:Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
--
Bogdan-Andrei Iancu
www.voice-system.ro http://www.voice-system.ro
___
Users mailing list
Users@lists.opensips.org mailto:Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Help with group radius errors please
Hi Brian,
When the group_radius module was integrated into group, a debug
print message accidentally became an error print message .
So your hunch was correct, the Failure was actually the result for the
query, not an actual error.
I committed the fix on trunk and also the 1.6 branch. Please update and
let me know if there are any other problems.
Regards,
Irina Stanescu
opensipsl...@encambio.com wrote:
Hello List,
On tues., dec 08, 2009, opensipsl...@encambio.com wrote:
In my config file I have (a few times):
# check if user is suspended
if (aaa_is_user_in(From, suspended)) {
send_reply(403, Forbidden);
exit;
}
...and I see in the log:
Dec 08 23:03:47 name.host.tld error opensips[14400]:
ERROR:group:aaa_is_user_in: Failure
I'm using:
Radiusclient-ng 0.5.6
Freeradius 2.1.3
OpenSIPS 1.6.0 with TLS
...on Solaris 11 x86 (nv-b91).
I'm trying to migrate from 1.3.X to 1.6.0, but don't see what I'm
doing wrong. Any ideas?
Can it be that 'ERROR' and 'Failure' in the log file describe the
result of the aaa_is_user_in query instead of its exit status? I
can't imagine it, but maybe the module writer decided that this
function reports errors when it simply finds no user in the group?
Thanks,
Brian
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] OpenSIPS with FreeRadius
Hi Saeed, Did you load the aaa_radius module? Regards, Irina Stanescu On Wed, Nov 25, 2009 at 1:37 PM, Saeed Akhtar saeedakhtar@gmail.comwrote: hi all, i'm trying to connect OpenSIPS with FreeRadius on Ubuntu Server 9.04. I've installed radius client and free radius server and then opensips. and I've following error lines when i run opensips. DBG:core:find_*mod_*export: aaa_*bind_*api in module aaa_radius not found ERROR:core:aaa_prot: aaa_radius has no bind api function ERROR:acc:init*acc*aaa: AAA protocol bind failure ERROR:acc:mod_init:failed to init radius ERROR:core:init_mod: failed to initialize module acc ERROR:core:main: error while initializeing modules Can someone please help me to resolve this issue Regards, Saeed Akhtar ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] OpenSIPS with FreeRadius
You have to load the aaa_radius module because it provides an implementation for the aaa api used by several other modules. You did not find the aaa_radius.so because the aaa_radius module is not compiled by default. You have to compile it yourself ( using make modules modules=modules/aaa_radius ). Regards, Irina Stanescu On Wed, Nov 25, 2009 at 2:19 PM, Saeed Akhtar saeedakhtar@gmail.comwrote: Hi, Thanks for your reply. First time I tried to load aaa_radius module. I used following command: loadmodule aaa_radius.so and it gave me error: ERROR:core:yyparse: module 'aaa_radius.so' not found in '/usr/local/lib/opensips/modules/' So i thought that may be aaa_radius module is not exactly a module to load seperatly in opensips. because i couldn't find aaa_radius.so file in my modules folder. Now i think i've done some terribly wrong in installing OpenSIPS with radius access. Can you please help me out to correct it. Regards, Saeed Akhtar On Wed, Nov 25, 2009 at 5:11 PM, Irina Stanescu ironmi...@gmail.comwrote: Hi Saeed, Did you load the aaa_radius module? Regards, Irina Stanescu On Wed, Nov 25, 2009 at 1:37 PM, Saeed Akhtar saeedakhtar@gmail.comwrote: hi all, i'm trying to connect OpenSIPS with FreeRadius on Ubuntu Server 9.04. I've installed radius client and free radius server and then opensips. and I've following error lines when i run opensips. DBG:core:find_*mod_*export: aaa_*bind_*api in module aaa_radius not found ERROR:core:aaa_prot: aaa_radius has no bind api function ERROR:acc:init*acc*aaa: AAA protocol bind failure ERROR:acc:mod_init:failed to init radius ERROR:core:init_mod: failed to initialize module acc ERROR:core:main: error while initializeing modules Can someone please help me to resolve this issue Regards, Saeed Akhtar ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] OpenSIPS with FreeRadius
I recommend you to read the documentation of the auth_aaa module
http://www.opensips.org/html/docs/modules/devel/auth_aaa.html because you
are not using the aaa_www_authorize function correctly (the realm parameter
is usually the domain of the host the server is running on).
To find the cause of the seg fault, i need to have a full backtrace from the
core dump.
Regards,
Irina Stanescu
On Wed, Nov 25, 2009 at 3:45 PM, Saeed Akhtar saeedakhtar@gmail.comwrote:
Thank you. Now aaa_radius module is there and I've added it in
configuration file. But now I have a new error. It says:
Nov 25 17:41:06 [30313] ERROR:aaa_radius:mod_init: radius configuration
file not set
Nov 25 17:41:06 [30313] ERROR:core:init_mod: failed to initialize module
aaa_radius
Nov 25 17:41:06 [30313] ERROR:core:main: error while initializing modules
So I added:
modparam(aaa_radius, radius_config,
/etc/radiusclient-ng/radiusclient.conf)
(ref: http://www.opensips.org/Resources/DocsTutRadius)
and it removed the error.
But another problem now:
I added
if (!aaa_www_authorize(opensips.org)) {
www_challenge(opensips.org, 1);
};
in my configuration files. Then I ran freeradius and opensips and used
xlite sip phone to connect to my test server.
I can see my freeradius that it authenticated my request but my opensips
just closed with this messages in end:
Nov 25 18:36:43 [6494] DBG:core:get_hdr_field: to body [testdig
sip:test...@192.168.2.18 sip%3atest...@192.168.2.18
]
Nov 25 18:36:43 [6494] DBG:uri:has_totag: no totag
Nov 25 18:36:43 [6494] DBG:core:parse_headers: flags=4000
Nov 25 18:36:43 [6494] DBG:core:get_hdr_field: cseq CSeq: 1 REGISTER
Nov 25 18:36:43 [6494] DBG:core:get_hdr_field: content_length=0
Nov 25 18:36:43 [6494] DBG:core:get_hdr_field: found end of header
Nov 25 18:36:43 [6494] DBG:auth:pre_auth: credentials with given realm not
found
Nov 25 18:36:43 [6494] DBG:auth:reserve_nonce_index: second= 22,
sec_monit= -1, index= 6
Nov 25 18:36:43 [6494] DBG:auth:build_auth_hf: nonce index= 6
Nov 25 18:36:43 [6494] DBG:auth:build_auth_hf: 'WWW-Authenticate: Digest
realm=opensips.org,
nonce=4b0d33090006867ba8b2cfc8135a697ac20566d6e7e6, qop=auth
'
Nov 25 18:36:43 [6494] DBG:core:parse_headers: flags=
Nov 25 18:36:43 [6494] DBG:core:check_ip_address: params 192.168.2.12,
192.168.2.12, 0
Nov 25 18:36:43 [6494] DBG:core:destroy_avp_list: destroying list (nil)
Nov 25 18:36:43 [6494] DBG:core:receive_msg: cleaning up
Nov 25 18:36:43 [6494] DBG:core:parse_msg: SIP Request:
Nov 25 18:36:43 [6494] DBG:core:parse_msg: method: REGISTER
Nov 25 18:36:43 [6494] DBG:core:parse_msg: uri: sip:192.168.2.18
Nov 25 18:36:43 [6494] DBG:core:parse_msg: version: SIP/2.0
Nov 25 18:36:43 [6494] DBG:core:parse_headers: flags=2
Nov 25 18:36:43 [6494] DBG:core:parse_via_param: found param type 232,
branch = z9hG4bK-d8754z-08647909f42cfa04-1---d8754z-; state=6
Nov 25 18:36:43 [6494] DBG:core:parse_via_param: found param type 235,
rport = n/a; state=17
Nov 25 18:36:43 [6494] DBG:core:parse_via: end of header reached, state=5
Nov 25 18:36:43 [6494] DBG:core:parse_headers: via found, flags=2
Nov 25 18:36:43 [6494] DBG:core:parse_headers: this is the first via
Nov 25 18:36:43 [6494] DBG:core:receive_msg: After parse_msg...
Nov 25 18:36:43 [6494] DBG:core:receive_msg: preparing to run routing
scripts...
Nov 25 18:36:43 [6494] DBG:core:parse_headers: flags=100
Nov 25 18:36:43 [6494] DBG:maxfwd:is_maxfwd_present: value = 70
Nov 25 18:36:43 [6494] DBG:core:parse_headers: flags=8
Nov 25 18:36:43 [6494] DBG:core:parse_to: end of header reached, state=10
Nov 25 18:36:43 [6494] DBG:core:parse_to: display={testdig}, ruri={
sip:test...@192.168.2.18 sip%3atest...@192.168.2.18}
Nov 25 18:36:43 [6494] DBG:core:get_hdr_field: To [37]; uri=[
sip:test...@192.168.2.18 sip%3atest...@192.168.2.18]
Nov 25 18:36:43 [6494] DBG:core:get_hdr_field: to body [testdig
sip:test...@192.168.2.18 sip%3atest...@192.168.2.18
]
Nov 25 18:36:43 [6494] DBG:uri:has_totag: no totag
Nov 25 18:36:43 [6494] DBG:core:parse_headers: flags=4000
Nov 25 18:36:43 [6494] DBG:core:get_hdr_field: cseq CSeq: 2 REGISTER
Nov 25 18:36:43 [6494] DBG:auth:check_nonce: comparing
[4b0d33090006867ba8b2cfc8135a697ac20566d6e7e6] and
[4b0d33090006867ba8b2cfc8135a697ac20566d6e7e6]
Segmentation fault (core dumped)
1 thing i didn't include in my freeradius users file is:
SIP-AVP = sems:ann-account_locked,
and i didn't include following lines in opensips config file too.
if (!aaa_proxy_authorize()) { # Realm and URI user will be
auto-generated
proxy_challenge(, 1);
};
if (!aaa_proxy_authorize($pd, $pU)) { # Realm and URI user are taken
proxy_challenge($pd, 1); # from P-Preferred-Identity
};
because it generated some error. (I can't exactly remember it now).
Please someone tell me what i did wrong.
Regards,
Saeed Akhtar
On Wed, Nov 25, 2009 at 5:24 PM, Irina Stanescu ironmi...@gmail.comwrote
Re: [OpenSIPS-Users] AAA sets with radius_send_acct()
Hi Jeff, Actually, you are getting that error because the brackets are not properly closed. You missed one ')' for sets1. I see nothing wrong other than that. The radius_send_acct function makes acc_aaa_request used with aaa_extra some how redundant. Regards, Irina Stanescu On Wed, Oct 28, 2009 at 10:24 AM, Alex Massover a...@jajah.com wrote: Hi! You're mixing 2 different functions from 2 different modules: aaa_radius::radius_send_acct() which takes parameters from modparam(aaa_radius,sets and acc::acc_aaa_request() which takes parameters from modparam(acc, aaa_extra, Probably you need to use acc_aaa_request() (and not radius_send_acct()) inside a local route and it will take a parameters from aaa_extra. -- Best Regards, Alex Massover VoIP RD TL Jajah Inc. -Original Message- From: users-boun...@lists.opensips.org [mailto:users- boun...@lists.opensips.org] On Behalf Of Jeff Pyle Sent: Wednesday, October 28, 2009 12:05 AM To: OpenSIPS users mailling list Subject: [OpenSIPS-Users] AAA sets with radius_send_acct() Hello, I am attempting to make use of radius_send_acct() inside local_route to account for BYEs generated by the dialog module. I have a question about the set it references. The documentation does a good job explaining how to create a set. It doesn't say whether radius_send_acct() uses the existing aaa_extra module parameter definitions. I already have the following defined: modparam(acc, aaa_extra, User-Name=$Au; \ Calling-Station-Id=$fu; \ Called-Station-Id=$tu; \ Sip-Translated-Request-URI=$ru; \ Sip-RPid=$avp(s:rpid); \ Source-IP=$si; \ Source-Port=$sp; \ SIP-Proxy-IP=$Ri; \ Canonical-URI=$avp(s:can_uri); \ Billing-Party=$avp(s:billing_party); \ Divert-Reason=$avp(s:divert_reason); \ User-Agent=$hdr(user-agent); \ Contact=$hdr(contact); \ Event=$hdr(event); \ ENUM-TLD=$avp(s:enum_tld)) Would I need to reference this all again for the new set to be used with radius_send_acct()? Or, do I create a mostly empty set and all this aaa_extra will be there already? - Jeff ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users This mail was received via Mail-SeCure System. This mail was sent via Mail-SeCure System. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] aaa_radius and ipaddr type
Hi Alex, The type for the Login-IP-Host attribute is ipaddr, which means 4 octets in network byte order. I hope this helps. Regards, Irina Stanescu On Sun, Oct 25, 2009 at 12:21 PM, Alex Massover a...@jajah.com wrote: Hi! I wonder is it possible to send IP address with radius_send_auth(set1,set2). For example I want to send Login-IP-Host inside set1. Login-IP-Host is ipaddr type, configured in the dictionary like this: ATTRIBUTE Login-IP-Host 14 ipaddr Let’s say I have the desired value in $avp(s:ip) like a string. If I put inside set1 like this: Login-IP-Host=$avp(s:ip), I get a wrong value in the radius message. If I convert it to int I also get a wrong value. Is there a way to correctly pass ipaddr radius attribute with aaa_radius? -- Best Regards, Alex Massover VoIP RD TL Jajah Inc. This mail was sent via Mail-SeCure System. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] check_address() causes crash
Hello Jeff,
I managed to get a core dump only when the second parameter of the
check_address is empty.
I added a check for that (rev. 6272), so it shouldn't crash anymore.
Also, you can use $rd as the second parameter only if the domain name is
an ip address, otherwise it won't work.
Thanks!
Irina Stanescu
On Wed, Oct 14, 2009 at 10:43 PM, Jeff Pyle jp...@fidelityvoice.com wrote:
Hello,
I have the following:
if (check_address(10, $rd, 0, $proto)) {
setflag(7);
}
In many cases, and I can't seem to determine what those cases are, this
causes the system to run very slowly for about 30 seconds, and then
Opensips
exits.
I need to know if the source or destination IP addresses fall into one of
the blocks included in group 10 of the address table.
check_source_address() works great with Irina's fix; this is the
destination
half. It tanks the system.
On the doc page it says:
Transport protocol is either ANY or any valid transport protocol value:
UDP, TCP, TLS, and SCTP.
Is case relevant? Is lowercase just as valid as the uppercase examples?
- Jeff
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] check_source_address() failures
Hi Jeff, There was a problem with the check_address_source function. It has been fixed starting with rev 6262. Please update and let me know if you find any other problems. Thank you! Irina Stanescu On Wed, Oct 14, 2009 at 1:19 AM, Brad Bendy brad.be...@benganetworks.comwrote: I know on mine I had to set port to 5060 (5068 in your case) or whatever you want, otherwise it would not work for me. Im sure you can use a * for any port number as well, but I have not tried that. Jeff Pyle wrote: Hello, A request arrives at Opensips 1.6 from address 175.88.228.19:5068 on UDP. The address table contains: ++-+--+--+--+---+--+--+ | id | grp | ip | mask | port | proto | pattern | context_info | ++-+--+--+--+---+--+--+ | 38 | 10 | 175.88.228.0 | 24 |0 | udp | ^sip:.*$ | src_test | ++-+--+--+--+---+--+--+ I would expect if(check_source_address(10)) to succeed, yet it does not. Any thoughts? I'm using check_source_address() elsewhere in my config to emulate the old allow_trusted, and that works just fine. Thanks, Jeff ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] permissions module since [6150]
Hello Konstantin,
Try:
if (!check_source_address()) {
if (!proxy_authorize(, subscriber)) {
}
}
Don't forget to update your database to use the new schema for the address
table.
More information:
http://www.opensips.org/html/docs/modules/devel/permissions.html
Irina Stanescu
On Tue, Sep 22, 2009 at 2:20 AM, Konstantin Cherkasov c...@imarto.netwrote:
Hi All!
http://opensips.svn.sourceforge.net/viewvc/opensips?view=revrevision=6150
Since revision 6150 in permissions module there is not allow_trusted()
function.
How can I change my config to save functionality of allow_trusted?
if(!allow_trusted()) {
if (!proxy_authorize(, subscriber)) {
--
Konstantin Cherkasov
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Access to Radius AVP's and radius_extra parameter
Hello John, On Tue, Sep 8, 2009 at 5:43 PM, John Quick john.qu...@smartvox.co.ukwrote: I have been experimenting with Radius authentication on an older version of OpenSIPS (actually my test unit has OpenSER v1.3.2, but I don't think it will be much different to 1.5.x for this). I want to be able to read several values returned from the Radius server. Is this what the modparam radius_extra is for? Or is it to allow extra values to be passed to the Radius server for accounting? The radius_extra parameter only allows you to send extra values to the Radius server, to be logged for accounting. You cannot fetch any value from an accounting reply. My Radius server is configured to return three AVP's like this: Reply-Message = Opensips rules!, Sip-RPId = sip:123...@mysip.com sip%3a123...@mysip.com, SIP-AVP = #14:012...@mynumber.biz 14%3a012...@mynumber.biz Using Wireshark, I can see that the values are all being sent back to the OpenSIPS server, but I have only had success in accessing the value in SIP-AVP. Is there a trick to this or are those other values unavailable in the OpenSIPS script? Is the functionality I'm looking for only available in the new AAA modules? The functionality you are looking for is provided by the new AAA_RADIUS module. Using the functions exported by this module you can yield directly from the script any type of Radius query and also inspect replies for certain attributes. For more information, check out the tutorialhttp://www.opensips.org/Resources/DocsTutRadiusand the documentationhttp://www.opensips.org/html/docs/modules/devel/aaa_radius.html . If you have any other uncertainties, please let me know. Any other suggestions are welcome as well. John Quick Smartvox Limited Web: www.smartvox.co.uk Smartvox is a limited company, registered in England and Wales, number 5005263. Registered office: Spectrum House, Dunstable Road, Redbourn, St.Albans, Herts AL3 7PR ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users Best regards, Irina Stanescu ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] [NEW] AAA API and Radius enhancement
Hi, A new tutorial is available to explain how to install and configure RADIUS server and client and how to use the ported modules and the new AAA_RADIUS module. The tutorial can be found herehttp://www.opensips.org/Resources/DocsTutRadius . I hope you will find it useful. Regards, Irina Stanescu Irina Stanescu wrote: The following new features have been added to OpenSIPS: 1. Generic AAA API The AAA API represents a set of generic callbacks and structures needed for AAA operations. The purpose of the API is to move all the AAA specific (Radius) implementations in a single module. The AAA API will hide the implementations details from the modules that want to use AAA support, making it easier to use. Currently, only one module implements the AAA API - aaa_radius, offering Radius support. Because both standardized AAA protocols, Radius and Diameter, use lists of attribute-value pairs, the API is designed based on attribute-value pairs, as well. One of the advantages of using the API is that any module that wishes to do AAA operations does not depend on a certain protocol implementation, therefore it is not linked with a certain AAA library. Hence, any module that was previously using Radius, for example, is not linked with the radiusclient library any more, which is obviously an advantage, especially when the module uses more than one API (DB, AAA, etc). The AAA protocol to be used by a module is specified from the script using a so called aaa_url that encodes the protocol used and other useful information depending on the protocol. The way the generic AAA API is used makes it very similar to the generic database API. 2. The ability to make custom Radius requests directly from the script This feature is very useful because of its flexibility. Basically, any type of Radius queries can be yielded directly from the script, and also, Radius replies can be inspected for certain attributes. 3. Radius implementation for the generic AAA API The handling of Radius AVP SIP-AVP (used for fetching variables from the Radius server) was integrated in this module. All SIP-AVPs are automatically and transparently handled by the module, so that this functionality is by default available for all the modules that use Radius. Due to the fact that the modules that were previously using Radius were ported to the generic AAA API, the following changes have been made: - auth_radius became auth_aaa - group_radius was merged with group - uri_radius was merged with uri ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] error regarding group
Hello Ashwini, When have you last updated your trunk version? There were a problem with db_is_user_in but it was fixed starting with revision 6034. Regards, Irina On Wed, Sep 2, 2009 at 2:24 PM, ASHWINI NAIDU ashwini.na...@gmail.comwrote: hi all, I am trying to use the db_is_user_in function for checking whether the user is in the group. but i see the following error * ERROR:group:is_user_in: Invalid parameter grp* The opensips installed is from the trunk. -- Thanking You, Ashwini BR Naidu ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] [NEW] AAA API and Radius enhancement
The following new features have been added to OpenSIPS: 1. Generic AAA API The AAA API represents a set of generic callbacks and structures needed for AAA operations. The purpose of the API is to move all the AAA specific (Radius) implementations in a single module. The AAA API will hide the implementations details from the modules that want to use AAA support, making it easier to use. Currently, only one module implements the AAA API - aaa_radius, offering Radius support. Because both standardized AAA protocols, Radius and Diameter, use lists of attribute-value pairs, the API is designed based on attribute-value pairs, as well. One of the advantages of using the API is that any module that wishes to do AAA operations does not depend on a certain protocol implementation, therefore it is not linked with a certain AAA library. Hence, any module that was previously using Radius, for example, is not linked with the radiusclient library any more, which is obviously an advantage, especially when the module uses more than one API (DB, AAA, etc). The AAA protocol to be used by a module is specified from the script using a so called aaa_url that encodes the protocol used and other useful information depending on the protocol. The way the generic AAA API is used makes it very similar to the generic database API. 2. The ability to make custom Radius requests directly from the script This feature is very useful because of its flexibility. Basically, any type of Radius queries can be yielded directly from the script, and also, Radius replies can be inspected for certain attributes. 3. Radius implementation for the generic AAA API The handling of Radius AVP SIP-AVP (used for fetching variables from the Radius server) was integrated in this module. All SIP-AVPs are automatically and transparently handled by the module, so that this functionality is by default available for all the modules that use Radius. Due to the fact that the modules that were previously using Radius were ported to the generic AAA API, the following changes have been made: - auth_radius became auth_aaa - group_radius was merged with group - uri_radius was merged with uri ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
