Leon, mysql.so in opensips is not needed for the radius authentication.
Shared secrets for radius are correct? Anyway you should see some traffic on the radius server. Could you please test echo "Message-Authenticator = 0x00" | radclient 127.0.0.1:1812 status <shared secret> You should see then traffic on radiusd -X If yes I would start checking permissions again BR uwe Leon Li schrieb: > Hi Ashwini, > > > > I have added param for aut_radius, but no luck. L > > > > Why do I need mysql.so if the radius server will host all users credential? > > > > Regards, > > Leon > > > > *From:* ASHWINI NAIDU [mailto:ashwini.na...@gmail.com] > *Sent:* Monday, 15 June 2009 2:52 PM > *To:* Leon Li > *Cc:* Uwe Kastens; users@lists.opensips.org > *Subject:* Re: [OpenSIPS-Users] No RADIUS traffic > > > > > > On Mon, Jun 15, 2009 at 10:19 AM, ASHWINI NAIDU <ashwini.na...@gmail.com > <mailto:ashwini.na...@gmail.com>> wrote: > > hi leon, > > But i do not see your openser communicating with radiusclient. > > modparam("auth_radius", "radius_config", > "/etc/radiusclient-ng/radiusclient.conf") > > mention the path of radiusclient.conf properly. > > > > Your mysql support is also commented. > > *loadmodule "mysql.so"* > > > > > > > > > > > > On Mon, Jun 15, 2009 at 5:13 AM, Leon Li <leon...@aarnet.edu.au > <mailto:leon...@aarnet.edu.au>> wrote: > > Here it is. > > ####### Global Parameters ######### > > debug=3 > log_stderror=no > log_facility=LOG_LOCAL0 > > fork=yes > children=4 > > /* uncomment the following lines to enable debugging */ > debug=6 > fork=no > log_stderror=yes > > /* uncomment the next line to disable TCP (default on) */ > #disable_tcp=yes > > /* uncomment the next line to enable the auto temporary blacklisting of > not available destinations (default disabled) */ > #disable_dns_blacklist=no > > /* uncomment the next line to enable IPv6 lookup after IPv4 dns > lookup failures (default disabled) */ #dns_try_ipv6=yes > > /* uncomment the next line to disable the auto discovery of local > aliases > based on revers DNS on IPs (default on) */ #auto_aliases=no > > /* uncomment the following lines to enable TLS support (default off) */ > #disable_tls = no #listen = tls:your_IP:5061 #tls_verify_server = 1 > #tls_verify_client = 1 #tls_require_client_certificate = 0 #tls_method = > TLSv1 #tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem" > #tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem" > #tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem" > > listen=202.158.197.134 > port=5060 > > /* uncomment and configure the following line if you want openser to > bind on a specific interface/port/proto (default bind on all > available) */ #listen=udp:192.168.1.2:5060 <http://192.168.1.2:5060> > > > ####### Modules Section ######## > > #set module path > mpath="/usr/local/lib/openser/modules/" > > /* uncomment next line for MySQL DB support */ #loadmodule "mysql.so" > loadmodule "sl.so" > loadmodule "tm.so" > loadmodule "rr.so" > loadmodule "maxfwd.so" > loadmodule "usrloc.so" > loadmodule "registrar.so" > loadmodule "textops.so" > loadmodule "mi_fifo.so" > loadmodule "uri_db.so" > loadmodule "uri.so" > loadmodule "xlog.so" > loadmodule "acc.so" > /* uncomment next lines for MySQL based authentication support > NOTE: a DB (like mysql) module must be also loaded */ loadmodule > "auth.so" > loadmodule "auth_radius.so" > #loadmodule "auth_db.so" > /* uncomment next line for aliases support > NOTE: a DB (like mysql) module must be also loaded */ #loadmodule > "alias_db.so" > /* uncomment next line for multi-domain support > NOTE: a DB (like mysql) module must be also loaded > NOTE: be sure and enable multi-domain support in all used modules > (see "multi-module params" section ) */ #loadmodule "domain.so" > /* uncomment the next two lines for presence server support > NOTE: a DB (like mysql) module must be also loaded */ #loadmodule > "presence.so" > #loadmodule "presence_xml.so" > > > # ----------------- setting module-specific parameters --------------- > > > # ----- mi_fifo params ----- > modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo") > > > # ----- rr params ----- > # add value to ;lr param to cope with most of the UAs modparam("rr", > "enable_full_lr", 1) # do not append from tag to the RR (no need for > this script) modparam("rr", "append_fromtag", 0) > > > # ----- rr params ----- > modparam("registrar", "method_filtering", 1) > /* uncomment the next line to disable parallel forking via location */ # > modparam("registrar", "append_branches", 0) > /* uncomment the next line not to allow more than 10 contacts per AOR */ > #modparam("registrar", "max_contacts", 10) > > > # ----- uri_db params ----- > /* by default we disable the DB support in the module as we do not need > it > in this configuration */ > modparam("uri_db", "use_uri_table", 0) > modparam("uri_db", "db_url", "") > > > # ----- acc params ----- > /* what sepcial events should be accounted ? */ modparam("acc", > "early_media", 1) modparam("acc", "report_ack", 1) modparam("acc", > "report_cancels", 1) > /* by default ww do not adjust the direct of the sequential requests. > if you enable this parameter, be sure the enable "append_fromtag" > in "rr" module */ > modparam("acc", "detect_direction", 0) > /* account triggers (flags) */ > modparam("acc", "failed_transaction_flag", 3) modparam("acc", > "log_flag", 1) modparam("acc", "log_missed_flag", 2) > /* uncomment the following lines to enable DB accounting also */ > modparam("acc", "db_flag", 1) modparam("acc", "db_missed_flag", 2) > > # ----- multi-module params ----- > /* uncomment the following line if you want to enable multi-domain > support > in the modules (dafault off) */ > #modparam("alias_db|auth_db|usrloc|uri_db", "use_domain", 1) > > ####### Routing Logic ######## > > > # main request routing logic > > route{ > > if (!mf_process_maxfwd_header("10")) { > sl_send_reply("483","Too Many Hops"); > exit; > } > > if (has_totag()) { > # sequential request withing a dialog should > # take the path determined by record-routing > if (loose_route()) { > if (is_method("BYE")) { > setflag(1); # do accouting ... > setflag(3); # ... even if the > transaction fails > } > route(1); > } else { > /* uncomment the following lines if you want to > enable presence */ > ##if (is_method("SUBSCRIBE") && $rd == > "your.server.ip.address") { > ## # in-dialog subscribe requests > ## route(2); > ## exit; > ##} > if ( is_method("ACK") ) { > if ( t_check_trans() ) { > # non loose-route, but stateful > ACK; must be an ACK after a 487 or e.g. 404 from upstream server > t_relay(); > exit; > } else { > # ACK without matching > transaction ... ignore and discard.\n"); > exit; > } > } > sl_send_reply("404","Not here"); > } > exit; > } > > #initial requests > > # CANCEL processing > if (is_method("CANCEL")) > { > if (t_check_trans()) > t_relay(); > exit; > } > > t_check_trans(); > > # authenticate if from local subscriber (uncomment to enable > auth) > ##if (!(method=="REGISTER") && from_uri==myself) > ##{ > ## if (!proxy_authorize("", "subscriber")) { > ## proxy_challenge("", "0"); > ## exit; > ## } > ## if (!check_from()) { > ## sl_send_reply("403","Forbidden auth ID"); > ## exit; > ## } > ## > ## consume_credentials(); > ## # caller authenticated > ##} > > # record routing > if (!is_method("REGISTER|MESSAGE")) > record_route(); > > # account only INVITEs > if (is_method("INVITE")) { > setflag(1); # do accouting > } > if (!uri==myself) > /* replace with following line if multi-domain support is used > */ > ##if (!is_uri_host_local()) > { > append_hf("P-hint: outbound\r\n"); > # if you have some interdomain connections via TLS > ##if($rd=="tls_domain1.net <http://tls_domain1.net>") { > ## t_relay("tls:domain1.net <http://domain1.net>"); > ## exit; > ##} else if($rd=="tls_domain2.net > <http://tls_domain2.net>") { > ## t_relay("tls:domain2.net <http://domain2.net>"); > ## exit; > ##} > route(1); > } > > # requests for my domain > > /* uncomment this if you want to enable presence server > and comment the next 'if' block > NOTE: uncomment also the definition of route[2] from below > */ > ##if( is_method("PUBLISH|SUBSCRIBE")) > ## route(2); > > if (is_method("PUBLISH")) > { > sl_send_reply("503", "Service Unavailable"); > exit; > } > > > if (is_method("REGISTER")) > { > # authenticate the REGISTER requests (uncomment to > enable auth) > ##if (!www_authorize("", "subscriber")) > ##{ > ## www_challenge("", "0"); > ## exit; > ##} > ## > ##if (!check_to()) > ##{ > ## sl_send_reply("403","Forbidden auth ID"); > ## exit; > ##} > > xlog("L_INFO", "REGISTER for ($fU) $ru\n"); > if (!radius_www_authorize("")) > { > log(1, "Proxy Authentication Required > (Digest)\n"); > www_challenge("", "0"); > exit; > }; > > if (!save("location")) > sl_reply_error(); > > exit; > } > > if ($rU==NULL) { > # request with no Username in RURI > sl_send_reply("484","Address Incomplete"); > exit; > } > > # apply DB based aliases (uncomment to enable) > ##alias_db_lookup("dbaliases"); > > if (!lookup("location")) { > switch ($retcode) { > case -1: > case -3: > t_newtran(); > t_reply("404", "Not Found"); > exit; > case -2: > sl_send_reply("405", "Method Not > Allowed"); > exit; > } > } > > # when routing via usrloc, log the missed calls also > setflag(2); > > route(1); > } > > > route[1] { > # for INVITEs enable some additional helper routes > if (is_method("INVITE")) { > t_on_branch("2"); > t_on_reply("2"); > t_on_failure("1"); > } > > if (!t_relay()) { > sl_reply_error(); > }; > exit; > } > > branch_route[2] { > xlog("new branch at $ru\n"); > } > > > onreply_route[2] { > xlog("incoming reply\n"); > } > > > failure_route[1] { > if (t_was_cancelled()) { > exit; > } > > # uncomment the following lines if you want to block client > # redirect based on 3xx replies. > ##if (t_check_status("3[0-9][0-9]")) { > ##t_reply("404","Not found"); > ## exit; > ##} > > # uncomment the following lines if you want to redirect the > failed > # calls to a different new destination > ##if (t_check_status("486|408")) { > ## sethostport("192.168.2.100:5060 > <http://192.168.2.100:5060>"); > ## append_branch(); > ## # do not set the missed call flag again > ## t_relay(); > ##} > > } > > Regards, > Leon > > -----Original Message----- > From: Uwe Kastens [mailto:ki...@kiste.org <mailto:ki...@kiste.org>] > > Sent: Friday, 12 June 2009 4:51 PM > To: Leon Li > Cc: users@lists.opensips.org <mailto:users@lists.opensips.org> > Subject: Re: [OpenSIPS-Users] No RADIUS traffic > > Hi, > > This is strange. Could you post your opensips.cfg or send it to me > directly? > > BR > > Uwe > > > _______________________________________________ > Users mailing list > Users@lists.opensips.org <mailto:Users@lists.opensips.org> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > -- > Thanking You, > Ashwini BR Naidu > > > > > -- > Thanking You, > Ashwini BR Naidu > -- kiste lat: 54.322684, lon: 10.13586 _______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
