RE: [Users] SIP Clients Can't REGISTER

[Hamid Ali Asgari]

If you take a look at the radius debug, you will see that the radius does authenticate the user first and then ejects in the second auth.. Does it have anything to do with the Sip-Group = "suspended” entry?   Interesting point is that everything is exactly like the examples on the tutorial.   Thanks, Hamid   rad_recv: Access-Request packet from host 127.0.0.1:32900, id=196, length=185         User-Name = "[EMAIL PROTECTED]"         Digest-Attributes = 0x0a05313031         Digest-Attributes = 0x010b73686174656c2e6972         Digest-Attributes = 0x022a34343866663166663933326638303933376130343732663338373631633530366561663636613934         Digest-Attributes = 0x040f7369703a73686174656c2e6972         Digest-Attributes = 0x030a5245474953544552         Digest-Response = "7a3f00f697286dd95c5aa654a9662dea"         Service-Type = Sip-Session         Sip-Uri-User = "101"         NAS-Port = 5060         NAS-IP-Address = 127.0.0.1   Processing the authorize section of radiusd.conf modcall: entering group authorize for request 100   modcall[authorize]: module "preprocess" returns ok for request 100   modcall[authorize]: module "chap" returns noop for request 100   modcall[authorize]: module "mschap" returns noop for request 100 rlm_digest: Adding Auth-Type = DIGEST   modcall[authorize]: module "digest" returns ok for request 100     rlm_realm: Looking up realm "mydomain.com" for User-Name = "[EMAIL PROTECTED]"     rlm_realm: No such realm "mydomain.com"   modcall[authorize]: module "suffix" returns noop for request 100   rlm_eap: No EAP-Message, not doing EAP   modcall[authorize]: module "eap" returns noop for request 100     users: Matched entry DEFAULT at line 152     users: Matched entry [EMAIL PROTECTED] at line 255   modcall[authorize]: module "files" returns ok for request 100 modcall: leaving group authorize (returns ok) for request 100   rad_check_password:  Found Auth-Type Digest auth: type "digest"   Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 100     rlm_digest: Converting Digest-Attributes to something sane...         Digest-User-Name = "101"         Digest-Realm = "mydomain.com"         Digest-Nonce = "448ff1ff932f80937a0472f38761c506eaf66a94"         Digest-URI = "sip:mydomain.com"         Digest-Method = "REGISTER" A1 = 101:mydomain.com:101 A2 = REGISTER:sip:mydomain.com H(A1) = a5d8cf73217ea46c8fd8ca5da1c6a2e3 H(A2) = 27e9df2d1a7ed715c7204d1316039120 KD = a5d8cf73217ea46c8fd8ca5da1c6a2e3:448ff1ff932f80937a0472f38761c506eaf66a94:27e9df2d1a7ed715c7204d1316039120 EXPECTED 7a3f00f697286dd95c5aa654a9662dea RECEIVED 7a3f00f697286dd95c5aa654a9662dea   modcall[authenticate]: module "digest" returns ok for request 100 modcall: leaving group authenticate (returns ok) for request 100 radius_xlat:  'Authenticated' Sending Access-Accept of id 196 to 127.0.0.1 port 32900         Reply-Message = "Authenticated"         SIP-AVP += "rpid:101"         SIP-AVP += "#2:192.168.10.17" Finished request 100   ---------------------------------------------   Going to the next request Waking up in 2 seconds... rad_recv: Access-Request packet from host 127.0.0.1:32901, id=197, length=64         User-Name = "[EMAIL PROTECTED]"         Sip-Group = "suspended"         Service-Type = Group-Check         NAS-Port = 0         NAS-IP-Address = 127.0.0.1   Processing the authorize section of radiusd.conf modcall: entering group authorize for request 101   modcall[authorize]: module "preprocess" returns ok for request 101   modcall[authorize]: module "chap" returns noop for request 101   modcall[authorize]: module "mschap" returns noop for request 101   modcall[authorize]: module "digest" returns noop for request 101     rlm_realm: Looking up realm "mydomain.com" for User-Name = "[EMAIL PROTECTED]"     rlm_realm: No such realm "mydomain.com"   modcall[authorize]: module "suffix" returns noop for request 101   rlm_eap: No EAP-Message, not doing EAP   modcall[authorize]: module "eap" returns noop for request 101     users: Matched entry DEFAULT at line 152     users: Matched entry DEFAULT at line 252   modcall[authorize]: module "files" returns ok for request 101 modcall: leaving group authorize (returns ok) for request 101   rad_check_password:  Found Auth-Type Reject   rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Delaying request 101 for 1 seconds Finished request 101       From: Edson [mailto:[EMAIL PROTECTED] Sent: Thursday, June 15, 2006 4:19 PM To: 'Hamid Ali Asgari'; users@openser.org Subject: RE: [Users] SIP Clients Can't REGISTER   Take a look on the user credentials on Radius DB… Radius is rejecting the authentication, so there should be some mismatch between Your login credentials and what Radius has in its DB.   Try to run this command and see what’s the result (linux version):       radiusclient -f <conf-dir-of-radiusclient-ng>/radiusclient.conf -p 123 '[EMAIL PROTECTED]' 'Password=Guess';echo $?   It should return:       Reply-Message                    = 'Authenticated'   Edson.

_______________________________________________
Users mailing list
Users@openser.org
http://openser.org/cgi-bin/mailman/listinfo/users