Re: [OpenSER-Users] Openser 1.2.1 with FreeRADIUS 1.1.6

Thu, 28 Jun 2007 08:43:21 -0700 

No, there is no radius request generated under this scenario.
But the problem goes away when I comment out the radius_is_user_in section.

I found another email thread on this same topic.
http://osdir.com/ml/voip.openser.user/2005-10/msg00230.html
But in my case, I dont see radius request in radiusd -X output.

-Neeraj

Bogdan-Andrei Iancu wrote:

Hi Neeraj,
that is quite odd as the "credentials received are not filled properly" is generated by the authentication API (auth module) and has nothing to do with radius_is_user_in().
when hitting radius_is_user_in(), does the process get blocked or it just go through without doing anything? Can you check with ngrep/tcpdump if any radius request is sent by radius_is_user_in()? 

regards,
bogdan

Neeraj Gupta wrote:

Thanks Bogdan.

I spent a lot of time yesterday to troubleshoot my own problem.
Its much better now. Here is the latest.
I found out that the routing script has a section which was causing all this. 

   # check if user is suspended
   if(is_method("REGISTER|INVITE|MESSAGE|OPTIONS|SUBSCRIBE"))
   {
       if (radius_is_user_in("From", "suspended")) {
           sl_send_reply("403", "Forbidden - suspended");
           exit;
       };
   };
I confirmed that is_method function works fine but when the call hits radius_is_user_in, it does not go through and I see "credentials received are not properly filled in" on openser. When I commented out this and other radius_is_user_in and re-ran, all is well. 

Any clue on whats missing here ?
I am thinking of creating a how-to doc on openser wiki after completing my tests. 

Thanks,
Neeraj
Sun Microsystems


Bogdan-Andrei Iancu wrote:

Hi Neeraj,
The "pre_auth(): credentials received are not filled properly" is generated in multiple cases, like missing username/realm/nonce, etc. Check your register request to see if it has all the required info in the auth hdr. 

Logs in debug=6 are also useful.

regards,
bogdan

Neeraj Gupta wrote:

Hi,

I switched to OpenSER 1.2.1 last week, from ser 0.9.6.
And this is first time I am trying to use FreeRADIUS 1.1.6 with OpenSER 1.2.1 I followed instructions on web based on 1.0.1 and made some changes by hand to adapt to 1.2.1 model. 
This was my reference:
www.*openser*.org/docs/*openser*-radius-1.0.x.html

I can start OpenSER, no issues but I am not able to use SiPP UA.
Openser does not respond back to UA (no incoming message in ethereal/wireshark). Openser reports that "pre_auth(): credentials received are not filled properly". I tried to comment out the avp sections in openser.cfg.. but Its not helping. Please see my logs and configs below. If someone can send me a working config file, I will be very thankful. 
If more info needed, let me know.

_*# openser -V*_
version: openser 1.2.1-tls (sparc64/solaris)
flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, DISABLE_NAGLE, USE_MCAST, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535 
poll method support: poll, select, /dev/poll.
svnrevision: unknown
@(#) $Id: main.c 1827 2007-03-12 15:22:53Z bogdan_iancu $
main.c compiled on 23:04:19 Jun 26 2007 with gcc 3.4.6

_*Radius users file*_

# from website examples
### --- avps ---
[EMAIL PROTECTED] Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs" 
        Sip-Avp += "#3#1",
        Sip-Avp += "#4:08:00",
        Sip-Avp += "#5:16:00",
        Sip-Avp += "#6:Mon,Wed,Thu,Fri"
[EMAIL PROTECTED] Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs" 
        Sip-Avp += "#3#1",
        Sip-Avp += "#4:08:00",
        Sip-Avp += "#5:16:00",
        Sip-Avp += "#6:Mon,Wed,Thu,Fri"

DEFAULT Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"

### --- group checking ---
### --- user 101 ---
[EMAIL PROTECTED] Auth-Type := Accept, Sip-Group == "voip", Service-Type == "Group-Check" 
        Reply-Message = "Authorized"
[EMAIL PROTECTED] Auth-Type := Accept, Sip-Group == "pstn", Service-Type == "Group-Check" 
        Reply-Message = "Authorized"

### --- user 102 ---
[EMAIL PROTECTED] Auth-Type := Accept, Sip-Group == "voip", Service-Type == "Group-Check" 
        Reply-Message = "Authorized"

DEFAULT Auth-Type := Reject, Service-Type == "Group-Check"

### --- user authentication ---
[EMAIL PROTECTED] Auth-Type := Digest, User-Password == "101"
        Reply-Message = "Authenticated",
        Sip-Avp += "rpid:101",
        Sip-Avp += "#2:192.168.4.101",
        Sip-Avp += "#2:192.168.4.100"

[EMAIL PROTECTED] Auth-Type := Digest, User-Password == "102"
        Reply-Message = "Authenticated",
        Sip-Avp += "rpid:102",
        Sip-Avp += "#2:192.168.4.101"

# test user
test Auth-Type := Digest, User-Password == "test"
        Reply-Message = "Hello, test with digest"

_*SiPP xml file:*_
<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE scenario SYSTEM "sipp.dtd">

<scenario name="registration">

<send retrans="500">
<![CDATA[
REGISTER sip:192.168.4.128 SIP/2.0
Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
Max-Forwards: 20
From: "[field1]" <sip:[EMAIL PROTECTED]>;tag=[call_number]
To: "101" <sip:[EMAIL PROTECTED]>
Call-ID: [call_id]
CSeq: 1 REGISTER
Contact: <sip:[EMAIL PROTECTED]:[local_port]>
Expires: 1800
Content-Length: 0
User-Agent: Sipp/Ubuntu
Authorization: Digest username="[EMAIL PROTECTED]", realm="[field0]"
Supported: path
]]>
</send>

<recv response="401" auth="true" rtd="true">
</recv>

<send retrans="500">
<![CDATA[
REGISTER sip:192.168.4.128 SIP/2.0
Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
Max-Forwards: 20
From: "[field1]" <sip:[EMAIL PROTECTED]>;tag=[call_number]
To: "101" <sip:[EMAIL PROTECTED]>
Call-ID: [call_id]
CSeq: 2 REGISTER
Contact: <sip:[EMAIL PROTECTED]:[local_port]>
Expires: 300
Content-Length: 0
User-Agent: Sipp/Ubuntu
[authentication [EMAIL PROTECTED] password=[field2]]
Supported: path
]]>
</send>

<recv response="200">
</recv>

<ResponseTimeRepartition value="10, 20"/>
<CallLengthRepartition value="10"/>

/scenario>

Thanks,
Neeraj Gupta
Sun Microsystems
------------------------------------------------------------------------ 

_______________________________________________
Users mailing list
Users@openser.org
http://openser.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
Users@openser.org
http://openser.org/cgi-bin/mailman/listinfo/users





_______________________________________________
Users mailing list
Users@openser.org
http://openser.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
Users@openser.org
http://openser.org/cgi-bin/mailman/listinfo/users

Reply via email to