On another front... I ma having tough time with Mysql 5.0.41 and
FreeRadius 1.1.6
This is needed for OpenSER 1.2.1
Compilation of freeRadius went fine and I got rlm_sql_mysql modules
but radius -X cant start.
sql: safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
rlm_sql (sql): Could not link driver rlm_sql_mysql: ld.so.1: radiusd:
fatal: libmtmalloc.so.1: DF_1_NOOPEN tagged object may not be
dlopen()'ed
rlm_sql (sql): Make sure it (and all its dependent libraries!) are in
the search path of your system's ld.
radiusd.conf[14]: sql: Module instantiation failed.
radiusd.conf[1861] Unknown module "sql".
radiusd.conf[1788] Failed to parse authorize section.
Anyone know how to fix it ?
Lee Jacky wrote:
So do I.
I also meet this problem.
radius_is_user_in() is not working correctly. I have
found many ones meet this problem.
Has anyone solved it?
--- Neeraj Gupta <[EMAIL PROTECTED]>写道:
No, there is no radius request generated under this
scenario.
But the problem goes away when I comment out the
radius_is_user_in section.
I found another email thread on this same topic.
http://osdir.com/ml/voip.openser.user/2005-10/msg00230.html
But in my case, I dont see radius request in radiusd
-X output.
-Neeraj
Bogdan-Andrei Iancu wrote:
Hi Neeraj,
that is quite odd as the "credentials received are
not filled
properly" is generated by the authentication API
(auth module) and has
nothing to do with radius_is_user_in().
when hitting radius_is_user_in(), does the process
get blocked or it
just go through without doing anything? Can you
check with
ngrep/tcpdump if any radius request is sent by
radius_is_user_in()?
regards,
bogdan
Neeraj Gupta wrote:
Thanks Bogdan.
I spent a lot of time yesterday to troubleshoot
my own problem.
Its much better now. Here is the latest.
I found out that the routing script has a section
which was causing
all this.
# check if user is suspended
if(is_method("REGISTER|INVITE|MESSAGE|OPTIONS|SUBSCRIBE"))
{
if (radius_is_user_in("From",
"suspended")) {
sl_send_reply("403", "Forbidden -
suspended");
exit;
};
};
I confirmed that is_method function works fine
but when the call hits
radius_is_user_in, it does not go through
and I see "credentials received are not properly
filled in" on
openser. When I commented out this and other
radius_is_user_in and
re-ran, all is well.
Any clue on whats missing here ?
I am thinking of creating a how-to doc on openser
wiki after
completing my tests.
Thanks,
Neeraj
Sun Microsystems
Bogdan-Andrei Iancu wrote:
Hi Neeraj,
The "pre_auth(): credentials received are not
filled properly" is
generated in multiple cases, like missing
username/realm/nonce, etc.
Check your register request to see if it has all
the required info
in the auth hdr.
Logs in debug=6 are also useful.
regards,
bogdan
Neeraj Gupta wrote:
Hi,
I switched to OpenSER 1.2.1 last week, from ser
0.9.6.
And this is first time I am trying to use
FreeRADIUS 1.1.6 with
OpenSER 1.2.1
I followed instructions on web based on 1.0.1
and made some changes
by hand to adapt to 1.2.1 model.
This was my reference:
www.*openser*.org/docs/*openser*-radius-1.0.x.html
I can start OpenSER, no issues but I am not
able to use SiPP UA.
Openser does not respond back to UA (no
incoming message in
ethereal/wireshark).
Openser reports that "pre_auth(): credentials
received are not
filled properly".
I tried to comment out the avp sections in
openser.cfg.. but Its
not helping.
Please see my logs and configs below. If
someone can send me a
working config file, I will be very thankful.
If more info needed, let me know.
_*# openser -V*_
version: openser 1.2.1-tls (sparc64/solaris)
flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS,
DISABLE_NAGLE,
USE_MCAST, SHM_MEM, SHM_MMAP, PKG_MALLOC,
F_MALLOC,
FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE
262144, MAX_LISTEN
16, MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, select, /dev/poll.
svnrevision: unknown
@(#) $Id: main.c 1827 2007-03-12 15:22:53Z
bogdan_iancu $
main.c compiled on 23:04:19 Jun 26 2007 with
gcc 3.4.6
_*Radius users file*_
# from website examples
### --- avps ---
[EMAIL PROTECTED] Auth-Type := Accept,
Service-Type ==
"SIP-Callee-AVPs"
Sip-Avp += "#3#1",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Fri"
[EMAIL PROTECTED] Auth-Type := Accept,
Service-Type ==
"SIP-Callee-AVPs"
Sip-Avp += "#3#1",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Fri"
DEFAULT Auth-Type := Accept, Service-Type ==
"SIP-Callee-AVPs"
### --- group checking ---
### --- user 101 ---
[EMAIL PROTECTED] Auth-Type := Accept,
Sip-Group == "voip",
Service-Type == "Group-Check"
Reply-Message = "Authorized"
[EMAIL PROTECTED] Auth-Type := Accept,
Sip-Group == "pstn",
Service-Type == "Group-Check"
Reply-Message = "Authorized"
### --- user 102 ---
[EMAIL PROTECTED] Auth-Type := Accept,
Sip-Group == "voip",
Service-Type == "Group-Check"
Reply-Message = "Authorized"
DEFAULT Auth-Type := Reject, Service-Type ==
"Group-Check"
### --- user authentication ---
[EMAIL PROTECTED] Auth-Type := Digest,
User-Password == "101"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:101",
Sip-Avp += "#2:192.168.4.101",
Sip-Avp += "#2:192.168.4.100"
[EMAIL PROTECTED] Auth-Type := Digest,
User-Password == "102"
Reply-Message = "Authenticated",
Sip-Avp += "rpid:102",
Sip-Avp += "#2:192.168.4.101"
# test user
test Auth-Type := Digest, User-Password ==
"test"
Reply-Message = "Hello, test with
digest"
=== message truncated ===
___________________________________________________________
雅虎免费邮箱3.5G容量,20M附件!
http://cn.mail.yahoo.com/
--
-------------------------------------------------------------
o Neeraj Gupta email: [EMAIL PROTECTED]
o Netra Systems & Networking phone: +1(408) 276-7214 x71214
o Sun Microsystems, Inc. fax : +1(408) 276-4552
o 4120 Network Circle, USCA12-216, Santa Clara, CA 95054, USA
-------------------------------------------------------------
|
