Hi Dan, I am running in debug mode, here is the output of FreeRadius which seems fine to me:
rad_recv: Access-Request packet from host 192.168.2.80:35223, id=250, length=232 User-Name = "[EMAIL PROTECTED]" Digest-Attributes = 0x0a05313031 Digest-Attributes = 0x010d6f70656e7365722e6f7267 Digest-Attributes = 0x022a34363961626230616465333832613934646432333533636264663264666438336231353933663564 Digest-Attributes = 0x04127369703a3139322e3136382e322e3830 Digest-Attributes = 0x030a5245474953544552 Digest-Attributes = 0x050661757468 Digest-Attributes = 0x090a3030303030303930 Digest-Attributes = 0x081235343038316466316439623562383564 Digest-Response = "d3ff78d09d9b2cefdce0c975b3c6fd26" Service-Type = IAPP-Register X-Ascend-PW-Lifetime = 0x313031 NAS-Port = 5060 NAS-IP-Address = 192.168.2.80 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1124 modcall[authorize]: module "preprocess" returns ok for request 1124 radius_xlat: '/usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716' rlm_detail: /usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716 modcall[authorize]: module "auth_log" returns ok for request 1124 rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok for request 1124 users: Matched entry [EMAIL PROTECTED] at line 53 modcall[authorize]: module "files" returns ok for request 1124 modcall: leaving group authorize (returns ok) for request 1124 rad_check_password: Found Auth-Type DIGEST auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1124 rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "101" Digest-Realm = "openser.org" Digest-Nonce = "469abb0ade382a94dd2353cbdf2dfd83b1593f5d" Digest-URI = "sip:192.168.2.80" Digest-Method = "REGISTER" Digest-QOP = "auth" Digest-Nonce-Count = "00000090" Digest-CNonce = "54081df1d9b5b85d" A1 = 101:openser.org:101 A2 = REGISTER:sip:192.168.2.80 H(A1) = f195c177997cee336c919be9279c5703 H(A2) = 046d0643f281affab19fe62ffc848ab5 KD = f195c177997cee336c919be9279c5703:469abb0ade382a94dd2353cbdf2dfd83b1593f5d:00000090:54081df1d9b5b85d:auth:046d0643f281affab19fe62ffc848ab5 EXPECTED d3ff78d09d9b2cefdce0c975b3c6fd26 RECEIVED d3ff78d09d9b2cefdce0c975b3c6fd26 modcall[authenticate]: module "digest" returns ok for request 1124 modcall: leaving group authenticate (returns ok) for request 1124 Login OK: [EMAIL PROTECTED]/<no User-Password attribute>] (from client 192.168.2.80 port 5060) Sending Access-Accept of id 250 to 192.168.2.80 port 35223 Finished request 1124 Going to the next request Waking up in 6 seconds... Z2L ----- Original Message ----- From: "Dan-Cristian Bogos" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent: Wednesday, July 18, 2007 1:53:14 PM (GMT+0200) Asia/Jerusalem Subject: Re: [OpenSER-Users] Radius integration issue Hi, try running FreeRADIUS in debug mode, this will tell u more info regarding the cause of failure. To run FreeRADIUS in debug start it with -X option. Let us know about the results. Cheers, DanB On 7/18/07, OpenSER ML <[EMAIL PROTECTED]> wrote: > Hi All, > > I'm trying to connect OpenSER with FreeRadius. I've managed to get the > digest authentication > going correctly, having the Radius respond with LOGIN OK for the requests > that are in the users file. However, although the authentication process > appears to succeed, the IP phone doesn't register to the OpenSER server. > > The following can be seen in the debug: > > 0(17821) SIP Request: > 0(17821) method: <REGISTER> > 0(17821) uri: <sip:192.168.2.80> > 0(17821) version: <SIP/2.0> > 0(17821) parse_headers: flags=2 > 0(17821) Found param type 232, <branch> = <z9hG4bK4d7202f23b6595fc>; state=16 > 0(17821) end of header reached, state=5 > 0(17821) parse_headers: Via found, flags=2 > 0(17821) parse_headers: this is the first via > 0(17821) After parse_msg... > 0(17821) preparing to run routing scripts... > 0(17821) parse_headers: flags=100 > 0(17821) DEBUG:parse_to:end of header reached, state=10 > 0(17821) DBUG:parse_to: display={}, ruri={sip:[EMAIL PROTECTED];user=phone} > 0(17821) DEBUG: get_hdr_field: <To> [35]; uri=[sip:[EMAIL > PROTECTED];user=phone] > 0(17821) DEBUG: to body [<sip:[EMAIL PROTECTED];user=phone> > ] > 0(17821) get_hdr_field: cseq <CSeq>: <20048> <REGISTER> > 0(17821) DEBUG:maxfwd:is_maxfwd_present: value = 70 > 0(17821) parse_headers: flags=200 > 0(17821) DEBUG: get_hdr_body : content_length=0 > 0(17821) found end of header > 0(17821) find_first_route: No Route headers found > 0(17821) loose_route: There is no Route HF > 0(17821) grep_sock_info - checking if host==us: 12==12 && [192.168.2.80] == > [192.168.2.80] > 0(17821) grep_sock_info - checking if port 5060 matches port 5060 > 0(17821) grep_sock_info - checking if host==us: 12==12 && [192.168.2.80] == > [192.168.2.80] > 0(17821) grep_sock_info - checking if port 5060 matches port 5060 > 0(17821) check_nonce(): comparing [469aba5f4ff6b78f7b9588ad19fc0ab514e709da] > and [469aba5f4ff6b78f7b9588ad19fc0ab514e709da] > 0(17821) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed > 0(17821) build_auth_hf(): 'WWW-Authenticate: Digest realm="openser.org", > nonce="469aba5f4ff6b78f7b9588ad19fc0ab514e709da", qop="auth" > ' > 0(17821) parse_headers: flags=ffffffffffffffff > 0(17821) check_via_address(192.168.2.101, 192.168.2.101, 0) > 0(17821) DEBUG:destroy_avp_list: destroying list (nil) > 0(17821) receive_msg: cleaning up > > As you can surely see, the ERROR is somewhere in the authorization status. > Now, I've verified > the secret key between the machine, and all seems to be in place - any > pointers will be highly appreciated. > > Z2L > > _______________________________________________ > Users mailing list > Users@openser.org > http://openser.org/cgi-bin/mailman/listinfo/users > _______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users