<DIV>Hi Ricardo,</DIV>
<DIV> </DIV>
<DIV>Tried it. It still gives me the same error. Please let me know the version of the radius server you are using.?? Also can you please let me know wht did u do to make the accounting work...??</DIV>
<DIV> </DIV>
<DIV>Best Regards,</DIV>
<DIV>Naresh<BR><BR><B><I>Ricardo Martinez <rmartinez@redvoiss.net></I></B> wrote:</DIV>
<BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">
<META content="MSHTML 6.00.2900.2668" name=GENERATOR>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2>Hello Naresh.</FONT></SPAN></DIV>
<DIV><SPAN class=754551416-20072005> <FONT face="Lucida Sans Unicode" color=#0000ff size=2>I guess there is an error in the way you call the authorization for the INVITE. As far as i know for the REGISTER message (authentication) you need the statement : </FONT></SPAN></DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=754551416-20072005> <FONT face="Lucida Sans Unicode" color=#0000ff size=2>radius_www_authorize</FONT></SPAN></DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=754551416-20072005> <FONT face="Lucida Sans Unicode" color=#0000ff size=2>But for the INVITE you need to call "radius_proxy_authorize". This is what i have in my ser.cfg</FONT></SPAN></DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=754551416-20072005> <FONT face="Lucida Sans Unicode" color=#0000ff size=2> if (method=="INVITE") {</FONT></SPAN></DIV>
<DIV><FONT face="Lucida Sans Unicode" color=#0000ff size=2></FONT> </DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2> if (!radius_proxy_authorize("")) {<BR> proxy_challenge("","1");<BR> break;<BR> };</FONT></SPAN><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2><BR> };</FONT></SPAN></DIV>
<DIV><FONT face="Lucida Sans Unicode" color=#0000ff size=2></FONT> </DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2>maybe you can try this and tell me how it works.</FONT></SPAN></DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2>Good luck</FONT></SPAN></DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2>
<DIV><BR>Ricardo Martinez.-</DIV>
<DIV></FONT></SPAN> </DIV>
<BLOCKQUOTE dir=ltr style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma size=2>-----Mensaje original-----<BR><B>De:</B> Naresh Parmar [mailto:naresh_parmar14@yahoo.com]<BR><B>Enviado el:</B> Miércoles, 20 de Julio de 2005 12:10<BR><B>Para:</B> Ricardo Martinez; serusers@lists.iptel.org<BR><B>Asunto:</B> RE: [Serusers] Problem authorizing with radius<BR><BR></FONT></DIV>
<DIV>Hi Ricardo,</DIV>
<DIV> </DIV>
<DIV>We are using freeradius server 0.9.1 and SER 0.9.3. The version of radius client is radiusclient-ng-0.5.1. <STRONG>The users file in the radius server looks like as below:</STRONG></DIV>
<DIV> </DIV>
<DIV><A href="mailto:test@sip2.zone">test@sip2.zone</A> Auth-Type := Digest, User-Password == "cisco1234"<BR> Reply-Message = "Authenticated",<BR> Sip-Rpid = "1970"</DIV>
<DIV><A href="mailto:test@sip2.zone">test@sip2.zone</A> Auth-Type := Accept<BR> Reply-Message = "Authorized",<BR> Sip-Group == "ld"</DIV>
<DIV> </DIV>
<DIV><STRONG>The radius authentication and authorization parts in the ser.cfg file are given below:</STRONG></DIV>
<DIV> </DIV>
<DIV> if (uri=~"^sip:9[0-9]*@") {<BR> if (method=="INVITE"){<BR> if (!radius_www_authorize("")) {<BR> www_challenge("", "1");<BR>
break;<BR> }else{<BR> if (radius_is_user_in("Credentials", "ld")){<BR>
forward(192.168.2.101,5060);<BR> break;<BR> }else{<BR>
break;<BR> };<BR> };<BR> };<BR> };<BR></DIV>
<DIV> </DIV>
<DIV><STRONG>And finally the error is as below:</STRONG></DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV>Invalid operator for item Suffix: reverting to '=='<BR> modcall[authorize]: module "preprocess" returns ok<BR> modcall[authorize]: module "chap" returns noop<BR> rlm_eap: No EAP-Message, not doing EAP<BR> modcall[authorize]: module "eap" returns noop<BR> rlm_digest: Converting Digest-Attributes to something sane...<BR> Digest-User-Name = "test"<BR> Digest-Realm = "sip2.zone"<BR> Digest-Nonce = "42de75b2e9e39194a286e8ccd284646ffa14bcc2"<BR> Digest-URI = "sip:94161000@sip2.zone"<BR> Digest-Method = "INVITE"<BR> Digest-QOP = "auth"<BR> Digest-Nonce-Count = "0000000a"<BR> Digest-CNonce =
"753F926DB8F5415D8D56EE7816410E33"<BR>rlm_digest: Adding Auth-Type = DIGEST<BR> modcall[authorize]: module "digest" returns ok<BR> rlm_realm: Looking up realm "sip2.zone" for User-Name = "<A href="mailto:test@sip2.zone">test@sip2.zone</A>"<BR> rlm_realm: No such realm "sip2.zone"<BR> modcall[authorize]: module "suffix" returns noop<BR> users: Matched entry <A href="mailto:test@sip2.zone">test@sip2.zone</A> at line 226<BR> modcall[authorize]: module "files" returns ok<BR> modcall[authorize]: module "mschap" returns noop<BR>modcall: group authorize returns ok<BR> rad_check_password: Found Auth-Type Digest<BR>auth: type "digest"<BR>modcall: entering group authenticate<BR>A1 = test:sip2.zone:cisco1234<BR>A2 = INVITE:sip:94161000@sip2.zone<BR>KD = 53d3b82970bada131a062103f553b8b8:42de75b2e9e39194a286e8ccd284646ffa14bcc2:0000000a:753F926DB8F5415D8D56EE7816410E33:auth:18227b358ffe96049a3745eeb449fae2
<BR> modcall[authenticate]: module "digest" returns ok<BR>modcall: group authenticate returns ok<BR>radius_xlat: 'Authenticated'<BR>Login OK: [test@sip2.zone/<no User-Password attribute>] (from client proxy port 5060)<BR>Sending Access-Accept of id 203 to 192.168.2.1:32831<BR> Reply-Message = "Authenticated"<BR> Sip-Rpid = "1970"<BR>Finished request 6<BR>Going to the next request<BR>--- Walking the entire request list ---<BR>Waking up in 6 seconds...<BR>rad_recv: Access-Request packet from host 192.168.2.1:32831, id=204, length=53<BR> User-Name = "test"<BR> Sip-Group = "ld"<BR> Service-Type = Group-Check<BR> NAS-IP-Address = 192.168.2.1<BR> NAS-Port = 0<BR>modcall: entering
group authorize<BR>Invalid operator for item Suffix: reverting to '=='<BR>Invalid operator for item Suffix: reverting to '=='<BR>Invalid operator for item Suffix: reverting to '=='<BR> modcall[authorize]: module "preprocess" returns ok<BR> modcall[authorize]: module "chap" returns noop<BR> rlm_eap: No EAP-Message, not doing EAP<BR> modcall[authorize]: module "eap" returns noop<BR> modcall[authorize]: module "digest" returns noop<BR> rlm_realm: No <A href="mailto:'@'">'@'</A> in User-Name = "test", looking up realm NULL<BR> rlm_realm: No such realm "NULL"<BR> modcall[authorize]: module "suffix" returns noop<BR> modcall[authorize]: module "files" returns notfound<BR> modcall[authorize]: module "mschap" returns noop<BR>modcall: group authorize returns ok<BR><STRONG>auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user<BR>auth: Failed to validate the
user.<BR></STRONG>Login incorrect: [test/<no User-Password attribute>] (from client proxy port 0)<BR>Delaying request 7 for 1 seconds<BR>Finished request 7<BR>Going to the next request<BR>Waking up in 6 seconds...</DIV>
<DIV> </DIV>
<DIV>As you can see from the above configuration, the authentication works perfect, its only in the authorization where it fails. Also can you please let me know about the accounting configuration??</DIV>
<DIV> </DIV>
<DIV>Thanks a lot..</DIV>
<DIV>Naresh</DIV>
<DIV><BR><BR><B><I>Ricardo Martinez <rmartinez@redvoiss.net></I></B> wrote:</DIV>
<BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">
<META content="MSHTML 6.00.2900.2668" name=GENERATOR>
<DIV><SPAN class=348242215-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2>Hello Naresh</FONT></SPAN></DIV>
<DIV><SPAN class=348242215-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2>I have authentication, authorization and accounting (AAA) through radius working fine. What radius server are you using?, can you send us more information about the configuration?</FONT></SPAN></DIV>
<DIV><SPAN class=348242215-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=348242215-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2>Cheers,</FONT></SPAN></DIV>
<DIV><SPAN class=348242215-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2>Ricardo.-</FONT></SPAN></DIV>
<DIV><FONT face="Lucida Sans Unicode" color=#0000ff size=2></FONT> </DIV>
<BLOCKQUOTE dir=ltr style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma size=2>-----Mensaje original-----<BR><B>De:</B> Naresh Parmar [mailto:naresh_parmar14@yahoo.com]<BR><B>Enviado el:</B> Miércoles, 20 de Julio de 2005 10:37<BR><B>Para:</B> serusers@lists.iptel.org<BR><B>Asunto:</B> [Serusers] Problem authorizing with radius<BR><BR></FONT></DIV>
<DIV>hi friends,</DIV>
<DIV> </DIV>
<DIV>I am having problems while authorizing with the radius server. I am using the same configuration as mentioned in the radius-howto. Authentication works perfect as I am able to authenticate using the radius server. However while authorizing against the radius server to make a call I get the following error:</DIV>
<DIV> </DIV>
<DIV><STRONG>auth: No authenticate method (Auth-Type) configuration found for the user<BR>request: Rejecting the user<BR>auth: Failed to validate the user.<BR>Delaying request 2 for 1 seconds<BR>Finished request 2</STRONG></DIV>
<DIV> </DIV>
<DIV>When I authorize against the mysql database, it works fine. Any clue???</DIV>
<DIV> </DIV>
<DIV>Best Regards,</DIV>
<DIV>Naresh</DIV>
<DIV><BR> </DIV>
<P>__________________________________________________<BR>Do You Yahoo!?<BR>Tired of spam? Yahoo! Mail has the best spam protection around <BR>http://mail.yahoo.com </P></BLOCKQUOTE></BLOCKQUOTE>
<P>__________________________________________________<BR>Do You Yahoo!?<BR>Tired of spam? Yahoo! Mail has the best spam protection around <BR>http://mail.yahoo.com </P></BLOCKQUOTE></BLOCKQUOTE><p>
<hr size=1> <a href="http://us.rd.yahoo.com/evt=34442/*http://www.yahoo.com/r/hs">Start your day with Yahoo! - make it your home page </a>