<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2668" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=113351717-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2>Hello. </FONT></SPAN></DIV>
<DIV><SPAN class=113351717-20072005> <FONT
face="Lucida Sans Unicode" color=#0000ff size=2>Mmmhh, are you sure you
modified the de www_challenge for the proxy_challenge in the ser.cfg
file?. I use RADIATOR as my Radius Server so i'm not very familiarized
with freeRadius. But for the debug it seems to be an error maybe with the
configuration from the Radius Server? </FONT></SPAN></DIV>
<DIV><SPAN class=113351717-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2>For example , is normal this : <FONT face="Times New Roman"
color=#000000 size=3>Invalid operator for item Suffix: reverting to '=='
?</FONT></FONT></SPAN></DIV>
<DIV><SPAN class=113351717-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=113351717-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2>Maybe somone that uses freeRadius could give you more
details.</FONT></SPAN></DIV>
<DIV><SPAN class=113351717-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=113351717-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2>To accounting i use Radiator but working together with an
Oracle Database, i use the Start and Stop message from SER to bill the
call.</FONT></SPAN></DIV>
<DIV><SPAN class=113351717-20072005></SPAN> </DIV>
<DIV><SPAN class=113351717-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2>Regards,</FONT> </SPAN></DIV>
<DIV><FONT face="Lucida Sans Unicode" color=#0000ff size=2></FONT> </DIV>
<DIV><SPAN class=113351717-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2>Ricardo Martinez.-</FONT></SPAN></DIV>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Mensaje original-----<BR><B>De:</B> Naresh Parmar
[mailto:naresh_parmar14@yahoo.com]<BR><B>Enviado el:</B> Miércoles, 20 de
Julio de 2005 13:09<BR><B>Para:</B> Ricardo Martinez;
serusers@lists.iptel.org<BR><B>Asunto:</B> RE: [Serusers] Problem authorizing with
radius<BR><BR></FONT></DIV>
<DIV>Hi Ricardo,</DIV>
<DIV> </DIV>
<DIV>Tried it. It still gives me the same error. Please let me know the
version of the radius server you are using.?? Also can you please let me know
wht did u do to make the accounting work...??</DIV>
<DIV> </DIV>
<DIV>Best Regards,</DIV>
<DIV>Naresh<BR><BR><B><I>Ricardo Martinez
<rmartinez@redvoiss.net></I></B> wrote:</DIV>
<BLOCKQUOTE class=replbq
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">
<META content="MSHTML 6.00.2900.2668" name=GENERATOR>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2>Hello Naresh.</FONT></SPAN></DIV>
<DIV><SPAN class=754551416-20072005> <FONT
face="Lucida Sans Unicode" color=#0000ff size=2>I guess there is an error in
the way you call the authorization for the INVITE. As far as i know
for the REGISTER message (authentication) you need the statement :
</FONT></SPAN></DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=754551416-20072005> <FONT
face="Lucida Sans Unicode" color=#0000ff
size=2>radius_www_authorize</FONT></SPAN></DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=754551416-20072005> <FONT
face="Lucida Sans Unicode" color=#0000ff size=2>But for the INVITE you need
to call "radius_proxy_authorize". This is what i have in my
ser.cfg</FONT></SPAN></DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=754551416-20072005> <FONT
face="Lucida Sans Unicode" color=#0000ff
size=2> if (method=="INVITE")
{</FONT></SPAN></DIV>
<DIV><FONT face="Lucida Sans Unicode" color=#0000ff
size=2></FONT> </DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff
size=2>
if (!radius_proxy_authorize(""))
{<BR>
proxy_challenge("","1");<BR>
break;<BR>
};</FONT></SPAN><SPAN class=754551416-20072005><FONT
face="Lucida Sans Unicode" color=#0000ff
size=2><BR> };</FONT></SPAN></DIV>
<DIV><FONT face="Lucida Sans Unicode" color=#0000ff
size=2></FONT> </DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2>maybe you can try this and tell me how it
works.</FONT></SPAN></DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2>Good luck</FONT></SPAN></DIV><SPAN
class=754551416-20072005><FONT face="Lucida Sans Unicode" color=#0000ff
size=2>
<DIV><BR>Ricardo Martinez.-</DIV>
<DIV></FONT></SPAN> </DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Mensaje original-----<BR><B>De:</B> Naresh Parmar
[mailto:naresh_parmar14@yahoo.com]<BR><B>Enviado el:</B> Miércoles, 20 de
Julio de 2005 12:10<BR><B>Para:</B> Ricardo Martinez;
serusers@lists.iptel.org<BR><B>Asunto:</B> RE: [Serusers] Problem authorizing
with radius<BR><BR></FONT></DIV>
<DIV>Hi Ricardo,</DIV>
<DIV> </DIV>
<DIV>We are using freeradius server 0.9.1 and SER 0.9.3. The version of
radius client is radiusclient-ng-0.5.1. <STRONG>The users file in the
radius server looks like as below:</STRONG></DIV>
<DIV> </DIV>
<DIV><A href="mailto:test@sip2.zone">test@sip2.zone</A> Auth-Type :=
Digest, User-Password ==
"cisco1234"<BR> Reply-Message =
"Authenticated",<BR> Sip-Rpid =
"1970"</DIV>
<DIV><A href="mailto:test@sip2.zone">test@sip2.zone</A> Auth-Type :=
Accept<BR> Reply-Message =
"Authorized",<BR> Sip-Group ==
"ld"</DIV>
<DIV> </DIV>
<DIV><STRONG>The radius authentication and authorization parts
in the ser.cfg file are given below:</STRONG></DIV>
<DIV> </DIV>
<DIV> if (uri=~"^sip:9[0-9]*@")
{<BR>
if
(method=="INVITE"){<BR>
if (!radius_www_authorize(""))
{<BR>
www_challenge("",
"1");<BR>
break;<BR>
}else{<BR>
if (radius_is_user_in("Credentials",
"ld")){<BR>
forward(192.168.2.101,5060);<BR>
break;<BR>
}else{<BR>
break;<BR>
};<BR>
};<BR>
};<BR>
};<BR></DIV>
<DIV> </DIV>
<DIV><STRONG>And finally the error is as below:</STRONG></DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV>Invalid operator for item Suffix: reverting to '=='<BR>
modcall[authorize]: module "preprocess" returns ok<BR>
modcall[authorize]: module "chap" returns noop<BR> rlm_eap: No
EAP-Message, not doing EAP<BR> modcall[authorize]: module "eap"
returns noop<BR> rlm_digest: Converting
Digest-Attributes to something
sane...<BR> Digest-User-Name =
"test"<BR> Digest-Realm =
"sip2.zone"<BR> Digest-Nonce =
"42de75b2e9e39194a286e8ccd284646ffa14bcc2"<BR>
Digest-URI =
"sip:94161000@sip2.zone"<BR>
Digest-Method = "INVITE"<BR>
Digest-QOP = "auth"<BR>
Digest-Nonce-Count =
"0000000a"<BR> Digest-CNonce =
"753F926DB8F5415D8D56EE7816410E33"<BR>rlm_digest: Adding Auth-Type =
DIGEST<BR> modcall[authorize]: module "digest" returns
ok<BR> rlm_realm: Looking up realm "sip2.zone" for
User-Name = "<A
href="mailto:test@sip2.zone">test@sip2.zone</A>"<BR>
rlm_realm: No such realm "sip2.zone"<BR> modcall[authorize]: module
"suffix" returns noop<BR> users: Matched entry <A
href="mailto:test@sip2.zone">test@sip2.zone</A> at line 226<BR>
modcall[authorize]: module "files" returns ok<BR>
modcall[authorize]: module "mschap" returns noop<BR>modcall: group
authorize returns ok<BR> rad_check_password: Found Auth-Type
Digest<BR>auth: type "digest"<BR>modcall: entering group
authenticate<BR>A1 = test:sip2.zone:cisco1234<BR>A2 =
INVITE:sip:94161000@sip2.zone<BR>KD =
53d3b82970bada131a062103f553b8b8:42de75b2e9e39194a286e8ccd284646ffa14bcc2:0000000a:753F926DB8F5415D8D56EE7816410E33:auth:18227b358ffe96049a3745eeb449fae2
<BR> modcall[authenticate]: module "digest" returns ok<BR>modcall:
group authenticate returns ok<BR>radius_xlat:
'Authenticated'<BR>Login OK: [test@sip2.zone/<no User-Password
attribute>] (from client proxy port 5060)<BR>Sending Access-Accept of
id 203 to 192.168.2.1:32831<BR>
Reply-Message =
"Authenticated"<BR> Sip-Rpid =
"1970"<BR>Finished request 6<BR>Going to the next request<BR>--- Walking
the entire request list ---<BR>Waking up in 6 seconds...<BR>rad_recv:
Access-Request packet from host 192.168.2.1:32831, id=204,
length=53<BR> User-Name =
"test"<BR> Sip-Group =
"ld"<BR> Service-Type =
Group-Check<BR> NAS-IP-Address =
192.168.2.1<BR> NAS-Port =
0<BR>modcall: entering group authorize<BR>Invalid operator for item
Suffix: reverting to '=='<BR>Invalid operator for item Suffix: reverting
to '=='<BR>Invalid operator for item Suffix: reverting to '=='<BR>
modcall[authorize]: module "preprocess" returns ok<BR>
modcall[authorize]: module "chap" returns noop<BR> rlm_eap: No
EAP-Message, not doing EAP<BR> modcall[authorize]: module "eap"
returns noop<BR> modcall[authorize]: module "digest" returns
noop<BR> rlm_realm: No <A href="mailto:'@'">'@'</A> in
User-Name = "test", looking up realm NULL<BR> rlm_realm:
No such realm "NULL"<BR> modcall[authorize]: module "suffix" returns
noop<BR> modcall[authorize]: module "files" returns
notfound<BR> modcall[authorize]: module "mschap" returns
noop<BR>modcall: group authorize returns ok<BR><STRONG>auth: No
authenticate method (Auth-Type) configuration found for the request:
Rejecting the user<BR>auth: Failed to validate the user.<BR></STRONG>Login
incorrect: [test/<no User-Password attribute>] (from client proxy
port 0)<BR>Delaying request 7 for 1 seconds<BR>Finished request 7<BR>Going
to the next request<BR>Waking up in 6 seconds...</DIV>
<DIV> </DIV>
<DIV>As you can see from the above configuration, the authentication works
perfect, its only in the authorization where it fails. Also can you please
let me know about the accounting configuration??</DIV>
<DIV> </DIV>
<DIV>Thanks a lot..</DIV>
<DIV>Naresh</DIV>
<DIV><BR><BR><B><I>Ricardo Martinez <rmartinez@redvoiss.net></I></B>
wrote:</DIV>
<BLOCKQUOTE class=replbq
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">
<META content="MSHTML 6.00.2900.2668" name=GENERATOR>
<DIV><SPAN class=348242215-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2>Hello Naresh</FONT></SPAN></DIV>
<DIV><SPAN class=348242215-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2>I have authentication, authorization and accounting
(AAA) through radius working fine. What radius server are you
using?, can you send us more information about the
configuration?</FONT></SPAN></DIV>
<DIV><SPAN class=348242215-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=348242215-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2>Cheers,</FONT></SPAN></DIV>
<DIV><SPAN class=348242215-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2>Ricardo.-</FONT></SPAN></DIV>
<DIV><FONT face="Lucida Sans Unicode" color=#0000ff
size=2></FONT> </DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Mensaje original-----<BR><B>De:</B> Naresh Parmar
[mailto:naresh_parmar14@yahoo.com]<BR><B>Enviado el:</B> Miércoles, 20
de Julio de 2005 10:37<BR><B>Para:</B>
serusers@lists.iptel.org<BR><B>Asunto:</B> [Serusers] Problem authorizing
with radius<BR><BR></FONT></DIV>
<DIV>hi friends,</DIV>
<DIV> </DIV>
<DIV>I am having problems while authorizing with the radius server. I
am using the same configuration as mentioned in the radius-howto.
Authentication works perfect as I am able to authenticate using the
radius server. However while authorizing against the radius server to
make a call I get the following error:</DIV>
<DIV> </DIV>
<DIV><STRONG>auth: No authenticate method (Auth-Type) configuration
found for the user<BR>request: Rejecting the user<BR>auth: Failed to
validate the user.<BR>Delaying request 2 for 1 seconds<BR>Finished
request 2</STRONG></DIV>
<DIV> </DIV>
<DIV>When I authorize against the mysql database, it works fine. Any
clue???</DIV>
<DIV> </DIV>
<DIV>Best Regards,</DIV>
<DIV>Naresh</DIV>
<DIV><BR> </DIV>
<P>__________________________________________________<BR>Do You
Yahoo!?<BR>Tired of spam? Yahoo! Mail has the best spam protection
around <BR>http://mail.yahoo.com </P></BLOCKQUOTE></BLOCKQUOTE>
<P>__________________________________________________<BR>Do You
Yahoo!?<BR>Tired of spam? Yahoo! Mail has the best spam protection around
<BR>http://mail.yahoo.com </P></BLOCKQUOTE></BLOCKQUOTE>
<P>
<HR SIZE=1>
<A href="http://us.rd.yahoo.com/evt=34442/*http://www.yahoo.com/r/hs">Start
your day with Yahoo! - make it your home page </A></BLOCKQUOTE></BODY></HTML>