<DIV>Hi Ricardo,</DIV>
<DIV> </DIV>
<DIV>We are using freeradius server 0.9.1 and SER 0.9.3. The version of radius client is radiusclient-ng-0.5.1. <STRONG>The users file in the radius server looks like as below:</STRONG></DIV>
<DIV> </DIV>
<DIV><A href="mailto:test@sip2.zone">test@sip2.zone</A> Auth-Type := Digest, User-Password == "cisco1234"<BR> Reply-Message = "Authenticated",<BR> Sip-Rpid = "1970"</DIV>
<DIV><A href="mailto:test@sip2.zone">test@sip2.zone</A> Auth-Type := Accept<BR> Reply-Message = "Authorized",<BR> Sip-Group == "ld"</DIV>
<DIV> </DIV>
<DIV><STRONG>The radius authentication and authorization parts in the ser.cfg file are given below:</STRONG></DIV>
<DIV> </DIV>
<DIV> if (uri=~"^sip:9[0-9]*@") {<BR> if (method=="INVITE"){<BR> if (!radius_www_authorize("")) {<BR> www_challenge("", "1");<BR>
break;<BR> }else{<BR> if (radius_is_user_in("Credentials", "ld")){<BR>
forward(192.168.2.101,5060);<BR> break;<BR> }else{<BR>
break;<BR> };<BR> };<BR> };<BR> };<BR></DIV>
<DIV> </DIV>
<DIV><STRONG>And finally the error is as below:</STRONG></DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV>Invalid operator for item Suffix: reverting to '=='<BR> modcall[authorize]: module "preprocess" returns ok<BR> modcall[authorize]: module "chap" returns noop<BR> rlm_eap: No EAP-Message, not doing EAP<BR> modcall[authorize]: module "eap" returns noop<BR> rlm_digest: Converting Digest-Attributes to something sane...<BR> Digest-User-Name = "test"<BR> Digest-Realm = "sip2.zone"<BR> Digest-Nonce = "42de75b2e9e39194a286e8ccd284646ffa14bcc2"<BR> Digest-URI = "sip:94161000@sip2.zone"<BR> Digest-Method = "INVITE"<BR> Digest-QOP = "auth"<BR> Digest-Nonce-Count = "0000000a"<BR> Digest-CNonce =
"753F926DB8F5415D8D56EE7816410E33"<BR>rlm_digest: Adding Auth-Type = DIGEST<BR> modcall[authorize]: module "digest" returns ok<BR> rlm_realm: Looking up realm "sip2.zone" for User-Name = "<A href="mailto:test@sip2.zone">test@sip2.zone</A>"<BR> rlm_realm: No such realm "sip2.zone"<BR> modcall[authorize]: module "suffix" returns noop<BR> users: Matched entry <A href="mailto:test@sip2.zone">test@sip2.zone</A> at line 226<BR> modcall[authorize]: module "files" returns ok<BR> modcall[authorize]: module "mschap" returns noop<BR>modcall: group authorize returns ok<BR> rad_check_password: Found Auth-Type Digest<BR>auth: type "digest"<BR>modcall: entering group authenticate<BR>A1 = test:sip2.zone:cisco1234<BR>A2 = INVITE:sip:94161000@sip2.zone<BR>KD = 53d3b82970bada131a062103f553b8b8:42de75b2e9e39194a286e8ccd284646ffa14bcc2:0000000a:753F926DB8F5415D8D56EE7816410E33:auth:18227b358ffe96049a3745eeb449fae2
<BR> modcall[authenticate]: module "digest" returns ok<BR>modcall: group authenticate returns ok<BR>radius_xlat: 'Authenticated'<BR>Login OK: [test@sip2.zone/<no User-Password attribute>] (from client proxy port 5060)<BR>Sending Access-Accept of id 203 to 192.168.2.1:32831<BR> Reply-Message = "Authenticated"<BR> Sip-Rpid = "1970"<BR>Finished request 6<BR>Going to the next request<BR>--- Walking the entire request list ---<BR>Waking up in 6 seconds...<BR>rad_recv: Access-Request packet from host 192.168.2.1:32831, id=204, length=53<BR> User-Name = "test"<BR> Sip-Group = "ld"<BR> Service-Type = Group-Check<BR> NAS-IP-Address = 192.168.2.1<BR> NAS-Port = 0<BR>modcall: entering
group authorize<BR>Invalid operator for item Suffix: reverting to '=='<BR>Invalid operator for item Suffix: reverting to '=='<BR>Invalid operator for item Suffix: reverting to '=='<BR> modcall[authorize]: module "preprocess" returns ok<BR> modcall[authorize]: module "chap" returns noop<BR> rlm_eap: No EAP-Message, not doing EAP<BR> modcall[authorize]: module "eap" returns noop<BR> modcall[authorize]: module "digest" returns noop<BR> rlm_realm: No <A href="mailto:'@'">'@'</A> in User-Name = "test", looking up realm NULL<BR> rlm_realm: No such realm "NULL"<BR> modcall[authorize]: module "suffix" returns noop<BR> modcall[authorize]: module "files" returns notfound<BR> modcall[authorize]: module "mschap" returns noop<BR>modcall: group authorize returns ok<BR><STRONG>auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user<BR>auth: Failed to validate the
user.<BR></STRONG>Login incorrect: [test/<no User-Password attribute>] (from client proxy port 0)<BR>Delaying request 7 for 1 seconds<BR>Finished request 7<BR>Going to the next request<BR>Waking up in 6 seconds...</DIV>
<DIV> </DIV>
<DIV>As you can see from the above configuration, the authentication works perfect, its only in the authorization where it fails. Also can you please let me know about the accounting configuration??</DIV>
<DIV> </DIV>
<DIV>Thanks a lot..</DIV>
<DIV>Naresh</DIV>
<DIV><BR><BR><B><I>Ricardo Martinez <rmartinez@redvoiss.net></I></B> wrote:</DIV>
<BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">
<META content="MSHTML 6.00.2900.2668" name=GENERATOR>
<DIV><SPAN class=348242215-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2>Hello Naresh</FONT></SPAN></DIV>
<DIV><SPAN class=348242215-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2>I have authentication, authorization and accounting (AAA) through radius working fine. What radius server are you using?, can you send us more information about the configuration?</FONT></SPAN></DIV>
<DIV><SPAN class=348242215-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=348242215-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2>Cheers,</FONT></SPAN></DIV>
<DIV><SPAN class=348242215-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2>Ricardo.-</FONT></SPAN></DIV>
<DIV><FONT face="Lucida Sans Unicode" color=#0000ff size=2></FONT> </DIV>
<BLOCKQUOTE dir=ltr style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma size=2>-----Mensaje original-----<BR><B>De:</B> Naresh Parmar [mailto:naresh_parmar14@yahoo.com]<BR><B>Enviado el:</B> Miércoles, 20 de Julio de 2005 10:37<BR><B>Para:</B> serusers@lists.iptel.org<BR><B>Asunto:</B> [Serusers] Problem authorizing with radius<BR><BR></FONT></DIV>
<DIV>hi friends,</DIV>
<DIV> </DIV>
<DIV>I am having problems while authorizing with the radius server. I am using the same configuration as mentioned in the radius-howto. Authentication works perfect as I am able to authenticate using the radius server. However while authorizing against the radius server to make a call I get the following error:</DIV>
<DIV> </DIV>
<DIV><STRONG>auth: No authenticate method (Auth-Type) configuration found for the user<BR>request: Rejecting the user<BR>auth: Failed to validate the user.<BR>Delaying request 2 for 1 seconds<BR>Finished request 2</STRONG></DIV>
<DIV> </DIV>
<DIV>When I authorize against the mysql database, it works fine. Any clue???</DIV>
<DIV> </DIV>
<DIV>Best Regards,</DIV>
<DIV>Naresh</DIV>
<DIV><BR> </DIV>
<P>__________________________________________________<BR>Do You Yahoo!?<BR>Tired of spam? Yahoo! Mail has the best spam protection around <BR>http://mail.yahoo.com </P></BLOCKQUOTE></BLOCKQUOTE><p>__________________________________________________<br>Do You Yahoo!?<br>Tired of spam? Yahoo! Mail has the best spam protection around <br>http://mail.yahoo.com