<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2668" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2>Hello Naresh.</FONT></SPAN></DIV>
<DIV><SPAN class=754551416-20072005> <FONT
face="Lucida Sans Unicode" color=#0000ff size=2>I guess there is an error in the
way you call the authorization for the INVITE. As far as i know for the
REGISTER message (authentication) you need the statement : </FONT></SPAN></DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=754551416-20072005> <FONT
face="Lucida Sans Unicode" color=#0000ff
size=2>radius_www_authorize</FONT></SPAN></DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=754551416-20072005> <FONT
face="Lucida Sans Unicode" color=#0000ff size=2>But for the INVITE you need to
call "radius_proxy_authorize". This is what i have in my
ser.cfg</FONT></SPAN></DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=754551416-20072005> <FONT
face="Lucida Sans Unicode" color=#0000ff
size=2> if (method=="INVITE")
{</FONT></SPAN></DIV>
<DIV><FONT face="Lucida Sans Unicode" color=#0000ff size=2></FONT> </DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff
size=2>
if (!radius_proxy_authorize(""))
{<BR>
proxy_challenge("","1");<BR>
break;<BR>
};</FONT></SPAN><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2><BR>
};</FONT></SPAN></DIV>
<DIV><FONT face="Lucida Sans Unicode" color=#0000ff size=2></FONT> </DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2>maybe you can try this and tell me how it
works.</FONT></SPAN></DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=754551416-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2>Good luck</FONT></SPAN></DIV><SPAN
class=754551416-20072005><FONT face="Lucida Sans Unicode" color=#0000ff size=2>
<DIV><BR>Ricardo Martinez.-</DIV>
<DIV></FONT></SPAN> </DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Mensaje original-----<BR><B>De:</B> Naresh Parmar
[mailto:naresh_parmar14@yahoo.com]<BR><B>Enviado el:</B> Miércoles, 20 de
Julio de 2005 12:10<BR><B>Para:</B> Ricardo Martinez;
serusers@lists.iptel.org<BR><B>Asunto:</B> RE: [Serusers] Problem authorizing with
radius<BR><BR></FONT></DIV>
<DIV>Hi Ricardo,</DIV>
<DIV> </DIV>
<DIV>We are using freeradius server 0.9.1 and SER 0.9.3. The version of radius
client is radiusclient-ng-0.5.1. <STRONG>The users file in the radius
server looks like as below:</STRONG></DIV>
<DIV> </DIV>
<DIV><A href="mailto:test@sip2.zone">test@sip2.zone</A> Auth-Type := Digest,
User-Password == "cisco1234"<BR>
Reply-Message = "Authenticated",<BR>
Sip-Rpid = "1970"</DIV>
<DIV><A href="mailto:test@sip2.zone">test@sip2.zone</A> Auth-Type :=
Accept<BR> Reply-Message =
"Authorized",<BR> Sip-Group ==
"ld"</DIV>
<DIV> </DIV>
<DIV><STRONG>The radius authentication and authorization parts in
the ser.cfg file are given below:</STRONG></DIV>
<DIV> </DIV>
<DIV> if (uri=~"^sip:9[0-9]*@")
{<BR>
if
(method=="INVITE"){<BR>
if (!radius_www_authorize(""))
{<BR>
www_challenge("",
"1");<BR>
break;<BR>
}else{<BR>
if (radius_is_user_in("Credentials",
"ld")){<BR>
forward(192.168.2.101,5060);<BR>
break;<BR>
}else{<BR>
break;<BR>
};<BR>
};<BR>
};<BR>
};<BR></DIV>
<DIV> </DIV>
<DIV><STRONG>And finally the error is as below:</STRONG></DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV>Invalid operator for item Suffix: reverting to '=='<BR>
modcall[authorize]: module "preprocess" returns ok<BR>
modcall[authorize]: module "chap" returns noop<BR> rlm_eap: No
EAP-Message, not doing EAP<BR> modcall[authorize]: module "eap" returns
noop<BR> rlm_digest: Converting Digest-Attributes to
something sane...<BR>
Digest-User-Name = "test"<BR>
Digest-Realm = "sip2.zone"<BR>
Digest-Nonce =
"42de75b2e9e39194a286e8ccd284646ffa14bcc2"<BR>
Digest-URI =
"sip:94161000@sip2.zone"<BR>
Digest-Method = "INVITE"<BR>
Digest-QOP = "auth"<BR>
Digest-Nonce-Count = "0000000a"<BR>
Digest-CNonce = "753F926DB8F5415D8D56EE7816410E33"<BR>rlm_digest: Adding
Auth-Type = DIGEST<BR> modcall[authorize]: module "digest" returns
ok<BR> rlm_realm: Looking up realm "sip2.zone" for User-Name
= "<A href="mailto:test@sip2.zone">test@sip2.zone</A>"<BR>
rlm_realm: No such realm "sip2.zone"<BR> modcall[authorize]: module
"suffix" returns noop<BR> users: Matched entry <A
href="mailto:test@sip2.zone">test@sip2.zone</A> at line 226<BR>
modcall[authorize]: module "files" returns ok<BR> modcall[authorize]:
module "mschap" returns noop<BR>modcall: group authorize returns ok<BR>
rad_check_password: Found Auth-Type Digest<BR>auth: type
"digest"<BR>modcall: entering group authenticate<BR>A1 =
test:sip2.zone:cisco1234<BR>A2 = INVITE:sip:94161000@sip2.zone<BR>KD =
53d3b82970bada131a062103f553b8b8:42de75b2e9e39194a286e8ccd284646ffa14bcc2:0000000a:753F926DB8F5415D8D56EE7816410E33:auth:18227b358ffe96049a3745eeb449fae2
<BR> modcall[authenticate]: module "digest" returns ok<BR>modcall: group
authenticate returns ok<BR>radius_xlat: 'Authenticated'<BR>Login OK:
[test@sip2.zone/<no User-Password attribute>] (from client proxy port
5060)<BR>Sending Access-Accept of id 203 to
192.168.2.1:32831<BR> Reply-Message
= "Authenticated"<BR> Sip-Rpid =
"1970"<BR>Finished request 6<BR>Going to the next request<BR>--- Walking the
entire request list ---<BR>Waking up in 6 seconds...<BR>rad_recv:
Access-Request packet from host 192.168.2.1:32831, id=204,
length=53<BR> User-Name =
"test"<BR> Sip-Group =
"ld"<BR> Service-Type =
Group-Check<BR> NAS-IP-Address =
192.168.2.1<BR> NAS-Port =
0<BR>modcall: entering group authorize<BR>Invalid operator for item Suffix:
reverting to '=='<BR>Invalid operator for item Suffix: reverting to
'=='<BR>Invalid operator for item Suffix: reverting to '=='<BR>
modcall[authorize]: module "preprocess" returns ok<BR>
modcall[authorize]: module "chap" returns noop<BR> rlm_eap: No
EAP-Message, not doing EAP<BR> modcall[authorize]: module "eap" returns
noop<BR> modcall[authorize]: module "digest" returns
noop<BR> rlm_realm: No <A href="mailto:'@'">'@'</A> in
User-Name = "test", looking up realm NULL<BR> rlm_realm: No
such realm "NULL"<BR> modcall[authorize]: module "suffix" returns
noop<BR> modcall[authorize]: module "files" returns notfound<BR>
modcall[authorize]: module "mschap" returns noop<BR>modcall: group authorize
returns ok<BR><STRONG>auth: No authenticate method (Auth-Type) configuration
found for the request: Rejecting the user<BR>auth: Failed to validate the
user.<BR></STRONG>Login incorrect: [test/<no User-Password attribute>]
(from client proxy port 0)<BR>Delaying request 7 for 1 seconds<BR>Finished
request 7<BR>Going to the next request<BR>Waking up in 6 seconds...</DIV>
<DIV> </DIV>
<DIV>As you can see from the above configuration, the authentication works
perfect, its only in the authorization where it fails. Also can you please let
me know about the accounting configuration??</DIV>
<DIV> </DIV>
<DIV>Thanks a lot..</DIV>
<DIV>Naresh</DIV>
<DIV><BR><BR><B><I>Ricardo Martinez <rmartinez@redvoiss.net></I></B>
wrote:</DIV>
<BLOCKQUOTE class=replbq
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">
<META content="MSHTML 6.00.2900.2668" name=GENERATOR>
<DIV><SPAN class=348242215-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2>Hello Naresh</FONT></SPAN></DIV>
<DIV><SPAN class=348242215-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2>I have authentication, authorization and accounting
(AAA) through radius working fine. What radius server are you using?,
can you send us more information about the
configuration?</FONT></SPAN></DIV>
<DIV><SPAN class=348242215-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=348242215-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2>Cheers,</FONT></SPAN></DIV>
<DIV><SPAN class=348242215-20072005><FONT face="Lucida Sans Unicode"
color=#0000ff size=2>Ricardo.-</FONT></SPAN></DIV>
<DIV><FONT face="Lucida Sans Unicode" color=#0000ff
size=2></FONT> </DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Mensaje original-----<BR><B>De:</B> Naresh Parmar
[mailto:naresh_parmar14@yahoo.com]<BR><B>Enviado el:</B> Miércoles, 20 de
Julio de 2005 10:37<BR><B>Para:</B> serusers@lists.iptel.org<BR><B>Asunto:</B>
[Serusers] Problem authorizing with radius<BR><BR></FONT></DIV>
<DIV>hi friends,</DIV>
<DIV> </DIV>
<DIV>I am having problems while authorizing with the radius server. I am
using the same configuration as mentioned in the radius-howto.
Authentication works perfect as I am able to authenticate using the radius
server. However while authorizing against the radius server to make a call
I get the following error:</DIV>
<DIV> </DIV>
<DIV><STRONG>auth: No authenticate method (Auth-Type) configuration found
for the user<BR>request: Rejecting the user<BR>auth: Failed to validate
the user.<BR>Delaying request 2 for 1 seconds<BR>Finished request
2</STRONG></DIV>
<DIV> </DIV>
<DIV>When I authorize against the mysql database, it works fine. Any
clue???</DIV>
<DIV> </DIV>
<DIV>Best Regards,</DIV>
<DIV>Naresh</DIV>
<DIV><BR> </DIV>
<P>__________________________________________________<BR>Do You
Yahoo!?<BR>Tired of spam? Yahoo! Mail has the best spam protection around
<BR>http://mail.yahoo.com </P></BLOCKQUOTE></BLOCKQUOTE>
<P>__________________________________________________<BR>Do You
Yahoo!?<BR>Tired of spam? Yahoo! Mail has the best spam protection around
<BR>http://mail.yahoo.com </P></BLOCKQUOTE></BODY></HTML>