<DIV>
<DIV>Folks,</DIV>
<DIV> </DIV>
<DIV>i changed the flag in the sip_router/modules/acc/Makefile to LIBS=-L$(LOCALBASE)/lib and it works fine now.....i.e. the acc module compiles fine......
<DIV>Thanks Ricardo and Greger...your advise really helped me out....now i m using radius authentication and mysql authorization......user credentials are stored in the mysql database only after the user is authenticated against radius server........</DIV></DIV>
<DIV> </DIV>
<DIV>Thanks Ricardo and Greger...your advise really helped me out....now i m using radius authentication and mysql authorization......i'll be back with the queries on accounting now :)</DIV>
<DIV> </DIV>
<DIV>cheers,</DIV>
<DIV>naresh</DIV><BR><BR><B><I>"Greger V. Teigre" <greger@teigre.com></I></B> wrote:
<BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">
<META content="MSHTML 6.00.2900.2668" name=GENERATOR>
<STYLE></STYLE>
<DIV>>auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user<BR>>auth: Failed to validate the user.</DIV>
<DIV> </DIV>
<DIV>This is where it fails. SER does not send Auth-Type, freeRadius is configured to require an Auth-Type. I don't know how you change that, I don't use freeRadius.</DIV>
<DIV>g-)<BR><BR>---- Original Message ----<BR>From: Naresh Parmar<BR>To: Ricardo Martinez ; serusers@lists.iptel.org<BR>Sent: Wednesday, July 20, 2005 07:09 PM<BR>Subject: RE: [Serusers] Problem authorizing with radius<BR><BR>> Hi Ricardo,<BR>> <BR>> Tried it. It still gives me the same error. Please let me know the<BR>> version of the radius server you are using.?? Also can you please let<BR>> me know wht did u do to make the accounting work...?? <BR>> <BR>> Best Regards,<BR>> Naresh<BR>> <BR>> Ricardo Martinez <rmartinez@redvoiss.net> wrote:<BR>> Hello Naresh.<BR>> I guess there is an error in the way you call the authorization<BR>> for the INVITE. As far as i know for the REGISTER message<BR>> (authentication) you need the statement : <BR>> <BR>> radius_www_authorize<BR>> <BR>> But for the INVITE you need to call "radius_proxy_authorize".
<BR>> This is what i have in my ser.cfg <BR>> <BR>> if (method=="INVITE") {<BR>> <BR>> if (!radius_proxy_authorize("")) {<BR>> proxy_challenge("","1");<BR>> break;<BR>> };<BR>> };<BR>> <BR>> maybe you can try this and tell me how it works.<BR>> <BR>> Good luck<BR>> <BR>> Ricardo Martinez.-<BR>> <BR>> -----Mensaje original-----<BR>> De:
Naresh Parmar [mailto:naresh_parmar14@yahoo.com]<BR>> Enviado el: Miércoles, 20 de Julio de 2005 12:10<BR>> Para: Ricardo Martinez; serusers@lists.iptel.org<BR>> Asunto: RE: [Serusers] Problem authorizing with radius<BR>> <BR>> <BR>> Hi Ricardo,<BR>> <BR>> We are using freeradius server 0.9.1 and SER 0.9.3. The version of<BR>> radius client is radiusclient-ng-0.5.1. The users file in the radius<BR>> server looks like as below: <BR>> <BR>> test@sip2.zone Auth-Type := Digest, User-Password == "cisco1234"<BR>> Reply-Message = "Authenticated",<BR>> Sip-Rpid = "1970"<BR>> test@sip2.zone Auth-Type := Accept<BR>> Reply-Message = "Authorized",<BR>> Sip-Group == "ld"<BR>> <BR>> The radius authentication and authorization parts in the ser.cfg
file<BR>> are given below: <BR>> <BR>> if (uri=~"^sip:9[0-9]*@") {<BR>> if (method=="INVITE"){<BR>> if (!radius_www_authorize("")) {<BR>> www_challenge("",
"1");<BR>> break;<BR>> }else{<BR>> if<BR>> (radius_is_user_in("Credentials", "ld")){
<BR>> <BR>> forward(192.168.2.101,5060); <BR>> break;<BR>>
}else{<BR>> break;<BR>> };<BR>> };<BR>>
};<BR>> };<BR>> <BR>> <BR>> And finally the error is as below:<BR>> <BR>> Invalid operator for item Suffix: reverting to '=='<BR>> modcall[authorize]: module "preprocess" returns ok<BR>> modcall[authorize]: module "chap" returns noop<BR>> rlm_eap: No EAP-Message, not doing EAP<BR>> modcall[authorize]: module "eap" returns noop<BR>> rlm_digest: Converting Digest-Attributes to something sane...<BR>> Digest-User-Name = "test"<BR>> Digest-Realm = "sip2.zone"<BR>> Digest-Nonce = "42de75b2e9e39194a286e8ccd284646ffa14bcc2"<BR>> Digest-URI =
"sip:94161000@sip2.zone"<BR>> Digest-Method = "INVITE"<BR>> Digest-QOP = "auth"<BR>> Digest-Nonce-Count = "0000000a"<BR>> Digest-CNonce = "753F926DB8F5415D8D56EE7816410E33"<BR>> rlm_digest: Adding Auth-Type = DIGEST<BR>> modcall[authorize]: module "digest" returns ok<BR>> rlm_realm: Looking up realm "sip2.zone" for User-Name =<BR>> "test@sip2.zone" <BR>> rlm_realm: No such realm "sip2.zone"<BR>> modcall[authorize]: module "suffix" returns noop<BR>> users: Matched entry test@sip2.zone at line 226<BR>> modcall[authorize]: module "files" returns ok<BR>> modcall[authorize]: module "mschap" returns noop<BR>> modcall: group authorize returns
ok<BR>> rad_check_password: Found Auth-Type Digest<BR>> auth: type "digest"<BR>> modcall: entering group authenticate<BR>> A1 = test:sip2.zone:cisco1234<BR>> A2 = INVITE:sip:94161000@sip2.zone<BR>> KD =<BR>> 53d3b82970bada131a062103f553b8b8:42de75b2e9e39194a286e8ccd284646ffa14bcc2:0000000a:753F926DB8F5415D8D56EE7816410E33:auth:18227b358ffe96049a3745eeb<BR>> 449fae2 <BR>> modcall[authenticate]: module "digest" returns ok<BR>> modcall: group authenticate returns ok<BR>> radius_xlat: 'Authenticated'<BR>> Login OK: [test@sip2.zone/<no User-Password attribute>] (from client<BR>> proxy port 5060) <BR>> Sending Access-Accept of id 203 to 192.168.2.1:32831<BR>> Reply-Message = "Authenticated"<BR>> Sip-Rpid = "1970"<BR>> Finished request 6<BR>> Going to the next request<BR>> --- Walking the
entire request list ---<BR>> Waking up in 6 seconds...<BR>> rad_recv: Access-Request packet from host 192.168.2.1:32831, id=204,<BR>> length=53 <BR>> User-Name = "test"<BR>> Sip-Group = "ld"<BR>> Service-Type = Group-Check<BR>> NAS-IP-Address = 192.168.2.1<BR>> NAS-Port = 0<BR>> modcall: ent ering group authorize<BR>> Invalid operator for item Suffix: reverting to '=='<BR>> Invalid operator for item Suffix: reverting to '=='<BR>> Invalid operator for item Suffix: reverting to '=='<BR>> modcall[authorize]: module "preprocess" returns ok<BR>> modcall[authorize]: module "chap" returns noop<BR>> rlm_eap: No EAP-Message, not doing EAP<BR>>
modcall[authorize]: module "eap" returns noop<BR>> modcall[authorize]: module "digest" returns noop<BR>> rlm_realm: No '@' in User-Name = "test", looking up realm NULL<BR>> rlm_realm: No such realm "NULL"<BR>> modcall[authorize]: module "suffix" returns noop<BR>> modcall[authorize]: module "files" returns notfound<BR>> modcall[authorize]: module "mschap" returns noop<BR>> modcall: group authorize returns ok<BR>> auth: No authenticate method (Auth-Type) configuration found for the<BR>> request: Rejecting the user <BR>> auth: Failed to validate the user.<BR>> Login incorrect: [test/<no User-Password attribute>] (from client<BR>> proxy port 0) <BR>> Delaying request 7 for 1 seconds<BR>> Finished request 7<BR>> Going to the next request<BR>> Waking up in 6 seconds...<BR>> <BR>> As you can see from the above configuration, the
authentication works<BR>> perfect, its only in the authorization where it fails. Also can you<BR>> please let me know about the accounting configuration?? <BR>> <BR>> Thanks a lot..<BR>> Naresh<BR>> <BR>> <BR>> Ricardo Martinez <rmartinez@redvoiss.net> wrote:<BR>> Hello Naresh<BR>> I have authentication, authorization and accounting (AAA) through<BR>> radius working fine. What radius server are you using?, can you send<BR>> us more information about the configuration? <BR>> <BR>> Cheers,<BR>> Ricardo.-<BR>> <BR>> -----Mensaje original-----<BR>> De: Naresh Parmar [mailto:naresh_parmar14@yahoo.com]<BR>> Enviado el: Miércoles, 20 de Julio de 2005 10:37<BR>> Para: serusers@lists.iptel.org<BR>> Asunto: [Serusers] Problem authorizing with radius<BR>> <BR>> <BR>> hi friends,<BR>> <BR>> I am having problems while authorizing with the radius server. I am<BR>> using the same configuration as
mentioned in the radius-howto.<BR>> Authentication works perfect as I am able to authenticate using the<BR>> radius server. However while authorizing against the radius server to<BR>> make a call I get the following error: <BR>> <BR>> auth: No authenticate method (Auth-Type) configuration found for the<BR>> user <BR>> request: Rejecting the user<BR>> auth: Failed to validate the user.<BR>> Delaying request 2 for 1 seconds<BR>> Finished request 2<BR>> <BR>> When I authorize against the mysql database, it works fine. Any<BR>> clue??? <BR>> <BR>> Best Regards,<BR>> Naresh<BR>> <BR>> <BR>> __________________________________________________<BR>> Do You Yahoo!?<BR>> Tired of spam? Yahoo! Mail has the best spam protection around<BR>> http://mail.yahoo.com<BR>> __________________________________________________<BR>> Do You Yahoo!?<BR>> Tired of spam? Yahoo! Mail has the best spam protection
around<BR>> http://mail.yahoo.com<BR>> <BR>> <BR>> Start your day with Yahoo! - make it your home page<BR>> <BR>> <BR>> <BR>> _______________________________________________<BR>> Serusers mailing list<BR>> serusers@lists.iptel.org<BR>> http://lists.iptel.org/mailman/listinfo/serusers</DIV></BLOCKQUOTE></DIV><p>
<hr size=1> <a href="http://us.rd.yahoo.com/evt=34442/*http://www.yahoo.com/r/hs">Start your day with Yahoo! - make it your home page </a>