<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2668" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff background="">
<DIV>>auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user<BR>>auth: Failed to validate the user.</DIV>
<DIV> </DIV>
<DIV>This is where it fails. SER does not send Auth-Type, freeRadius is
configured to require an Auth-Type. I don't know how you change that, I don't
use freeRadius.</DIV>
<DIV>g-)<BR><BR>---- Original Message ----<BR>From: Naresh Parmar<BR>To: Ricardo
Martinez ; serusers@lists.iptel.org<BR>Sent: Wednesday, July 20, 2005 07:09
PM<BR>Subject: RE: [Serusers] Problem authorizing with radius<BR><BR>> Hi
Ricardo,<BR>> <BR>> Tried it. It still gives me the same error. Please let
me know the<BR>> version of the radius server you are using.?? Also can you
please let<BR>> me know wht did u do to make the accounting work...??
<BR>> <BR>> Best Regards,<BR>> Naresh<BR>> <BR>> Ricardo Martinez
<rmartinez@redvoiss.net> wrote:<BR>> Hello
Naresh.<BR>> I guess there is an error in the way you
call the authorization<BR>> for the INVITE. As far as i know for the
REGISTER message<BR>> (authentication) you need the statement :
<BR>> <BR>> radius_www_authorize<BR>>
<BR>> But for the INVITE you need to call
"radius_proxy_authorize". <BR>> This is what i have in my ser.cfg <BR>>
<BR>>
if (method=="INVITE") {<BR>>
<BR>>
if (!radius_proxy_authorize(""))
{<BR>>
proxy_challenge("","1");<BR>>
break;<BR>>
};<BR>> };<BR>> <BR>>
maybe you can try this and tell me how it works.<BR>> <BR>> Good
luck<BR>> <BR>> Ricardo Martinez.-<BR>> <BR>> -----Mensaje
original-----<BR>> De: Naresh Parmar
[mailto:naresh_parmar14@yahoo.com]<BR>> Enviado el: Miércoles, 20 de Julio de
2005 12:10<BR>> Para: Ricardo Martinez; serusers@lists.iptel.org<BR>> Asunto:
RE: [Serusers] Problem authorizing with radius<BR>> <BR>> <BR>> Hi
Ricardo,<BR>> <BR>> We are using freeradius server 0.9.1 and SER 0.9.3.
The version of<BR>> radius client is radiusclient-ng-0.5.1. The users file in
the radius<BR>> server looks like as below: <BR>> <BR>>
test@sip2.zone Auth-Type := Digest, User-Password ==
"cisco1234"<BR>>
Reply-Message =
"Authenticated",<BR>>
Sip-Rpid = "1970"<BR>> test@sip2.zone Auth-Type :=
Accept<BR>> Reply-Message =
"Authorized",<BR>> Sip-Group
== "ld"<BR>> <BR>> The radius authentication and authorization parts in
the ser.cfg file<BR>> are given below: <BR>> <BR>> if
(uri=~"^sip:9[0-9]*@")
{<BR>>
if
(method=="INVITE"){<BR>>
if (!radius_www_authorize(""))
{<BR>>
www_challenge("",
"1");<BR>>
break;<BR>>
}else{<BR>>
if<BR>> (radius_is_user_in("Credentials", "ld")){
<BR>>
<BR>> forward(192.168.2.101,5060);
<BR>>
break;<BR>>
}else{<BR>>
break;<BR>>
};<BR>>
};<BR>>
};<BR>>
};<BR>> <BR>> <BR>> And finally the error is as below:<BR>> <BR>>
Invalid operator for item Suffix: reverting to '=='<BR>>
modcall[authorize]: module "preprocess" returns ok<BR>>
modcall[authorize]: module "chap" returns noop<BR>> rlm_eap: No
EAP-Message, not doing EAP<BR>> modcall[authorize]: module "eap"
returns noop<BR>> rlm_digest: Converting
Digest-Attributes to something
sane...<BR>> Digest-User-Name
= "test"<BR>> Digest-Realm =
"sip2.zone"<BR>> Digest-Nonce
=
"42de75b2e9e39194a286e8ccd284646ffa14bcc2"<BR>>
Digest-URI =
"sip:94161000@sip2.zone"<BR>>
Digest-Method = "INVITE"<BR>>
Digest-QOP = "auth"<BR>>
Digest-Nonce-Count =
"0000000a"<BR>> Digest-CNonce
= "753F926DB8F5415D8D56EE7816410E33"<BR>> rlm_digest: Adding Auth-Type =
DIGEST<BR>> modcall[authorize]: module "digest" returns
ok<BR>> rlm_realm: Looking up realm "sip2.zone" for
User-Name =<BR>> "test@sip2.zone" <BR>> rlm_realm:
No such realm "sip2.zone"<BR>> modcall[authorize]: module
"suffix" returns noop<BR>> users: Matched entry
test@sip2.zone at line 226<BR>> modcall[authorize]: module
"files" returns ok<BR>> modcall[authorize]: module "mschap"
returns noop<BR>> modcall: group authorize returns ok<BR>>
rad_check_password: Found Auth-Type Digest<BR>> auth: type
"digest"<BR>> modcall: entering group authenticate<BR>> A1 =
test:sip2.zone:cisco1234<BR>> A2 = INVITE:sip:94161000@sip2.zone<BR>> KD
=<BR>>
53d3b82970bada131a062103f553b8b8:42de75b2e9e39194a286e8ccd284646ffa14bcc2:0000000a:753F926DB8F5415D8D56EE7816410E33:auth:18227b358ffe96049a3745eeb<BR>>
449fae2 <BR>> modcall[authenticate]: module "digest"
returns ok<BR>> modcall: group authenticate returns ok<BR>>
radius_xlat: 'Authenticated'<BR>> Login OK: [test@sip2.zone/<no
User-Password attribute>] (from client<BR>> proxy port 5060) <BR>>
Sending Access-Accept of id 203 to
192.168.2.1:32831<BR>>
Reply-Message =
"Authenticated"<BR>> Sip-Rpid
= "1970"<BR>> Finished request 6<BR>> Going to the next request<BR>>
--- Walking the entire request list ---<BR>> Waking up in 6
seconds...<BR>> rad_recv: Access-Request packet from host 192.168.2.1:32831,
id=204,<BR>> length=53
<BR>> User-Name =
"test"<BR>> Sip-Group =
"ld"<BR>> Service-Type =
Group-Check<BR>>
NAS-IP-Address =
192.168.2.1<BR>> NAS-Port =
0<BR>> modcall: ent ering group authorize<BR>> Invalid operator for item
Suffix: reverting to '=='<BR>> Invalid operator for item Suffix: reverting to
'=='<BR>> Invalid operator for item Suffix: reverting to
'=='<BR>> modcall[authorize]: module "preprocess" returns
ok<BR>> modcall[authorize]: module "chap" returns
noop<BR>> rlm_eap: No EAP-Message, not doing
EAP<BR>> modcall[authorize]: module "eap" returns
noop<BR>> modcall[authorize]: module "digest" returns
noop<BR>> rlm_realm: No '@' in User-Name = "test",
looking up realm NULL<BR>> rlm_realm: No such realm
"NULL"<BR>> modcall[authorize]: module "suffix" returns
noop<BR>> modcall[authorize]: module "files" returns
notfound<BR>> modcall[authorize]: module "mschap" returns
noop<BR>> modcall: group authorize returns ok<BR>> auth: No authenticate
method (Auth-Type) configuration found for the<BR>> request: Rejecting the
user <BR>> auth: Failed to validate the user.<BR>> Login incorrect:
[test/<no User-Password attribute>] (from client<BR>> proxy port 0)
<BR>> Delaying request 7 for 1 seconds<BR>> Finished request 7<BR>>
Going to the next request<BR>> Waking up in 6 seconds...<BR>> <BR>> As
you can see from the above configuration, the authentication works<BR>>
perfect, its only in the authorization where it fails. Also can you<BR>>
please let me know about the accounting configuration?? <BR>> <BR>>
Thanks a lot..<BR>> Naresh<BR>> <BR>> <BR>> Ricardo Martinez
<rmartinez@redvoiss.net> wrote:<BR>> Hello Naresh<BR>> I have
authentication, authorization and accounting (AAA) through<BR>> radius
working fine. What radius server are you using?, can you send<BR>> us
more information about the configuration? <BR>> <BR>>
Cheers,<BR>> Ricardo.-<BR>> <BR>> -----Mensaje original-----<BR>>
De: Naresh Parmar [mailto:naresh_parmar14@yahoo.com]<BR>> Enviado el:
Miércoles, 20 de Julio de 2005 10:37<BR>> Para: serusers@lists.iptel.org<BR>>
Asunto: [Serusers] Problem authorizing with radius<BR>> <BR>> <BR>> hi
friends,<BR>> <BR>> I am having problems while authorizing with the radius
server. I am<BR>> using the same configuration as mentioned in the
radius-howto.<BR>> Authentication works perfect as I am able to authenticate
using the<BR>> radius server. However while authorizing against the radius
server to<BR>> make a call I get the following error:
<BR>> <BR>> auth: No authenticate method (Auth-Type) configuration found
for the<BR>> user <BR>> request: Rejecting the user<BR>> auth: Failed
to validate the user.<BR>> Delaying request 2 for 1 seconds<BR>> Finished
request 2<BR>> <BR>> When I authorize against the mysql database, it works
fine. Any<BR>> clue??? <BR>> <BR>> Best Regards,<BR>> Naresh<BR>>
<BR>> <BR>> __________________________________________________<BR>> Do
You Yahoo!?<BR>> Tired of spam? Yahoo! Mail has the best spam protection
around<BR>> http://mail.yahoo.com<BR>>
__________________________________________________<BR>> Do You
Yahoo!?<BR>> Tired of spam? Yahoo! Mail has the best spam protection
around<BR>> http://mail.yahoo.com<BR>> <BR>> <BR>> Start your day
with Yahoo! - make it your home page<BR>> <BR>> <BR>> <BR>>
_______________________________________________<BR>> Serusers mailing
list<BR>> serusers@lists.iptel.org<BR>>
http://lists.iptel.org/mailman/listinfo/serusers</DIV></BODY></HTML>