Hi,<br><div class="gmail_quote"><br>I am trying to configure openser + freeradius for authentication & accounting.<br>I have my freeradius configured with openldap and it's working successfully.<br><br>tested with <br>
<br>radclient -f digest <a href="http://127.0.0.1:1812" target="_blank">127.0.0.1:1812</a> auth testing123<br>
<br>results are successfull.<br><br>However I cannot get it to work with openser. I see nothing happening in my "/usr/sbin/radius -X" output coming from openser when i try to register.<br><br>My enviroment was tested on Fedora 8 and Fedora 9 both with rpm's and same results.<br>
<br>auth_radius:radius_authorize_sterman: rc_auth failed<br><br>no output is seen in my /usr/sbin/radius -X<br><br>Below please find my openser.cfg & radiusclient.conf & servers <br><br>######## radiusclient.conf<br>
<br># General settings<br><br># specify which authentication comes first respectively which<br># authentication is used. possible values are: "radius" and "local".<br># if you specify "radius,local" then the RADIUS server is asked<br>
# first then the local one. if only one keyword is specified only<br># this server is asked.<br>auth_order radius,local<br><br># maximum login tries a user has<br>login_tries 4<br><br># timeout for all login tries<br>
# if this time is exceeded the user is kicked out<br>login_timeout 60<br><br># name of the nologin file which when it exists disables logins.<br># it may be extended by the ttyname which will result in<br># a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable<br>
# logins on /dev/ttyS2)<br>nologin /etc/nologin<br><br># name of the issue file. it's only display when no username is passed<br># on the radlogin command line<br>issue /etc/radiusclient-ng/issue<br><br># RADIUS settings<br>
<br># RADIUS server to use for authentication requests. this config<br># item can appear more then one time. if multiple servers are<br># defined they are tried in a round robin fashion if one<br># server is not answering.<br>
# optionally you can specify a the port number on which is remote<br># RADIUS listens separated by a colon from the hostname. if<br># no port is specified /etc/services is consulted of the radius<br># service. if this fails also a compiled in default is used.<br>
authserver <a href="http://127.0.0.1" target="_blank">127.0.0.1</a><br>authserver <a href="http://10.0.0.10" target="_blank">10.0.0.10</a><br>authserver localhost<br><br># RADIUS server to use for accouting requests. All that I<br>
# said for authserver applies, too. <br>
#<br>acctserver <a href="http://127.0.0.1:1813" target="_blank">127.0.0.1:1813</a><br><br># file holding shared secrets used for the communication<br># between the RADIUS client and server<br>servers /etc/radiusclient-ng/servers<br>
<br># dictionary of allowed attributes and values<br># just like in the normal RADIUS distributions<br>#dictionary /usr/share/radiusclient-ng/dictionary<br>dictionary /etc/radiusclient-ng/dictionary.openser<br><br>
# program to call for a RADIUS authenticated login<br>login_radius /usr/sbin/login.radius<br><br># file which holds sequence number for communication with the<br># RADIUS server<br>seqfile /var/run/radius.seq<br>
<br># file which specifies mapping between ttyname and NAS-Port attribute<br>mapfile /etc/radiusclient-ng/port-id-map<br><br># default authentication realm to append to all usernames if no<br># realm was explicitly specified by the user<br>
# the radiusd directly form Livingston doesnt use any realms, so leave<br># it blank then<br>default_realm<br><br># time to wait for a reply from the RADIUS server<br>radius_timeout 10<br><br># resend request this many times before trying the next server<br>
radius_retries 3<br><br># local address from which radius packets have to be sent<br>bindaddr *<br><br># LOCAL settings<br><br># program to execute for local login<br># it must support the -f flag for preauthenticated login<br>
login_local /bin/login<br><br>########################################################<br><br>#/etc/radiusclient-ng/servers<br><br>#Server Name or Client/Server pair Key<br>#---------------- ---------------<br>
#<a href="http://portmaster.elemental.net" target="_blank">portmaster.elemental.net</a> hardlyasecret<br>#<a href="http://portmaster2.elemental.net" target="_blank">portmaster2.elemental.net</a> donttellanyone<br>
localhost testing123<br><a href="http://127.0.0.1" target="_blank">127.0.0.1</a> testing123<br><a href="http://10.0.0.10" target="_blank">10.0.0.10</a> testing123<br>
<br>#######################################################<br><br> ##########openser.cfg<br><br># -- rr params --<br>debug=3<br>log_stderror=yes<br>log_facility=LOG_LOCAL0<br><br>fork=yes<br>children=4<br><br>port=5060<br>
<br># ------------------ module loading ----------------------------------<br>mpath="/usr/lib/openser/modules/"<br><br>loadmodule "mysql.so"<br>loadmodule "sl.so"<br>loadmodule "tm.so"<br>
loadmodule "rr.so"<br>loadmodule "maxfwd.so"<br>loadmodule "avpops.so"<br>loadmodule "usrloc.so"<br>loadmodule "registrar.so"<br>loadmodule "textops.so"<br>loadmodule "xlog.so"<br>
loadmodule "uri.so"<br>loadmodule "auth.so"<br>loadmodule "auth_radius.so"<br>loadmodule "mi_fifo.so"<br><br>modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")<br>
<br><br><br><br># ----------------- setting module-specific parameters ---------------<br><br># -- usrloc params --<br>modparam("usrloc","db_url","mysql://openser:openser@localhost/openser")<br>
modparam("usrloc", "db_mode", 2)<br><br># -- acc params --<br><br>modparam("auth_radius","radius_config","/etc/radiusclient-ng/radiusclient.conf")<br><br># add value to ;lr param to make some broken UAs happy<br>
modparam("rr", "enable_full_lr", 1)<br><br># ------------------------- request routing logic -------------------<br><br># main routing logic<br><br>route{<br><br> # authenticate registers<br> if (method=="REGISTER") {<br>
if (!radius_www_authorize("")) {<br> www_challenge("", "0");<br> exit;<br> };<br><br> save("location");<br> exit;<br>
<br> };<br><br> route(1);<br>}<br><br># generic forward<br>route[1] {<br> # send it out now; use stateful forwarding as it works reliably<br> # even for UDP2TCP<br> if (!t_relay()) {<br> sl_reply_error();<br>
};<br> exit;<br>}<br>#<br><br>Thanks for your help<br><font color="#888888"><br>SJX<br><br><br><br><br><br>
</font></div><br>