Hi,<br><br>From SER version 2.x in order to challenge a SIP Request with FreeRADIUS authorization You need to use the radius_proxy_authorize(digest_realm) function.<br>And analogously proxy_authorize(digest_realm, credentials) if You want to use SER database.<br>
<br>Kind regards,<br>- Tomasz Zieleniewski <br><br><div class="gmail_quote">2009/5/6 Leon Li <span dir="ltr"><<a href="mailto:Leon.Li@aarnet.edu.au">Leon.Li@aarnet.edu.au</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div link="blue" vlink="purple" lang="EN-AU">
<div>
<p>Hi,</p>
<p> </p>
<p>I am trying to make SER working with FreeRADIUS. However,
I got an error using www_challenge, " 0(3184) parse error (119,25-26):
unknown command, missing loadmodule?" The 119 line is
www_challenge("", "0"); I did load auth module. Any idea?</p>
<p> </p>
<p>Here is my config:</p>
<p> </p>
<p>#</p>
<p># $Id: ser-basic.cfg,v 1.1.2.2 2008/06/12 13:15:06
alfredh Exp $ # # This a very basic config file w aliases and anamed route but
# w/o authentication, accounting, database, multi-domain support etc.</p>
<p># Please refer to ser.cfg for a more complete example #</p>
<p> </p>
<p># ----------- global configuration parameters ------------------------</p>
<p> </p>
<p>debug=3 #
debug level (cmd line: -dddddddddd)</p>
<p>#memdbg=10 # memory debug message level</p>
<p>#memlog=10 # memory statistics log level
#log_facility=LOG_LOCAL0 # sets the facility used for logging (see syslog(3))</p>
<p> </p>
<p>/* Uncomment these lines to enter debugging mode fork=no
log_stderror=yes */</p>
<p> </p>
<p>check_via=no # (cmd. line: -v)</p>
<p>dns=no
# (cmd. line: -r)</p>
<p>rev_dns=no # (cmd. line:
-R)</p>
<p>listen=202.158.197.134</p>
<p>port=5060</p>
<p>children=4</p>
<p>#user=ser</p>
<p>#group=ser</p>
<p>#disable_core=yes #disables core dumping</p>
<p>#open_fd_limit=1024 # sets the open file descriptors
limit #mhomed=yes # usefull for multihomed hosts, small performance
penalty #disable_tcp=yes #tcp_accept_aliases=yes # accepts the tcp alias via
option (see NEWS)</p>
<p> </p>
<p>#</p>
<p> </p>
<p># ------------------ module loading
----------------------------------</p>
<p> </p>
<p>loadmodule "/usr/local/lib/ser/modules/sl.so"</p>
<p>loadmodule "/usr/local/lib/ser/modules/tm.so"</p>
<p>loadmodule "/usr/local/lib/ser/modules/rr.so"</p>
<p>loadmodule "/usr/local/lib/ser/modules/textops.so"</p>
<p>loadmodule
"/usr/local/lib/ser/modules/maxfwd.so"</p>
<p>loadmodule
"/usr/local/lib/ser/modules/usrloc.so"</p>
<p>loadmodule
"/usr/local/lib/ser/modules/registrar.so"</p>
<p>loadmodule "/usr/local/lib/ser/modules/ctl.so"</p>
<p><b>loadmodule "/usr/local/lib/ser/modules/auth.so"</b></p>
<p>loadmodule
"/usr/local/lib/ser/modules/auth_radius.so"</p>
<p> </p>
<p># ----------------- setting module-specific parameters
---------------</p>
<p> </p>
<p># -- usrloc params --</p>
<p> </p>
<p>modparam("usrloc",
"db_mode", 0)</p>
<p> </p>
<p># -- rr params --</p>
<p># add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)</p>
<p> </p>
<p># ctl params</p>
<p># by default ctl listens on unixs:/tmp/ser_ctl if no
other address is # specified in modparams; this is also the default for sercmd
modparam("ctl", "binrpc", "unixs:/tmp/ser_ctl") #
listen on the "standard" fifo for backward compatibility
modparam("ctl", "fifo", "fifo:/tmp/ser_fifo") #
listen on tcp, localhost #modparam("ctl", "binrpc",
"tcp:localhost:2046")</p>
<p> </p>
<p># -- auth_radius params --</p>
<p>modparam("auth_radius",
"radius_config",
"/usr/local/etc/radiusclient-ng/radiusclient.conf")</p>
<p> </p>
<p># ------------------------- request routing logic
-------------------</p>
<p> </p>
<p># main routing logic</p>
<p> </p>
<p>route{</p>
<p> </p>
<p> # initial sanity checks --
messages with</p>
<p> # max_forwards==0, or
excessively long requests</p>
<p> if
(!mf_process_maxfwd_header("10")) {</p>
<p> sl_reply("483","Too
Many Hops");</p>
<p> break;</p>
<p> }</p>
<p> if (msg:len >=
max_len ) {</p>
<p> sl_reply("513",
"Message too big");</p>
<p> break;</p>
<p> }</p>
<p> </p>
<p> # we record-route all
messages -- to make sure that</p>
<p> # subsequent messages will
go through our proxy; that's</p>
<p> # particularly good if
upstream and downstream entities</p>
<p> # use different transport
protocol</p>
<p> if
(!method=="REGISTER") record_route();</p>
<p> </p>
<p> # subsequent messages
withing a dialog should take the</p>
<p> # path determined by
record-routing</p>
<p> if (loose_route()) {</p>
<p> #
mark routing logic in request</p>
<p> append_hf("P-hint:
rr-enforced\r\n");</p>
<p> route(FORWARD);</p>
<p> break;</p>
<p> }</p>
<p> </p>
<p> if (!uri==myself) {</p>
<p> #
mark routing logic in request</p>
<p> append_hf("P-hint:
outbound\r\n");</p>
<p> route(FORWARD);</p>
<p> break;</p>
<p> }</p>
<p> </p>
<p> # if the request is for
other domain use UsrLoc</p>
<p> # (in case, it does not
work, use the following command</p>
<p> # with proper names and
addresses in it)</p>
<p> if (uri==myself) {</p>
<p> </p>
<p><b> if
(method=="REGISTER") {</b></p>
<p><b> #
authentication</b></p>
<p><b> if
(!radius_www_authorize("")) {</b></p>
<p><b> www_challenge("",
"0");</b></p>
<p><b> break;</b></p>
<p> };</p>
<p> save_contacts("location");</p>
<p> break;</p>
<p> }</p>
<p> </p>
<p> #
native SIP destinations are handled using our USRLOC DB</p>
<p> if
(!lookup_contacts("location")) {</p>
<p> sl_reply("404",
"Not Found");</p>
<p> break;</p>
<p> }</p>
<p> append_hf("P-hint:
usrloc applied\r\n");</p>
<p> }</p>
<p> route(FORWARD);</p>
<p>}</p>
<p> </p>
<p>route[FORWARD]</p>
<p>{</p>
<p> # send it out now; use
stateful forwarding as it works reliably</p>
<p> # even for UDP2TCP</p>
<p> if (!t_relay()) {</p>
<p> sl_reply_error();</p>
<p> }</p>
<p>}</p>
<p> </p>
<p>Thanks,</p>
<p>Leon</p>
<p> </p>
</div>
</div>
<br>_______________________________________________<br>
Serusers mailing list<br>
<a href="mailto:Serusers@lists.iptel.org">Serusers@lists.iptel.org</a><br>
<a href="http://lists.iptel.org/mailman/listinfo/serusers" target="_blank">http://lists.iptel.org/mailman/listinfo/serusers</a><br>
<br></blockquote></div><br>