Hi,<br><br>From SER version 2.x in order to challenge a SIP Request with FreeRADIUS authorization You need to use the radius_proxy_authorize(digest_realm) function.<br>And analogously proxy_authorize(digest_realm, credentials) if You want to use SER database.<br>
<br>Kind regards,<br>- Tomasz Zieleniewski <br><br><div class="gmail_quote">2009/5/6 Leon Li <span dir="ltr">&lt;<a href="mailto:Leon.Li@aarnet.edu.au">Leon.Li@aarnet.edu.au</a>&gt;</span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">









<div link="blue" vlink="purple" lang="EN-AU">

<div>

<p>Hi,</p>

<p> </p>

<p>I am trying to make SER working with FreeRADIUS. However,
I got an error using www_challenge, &quot; 0(3184) parse error (119,25-26):
unknown command, missing loadmodule?&quot; The 119 line is
www_challenge(&quot;&quot;, &quot;0&quot;); I did load auth module. Any idea?</p>

<p> </p>

<p>Here is my config:</p>

<p> </p>

<p>#</p>

<p># $Id: ser-basic.cfg,v 1.1.2.2 2008/06/12 13:15:06
alfredh Exp $ # # This a very basic config file w aliases and anamed route but
# w/o authentication, accounting, database, multi-domain support etc.</p>

<p># Please refer to ser.cfg for a more complete example #</p>

<p> </p>

<p># ----------- global configuration parameters ------------------------</p>

<p> </p>

<p>debug=3         #
debug level (cmd line: -dddddddddd)</p>

<p>#memdbg=10 # memory debug message level</p>

<p>#memlog=10 # memory statistics log level
#log_facility=LOG_LOCAL0 # sets the facility used for logging (see syslog(3))</p>

<p> </p>

<p>/* Uncomment these lines to enter debugging mode fork=no
log_stderror=yes */</p>

<p> </p>

<p>check_via=no    # (cmd. line: -v)</p>

<p>dns=no         
# (cmd. line: -r)</p>

<p>rev_dns=no      # (cmd. line:
-R)</p>

<p>listen=202.158.197.134</p>

<p>port=5060</p>

<p>children=4</p>

<p>#user=ser</p>

<p>#group=ser</p>

<p>#disable_core=yes #disables core dumping</p>

<p>#open_fd_limit=1024 # sets the open file descriptors
limit #mhomed=yes  # usefull for multihomed hosts, small performance
penalty #disable_tcp=yes #tcp_accept_aliases=yes # accepts the tcp alias via
option (see NEWS)</p>

<p> </p>

<p>#</p>

<p> </p>

<p># ------------------ module loading
----------------------------------</p>

<p> </p>

<p>loadmodule &quot;/usr/local/lib/ser/modules/sl.so&quot;</p>

<p>loadmodule &quot;/usr/local/lib/ser/modules/tm.so&quot;</p>

<p>loadmodule &quot;/usr/local/lib/ser/modules/rr.so&quot;</p>

<p>loadmodule &quot;/usr/local/lib/ser/modules/textops.so&quot;</p>

<p>loadmodule
&quot;/usr/local/lib/ser/modules/maxfwd.so&quot;</p>

<p>loadmodule
&quot;/usr/local/lib/ser/modules/usrloc.so&quot;</p>

<p>loadmodule
&quot;/usr/local/lib/ser/modules/registrar.so&quot;</p>

<p>loadmodule &quot;/usr/local/lib/ser/modules/ctl.so&quot;</p>

<p><b>loadmodule &quot;/usr/local/lib/ser/modules/auth.so&quot;</b></p>

<p>loadmodule
&quot;/usr/local/lib/ser/modules/auth_radius.so&quot;</p>

<p> </p>

<p># ----------------- setting module-specific parameters
---------------</p>

<p> </p>

<p># -- usrloc params --</p>

<p> </p>

<p>modparam(&quot;usrloc&quot;,
&quot;db_mode&quot;,   0)</p>

<p> </p>

<p># -- rr params --</p>

<p># add value to ;lr param to make some broken UAs happy
modparam(&quot;rr&quot;, &quot;enable_full_lr&quot;, 1)</p>

<p> </p>

<p># ctl params</p>

<p># by default ctl listens on unixs:/tmp/ser_ctl if no
other address is # specified in modparams; this is also the default for sercmd
modparam(&quot;ctl&quot;, &quot;binrpc&quot;, &quot;unixs:/tmp/ser_ctl&quot;) #
listen on the &quot;standard&quot; fifo for backward compatibility
modparam(&quot;ctl&quot;, &quot;fifo&quot;, &quot;fifo:/tmp/ser_fifo&quot;) #
listen on tcp, localhost #modparam(&quot;ctl&quot;, &quot;binrpc&quot;,
&quot;tcp:localhost:2046&quot;)</p>

<p> </p>

<p># -- auth_radius params --</p>

<p>modparam(&quot;auth_radius&quot;,
&quot;radius_config&quot;,
&quot;/usr/local/etc/radiusclient-ng/radiusclient.conf&quot;)</p>

<p> </p>

<p># -------------------------  request routing logic
-------------------</p>

<p> </p>

<p># main routing logic</p>

<p> </p>

<p>route{</p>

<p> </p>

<p>      # initial sanity checks --
messages with</p>

<p>      # max_forwards==0, or
excessively long requests</p>

<p>      if
(!mf_process_maxfwd_header(&quot;10&quot;)) {</p>

<p>            sl_reply(&quot;483&quot;,&quot;Too
Many Hops&quot;);</p>

<p>            break;</p>

<p>      }</p>

<p>      if (msg:len &gt;= 
max_len ) {</p>

<p>            sl_reply(&quot;513&quot;,
&quot;Message too big&quot;);</p>

<p>            break;</p>

<p>      }</p>

<p> </p>

<p>      # we record-route all
messages -- to make sure that</p>

<p>      # subsequent messages will
go through our proxy; that&#39;s</p>

<p>      # particularly good if
upstream and downstream entities</p>

<p>      # use different transport
protocol</p>

<p>      if
(!method==&quot;REGISTER&quot;) record_route();</p>

<p> </p>

<p>      # subsequent messages
withing a dialog should take the</p>

<p>      # path determined by
record-routing</p>

<p>      if (loose_route()) {</p>

<p>            #
mark routing logic in request</p>

<p>            append_hf(&quot;P-hint:
rr-enforced\r\n&quot;);</p>

<p>            route(FORWARD);</p>

<p>            break;</p>

<p>      }</p>

<p> </p>

<p>      if (!uri==myself) {</p>

<p>            #
mark routing logic in request</p>

<p>            append_hf(&quot;P-hint:
outbound\r\n&quot;);</p>

<p>            route(FORWARD);</p>

<p>            break;</p>

<p>      }</p>

<p> </p>

<p>      # if the request is for
other domain use UsrLoc</p>

<p>      # (in case, it does not
work, use the following command</p>

<p>      # with proper names and
addresses in it)</p>

<p>      if (uri==myself) {</p>

<p> </p>

<p><b>            if
(method==&quot;REGISTER&quot;) {</b></p>

<p><b>                  #
authentication</b></p>

<p><b>                  if
(!radius_www_authorize(&quot;&quot;)) {</b></p>

<p><b>                        www_challenge(&quot;&quot;,
&quot;0&quot;);</b></p>

<p><b>                        break;</b></p>

<p>                  };</p>

<p>                  save_contacts(&quot;location&quot;);</p>

<p>                  break;</p>

<p>            }</p>

<p> </p>

<p>            #
native SIP destinations are handled using our USRLOC DB</p>

<p>            if
(!lookup_contacts(&quot;location&quot;)) {</p>

<p>                  sl_reply(&quot;404&quot;,
&quot;Not Found&quot;);</p>

<p>                  break;</p>

<p>            }</p>

<p>            append_hf(&quot;P-hint:
usrloc applied\r\n&quot;);</p>

<p>      }</p>

<p>      route(FORWARD);</p>

<p>}</p>

<p> </p>

<p>route[FORWARD]</p>

<p>{</p>

<p>      # send it out now; use
stateful forwarding as it works reliably</p>

<p>      # even for UDP2TCP</p>

<p>      if (!t_relay()) {</p>

<p>            sl_reply_error();</p>

<p>      }</p>

<p>}</p>

<p> </p>

<p>Thanks,</p>

<p>Leon</p>

<p> </p>

</div>

</div>


<br>_______________________________________________<br>
Serusers mailing list<br>
<a href="mailto:Serusers@lists.iptel.org">Serusers@lists.iptel.org</a><br>
<a href="http://lists.iptel.org/mailman/listinfo/serusers" target="_blank">http://lists.iptel.org/mailman/listinfo/serusers</a><br>
<br></blockquote></div><br>