use www_authenticate(digest_realm, credentials) instead...<br><br><br><br><div class="gmail_quote">2009/5/13 Leon Li <span dir="ltr"><<a href="mailto:Leon.Li@aarnet.edu.au">Leon.Li@aarnet.edu.au</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div link="blue" vlink="purple" lang="EN-AU">
<div>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">Hi,</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">I am using 2.0.0. </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">And I am using radius_www_authenticate to authenticate via
FreeRADIUS. The problem is not with this function, but <b>www_challenge
function returns error </b></span><b><span style="font-size: 11pt; color: rgb(31, 73, 125);">“unknown
command, missing loadmodule?”.</span></b><span style="font-size: 11pt; color: rgb(31, 73, 125);"></span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">Cheers</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">Leon </span><span style="font-size: 11pt; color: rgb(31, 73, 125);"></span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<div style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0cm 0cm;">
<p><b><span style="font-size: 10pt;" lang="EN-US">From:</span></b><span style="font-size: 10pt;" lang="EN-US"> Tomasz Zieleniewski
[mailto:<a href="mailto:tzieleniewski@gmail.com" target="_blank">tzieleniewski@gmail.com</a>] <br>
<b>Sent:</b> Tuesday, 12 May 2009 5:44 PM<div><div></div><div class="h5"><br>
<b>To:</b> Leon Li<br>
<b>Cc:</b> <a href="mailto:serusers@lists.iptel.org" target="_blank">serusers@lists.iptel.org</a><br>
<b>Subject:</b> Re: [Serusers] SER with RADIUS</div></div></span></p>
</div><div><div></div><div class="h5">
<p> </p>
<p style="margin-bottom: 12pt;">Hi,<br>
<br>
You must use www_authenticate(digest_realm, credentials)<br>
function in order to perform the user authentication.<br>
<br>
BTW which version of SER do You use? <br>
<br>
Kind regards,<br>
Tomasz</p>
<div>
<p>2009/5/12 Leon Li <<a href="mailto:Leon.Li@aarnet.edu.au" target="_blank">Leon.Li@aarnet.edu.au</a>></p>
<div>
<div>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">Hi,</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">I got the following settings on
my SER handling authentication.</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">route[AUTHENTICATION]</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">{</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">
# CANCELs and ACKs cannot be challenged.</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">
if (method == "CANCEL" || method == "ACK") {</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">
break;</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">
}</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">
</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">
# Authentication</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">
if (method == "REGISTER") {</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">
if (!radius_www_authenticate(" ")) {</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">
</span><b><span style="font-size: 11pt; color: red;">www_challenge("",
"1");</span></b></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">
break;</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">
}</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">
save("location");</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">
drop;</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">
}</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">}</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">However, when I try to run SER
with this file, error come up “unknown command, missing loadmodule?” indicating
the line in </span><span style="font-size: 11pt; color: red;">red </span><span style="font-size: 11pt; color: rgb(31, 73, 125);">has problem. If I comment this line, SER
starts fine but no authentication performed.</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">Anyone can help?</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">Thanks</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">Leon</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<div style="border-style: solid none none; border-color: -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0cm 0cm;">
<p><b><span style="font-size: 10pt;" lang="EN-US">From:</span></b><span style="font-size: 10pt;" lang="EN-US"> Tomasz Zieleniewski [mailto:<a href="mailto:tzieleniewski@gmail.com" target="_blank">tzieleniewski@gmail.com</a>]
<br>
<b>Sent:</b> Thursday, 7 May 2009 11:03 PM</span></p>
<div>
<div>
<p><span style="font-size: 10pt;" lang="EN-US"><br>
<b>To:</b> Leon Li<br>
<b>Cc:</b> <a href="mailto:serusers@lists.iptel.org" target="_blank">serusers@lists.iptel.org</a><br>
<b>Subject:</b> Re: [Serusers] SER with RADIUS</span></p>
</div>
</div>
</div>
<div>
<div>
<p> </p>
<p style="margin-bottom: 12pt;">Hi,<br>
<br>
In order to use radius you need auth_radius module to use database auth_db.<br>
Other thing is that if You want to authorize user as UAS (registrar)<br>
then You should use radius_www_authenticate(disgest_realm) function.<br>
<br>
Kind regards,<br>
- Tomasz</p>
<div>
<p>2009/5/7 Leon Li <<a href="mailto:Leon.Li@aarnet.edu.au" target="_blank">Leon.Li@aarnet.edu.au</a>></p>
<div>
<div>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">Thanks Tomasz,</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">I know we need different
function, however, my problem is that it won’t accept www_challenge in ser.cfg
which is introduced by auth module, I think.</span></p>
<div>
<p><b> if
(method=="REGISTER") {</b></p>
<p><b>
# authentication</b></p>
<p><b>
if (!radius_www_authorize("")) {</b></p>
<p><b>
www_challenge("", "0");</b></p>
<p><b>
break;</b></p>
<p>
};</p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
</div>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">Regards</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">Leon</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<div style="border-style: solid none none; border-color: -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0cm 0cm;">
<p><b><span style="font-size: 10pt;" lang="EN-US">From:</span></b><span style="font-size: 10pt;" lang="EN-US"> Tomasz Zieleniewski [mailto:<a href="mailto:tzieleniewski@gmail.com" target="_blank">tzieleniewski@gmail.com</a>]
<br>
<b>Sent:</b> Wednesday, 6 May 2009 6:25 PM<br>
<b>To:</b> Leon Li<br>
<b>Cc:</b> <a href="mailto:serusers@lists.iptel.org" target="_blank">serusers@lists.iptel.org</a><br>
<b>Subject:</b> Re: [Serusers] SER with RADIUS</span></p>
</div>
<div>
<div>
<p> </p>
<p style="margin-bottom: 12pt;">Hi,<br>
<br>
>From SER version 2.x in order to challenge a SIP Request with FreeRADIUS
authorization You need to use the radius_proxy_authorize(digest_realm)
function.<br>
And analogously proxy_authorize(digest_realm, credentials) if You want to use
SER database.<br>
<br>
Kind regards,<br>
- Tomasz Zieleniewski </p>
<div>
<p>2009/5/6 Leon Li <<a href="mailto:Leon.Li@aarnet.edu.au" target="_blank">Leon.Li@aarnet.edu.au</a>></p>
<div>
<div>
<p>Hi,</p>
<p> </p>
<p>I am trying to make SER working with FreeRADIUS. However, I got an error
using www_challenge, " 0(3184) parse error (119,25-26): unknown command,
missing loadmodule?" The 119 line is www_challenge("",
"0"); I did load auth module. Any idea?</p>
<p> </p>
<p>Here is my config:</p>
<p> </p>
<p>#</p>
<p># $Id: ser-basic.cfg,v 1.1.2.2 2008/06/12 13:15:06 alfredh Exp $ # # This a
very basic config file w aliases and anamed route but # w/o authentication,
accounting, database, multi-domain support etc.</p>
<p># Please refer to ser.cfg for a more complete example #</p>
<p> </p>
<p># ----------- global configuration parameters ------------------------</p>
<p> </p>
<p>debug=3 # debug level (cmd
line: -dddddddddd)</p>
<p>#memdbg=10 # memory debug message level</p>
<p>#memlog=10 # memory statistics log level #log_facility=LOG_LOCAL0 # sets the
facility used for logging (see syslog(3))</p>
<p> </p>
<p>/* Uncomment these lines to enter debugging mode fork=no log_stderror=yes */</p>
<p> </p>
<p>check_via=no # (cmd. line: -v)</p>
<p>dns=no # (cmd. line:
-r)</p>
<p>rev_dns=no # (cmd. line: -R)</p>
<p>listen=202.158.197.134</p>
<p>port=5060</p>
<p>children=4</p>
<p>#user=ser</p>
<p>#group=ser</p>
<p>#disable_core=yes #disables core dumping</p>
<p>#open_fd_limit=1024 # sets the open file descriptors limit #mhomed=yes
# usefull for multihomed hosts, small performance penalty #disable_tcp=yes
#tcp_accept_aliases=yes # accepts the tcp alias via option (see NEWS)</p>
<p> </p>
<p>#</p>
<p> </p>
<p># ------------------ module loading ----------------------------------</p>
<p> </p>
<p>loadmodule "/usr/local/lib/ser/modules/sl.so"</p>
<p>loadmodule "/usr/local/lib/ser/modules/tm.so"</p>
<p>loadmodule "/usr/local/lib/ser/modules/rr.so"</p>
<p>loadmodule "/usr/local/lib/ser/modules/textops.so"</p>
<p>loadmodule "/usr/local/lib/ser/modules/maxfwd.so"</p>
<p>loadmodule "/usr/local/lib/ser/modules/usrloc.so"</p>
<p>loadmodule "/usr/local/lib/ser/modules/registrar.so"</p>
<p>loadmodule "/usr/local/lib/ser/modules/ctl.so"</p>
<p><b>loadmodule "/usr/local/lib/ser/modules/auth.so"</b></p>
<p>loadmodule "/usr/local/lib/ser/modules/auth_radius.so"</p>
<p> </p>
<p># ----------------- setting module-specific parameters ---------------</p>
<p> </p>
<p># -- usrloc params --</p>
<p> </p>
<p>modparam("usrloc", "db_mode", 0)</p>
<p> </p>
<p># -- rr params --</p>
<p># add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)</p>
<p> </p>
<p># ctl params</p>
<p># by default ctl listens on unixs:/tmp/ser_ctl if no other address is #
specified in modparams; this is also the default for sercmd
modparam("ctl", "binrpc", "unixs:/tmp/ser_ctl") #
listen on the "standard" fifo for backward compatibility
modparam("ctl", "fifo", "fifo:/tmp/ser_fifo") #
listen on tcp, localhost #modparam("ctl", "binrpc",
"tcp:localhost:2046")</p>
<p> </p>
<p># -- auth_radius params --</p>
<p>modparam("auth_radius", "radius_config",
"/usr/local/etc/radiusclient-ng/radiusclient.conf")</p>
<p> </p>
<p># ------------------------- request routing logic -------------------</p>
<p> </p>
<p># main routing logic</p>
<p> </p>
<p>route{</p>
<p> </p>
<p> # initial sanity checks -- messages with</p>
<p> # max_forwards==0, or excessively long
requests</p>
<p> if
(!mf_process_maxfwd_header("10")) {</p>
<p>
sl_reply("483","Too Many Hops");</p>
<p> break;</p>
<p> }</p>
<p> if (msg:len >= max_len ) {</p>
<p>
sl_reply("513", "Message too big");</p>
<p> break;</p>
<p> }</p>
<p> </p>
<p> # we record-route all messages -- to make
sure that</p>
<p> # subsequent messages will go through our
proxy; that's</p>
<p> # particularly good if upstream and
downstream entities</p>
<p> # use different transport protocol</p>
<p> if (!method=="REGISTER")
record_route();</p>
<p> </p>
<p> # subsequent messages withing a dialog should
take the</p>
<p> # path determined by record-routing</p>
<p> if (loose_route()) {</p>
<p> # mark
routing logic in request</p>
<p>
append_hf("P-hint: rr-enforced\r\n");</p>
<p>
route(FORWARD);</p>
<p> break;</p>
<p> }</p>
<p> </p>
<p> if (!uri==myself) {</p>
<p> # mark
routing logic in request</p>
<p>
append_hf("P-hint: outbound\r\n");</p>
<p>
route(FORWARD);</p>
<p> break;</p>
<p> }</p>
<p> </p>
<p> # if the request is for other domain use
UsrLoc</p>
<p> # (in case, it does not work, use the
following command</p>
<p> # with proper names and addresses in it)</p>
<p> if (uri==myself) {</p>
<p> </p>
<p><b> if
(method=="REGISTER") {</b></p>
<p><b>
# authentication</b></p>
<p><b>
if (!radius_www_authorize("")) {</b></p>
<p><b>
www_challenge("", "0");</b></p>
<p><b>
break;</b></p>
<p>
};</p>
<p>
save_contacts("location");</p>
<p>
break;</p>
<p> }</p>
<p> </p>
<p> # native
SIP destinations are handled using our USRLOC DB</p>
<p> if
(!lookup_contacts("location")) {</p>
<p>
sl_reply("404", "Not Found");</p>
<p>
break;</p>
<p> }</p>
<p>
append_hf("P-hint: usrloc applied\r\n");</p>
<p> }</p>
<p> route(FORWARD);</p>
<p>}</p>
<p> </p>
<p>route[FORWARD]</p>
<p>{</p>
<p> # send it out now; use stateful forwarding as
it works reliably</p>
<p> # even for UDP2TCP</p>
<p> if (!t_relay()) {</p>
<p>
sl_reply_error();</p>
<p> }</p>
<p>}</p>
<p> </p>
<p>Thanks,</p>
<p>Leon</p>
<p> </p>
</div>
</div>
<p style="margin-bottom: 12pt;"><br>
_______________________________________________<br>
Serusers mailing list<br>
<a href="mailto:Serusers@lists.iptel.org" target="_blank">Serusers@lists.iptel.org</a><br>
<a href="http://lists.iptel.org/mailman/listinfo/serusers" target="_blank">http://lists.iptel.org/mailman/listinfo/serusers</a></p>
</div>
<p> </p>
</div>
</div>
</div>
</div>
</div>
<p> </p>
</div>
</div>
</div>
</div>
<p style="margin-bottom: 12pt;"><br>
_______________________________________________<br>
Serusers mailing list<br>
<a href="mailto:Serusers@lists.iptel.org" target="_blank">Serusers@lists.iptel.org</a><br>
<a href="http://lists.iptel.org/mailman/listinfo/serusers" target="_blank">http://lists.iptel.org/mailman/listinfo/serusers</a></p>
</div>
<p> </p>
</div></div></div>
</div>
</blockquote></div><br>