(RADIATOR) Radius and SER groups

Martin Koenig martin.koenig at toplink-plannet.de
Thu Jul 15 08:18:06 CDT 2004


Hi all,

i'm trying to set up SER to make use of radius groups.

radius.cfg (a test-bed):
--
<Client DEFAULT>
         Secret radius
         DupInterval 0
</Client>


<Handler Service-Type=Group-Check>
	<AuthBy FILE>
		filename ./groups
	</AuthBy>
</Handler>

<Handler Service-Type=Sip-Session>
	<AuthBy FILE>
		Filename ./users
	</AuthBy>
</Handler>
--

groups:
--
445 at domain Sip-Group = "a", Auth-Type=Accept
         Reply-Message = "Authorized"

410 at domain Sip-Group = "b", Auth-Type = Accept
         Reply-Message = "Authorized"
--

I get the following error msg:

*** Received from 127.0.0.1 port 32907 ....
Code:       Access-Request
Identifier: 249
Authentic:  <12>:vH<19>g<213><20>@<181><203><18><186><19><251><30>
Attributes:
         User-Name = "445 at serafima.int.toplink-plannet.de"
         Sip-Group = "+49721"
         Service-Type = Group-Check
         NAS-IP-Address = 192.168.42.20
         NAS-Port = 0

Thu Jul 15 15:16:24 2004: DEBUG: Handling request with Handler 
'Service-Type=Group-Check'
Thu Jul 15 15:16:24 2004: DEBUG:  Deleting session for 
445 at serafima.int.toplink-plannet.de, 192.168.42.20, 0
Thu Jul 15 15:16:24 2004: DEBUG: Handling with Radius::AuthFILE:
Thu Jul 15 15:16:24 2004: DEBUG: Radius::AuthFILE looks for match with 
445 at serafima.int.toplink-plannet.de
Thu Jul 15 15:16:24 2004: WARNING: No CHAP-Password or User-Password in 
request: does your dictionary have User-Password in it?
Thu Jul 15 15:16:24 2004: DEBUG: Radius::AuthFILE REJECT: Bad Password
Thu Jul 15 15:16:24 2004: INFO: Access rejected for 
445 at serafima.int.toplink-plannet.de: Bad Password
Thu Jul 15 15:16:24 2004: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32907 ....
Code:       Access-Reject
Identifier: 249
Authentic:  <12>:vH<19>g<213><20>@<181><203><18><186><19><251><30>
Attributes:
         Reply-Message = "Request Denied"
         Sip-Group = "+49721"


But the whole idea of this group authorization is that there is no password 
and radius just reponds "Authorized" as soon as group and username at domain 
match? That's why there is Auth-Type="accept"? How can i make Radiator 
accept these requests?

Thanks,
Martin

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list