(RADIATOR) Radius and SER groups

Bon sy bon at bunny.cs.qc.edu
Thu Jul 15 09:03:08 CDT 2004 

Hi Martin,
	Few month ago we were trying to get SER to work with radius but
not successful. We have tried 0.8.11, 0.8.12 with radiusclient (0.4.1/2?). 
The problem is that the iptel accounting module was not working as said in
the doc. And we never got to see request response from radiusclient. We
have tried on Redhat 8.0/9.0. 

	Can you kindly share your what combination of OS, ser, and radius
client (radiusclient?) that managed to send request to radiator as you
showed below?

	Thanks in advance!

Bon


On Thu, 15 Jul 2004, Martin Koenig wrote:

> Hi all,
> 
> i'm trying to set up SER to make use of radius groups.
> 
> radius.cfg (a test-bed):
> --
> <Client DEFAULT>
>          Secret radius
>          DupInterval 0
> </Client>
> 
> 
> <Handler Service-Type=Group-Check>
> 	<AuthBy FILE>
> 		filename ./groups
> 	</AuthBy>
> </Handler>
> 
> <Handler Service-Type=Sip-Session>
> 	<AuthBy FILE>
> 		Filename ./users
> 	</AuthBy>
> </Handler>
> --
> 
> groups:
> --
> 445 at domain Sip-Group = "a", Auth-Type=Accept
>          Reply-Message = "Authorized"
> 
> 410 at domain Sip-Group = "b", Auth-Type = Accept
>          Reply-Message = "Authorized"
> --
> 
> I get the following error msg:
> 
> *** Received from 127.0.0.1 port 32907 ....
> Code:       Access-Request
> Identifier: 249
> Authentic:  <12>:vH<19>g<213><20>@<181><203><18><186><19><251><30>
> Attributes:
>          User-Name = "445 at serafima.int.toplink-plannet.de"
>          Sip-Group = "+49721"
>          Service-Type = Group-Check
>          NAS-IP-Address = 192.168.42.20
>          NAS-Port = 0
> 
> Thu Jul 15 15:16:24 2004: DEBUG: Handling request with Handler 
> 'Service-Type=Group-Check'
> Thu Jul 15 15:16:24 2004: DEBUG:  Deleting session for 
> 445 at serafima.int.toplink-plannet.de, 192.168.42.20, 0
> Thu Jul 15 15:16:24 2004: DEBUG: Handling with Radius::AuthFILE:
> Thu Jul 15 15:16:24 2004: DEBUG: Radius::AuthFILE looks for match with 
> 445 at serafima.int.toplink-plannet.de
> Thu Jul 15 15:16:24 2004: WARNING: No CHAP-Password or User-Password in 
> request: does your dictionary have User-Password in it?
> Thu Jul 15 15:16:24 2004: DEBUG: Radius::AuthFILE REJECT: Bad Password
> Thu Jul 15 15:16:24 2004: INFO: Access rejected for 
> 445 at serafima.int.toplink-plannet.de: Bad Password
> Thu Jul 15 15:16:24 2004: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 32907 ....
> Code:       Access-Reject
> Identifier: 249
> Authentic:  <12>:vH<19>g<213><20>@<181><203><18><186><19><251><30>
> Attributes:
>          Reply-Message = "Request Denied"
>          Sip-Group = "+49721"
> 
> 
> But the whole idea of this group authorization is that there is no password 
> and radius just reponds "Authorized" as soon as group and username at domain 
> match? That's why there is Auth-Type="accept"? How can i make Radiator 
> accept these requests?
> 
> Thanks,
> Martin
> 
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
> 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list