(RADIATOR) Radius and SER groups
Martin Koenig
martin.koenig at toplink-plannet.de
Fri Jul 16 01:16:57 CDT 2004
Hi Hugh,
i don't know what you did, but now it's working :). Is "Filename" case
sensitive? Below you can see my configuration before the c&p of yours, and I
can't figure out the difference except the capital F.
Thanks,
regards
Martin
Hugh Irvine wrote:
>
> Hello Martin -
>
> Does the first AuthBy FILE really have "filename" in it?
>
> It should look like this:
>
> <Handler Service-Type=Group-Check>
> <AuthBy FILE>
> Filename ./groups
> </AuthBy>
> </Handler>
>
> Otherwise you will look for "users" by default.
>
> regards
>
> Hugh
>
>
> On 15 Jul 2004, at 23:18, Martin Koenig wrote:
>
>> Hi all,
>>
>> i'm trying to set up SER to make use of radius groups.
>>
>> radius.cfg (a test-bed):
>> --
>> <Client DEFAULT>
>> Secret radius
>> DupInterval 0
>> </Client>
>>
>>
>> <Handler Service-Type=Group-Check>
>> <AuthBy FILE>
>> filename ./groups
>> </AuthBy>
>> </Handler>
>>
>> <Handler Service-Type=Sip-Session>
>> <AuthBy FILE>
>> Filename ./users
>> </AuthBy>
>> </Handler>
>> --
>>
>> groups:
>> --
>> 445 at domain Sip-Group = "a", Auth-Type=Accept
>> Reply-Message = "Authorized"
>>
>> 410 at domain Sip-Group = "b", Auth-Type = Accept
>> Reply-Message = "Authorized"
>> --
>>
>> I get the following error msg:
>>
>> *** Received from 127.0.0.1 port 32907 ....
>> Code: Access-Request
>> Identifier: 249
>> Authentic: <12>:vH<19>g<213><20>@<181><203><18><186><19><251><30>
>> Attributes:
>> User-Name = "445 at serafima.int.toplink-plannet.de"
>> Sip-Group = "+49721"
>> Service-Type = Group-Check
>> NAS-IP-Address = 192.168.42.20
>> NAS-Port = 0
>>
>> Thu Jul 15 15:16:24 2004: DEBUG: Handling request with Handler
>> 'Service-Type=Group-Check'
>> Thu Jul 15 15:16:24 2004: DEBUG: Deleting session for
>> 445 at serafima.int.toplink-plannet.de, 192.168.42.20, 0
>> Thu Jul 15 15:16:24 2004: DEBUG: Handling with Radius::AuthFILE:
>> Thu Jul 15 15:16:24 2004: DEBUG: Radius::AuthFILE looks for match with
>> 445 at serafima.int.toplink-plannet.de
>> Thu Jul 15 15:16:24 2004: WARNING: No CHAP-Password or User-Password
>> in request: does your dictionary have User-Password in it?
>> Thu Jul 15 15:16:24 2004: DEBUG: Radius::AuthFILE REJECT: Bad Password
>> Thu Jul 15 15:16:24 2004: INFO: Access rejected for
>> 445 at serafima.int.toplink-plannet.de: Bad Password
>> Thu Jul 15 15:16:24 2004: DEBUG: Packet dump:
>> *** Sending to 127.0.0.1 port 32907 ....
>> Code: Access-Reject
>> Identifier: 249
>> Authentic: <12>:vH<19>g<213><20>@<181><203><18><186><19><251><30>
>> Attributes:
>> Reply-Message = "Request Denied"
>> Sip-Group = "+49721"
>>
>>
>> But the whole idea of this group authorization is that there is no
>> password and radius just reponds "Authorized" as soon as group and
>> username at domain match? That's why there is Auth-Type="accept"? How can
>> i make Radiator accept these requests?
>>
>> Thanks,
>> Martin
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list