(RADIATOR) Radius and SER groups

Martin Koenig martin.koenig at toplink-plannet.de
Fri Jul 16 01:16:57 CDT 2004


Hi Hugh,

i don't know what you did, but now it's working :). Is "Filename" case 
sensitive? Below you can see my configuration before the c&p of yours, and I 
can't figure out the difference except the capital F.

Thanks,

regards
Martin


Hugh Irvine wrote:

> 
> Hello Martin -
> 
> Does the first AuthBy FILE really have "filename" in it?
> 
> It should look like this:
> 
> <Handler Service-Type=Group-Check>
>     <AuthBy FILE>
>         Filename ./groups
>     </AuthBy>
> </Handler>
> 
> Otherwise you will look for "users" by default.
> 
> regards
> 
> Hugh
> 
> 
> On 15 Jul 2004, at 23:18, Martin Koenig wrote:
> 
>> Hi all,
>>
>> i'm trying to set up SER to make use of radius groups.
>>
>> radius.cfg (a test-bed):
>> -- 
>> <Client DEFAULT>
>>         Secret radius
>>         DupInterval 0
>> </Client>
>>
>>
>> <Handler Service-Type=Group-Check>
>>     <AuthBy FILE>
>>         filename ./groups
>>     </AuthBy>
>> </Handler>
>>
>> <Handler Service-Type=Sip-Session>
>>     <AuthBy FILE>
>>         Filename ./users
>>     </AuthBy>
>> </Handler>
>> -- 
>>
>> groups:
>> -- 
>> 445 at domain Sip-Group = "a", Auth-Type=Accept
>>         Reply-Message = "Authorized"
>>
>> 410 at domain Sip-Group = "b", Auth-Type = Accept
>>         Reply-Message = "Authorized"
>> -- 
>>
>> I get the following error msg:
>>
>> *** Received from 127.0.0.1 port 32907 ....
>> Code:       Access-Request
>> Identifier: 249
>> Authentic:  <12>:vH<19>g<213><20>@<181><203><18><186><19><251><30>
>> Attributes:
>>         User-Name = "445 at serafima.int.toplink-plannet.de"
>>         Sip-Group = "+49721"
>>         Service-Type = Group-Check
>>         NAS-IP-Address = 192.168.42.20
>>         NAS-Port = 0
>>
>> Thu Jul 15 15:16:24 2004: DEBUG: Handling request with Handler 
>> 'Service-Type=Group-Check'
>> Thu Jul 15 15:16:24 2004: DEBUG:  Deleting session for 
>> 445 at serafima.int.toplink-plannet.de, 192.168.42.20, 0
>> Thu Jul 15 15:16:24 2004: DEBUG: Handling with Radius::AuthFILE:
>> Thu Jul 15 15:16:24 2004: DEBUG: Radius::AuthFILE looks for match with 
>> 445 at serafima.int.toplink-plannet.de
>> Thu Jul 15 15:16:24 2004: WARNING: No CHAP-Password or User-Password 
>> in request: does your dictionary have User-Password in it?
>> Thu Jul 15 15:16:24 2004: DEBUG: Radius::AuthFILE REJECT: Bad Password
>> Thu Jul 15 15:16:24 2004: INFO: Access rejected for 
>> 445 at serafima.int.toplink-plannet.de: Bad Password
>> Thu Jul 15 15:16:24 2004: DEBUG: Packet dump:
>> *** Sending to 127.0.0.1 port 32907 ....
>> Code:       Access-Reject
>> Identifier: 249
>> Authentic:  <12>:vH<19>g<213><20>@<181><203><18><186><19><251><30>
>> Attributes:
>>         Reply-Message = "Request Denied"
>>         Sip-Group = "+49721"
>>
>>
>> But the whole idea of this group authorization is that there is no 
>> password and radius just reponds "Authorized" as soon as group and 
>> username at domain match? That's why there is Auth-Type="accept"? How can 
>> i make Radiator accept these requests?
>>
>> Thanks,
>> Martin
>>
>> -- 
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
> 
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list