[RADIATOR] Using radius on SIP tunnel server
Hugh Irvine
hugh at open.com.au
Mon May 11 17:21:49 CDT 2009
Hello Wayne -
The Radiator debug shows an access accept being sent back to the NAS
device, so I would expect that there are probably additional reply
attributes required to actually set up the tunnel.
You will need to check the NAS device documentation to ascertain what
reply attributes are required.
regards
Hugh
On 12 May 2009, at 05:43, Wayne wrote:
> Hello All,
>
> I have been using radius for years on my cisco and 3com routers
> without any
> problem. I am now trying to get it to work with a SIP tunnel server.
> I first
> tried it on version 3.1 that I have in production and it failed in the
> tunnel server. So I loaded 4.4 on a test server and it also failed.
>
> I did have any luck when I tried to use the standard dictionary and
> dictionary.sip. So I changed to dictionary and dictionary.sip.pre-
> rfc. Then
> I got an error stating WARNING: No such attribute Digest-Response-
> Auth. So I
> added ATTRIBUTE Digest-Response-Auth 106 string to
> dictionary.sip.pre-rfc. This was probably not the right thing to do
> but now
> I seem to be responding but still no luck on the tunnel server.
>
> This is what I get now in my debug log. Any help would be great.
>
> *** Received from 66.196.48.188 port 45171 ....
> Code: Access-Request
> Identifier: 123
> Authentic:
> <
> 149><139><156><228><169><199><139><164><192><174>W<144>z<216><159><22>
> Attributes:
> NAS-IP-Address = 66.196.48.188
> NAS-Port = 10
> Digest-Response = "f0fc5d0cbfce4ab5cf2cf25bbbfcb2a7"
> Digest-Attributes =
> <
> 9
> >
> <
> 10
> >00000001<8><10>41425354<5><6>auth<1><16>realtunnel.com<6><5>md5<2>22d
> 3136373137383532383a31323432303639393732373236
> <3><6>POST<10><7>marty<4><6>g8
> 76
> User-Name = "marty"
>
> Mon May 11 14:26:01 2009: DEBUG: Rewrote user name to marty
> Mon May 11 14:26:01 2009: DEBUG: Handling request with Handler
> 'Realm=ezbizcomm.com'
> Mon May 11 14:26:01 2009: DEBUG: Rewrote user name to marty
> Mon May 11 14:26:01 2009: DEBUG: Deleting session for marty,
> 66.196.48.188,
> 10
> Mon May 11 14:26:01 2009: DEBUG: Handling with Radius::AuthSQL:
> Mon May 11 14:26:01 2009: DEBUG: Handling with Radius::AuthSQL:
> Mon May 11 14:26:01 2009: DEBUG: Query is: 'select PASSWORD from
> SUBSCRIBERS
> where USERNAME='marty'':
> Mon May 11 14:26:01 2009: DEBUG: Radius::AuthSQL looks for match
> with marty
> [marty]
> Mon May 11 14:26:01 2009: DEBUG: Radius::AuthSQL ACCEPT: : marty
> [marty]
> Mon May 11 14:26:01 2009: DEBUG: AuthBy SQL result: ACCEPT,
> Mon May 11 14:26:01 2009: DEBUG: Access accepted for marty
> Mon May 11 14:26:01 2009: DEBUG: Packet dump:
> *** Sending to 66.196.48.188 port 45171 ....
> Code: Access-Accept
> Identifier: 123
> Authentic
> : .<136><136><234><213><149><159><25><132>T)<233>0<158><152><135>
> Attributes:
> Digest-Response-Auth = "649b0299d88bcd0c5339a7060a3182b1"
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list