Hi, I have troble with authentication on Kamailio using RADIUS authentication. For configure freeradius and radiusclient I used this tutorial:
http://www.kamailio.org/docs/openser-radius-1.0.x.html In config file of freeradius I have enabled digest in modules. In sites-available/default is digest enabled too. In config file of radiusclient I use for authentication server named localhost and in file servers I have password for localhost. I think, in freeradius and radiusclient config file, there is nothing wrong. When I test configuration of freeradius and radiusclient with radclient, there is no problem. Access is accepted. But when I want to authenticate with SIP Client (I use Jitsi), all registration are accepted. It doesn't matter what username and password I write. Problem is probably in config file of Kamailio. I don't know for what are dictionary files exactly used. I include dictionary.kamailio in freeradius's dictionary and radiusclient's dicitionary too. I attached The content of this dictionary file. When I start Kamailio in debug mode I can see any record about authentication or radius. Can anyone help me? Thanks for reply. [1622]: DEBUG: <core> [parser/msg_parser.c:623]: SIP Request: [1622]: DEBUG: <core> [parser/msg_parser.c:625]: method: <REGISTER> [1622]: DEBUG: <core> [parser/msg_parser.c:627]: uri: <sip:192.168.0.112> [1622]: DEBUG: <core> [parser/msg_parser.c:629]: version: <SIP/2.0> [1622]: DEBUG: <core> [parser/msg_parser.c:170]: get_hdr_field: cseq <CSeq>: <1> <REGISTER> [1622]: DEBUG: <core> [parser/parse_to.c:799]: end of header reached, state=10 [1622]: DEBUG: <core> [parser/msg_parser.c:190]: DEBUG: get_hdr_field: <To> [31]; uri=[sip:fas@192.168.0.11 [1622]: DEBUG: <core> [parser/msg_parser.c:192]: DEBUG: to body ["fas" <sip:fas@192.168.0.112>#015#012] [1622]: DEBUG: <core> [parser/parse_via.c:1284]: Found param type 232, <branch> = <z9hG4bK-383438-2e2d7047b [1622]: DEBUG: <core> [parser/parse_via.c:2672]: end of header reached, state=5 [1622]: DEBUG: <core> [parser/msg_parser.c:513]: parse_headers: Via found, flags=2 [1622]: DEBUG: <core> [parser/msg_parser.c:515]: parse_headers: this is the first via [1622]: DEBUG: <core> [receive.c:149]: After parse_msg... [1622]: DEBUG: <core> [receive.c:190]: preparing to run routing scripts... [1622]: DEBUG: maxfwd [mf_funcs.c:85]: value = 70 [1622]: DEBUG: maxfwd [maxfwd.c:161]: value 70 decreased to 16 [1622]: DEBUG: <core> [parser/msg_parser.c:204]: DEBUG: get_hdr_body : content_length=0 [1622]: DEBUG: <core> [parser/msg_parser.c:106]: found end of header [1622]: DEBUG: <core> [parser/parse_to.c:176]: DEBUG: add_param: tag=2148579d [1622]: DEBUG: <core> [parser/parse_to.c:799]: end of header reached, state=29 [1622]: DEBUG: sanity [mod_sanity.c:255]: sanity checks result: 1 [1622]: DEBUG: siputils [checks.c:103]: no totag [1622]: DEBUG: tm [t_lookup.c:1095]: DEBUG: t_check_msg: msg id=1 global id=0 T start=0xffffffffffffffff [1622]: DEBUG: tm [t_lookup.c:534]: t_lookup_request: start searching: hash=18808, isACK=0 [1622]: DEBUG: tm [t_lookup.c:492]: DEBUG: RFC3261 transaction matching failed 1622]: DEBUG: tm [t_lookup.c:716]: DEBUG: t_lookup_request: no transaction found [1622]: DEBUG: tm [t_lookup.c:1164]: DEBUG: t_check_msg: msg id=1 global id=1 T end=(nil) [1622]: DEBUG: <core> [socket_info.c:589]: grep_sock_info - checking if host==us: 13==9 && [192.168.0.112] [1622]: DEBUG: <core> [socket_info.c:593]: grep_sock_info - checking if port 5060 (advertise 0) matches por [1622]: DEBUG: <core> [socket_info.c:589]: grep_sock_info - checking if host==us: 13==13 && [192.168.0.112] [1622]: DEBUG: <core> [socket_info.c:593]: grep_sock_info - checking if port 5060 (advertise 0) matches por [1622]: DEBUG: <core> [sruid.c:176]: new sruid is [uloc-51686c8e-656-1] (1 / 19) [1622]: DEBUG: registrar [reply.c:368]: created Contact HF: Contact: <sip:fas@192.168.0.100:5060;transport= [1622]: DEBUG: sl [sl.c:289]: reply in stateless mode (sl) [1622]: DEBUG: <core> [msg_translator.c:206]: check_via_address(192.168.0.100, 192.168.0.100, 0) [1622]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying list (nil) [1622]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying list (nil) [1622]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying list (nil) [1622]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying list (nil) [1622]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying list (nil) [1622]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying list (nil) [1622]: DEBUG: <core> [xavp.c:447]: destroying xavp list (nil) [1622]: DEBUG: <core> [receive.c:293]: receive_msg: cleaning up #### Attributes ### ATTRIBUTE Sip-Method 101 integer # Schulzrinne, acc ATTRIBUTE Sip-Response-Code 102 integer # Schulzrinne, acc ATTRIBUTE Sip-Cseq 103 string # Schulzrinne, acc ATTRIBUTE Sip-To-Tag 104 string # Schulzrinne, acc ATTRIBUTE Sip-From-Tag 105 string # Schulzrinne, acc ATTRIBUTE Sip-Translated-Request-URI 107 string # Proprietary, acc ATTRIBUTE Sip-Src-IP 108 string # Proprietary, acc ATTRIBUTE Sip-Src-Port 109 string # Proprietary, acc ATTRIBUTE Digest-Response 206 string # Sterman, auth_radius ATTRIBUTE Sip-Uri-User 208 string # Proprietary, auth_radius ATTRIBUTE Sip-Group 211 string # Proprietary, group_radius ATTRIBUTE Sip-Rpid 213 string # Proprietary, auth_radius ATTRIBUTE SIP-AVP 225 string # Proprietary, avp_radius ATTRIBUTE Digest-Realm 1063 string # Sterman, auth_radius ATTRIBUTE Digest-Nonce 1064 string # Sterman, auth_radius ATTRIBUTE Digest-Method 1065 string # Sterman, auth_radius ATTRIBUTE Digest-URI 1066 string # Sterman, auth_radius ATTRIBUTE Digest-QOP 1067 string # Sterman, auth_radius ATTRIBUTE Digest-Algorithm 1068 string # Sterman, auth_radius ATTRIBUTE Digest-Body-Digest 1069 string # Sterman, auth_radius ATTRIBUTE Digest-CNonce 1070 string # Sterman, auth_radius ATTRIBUTE Digest-Nonce-Count 1071 string # Sterman, auth_radius ATTRIBUTE Digest-User-Name 1072 string # Sterman, auth_radius ### Acct-Status-Type Values ### VALUE Acct-Status-Type Failed 15 # RFC2866, acc ### Service-Type Values ### VALUE Service-Type Call-Check 10 # RFC2865, uri_radius VALUE Service-Type Group-Check 12 # Proprietary, group_radius VALUE Service-Type Sip-Session 15 # Schulzrinne, acc, auth_radius VALUE Service-Type SIP-Caller-AVPs 30 # Proprietary, avp_radius VALUE Service-Type SIP-Callee-AVPs 31 # Proprietary, avp_radius ### Sip-Method Values ### VALUE Sip-Method Undefined 0 VALUE Sip-Method Invite 1 VALUE Sip-Method Cancel 2 VALUE Sip-Method Ack 4 VALUE Sip-Method Bye 8 VALUE Sip-Method Info 16 VALUE Sip-Method Options 32 VALUE Sip-Method Update 64 VALUE Sip-Method Register 128 VALUE Sip-Method Message 256 VALUE Sip-Method Subscribe 512 VALUE Sip-Method Notify 1024 VALUE Sip-Method Prack 2048 VALUE Sip-Method Refer 4096 VALUE Sip-Method Other 8192 VALUE Sip-Method INVITE 1 # Proprietary, acc VALUE Sip-Method CANCEL 2 # Proprietary, acc VALUE Sip-Method ACK 4 # Proprietary, acc VALUE Sip-Method BYE 8 # Proprietary, acc ######Kamailio config file############## loadmodule "auth.so" loadmodule "auth_radius" loadmodule "acc_radius" loadmodule "misc_radius" # -- auth_radius params -- modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient-ng/radiusclient.conf") modparam("auth_radius", "service_type", 15) # Authentication route route[AUTH] { #!ifdef WITH_AUTH #!ifdef WITH_IPAUTH if((!is_method("REGISTER")) && allow_source_address()) { # source IP allowed return; } #!endif if (is_method("REGISTER")) { # authenticate requests if (!radius_www_authorize("$td") { www_challenge("$td", "0"); exit; } # user authenticated - remove auth header if(!is_method("REGISTER|PUBLISH")) consume_credentials(); } # if caller is not local subscriber, then check if it calls # a local destination, otherwise deny, not an open relay here if (from_uri!=myself && uri!=myself) { sl_send_reply("403","Not relaying"); exit; } #!endif return; }
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
