Hi, Radius authentication produces segmentation faults on some systems. Michal is aware of that. So far I had segmentation faults on RedHat 9.0, 7.3 & 7.2(up2dated). It seems that out of the box 7.2 (not updated libs&gcc) can compile stable gnugk. Julius -----Original Message----- From: Rafael J. Risco G.V. [mailto:rrisco@millicom.net.pe] Sent: Wednesday, July 02, 2003 1:36 AM To: openh323gk-users@lists.sourceforge.net Cc: openh323gk-developer@lists.sourceforge.net Subject: [Openh323gk-users] Strange problem with RadAuth and RadAliasAuth modules Hello I want to make autheticacion through freeradius in this very simple scenario: 2AddPacEndpoints------>GNUGK205------->Freeradius0.8.1 I don't have too much experience in this topic but I believe I have been able to configure the radius correctly to use the authenticacion modules"RadAuth" or "RadAliasAuth" but I can`t found answers for an strange registration problem... In this scenario the first terminal it register correctly but the problem is that the GK falls in the precise instant in that the second terminal try to register (I can see the first RCF in the status port RCF|10.0.0.240:1720|ap200:h323_ID=6603000:dialedDigits=6603001:dialedDigits|term inal|1248_endp;), this happens in both windows and Linux versions and also with2.0.4 and 2.0.5. below I send you details of the configuration of the following devices: 1. Radius (clients.conf, users and brief debug log) 2. my GNUGK .ini file 3. some details from AP200 (AddPac terminal support CAT authentication scheme) 4. gnugk debug ttttt please, someone send me some suggestion to detect and solve this problem, thanks Rafael R. Millicom Peru SA PD: ---------------------------------------------------------- 1. RADIUS --------------------------------------------------------- /usr/local/etc/raddb/clients.conf : client 10.0.0.11 { secret = hola123 shortname = MICPEGK02 } /usr/local/etc/raddb/users : ap200 User-Password == "ap200x" ap200test1 User-Password == "ap200test1x" Radiusd -X : rad_recv: Access-Request packet from host 10.0.0.11:10550, id=158, length=87 User-Name = "ap200" CHAP-Password = 0xaedc7457bd266e7da654e5b1edb59bcdab NAS-IP-Address = 10.0.0.11 NAS-Identifier = "MICPEGK02" NAS-Port-Type = Virtual Service-Type = Login-User CHAP-Challenge = "?\001F\\" Framed-IP-Address = 10.0.0.240 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_chap: Adding Auth-Type = CHAP modcall[authorize]: module "chap" returns ok modcall[authorize]: module "mschap" returns notfound rlm_realm: No '@' in User-Name = "ap200", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched ap200 at 218 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type CHAP rad_check_password: Found Auth-Type Local Warning: Found 2 auth-types on request for user 'ap200' auth: type Local auth: user supplied CHAP-Password matches local User-Password Sending Access-Accept of id 158 to 10.0.0.11:10550 Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.0.11:10550, id=159, length=92 User-Name = "ap200test1" CHAP-Password = 0xfab7317c163b475ee1f49f74a577b12043 NAS-IP-Address = 10.0.0.11 NAS-Identifier = "MICPEGK02" NAS-Port-Type = Virtual Service-Type = Login-User CHAP-Challenge = ">\324\037\336" Framed-IP-Address = 161.132.195.162 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_chap: Adding Auth-Type = CHAP modcall[authorize]: module "chap" returns ok modcall[authorize]: module "mschap" returns notfound rlm_realm: No '@' in User-Name = "ap200test1", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched ap200test1 at 220 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type CHAP rad_check_password: Found Auth-Type Local Warning: Found 2 auth-types on request for user 'ap200test1' auth: type Local auth: user supplied CHAP-Password matches local User-Password Sending Access-Accept of id 159 to 10.0.0.11:10550 Finished request 5 ---------------------------------------------------------- 2. GNUGK .ini file --------------------------------------------------------- [Gatekeeper::Main] Fourtytwo=42 Home=10.0.0.11 TimeToLive=600 TotalBandwidth=100000 Name=MICPEGK02 [RoutedMode] GKRouted=1 H245Routed=0 [GkStatus::Auth] rule=allow [Gatekeeper::Auth] RadAuth=required;RRQ,ARQ #RadAuth=required;RRQ,ARQ #RadAuth=sufficient;RRQ #RadAuth=optional;ARQ default=allow # Configuration section for RadAuth authenticator module [RadAuth] Servers=161.132.224.67 LocalInterface=10.0.0.11 RadiusPortRange=10000-11000 DefaultAuthPort=1812 SharedSecret=hola123 RequestTimeout=2000 IdCacheTimeout=9000 SocketDeleteTimeout=60000 RequestRetransmissions=2 RoundRobinServers=0 AppendCiscoAttributes=0 IncludeEndpointIP=1 --------------------------------------------------------- 3. some details from AP200 (AddPac terminal supports CAT authentication scheme) --------------------------------------------------------- ... dial-peer voice 1000 voip destination-pattern T session target ras codec g7231r63 dtmf-relay h245-alphanumeric ! ! ! Gateway configuration. ! gateway h323-id ap200 security password ap200x security clear-token-option cisco-per-call-style endpoint-type terminal gkip 10.0.0.11 1719 128 register !... ---------------------------- -------------------------------------------------------- 4. gnugk debug ttttt -------------------------------------------------------- gnugk.exe -c ../etc/AAAGKWinAuth.ini -tttttt -o ../debug5.log 22003/07/01 15:25:17.412 1 gk.cxx(119) GK Trace logging restarted. 2003/07/01 15:25:17.412 5 singleton.cxx(25) Create instance: 1 2003/07/01 15:25:17.412 5 Toolkit.cxx(380) Try name C:\openh323gk\etc\AAAGKWinAuth.ini-4331 2003/07/01 15:25:17.713 4 Toolkit.cxx(120) InterfaceTable: 10.0.0.11 <00-01-03-E3-50-B8> (3Com EtherLink PCI) 127.0.0.1 (MS TCP Loopback interface) 2003/07/01 15:25:17.723 2 Toolkit.cxx(90) Network=10.0.0.0/255.255.255.0, IP=10.0.0.11 2003/07/01 15:25:17.723 2 Toolkit.cxx(90) Network=10.0.0.11/255.255.255.255, IP=10.0.0.11 2003/07/01 15:25:17.723 2 Toolkit.cxx(90) Network=10.255.255.255/255.255.255.255, IP=10.0.0.11 2003/07/01 15:25:17.723 2 Toolkit.cxx(90) Network=127.0.0.0/255.0.0.0, IP=127.0.0.1 2003/07/01 15:25:17.723 2 Toolkit.cxx(90) Network=224.0.0.0/224.0.0.0, IP=10.0.0.11 2003/07/01 15:25:17.723 2 Toolkit.cxx(90) Network=255.255.255.255/255.255.255.255, IP=10.0.0.11 2003/07/01 15:25:17.723 2 Toolkit.cxx(91) Default IP=10.0.0.11 2003/07/01 15:25:17.733 2 Toolkit.cxx(153) GK H.323 Proxy disabled 2003/07/01 15:25:17.803 1 gk.cxx(422) OpenH323 Gatekeeper - The GNU Gatekeeper with ID 'MICPEGK02' started on 10.0.0.11 Gatekeeper(GNU) Version(2.0.5) Ext(pthreads=0) Build(Jun 29 2003, 22:55:31) Sys (2000 i586 v5.0.2195) 2003/07/01 15:25:17.813 5 singleton.cxx(25) Create instance: 2 2003/07/01 15:25:17.853 2 gk.cxx(454) GK TimeToLive for Registrations: 600 2003/07/01 15:25:17.903 5 singleton.cxx(25) Create instance: 3 2003/07/01 15:25:17.923 5 singleton.cxx(25) Create instance: 4 2003/07/01 15:25:18.043 1 gkauth.cxx(266) GkAuth Add default rule with flag ff 2003/07/01 15:25:18.043 1 gkauth.cxx(1393) GkAuth Unknown auth #RadAuth, ignore! 2003/07/01 15:25:18.043 1 gkauth.cxx(1393) GkAuth Unknown auth #RadAuth, ignore! 2003/07/01 15:25:18.043 1 gkauth.cxx(1393) GkAuth Unknown auth #RadAuth, ignore! 2003/07/01 15:25:18.053 1 gkauth.cxx(266) GkAuth Add RadAuth rule with flag a 2003/07/01 15:25:18.183 4 radproto.cxx(1684) RADIUS Created instance of RADIUS client (local if: 10.0.0.11, default ports: 1812,1813) for RADIUS servers group: 161.132.224.67 2003/07/01 15:25:18.304 2 ProxyChannel.cxx(72) RTPPortRange: 10000-59999 2003/07/01 15:25:18.324 2 ProxyThread.cxx(477) ProxyL Listen to 10.0.0.11:1721 2003/07/01 15:25:18.324 2 thread.cxx(28) ProxyListener 1344 started 2003/07/01 15:25:18.334 2 thread.cxx(28) ProxyHandleThread 1804 started 2003/07/01 15:25:18.334 2 thread.cxx(28) ProxyHandleThread 1432 started 2003/07/01 15:25:18.334 2 RasSrv.cxx(551) GK Using Routed Signalling 2003/07/01 15:25:18.334 2 RasSrv.cxx(552) GK H.245 Routed Disabled 2003/07/01 15:25:18.334 3 ProxyThread.cxx(647) ProxyLC(0) waiting... 2003/07/01 15:25:18.334 1 MulticastGRQ.cxx(52) GK Multicast listener started 2003/07/01 15:25:18.334 3 ProxyThread.cxx(647) ProxyH(0) waiting... 2003/07/01 15:25:18.334 1 RasSrv.cxx(2099) GK RasThread 1648 started 2003/07/01 15:25:18.334 2 RasSrv.cxx(2102) GK Entering connection handling loop 2003/07/01 15:25:18.924 2 GkStatus.cxx(315) GK GkStatus new status client: addr 10.0.0.11 2003/07/01 15:25:18.924 4 GkStatus.cxx(636) Auth client from 10.0.0.11 2003/07/01 15:25:18.934 5 GkStatus.cxx(660) Auth client rule=allow 2003/07/01 15:25:23.631 2 RasSrv.cxx(2132) GK Read from 10.0.0.240:22000 2003/07/01 15:25:23.641 3 RasSrv.cxx(2145) GK registrationRequest { requestSeqNum = 1 protocolIdentifier = 0.0.8.2250.0.2 discoveryComplete = FALSE callSignalAddress = 1 entries { [0]=ipAddress { ip = 4 octets { 0a 00 00 f0 .... } port = 1720 } } rasAddress = 1 entries { [0]=ipAddress { ip = 4 octets { 0a 00 00 f0 .... } port = 22000 } } terminalType = { terminal = { } mc = FALSE undefinedNode = FALSE } terminalAlias = 3 entries { [0]=h323_ID 5 characters { 0061 0070 0032 0030 0030 ap200 } [1]=dialedDigits "6603000" [2]=dialedDigits "6603001" } endpointVendor = { vendor = { t35CountryCode = 97 t35Extension = 0 manufacturerCode = 22 } productId = 11 octets { 41 64 64 50 61 63 20 56 6f 49 50 AddPac VoIP } versionId = 4 octets { 36 2e 30 36 6.06 } } timeToLive = 60 tokens = 1 entries { [0]={ tokenOID = 1.2.840.113548.10.1.2.1 timeStamp = 1057048156 challenge = 16 octets { dc 74 57 bd 26 6e 7d a6 54 e5 b1 ed b5 9b cd ab .tW.&n}.T....... } random = 174 generalID = 5 characters { 0061 0070 0032 0030 0030 ap200 } } } cryptoTokens = 1 entries { [0]=cryptoEPPwdHash { alias = h323_ID 5 characters { 0061 0070 0032 0030 0030 ap200 } timeStamp = 1057048156 token = { algorithmOID = 1.2.840.113549.2.5 paramS = { } hash = Hex: 55 5e 5e 6c 27 0f ed 2d 4e 15 fa 12 ec 24 60 c5 } } } keepAlive = FALSE willSupplyUUIEs = FALSE } 2003/07/01 15:25:23.641 1 RasSrv.cxx(927) GK RRQ Received 2003/07/01 15:25:23.651 5 radproto.cxx(2261) RADIUS Created new socket for RADIUS client: port:10550:[0,157-157] 2003/07/01 15:25:23.651 5 radproto.cxx(1900) RADIUS Sending PDU to RADIUS server 161.132.224.67 (161.132.224.67:1812) from port:10550:[0,157-158], PDU: { code = 1 (Access-Request) id = 158 length = 87 octets authenticator = 16 octets { d1 b4 22 da f4 b3 94 9d 31 29 6b ec 4e ef 7d 39 ..".....1)k.N.}9 } attributes = 8 elements { [0]= { type = 1 (User-Name) length = 7 octets value = 5 octets { 61 70 32 30 30 ap200 } } [1]= { type = 3 (CHAP-Password) length = 19 octets value = 17 octets { ae dc 74 57 bd 26 6e 7d a6 54 e5 b1 ed b5 9b cd ..tW.&n}.T...... ab . } } [2]= { type = 4 (NAS-IP-Address) length = 6 octets value = 4 octets { 0a 00 00 0b .... } } [3]= { type = 32 (NAS-Identifier) length = 11 octets value = 9 octets { 4d 49 43 50 45 47 4b 30 32 MICPEGK02 } } [4]= { type = 61 (NAS-Port-Type) length = 6 octets value = 4 octets { 00 00 00 05 .... } } [5]= { type = 6 (Service-Type) length = 6 octets value = 4 octets { 00 00 00 01 .... } } [6]= { type = 60 (CHAP-Challenge) length = 6 octets value = 4 octets { 3f 01 46 5c ?.F\ } } [7]= { type = 8 (Framed-IP-Address) length = 6 octets value = 4 octets { 0a 00 00 f0 .... } } } } 2003/07/01 15:25:23.651 5 radproto.cxx(1919) RADIUS Received PDU from RADIUS server 161.132.224.67 (161.132.224.67:1812) by socket port:10550:[0,157-158], PDU: { code = 2 (Access-Accept) id = 158 length = 20 octets authenticator = 16 octets { b9 53 39 22 85 27 1c 31 b4 da 00 c3 b1 09 a7 69 .S9".'.1.......i } attributes = <<null>> } 2003/07/01 15:25:23.651 4 gkauth.h(80) GkAuth RadAuth check ok 2003/07/01 15:25:23.651 4 gkauth.h(80) GkAuth default check ok 2003/07/01 15:25:23.681 1 RasTbl.cxx(51) New EP|10.0.0.240:1720|ap200:h323_ID=6603000:dialedDigits=6603001:dialedDigits|termi nal|1248_endp 2003/07/01 15:25:23.691 2 RasSrv.cxx(1144) RCF|10.0.0.240:1720|ap200:h323_ID=6603000:dialedDigits=6603001:dialedDigits|term inal|1248_endp; 2003/07/01 15:25:23.691 3 RasSrv.cxx(2072) GK Send to 10.0.0.240:22000 registrationConfirm { requestSeqNum = 1 protocolIdentifier = 0.0.8.2250.0.2 callSignalAddress = 1 entries { [0]=ipAddress { ip = 4 octets { 0a 00 00 0b .... } port = 1721 } } terminalAlias = 3 entries { [0]=h323_ID 5 characters { 0061 0070 0032 0030 0030 ap200 } [1]=dialedDigits "6603000" [2]=dialedDigits "6603001" } gatekeeperIdentifier = 9 characters { 004d 0049 0043 0050 0045 0047 004b 0030 MICPEGK0 0032 2 } endpointIdentifier = 9 characters { 0031 0032 0034 0038 005f 0065 006e 0064 1248_end 0070 p } timeToLive = 60 cryptoTokens = 1 entries { [0]=cryptoEPPwdHash { alias = h323_ID 5 characters { 0061 0070 0032 0030 0030 ap200 } timeStamp = 1057048156 token = { algorithmOID = 1.2.840.113549.2.5 paramS = { } hash = Hex: 55 5e 5e 6c 27 0f ed 2d 4e 15 fa 12 ec 24 60 c5 } } } willRespondToIRR = FALSE maintainConnection = FALSE } 2003/07/01 15:25:23.691 5 RasSrv.cxx(2086) GK Sent Successful 2003/07/01 15:25:28.488 2 RasSrv.cxx(2132) GK Read from 161.132.195.162:22000 2003/07/01 15:25:28.498 3 RasSrv.cxx(2145) GK registrationRequest { requestSeqNum = 1 protocolIdentifier = 0.0.8.2250.0.2 discoveryComplete = FALSE callSignalAddress = 1 entries { [0]=ipAddress { ip = 4 octets { a1 84 c3 a2 .... } port = 1720 } } rasAddress = 1 entries { [0]=ipAddress { ip = 4 octets { a1 84 c3 a2 .... } port = 22000 } } terminalType = { terminal = { } mc = FALSE undefinedNode = FALSE } terminalAlias = 3 entries { [0]=h323_ID 10 characters { 0061 0070 0032 0030 0030 0074 0065 0073 ap200tes 0074 0031 t1 } [1]=dialedDigits "6604000" [2]=dialedDigits "6604001" } endpointVendor = { vendor = { t35CountryCode = 97 t35Extension = 0 manufacturerCode = 22 } productId = 11 octets { 41 64 64 50 61 63 20 56 6f 49 50 AddPac VoIP } versionId = 4 octets { 36 2e 30 36 6.06 } } timeToLive = 60 tokens = 1 entries { [0]={ tokenOID = 1.2.840.113548.10.1.2.1 timeStamp = 1054089182 challenge = 16 octets { b7 31 7c 16 3b 47 5e e1 f4 9f 74 a5 77 b1 20 43 .1|.;G^...t.w. C } random = 250 generalID = 10 characters { 0061 0070 0032 0030 0030 0074 0065 0073 ap200tes 0074 0031 t1 } } } cryptoTokens = 1 entries { [0]=cryptoEPPwdHash { alias = h323_ID 10 characters { 0061 0070 0032 0030 0030 0074 0065 0073 ap200tes 0074 0031 t1 } timeStamp = 1054089182 token = { algorithmOID = 1.2.840.113549.2.5 paramS = { } hash = Hex: 3c df fe 7d c0 78 a9 42 ab 2b af 7d 50 a8 e5 d5 } } } keepAlive = FALSE willSupplyUUIEs = FALSE } 2003/07/01 15:25:28.498 1 RasSrv.cxx(927) GK RRQ Received 2003/07/01 15:25:28.508 5 radproto.cxx(1900) RADIUS Sending PDU to RADIUS server 161.132.224.67 (161.132.224.67:1812) from port:10550:[0,157-159], PDU: { code = 1 (Access-Request) id = 159 length = 92 octets authenticator = 16 octets { e1 50 2a df b3 10 fd 91 49 e0 bf 70 cd 4a 91 55 .P*.....I..p.J.U } attributes = 8 elements { [0]= { type = 1 (User-Name) length = 12 octets value = 10 octets { 61 70 32 30 30 74 65 73 74 31 ap200test1 } } [1]= { type = 3 (CHAP-Password) length = 19 octets value = 17 octets { fa b7 31 7c 16 3b 47 5e e1 f4 9f 74 a5 77 b1 20 ..1|.;G^...t.w. 43 C } } [2]= { type = 4 (NAS-IP-Address) length = 6 octets value = 4 octets { 0a 00 00 0b .... } } [3]= { type = 32 (NAS-Identifier) length = 11 octets value = 9 octets { 4d 49 43 50 45 47 4b 30 32 MICPEGK02 } } [4]= { type = 61 (NAS-Port-Type) length = 6 octets value = 4 octets { 00 00 00 05 .... } } [5]= { type = 6 (Service-Type) length = 6 octets value = 4 octets { 00 00 00 01 .... } } [6]= { type = 60 (CHAP-Challenge) length = 6 octets value = 4 octets { 3e d4 1f de >... } } [7]= { type = 8 (Framed-IP-Address) length = 6 octets value = 4 octets { a1 84 c3 a2 .... } } } } ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ List: Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/ ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ List: Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_id…49 Homepage: http://www.gnugk.org/
