Hi All,
I've been experimenting with GnuGk, trying to configure it with
FreeRADIUS backend. But now I've hit a roadblock, here is a brief
account of what I've done so far:
In my case GnuGK, FreeRADIUS and Ohphone are running on the same
machine:
a) Here is my /etc/gnugk.ini file:
[snip]
[Gatekeeper::Main]
Fourtytwo=42
[GkStatus::Auth]
KeyFilled=11
gkadmin=xIPXHCRLH2altxSB8Y/HJQ==
rule=password
[RoutedMode]
GKRouted=1
CallSignalPort=0
AcceptUnregisteredCalls=1
SupportNATedEndpoints=1
H245Routed=1
Q931PortRange=30000-30199
H245PortRange=30200-30399
[RadAliasAuth]
Servers=localhost:1812
SharedSecret=testing123
[RadAcct]
Servers=localhost:1813
SharedSecret=testing123
[Gatekeeper::Auth]
RadAliasAuth=required;RRQ,ARQ
[snip]
b) I have installed FreeRADIUS. And I've made sure that there are proper
'portslave' entries in /etc/raddb/clients and /etc/raddb/naslist
c) I've tested FreeRADIUS with 'ntradping' and it works fine. I am able
to receive the 'Access-Accept' reply.
d) Now when I do this:
$./ohphone -g localhost -l -a -u saket --password saket
I get a:
Error registering with gatekeeper at "10.100.116.34"
OhPhone ended.
The user/password are correct. What could be problem ?
e) Here are the snippets from the debug messages of
1) GateKeeper :
gatekeeperRequest {
requestSeqNum = 60234
protocolIdentifier = 0.0.8.2250.0.4
rasAddress = ipAddress {
ip = 4 octets {
0a 64 74 22 .dt"
}
port = 32770
}
endpointType = {
vendor = {
vendor = {
t35CountryCode = 9
t35Extension = 0
manufacturerCode = 61
}
productId = 27 octets {
4f 70 65 6e 20 48 33 32 33 20 50 72 6f 6a 65 63 Open H323
Projec
74 20 4f 68 50 68 6f 6e 65 00 00 t OhPhone..
}
versionId = 26 octets {
31 2e 34 2e 31 20 28 4f 70 65 6e 48 33 32 33 20 1.4.1
(OpenH323
76 31 2e 31 32 2e 32 29 00 00 v1.12.2)..
}
}
terminal = {
}
mc = FALSE
undefinedNode = FALSE
}
endpointAlias = 1 entries {
[0]=h323_ID 5 characters {
0073 0061 006b 0065 0074 saket
}
}
authenticationCapability = 2 entries {
[0]=pwdHash <<null>>
[1]=authenticationBES radius <<null>>
}
algorithmOIDs = 3 entries {
[0]=0.0.8.235.0.2.6
[1]=1.2.840.113549.2.5
[2]=1.2.840.113548.10.1.2.1
}
supportsAltGK = <<null>>
}
2004/07/01 16:08:02.730 1 RasSrv.cxx(900) GK GRQ
Received
2004/07/01 16:08:02.734 2 RasSrv.cxx(975)
GCF|10.100.116.34|saket:h323_ID|terminal;
2004/07/01 16:08:02.734 3 RasSrv.cxx(2332) GK Send to
10.100.116.34:32770
gatekeeperConfirm {
requestSeqNum = 60234
protocolIdentifier = 0.0.8.2250.0.4
gatekeeperIdentifier = 10 characters {
004f 0070 0065 006e 0048 0033 0032 0033 OpenH323
0047 004b GK
}
rasAddress = ipAddress {
ip = 4 octets {
0a 64 74 22 .dt"
}
port = 1719
}
}
2004/07/01 16:08:02.741 2 RasSrv.cxx(2392) GK Read
from 10.100.116.34:32770
2004/07/01 16:08:02.769 3 RasSrv.cxx(2405) GK
registrationRequest {
requestSeqNum = 60235
protocolIdentifier = 0.0.8.2250.0.4
discoveryComplete = TRUE
callSignalAddress = 1 entries {
[0]=ipAddress {
ip = 4 octets {
0a 64 74 22 .dt"
}
port = 1720
}
}
rasAddress = 1 entries {
[0]=ipAddress {
ip = 4 octets {
0a 64 74 22 .dt"
}
port = 32770
}
}
terminalType = {
vendor = {
vendor = {
t35CountryCode = 9
t35Extension = 0
manufacturerCode = 61
}
productId = 27 octets {
4f 70 65 6e 20 48 33 32 33 20 50 72 6f 6a 65 63 Open H323
Projec
74 20 4f 68 50 68 6f 6e 65 00 00 t OhPhone..
}
versionId = 26 octets {
31 2e 34 2e 31 20 28 4f 70 65 6e 48 33 32 33 20 1.4.1
(OpenH323
76 31 2e 31 32 2e 32 29 00 00 v1.12.2)..
}
}
terminal = {
}
mc = FALSE
undefinedNode = FALSE
}
terminalAlias = 1 entries {
[0]=h323_ID 5 characters {
0073 0061 006b 0065 0074 saket
}
}
gatekeeperIdentifier = 10 characters {
004f 0070 0065 006e 0048 0033 0032 0033 OpenH323
0047 004b GK
}
endpointVendor = {
vendor = {
t35CountryCode = 9
t35Extension = 0
manufacturerCode = 61
}
productId = 27 octets {
4f 70 65 6e 20 48 33 32 33 20 50 72 6f 6a 65 63 Open H323
Projec
74 20 4f 68 50 68 6f 6e 65 00 00 t OhPhone..
}
versionId = 26 octets {
31 2e 34 2e 31 20 28 4f 70 65 6e 48 33 32 33 20 1.4.1
(OpenH323
76 31 2e 31 32 2e 32 29 00 00 v1.12.2)..
}
}
tokens = 1 entries {
[0]={
tokenOID = 1.2.840.113548.10.1.2.1
timeStamp = 1088678282
challenge = 16 octets {
ca ee e8 6c e6 b4 a6 da 75 9a c8 7d 40 e4 9c fc
...l....u..}@...
}
random = 67
generalID = 6 characters {
0073 0061 006b 0065 0074 0000 saket
}
}
}
cryptoTokens = 2 entries {
[0]=nestedcryptoToken cryptoHashedToken {
tokenOID = 0.0.8.235.0.2.1
hashedVals = {
tokenOID = 0.0.8.235.0.2.5
timeStamp = 1088678282
random = 1896663875
generalID = 10 characters {
004f 0070 0065 006e 0048 0033 0032 0033 OpenH323
0047 004b GK
}
sendersID = 5 characters {
0073 0061 006b 0065 0074 saket
}
}
token = {
algorithmOID = 0.0.8.235.0.2.6
paramS = {
}
hash = Hex: 96 5f b0 d8 a8 4a af e3 64 c4 d5 60
}
}
[1]=cryptoEPPwdHash {
alias = h323_ID 5 characters {
0073 0061 006b 0065 0074 saket
}
timeStamp = 1088678282
token = {
algorithmOID = 1.2.840.113549.2.5
paramS = {
}
hash = Hex: fd d5 66 c4 b8 a1 02 f0 60 82 20 18 7c b4 a8 9a
}
}
}
keepAlive = FALSE
willSupplyUUIEs = TRUE
maintainConnection = FALSE
supportsAltGK = <<null>>
usageReportingCapability = {
nonStandardUsageTypes = 0 entries {
}
startTime = <<null>>
endTime = <<null>>
terminationCause = <<null>>
}
callCreditCapability = {
canEnforceDurationLimit = TRUE
}
}
2004/07/01 16:08:03.969 1 RasSrv.cxx(1002) GK RRQ
Received
2004/07/01 16:08:03.995 3 radproto.cxx(1813) RADIUS Sending
PDU to RADIUS server localhost (127.0.0.1:1812) from
port:63940[0,124-125], PDU: Access-Request, id 124
2004/07/01 16:08:04.055 3 radproto.cxx(1839) RADIUS Received
PDU from RADIUS server localhost (127.0.0.1:1812) by socket
port:63940[0,124-125], PDU: Access-Accept, id 124
2004/07/01 16:08:04.106 4 gkauth.cxx(444) GkAuth
RadAliasAuth check ok
2004/07/01 16:08:04.135 1 RasTbl.cxx(64) New
EP|10.100.116.34:1720|saket:h323_ID|terminal|9815_endp
2004/07/01 16:08:04.170 2 RasSrv.cxx(1257)
RCF|10.100.116.34:1720|saket:h323_ID|terminal|9815_endp;
2004/07/01 16:08:04.207 3 RasSrv.cxx(2332) GK Send to
10.100.116.34:32770
registrationConfirm {
requestSeqNum = 60235
protocolIdentifier = 0.0.8.2250.0.4
callSignalAddress = 1 entries {
[0]=ipAddress {
ip = 4 octets {
0a 64 74 22 .dt"
}
port = 30000
}
}
terminalAlias = 1 entries {
[0]=h323_ID 5 characters {
0073 0061 006b 0065 0074 saket
}
}
gatekeeperIdentifier = 10 characters {
004f 0070 0065 006e 0048 0033 0032 0033 OpenH323
0047 004b GK
}
endpointIdentifier = 9 characters {
0039 0038 0031 0035 005f 0065 006e 0064 9815_end
0070 p
}
willRespondToIRR = FALSE
maintainConnection = FALSE
}
2) FreeRADIUS
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:63940, id=124,
length=123
User-Name = "saket"
User-Password = "saket"
NAS-IP-Address = 10.100.116.34
NAS-Identifier = "OpenH323GK"
NAS-Port-Type = Virtual
Service-Type = Login-User
Framed-IP-Address = 10.100.116.34
Cisco-AVPair = "h323-ivr-out=terminal-alias:saket;"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
rlm_eap: EAP-Message not found
modcall[authorize]: module "eap" returns noop
rlm_realm: No '@' in User-Name = "saket", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
modcall[authenticate]: module "unix" returns ok
modcall: group authenticate returns ok
Sending Access-Accept of id 124 to 127.0.0.1:63940
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
Hoping for some new insights regarding this.
Thanks,
Saket
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/
