Hi Deepak,
Thanks for ur valuable suggestion. With configuring
NTP I got my ATA authenticated with SQLPassword. Now I
am trying to user Radius. But now I am getting the
same "security denial" error. Just have a look at the
messages returned by GK.
2004/12/13 15:18:40.211 3 radproto.cxx(1833)
RADIUS Receive response from RADIUS server failed
(id:21)
2004/12/13 15:18:40.212 3 radproto.cxx(1813)
RADIUS Sending PDU to RADIUS server 192.168.5.30
(192.168.5.30:1645) from port:61958[0,19-22], PDU: {
code = 1 (Access-Request)
id = 21
length = 141 octets
authenticator = 16 octets {
2f e7 2b 1d 16 ab 72 33 fe b4 5d 45 87 78 75
1a /.+...r3..]E.xu.
}
attributes = 9 elements {
[0]= {
type = 1 (User-Name)
length = 9 octets
value = 7 octets {
32 32 32 32 32 32 32
2222222
}
}
[1]= {
type = 3 (CHAP-Password)
length = 19 octets
value = 17 octets {
17 aa 09 e6 b5 a1 a4 0b 14 52 d3 cd 13 cc
ff 82 .........R......
1d
.
}
}
[2]= {
type = 4 (NAS-IP-Address)
length = 6 octets
value = 4 octets {
c0 a8 05 1e
....
}
}
[3]= {
type = 32 (NAS-Identifier)
length = 19 octets
value = 17 octets {
53 79 72 69 6e 67 61 47 61 74 65 6b 65 65
70 65 SyringaGatekeepe
72
r
}
}
[4]= {
type = 61 (NAS-Port-Type)
length = 6 octets
value = 4 octets {
00 00 00 05
....
}
}
[5]= {
type = 6 (Service-Type)
length = 6 octets
value = 4 octets {
00 00 00 01
....
}
}
[6]= {
type = 60 (CHAP-Challenge)
length = 6 octets
value = 4 octets {
41 bd 65 71
A.eq
}
}
[7]= {
type = 8 (Framed-IP-Address)
length = 6 octets
value = 4 octets {
c0 a8 05 31
...1
}
}
[8]= {
type = 26 (Vendor-Specific)
length = 44 octets
vendorId = 9
vendorValue = 38 octets {
01 26 68 33 32 33 2d 69 76 72 2d 6f 75 74
3d 74 .&h323-ivr-out=t
65 72 6d 69 6e 61 6c 2d 61 6c 69 61 73 3a
32 32 erminal-alias:22
32 32 32 32 32 3b
22222;
}
}
}
}
2004/12/13 15:18:42.211 3 radproto.cxx(1833)
RADIUS Receive response from RADIUS server failed
(id:21)
2004/12/13 15:18:42.212 2 gkauth.cxx(433)
GkAuth RadAuth check failed
2004/12/13 15:18:42.212 2 RasSrv.cxx(1274)
RRJ|192.168.5.49|2222222:dialedDigits|terminal|securityDenial;
2004/12/13 15:18:42.212 3 RasSrv.cxx(2311)
GK Send to 192.168.5.49:1739
registrationReject {
requestSeqNum = 2471
protocolIdentifier = 0.0.8.2250.0.2
rejectReason = securityDenial <<null>>
gatekeeperIdentifier = 17 characters {
0053 0079 0072 0069 006e 0067 0061 0047
SyringaG
0061 0074 0065 006b 0065 0065 0070 0065
atekeepe
0072 r
}
}
2004/12/13 15:18:42.215 5 RasSrv.cxx(2325)
GK Sent Successful
This is my Configuration file :
[RadAuth]
Servers=192.168.5.30:1645
LocalInterface=192.168.0.1
#RadiusPortRange=10000-11000
#DefaultAuthPort=1645
SharedSecret=testing123
RequestTimeout=2000
IdCacheTimeout=9000
SocketDeleteTimeout=60000
RequestRetransmissions=2
RoundRobinServers=1
AppendCiscoAttributes=1
Please let me know which configuration is required for
Radius.
Regards
Jagan
--- Deepak Singhal <dsinghal@xxxxxxxxxxxxxxxx> wrote:
> It is suggested ..that you go through the archives
> regarding configuration
> of ATA. This has been discussed ample number of
> times.
>
> If you don`t have any NTP Server you can use any of
> the public ntp
> servers.
> pool.ntp.org is one such example.
>
> Deepak Singhal
>
> ----- Original Message -----
> From: "M.V. Jaga Mohan"
> <jagan@xxxxxxxxxxxxxxxxxxxxxxxxx>
> To: <openh323gk-users@xxxxxxxxxxxxxxxxxxxxx>
> Sent: Saturday, December 11, 2004 11:03 AM
> Subject: Re: Security Denial for
> SQLPasswordAuthentication
>
>
> > Thanks Michal for ur suggestion. I am sorry for my
> > dumbness in this aspect. How to explicitly enable
> > RRQ/ARQ password protection in CISCO 186 ATA ? And
> one
> > more thing is for setting time zone do I need to
> use
> > NTPIP ? because we don't have NTPIP server
> running.
> >
> > Please suggest me.
> >
> > Thanks
> >
> > Jagan
> > --- Zygmuntowicz Michal <m.zygmuntowicz@xxxxxxx>
> > wrote:
> >
> > > Maybe your ATA is not configured well or has
> invalid
> > > time set. ATA supports RRQ/ARQ password
> protection
> > > but it must be explicitly enabled.
> > >
> > > ----- Original Message -----
> > > From: "M.V. Jaga Mohan"
> > > <jagan@xxxxxxxxxxxxxxxxxxxxxxxxx>
> > > Sent: Friday, December 10, 2004 3:09 PM
> > >
> > >
> > > > still i am not able to authenticate RRQ
> message.
> > > It is
> > > > giving me security denial. I am using CISCI
> 186
> > > ATA as
> > > > my endpoints and Postgresql as the database.
> the
> > > same
> > > > VOIPDB which is given as sample with h323
> > > gatekeeper I
> > > > am using for this. Please let me know how the
> > > > configuration should be. Basically I want to
> do
> > > > authentication when an ATA is connected to the
> > > > gatekeeper. It may be SQLPASSWORD
> authentication
> > > or
> > > > SQLALIAS authentication. Please kindly tell me
> > > what
> > > > kind of configuration should I have.
> > > >
> > > > Thanks
> > > > Regards
> > > >
> > > > Jagan
> > >
> > >
> > >
> > >
> >
>
-------------------------------------------------------
> > > SF email is sponsored by - The IT Product Guide
> > > Read honest & candid reviews on hundreds of IT
> > > Products from real users.
> > > Discover which products truly live up to the
> hype.
> > > Start reading now.
> > > http://productguide.itmanagersjournal.com/
> > >
> > >
> >
>
_______________________________________________________
> > >
> > > List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
> > > Archive:
> > >
> >
>
http://sourceforge.net/mailarchive/forum.php?forum_id=8549
> > > Homepage: http://www.gnugk.org/
> > >
> >
> >
> > =====
> >
> >
> >
> >
>
-------------------------------------------------------
> > SF email is sponsored by - The IT Product Guide
> > Read honest & candid reviews on hundreds of IT
> Products from real users.
> > Discover which products truly live up to the hype.
> Start reading now.
> > http://productguide.itmanagersjournal.com/
> >
> >
>
_______________________________________________________
> >
> > List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
> > Archive:
>
http://sourceforge.net/mailarchive/forum.php?forum_id=8549
> > Homepage: http://www.gnugk.org/
> >
> >
>
>
>
>
>
-------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT
> Products from real users.
> Discover which products truly live up to the hype.
> Start reading now.
> http://productguide.itmanagersjournal.com/
>
>
_______________________________________________________
>
> List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
> Archive:
>
http://sourceforge.net/mailarchive/forum.php?forum_id=8549
> Homepage: http://www.gnugk.org/
>
=====
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/
