Re: Radius Authentication Failed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Logs show that GK is unable to communicate with your radius server. Either
your radius server is not configured/running properly.
Check whether you can reach the IP 192.168.5.30 from your GK m/c as well
that radius is serving requests on port 1645.
You can try using any of the radius clients to check/sort out the
connectivity issues.

Deepak Singhal
----- Original Message ----- 
From: "M.V. Jaga Mohan" <jagan@xxxxxxxxxxxxxxxxxxxxxxxxx>
To: <openh323gk-users@xxxxxxxxxxxxxxxxxxxxx>
Sent: Monday, December 13, 2004 3:26 PM
Subject:  Radius Authentication Failed


> Hi Deepak,
> Thanks for ur valuable suggestion. With configuring
> NTP I got my ATA authenticated with SQLPassword. Now I
> am trying to user Radius. But now I am getting the
> same "security denial" error. Just have a look at the
> messages returned by GK.
>
>
> 2004/12/13 15:18:40.211 3           radproto.cxx(1833)
>  RADIUS  Receive response from RADIUS server failed
> (id:21)
> 2004/12/13 15:18:40.212 3           radproto.cxx(1813)
>  RADIUS  Sending PDU to RADIUS server 192.168.5.30
> (192.168.5.30:1645) from port:61958[0,19-22], PDU: {
>       code = 1 (Access-Request)
>       id = 21
>       length = 141 octets
>       authenticator = 16 octets {
>         2f e7 2b 1d 16 ab 72 33  fe b4 5d 45 87 78 75
> 1a   /.+...r3..]E.xu.
>       }
>       attributes = 9 elements {
>         [0]= {
>           type = 1 (User-Name)
>           length = 9 octets
>           value = 7 octets {
>             32 32 32 32 32 32 32
>         2222222
>           }
>         }
>         [1]= {
>           type = 3 (CHAP-Password)
>           length = 19 octets
>           value = 17 octets {
>             17 aa 09 e6 b5 a1 a4 0b  14 52 d3 cd 13 cc
> ff 82   .........R......
>             1d
>         .
>           }
>         }
>         [2]= {
>           type = 4 (NAS-IP-Address)
>           length = 6 octets
>           value = 4 octets {
>             c0 a8 05 1e
>         ....
>           }
>         }
>         [3]= {
>           type = 32 (NAS-Identifier)
>           length = 19 octets
>           value = 17 octets {
>             53 79 72 69 6e 67 61 47  61 74 65 6b 65 65
> 70 65   SyringaGatekeepe
>             72
>         r
>           }
>         }
>         [4]= {
>           type = 61 (NAS-Port-Type)
>           length = 6 octets
>           value = 4 octets {
>             00 00 00 05
>         ....
>           }
>         }
>         [5]= {
>           type = 6 (Service-Type)
>           length = 6 octets
>           value = 4 octets {
>             00 00 00 01
>         ....
>           }
>         }
>         [6]= {
>           type = 60 (CHAP-Challenge)
>           length = 6 octets
>           value = 4 octets {
>             41 bd 65 71
>         A.eq
>           }
>         }
>         [7]= {
>           type = 8 (Framed-IP-Address)
>           length = 6 octets
>           value = 4 octets {
>             c0 a8 05 31
>         ...1
>           }
>         }
>         [8]= {
>           type = 26 (Vendor-Specific)
>           length = 44 octets
>           vendorId = 9
>           vendorValue = 38 octets {
>             01 26 68 33 32 33 2d 69  76 72 2d 6f 75 74
> 3d 74   .&h323-ivr-out=t
>             65 72 6d 69 6e 61 6c 2d  61 6c 69 61 73 3a
> 32 32   erminal-alias:22
>             32 32 32 32 32 3b
>         22222;
>           }
>         }
>       }
>    }
>
> 2004/12/13 15:18:42.211 3           radproto.cxx(1833)
>  RADIUS  Receive response from RADIUS server failed
> (id:21)
> 2004/12/13 15:18:42.212 2             gkauth.cxx(433)
>  GkAuth  RadAuth check failed
> 2004/12/13 15:18:42.212 2             RasSrv.cxx(1274)
>
> RRJ|192.168.5.49|2222222:dialedDigits|terminal|securityDenial;
>
> 2004/12/13 15:18:42.212 3             RasSrv.cxx(2311)
>  GK      Send to 192.168.5.49:1739
> registrationReject {
>     requestSeqNum = 2471
>     protocolIdentifier = 0.0.8.2250.0.2
>     rejectReason = securityDenial <<null>>
>     gatekeeperIdentifier =  17 characters {
>       0053 0079 0072 0069 006e 0067 0061 0047
> SyringaG
>       0061 0074 0065 006b 0065 0065 0070 0065
> atekeepe
>       0072                                      r
>     }
>   }
> 2004/12/13 15:18:42.215 5             RasSrv.cxx(2325)
>  GK      Sent Successful
>
> This is my Configuration file :
>
> [RadAuth]
> Servers=192.168.5.30:1645
> LocalInterface=192.168.0.1
> #RadiusPortRange=10000-11000
> #DefaultAuthPort=1645
> SharedSecret=testing123
> RequestTimeout=2000
> IdCacheTimeout=9000
> SocketDeleteTimeout=60000
> RequestRetransmissions=2
> RoundRobinServers=1
> AppendCiscoAttributes=1
>
> Please let me know which configuration is required for
> Radius.
>
>
> Regards
>
> Jagan
> --- Deepak Singhal <dsinghal@xxxxxxxxxxxxxxxx> wrote:
>
> > It is suggested ..that you go through the archives
> > regarding configuration
> > of ATA. This has been discussed ample number of
> > times.
> >
> > If you don`t have any NTP Server you can use  any of
> >  the public ntp
> > servers.
> > pool.ntp.org is one such example.
> >
> > Deepak Singhal
> >
> > ----- Original Message ----- 
> > From: "M.V. Jaga Mohan"
> > <jagan@xxxxxxxxxxxxxxxxxxxxxxxxx>
> > To: <openh323gk-users@xxxxxxxxxxxxxxxxxxxxx>
> > Sent: Saturday, December 11, 2004 11:03 AM
> > Subject: Re:  Security Denial for
> > SQLPasswordAuthentication
> >
> >
> > > Thanks Michal for ur suggestion. I am sorry for my
> > > dumbness in this aspect. How to explicitly enable
> > > RRQ/ARQ password protection in CISCO 186 ATA ? And
> > one
> > > more thing is for setting time zone do I need to
> > use
> > > NTPIP ? because we don't have NTPIP server
> > running.
> > >
> > > Please suggest me.
> > >
> > > Thanks
> > >
> > > Jagan
> > > --- Zygmuntowicz Michal <m.zygmuntowicz@xxxxxxx>
> > > wrote:
> > >
> > > > Maybe your ATA is not configured well or has
> > invalid
> > > > time set. ATA supports RRQ/ARQ password
> > protection
> > > > but it must be explicitly enabled.
> > > >
> > > > ----- Original Message ----- 
> > > > From: "M.V. Jaga Mohan"
> > > > <jagan@xxxxxxxxxxxxxxxxxxxxxxxxx>
> > > > Sent: Friday, December 10, 2004 3:09 PM
> > > >
> > > >
> > > > > still i am not able to authenticate RRQ
> > message.
> > > > It is
> > > > > giving me security denial. I am using CISCI
> > 186
> > > > ATA as
> > > > > my endpoints and Postgresql as the database.
> > the
> > > > same
> > > > > VOIPDB which is given as sample with h323
> > > > gatekeeper I
> > > > > am using for this. Please let me know how the
> > > > > configuration should be. Basically I want to
> > do
> > > > > authentication when an ATA is connected to the
> > > > > gatekeeper. It may be SQLPASSWORD
> > authentication
> > > > or
> > > > > SQLALIAS authentication. Please kindly tell me
> > > > what
> > > > > kind of configuration should I have.
> > > > >
> > > > > Thanks
> > > > > Regards
> > > > >
> > > > > Jagan
> > > >
> > > >
> > > >
> > > >
> > >
> >
> -------------------------------------------------------
> > > > SF email is sponsored by - The IT Product Guide
> > > > Read honest & candid reviews on hundreds of IT
> > > > Products from real users.
> > > > Discover which products truly live up to the
> > hype.
> > > > Start reading now.
> > > > http://productguide.itmanagersjournal.com/
> > > >
> > > >
> > >
> >
> _______________________________________________________
> > > >
> > > > List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
> > > > Archive:
> > > >
> > >
> >
> http://sourceforge.net/mailarchive/forum.php?forum_id=8549
> > > > Homepage: http://www.gnugk.org/
> > > >
> > >
> > >
> > > =====
> > >
> > >
> > >
> > >
> >
> -------------------------------------------------------
> > > SF email is sponsored by - The IT Product Guide
> > > Read honest & candid reviews on hundreds of IT
> > Products from real users.
> > > Discover which products truly live up to the hype.
> > Start reading now.
> > > http://productguide.itmanagersjournal.com/
> > >
> > >
> >
> _______________________________________________________
> > >
> > > List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
> > > Archive:
> >
> http://sourceforge.net/mailarchive/forum.php?forum_id=8549
> > > Homepage: http://www.gnugk.org/
> > >
> > >
> >
> >
> >
> >
> >
> -------------------------------------------------------
> > SF email is sponsored by - The IT Product Guide
> > Read honest & candid reviews on hundreds of IT
> > Products from real users.
> > Discover which products truly live up to the hype.
> > Start reading now.
> > http://productguide.itmanagersjournal.com/
> >
> >
> _______________________________________________________
> >
> > List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
> > Archive:
> >
> http://sourceforge.net/mailarchive/forum.php?forum_id=8549
> > Homepage: http://www.gnugk.org/
> >
>
>
> =====
>
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://productguide.itmanagersjournal.com/
>
> _______________________________________________________
>
> List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
> Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
> Homepage: http://www.gnugk.org/
>
>




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

_______________________________________________________

List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/
[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux