Re: ip address radauth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You cannot authenticate an endpoin that does not send
any password (CAT token) with RadAuth modules.
For this purpose, you need to use RadAliasAuth module.
Example:

[Gatekeeper::Auth]
RadAuth=optional;RRQ
RadAliasAuth=required;RRQ

This way, all endpoints that do not send passwords,
will get authenticated by RadAliasAuth instead of RadAuth.

----- Original Message ----- From: "Roman V. Luschik" <romal@xxxxxxxxxx>
Sent: Wednesday, January 19, 2005 7:40 AM



Hello openh323gk-users,

I have installed gnugk 2.0.9,freeradius,postgres. All works fine.
But when i try authorize from openphone by ip address, i have RadAuth RRQ check failed.
But when i enter correct h235 password(not name or alias) all work.
I have following record in voipuser
16;"test";5;f;f;"test";"^$";"";"192.168.2.55";"test";"test";f
Is it openphone problem or not?



2005/01/19 09:35:14.346 1 RasSrv.cxx(2156) GK URQ Received
2005/01/19 09:35:14.346 3 gkauth.h(831) GKAUTH default check ok
2005/01/19 09:35:14.346 2 RasSrv.cxx(2224) UCF|192.168.2.55|9276_endp;
2005/01/19 09:35:14.346 3 RasSrv.cxx(2632) GK Send to 192.168.2.55:3700
unregistrationConfirm {
requestSeqNum = 36404
}
2005/01/19 09:35:14.358 2 RasSrv.cxx(2702) GK Read from 192.168.2.55:3759
2005/01/19 09:35:14.358 3 RasSrv.cxx(2714) GK
gatekeeperRequest {
requestSeqNum = 29478
protocolIdentifier = 0.0.8.2250.0.4
rasAddress = ipAddress {
ip = 4 octets {
c0 a8 02 37 ...7
}
port = 3759
}
endpointType = {
vendor = {
vendor = {
t35CountryCode = 9
t35Extension = 0
manufacturerCode = 61
}
productId = 23 octets {
45 71 75 69 76 61 6c 65 6e 63 65 20 4f 70 65 6e Equivalence Open
50 68 6f 6e 65 00 00 Phone..
}
versionId = 26 octets {
31 2e 38 2e 31 20 28 4f 70 65 6e 48 33 32 33 20 1.8.1 (OpenH323
76 31 2e 31 31 2e 37 29 00 00 v1.11.7)..
}
}
terminal = {
}
mc = FALSE
undefinedNode = FALSE
}
endpointAlias = 1 entries {
[0]=dialedDigits "1"
}
supportsAltGK = <<null>>
}
2005/01/19 09:35:14.359 1 RasSrv.cxx(962) GK GRQ Received
2005/01/19 09:35:14.359 3 gkauth.h(831) GKAUTH default check ok
2005/01/19 09:35:14.359 2 RasSrv.cxx(1030) GCF|192.168.2.55|1:dialedDigits|terminal;


2005/01/19 09:35:14.359 3 RasSrv.cxx(2632) GK Send to 192.168.2.55:3759
gatekeeperConfirm {
requestSeqNum = 29478
protocolIdentifier = 0.0.8.2250.0.4
gatekeeperIdentifier = 10 characters {
004f 0070 0065 006e 0048 0033 0032 0033 OpenH323
0047 004b GK
}
rasAddress = ipAddress {
ip = 4 octets {
c0 a8 02 08 ....
}
port = 1719
}
}
2005/01/19 09:35:14.363 2 RasSrv.cxx(2702) GK Read from 192.168.2.55:3759
2005/01/19 09:35:14.363 3 RasSrv.cxx(2714) GK
registrationRequest {
requestSeqNum = 29479
protocolIdentifier = 0.0.8.2250.0.4
discoveryComplete = TRUE
callSignalAddress = 1 entries {
[0]=ipAddress {
ip = 4 octets {
c0 a8 02 37 ...7
}
port = 1720
}
}
rasAddress = 1 entries {
[0]=ipAddress {
ip = 4 octets {
c0 a8 02 37 ...7
}
port = 3759
}
}
terminalType = {
vendor = {
vendor = {
t35CountryCode = 9
t35Extension = 0
manufacturerCode = 61
}
productId = 23 octets {
45 71 75 69 76 61 6c 65 6e 63 65 20 4f 70 65 6e Equivalence Open
50 68 6f 6e 65 00 00 Phone..
}
versionId = 26 octets {
31 2e 38 2e 31 20 28 4f 70 65 6e 48 33 32 33 20 1.8.1 (OpenH323
76 31 2e 31 31 2e 37 29 00 00 v1.11.7)..
}
}
terminal = {
}
mc = FALSE
undefinedNode = FALSE
}
terminalAlias = 1 entries {
[0]=dialedDigits "1"
}
gatekeeperIdentifier = 10 characters {
004f 0070 0065 006e 0048 0033 0032 0033 OpenH323
0047 004b GK
}
endpointVendor = {
vendor = {
t35CountryCode = 9
t35Extension = 0
manufacturerCode = 61
}
productId = 23 octets {
45 71 75 69 76 61 6c 65 6e 63 65 20 4f 70 65 6e Equivalence Open
50 68 6f 6e 65 00 00 Phone..
}
versionId = 26 octets {
31 2e 38 2e 31 20 28 4f 70 65 6e 48 33 32 33 20 1.8.1 (OpenH323
76 31 2e 31 31 2e 37 29 00 00 v1.11.7)..
}
}
keepAlive = FALSE
willSupplyUUIEs = TRUE
maintainConnection = FALSE
supportsAltGK = <<null>>
usageReportingCapability = {
nonStandardUsageTypes = 0 entries {
}
startTime = <<null>>
endTime = <<null>>
terminationCause = <<null>>
}
callCreditCapability = {
canDisplayAmountString = TRUE
canEnforceDurationLimit = TRUE
}
}
2005/01/19 09:35:14.364 1 RasSrv.cxx(1056) GK RRQ Received
2005/01/19 09:35:14.364 3 gkauth.cxx(1205) GKAUTH RadAuth RRQ check failed
2005/01/19 09:35:14.364 2 RasSrv.cxx(1411) RRJ|192.168.2.55|1:dialedDigits|terminal|securityDenial;


2005/01/19 09:35:14.364 3 RasSrv.cxx(2632) GK Send to 192.168.2.55:3759
registrationReject {
requestSeqNum = 29479
protocolIdentifier = 0.0.8.2250.0.4
rejectReason = securityDenial <<null>>
gatekeeperIdentifier = 10 characters {
004f 0070 0065 006e 0048 0033 0032 0033 OpenH323
0047 004b GK
}
}
2005/01/19 09:35:21.397 2 RasSrv.cxx(2702) GK Read from 192.168.2.55:3762
2005/01/19 09:35:21.397 3 RasSrv.cxx(2714) GK
gatekeeperRequest {
requestSeqNum = 43834
protocolIdentifier = 0.0.8.2250.0.4
rasAddress = ipAddress {
ip = 4 octets {
c0 a8 02 37 ...7
}
port = 3762
}
endpointType = {
vendor = {
vendor = {
t35CountryCode = 9
t35Extension = 0
manufacturerCode = 61
}
productId = 23 octets {
45 71 75 69 76 61 6c 65 6e 63 65 20 4f 70 65 6e Equivalence Open
50 68 6f 6e 65 00 00 Phone..
}
versionId = 26 octets {
31 2e 38 2e 31 20 28 4f 70 65 6e 48 33 32 33 20 1.8.1 (OpenH323
76 31 2e 31 31 2e 37 29 00 00 v1.11.7)..
}
}
terminal = {
}
mc = FALSE
undefinedNode = FALSE
}
endpointAlias = 1 entries {
[0]=dialedDigits "1"
}
authenticationCapability = 2 entries {
[0]=pwdHash <<null>>
[1]=authenticationBES radius <<null>>
}
algorithmOIDs = 3 entries {
[0]=0.0.8.235.0.2.6
[1]=1.2.840.113549.2.5
[2]=1.2.840.113548.10.1.2.1
}
supportsAltGK = <<null>>
}
2005/01/19 09:35:21.398 1 RasSrv.cxx(962) GK GRQ Received
2005/01/19 09:35:21.398 3 gkauth.h(831) GKAUTH default check ok
2005/01/19 09:35:21.398 2 RasSrv.cxx(1030) GCF|192.168.2.55|1:dialedDigits|terminal;


2005/01/19 09:35:21.398 3 RasSrv.cxx(2632) GK Send to 192.168.2.55:3762
gatekeeperConfirm {
requestSeqNum = 43834
protocolIdentifier = 0.0.8.2250.0.4
gatekeeperIdentifier = 10 characters {
004f 0070 0065 006e 0048 0033 0032 0033 OpenH323
0047 004b GK
}
rasAddress = ipAddress {
ip = 4 octets {
c0 a8 02 08 ....
}
port = 1719
}
authenticationMode = authenticationBES radius <<null>>
algorithmOID = 1.2.840.113548.10.1.2.1
}
2005/01/19 09:35:21.402 2 RasSrv.cxx(2702) GK Read from 192.168.2.55:3762
2005/01/19 09:35:21.403 3 RasSrv.cxx(2714) GK
registrationRequest {
requestSeqNum = 43835
protocolIdentifier = 0.0.8.2250.0.4
discoveryComplete = TRUE
callSignalAddress = 1 entries {
[0]=ipAddress {
ip = 4 octets {
c0 a8 02 37 ...7
}
port = 1720
}
}
rasAddress = 1 entries {
[0]=ipAddress {
ip = 4 octets {
c0 a8 02 37 ...7
}
port = 3762
}
}
terminalType = {
vendor = {
vendor = {
t35CountryCode = 9
t35Extension = 0
manufacturerCode = 61
}
productId = 23 octets {
45 71 75 69 76 61 6c 65 6e 63 65 20 4f 70 65 6e Equivalence Open
50 68 6f 6e 65 00 00 Phone..
}
versionId = 26 octets {
31 2e 38 2e 31 20 28 4f 70 65 6e 48 33 32 33 20 1.8.1 (OpenH323
76 31 2e 31 31 2e 37 29 00 00 v1.11.7)..
}
}
terminal = {
}
mc = FALSE
undefinedNode = FALSE
}
terminalAlias = 1 entries {
[0]=dialedDigits "1"
}
gatekeeperIdentifier = 10 characters {
004f 0070 0065 006e 0048 0033 0032 0033 OpenH323
0047 004b GK
}
endpointVendor = {
vendor = {
t35CountryCode = 9
t35Extension = 0
manufacturerCode = 61
}
productId = 23 octets {
45 71 75 69 76 61 6c 65 6e 63 65 20 4f 70 65 6e Equivalence Open
50 68 6f 6e 65 00 00 Phone..
}
versionId = 26 octets {
31 2e 38 2e 31 20 28 4f 70 65 6e 48 33 32 33 20 1.8.1 (OpenH323
76 31 2e 31 31 2e 37 29 00 00 v1.11.7)..
}
}
tokens = 1 entries {
[0]={
tokenOID = 1.2.840.113548.10.1.2.1
timeStamp = 1106116521
challenge = 16 octets {
c1 1d 10 80 db b3 87 e1 15 eb 3d 32 30 c8 67 e5 ..........=20.g.
}
random = 99
generalID = 3 characters {
0031 0000 0000 1
}
}
}
keepAlive = FALSE
willSupplyUUIEs = TRUE
maintainConnection = FALSE
supportsAltGK = <<null>>
usageReportingCapability = {
nonStandardUsageTypes = 0 entries {
}
startTime = <<null>>
endTime = <<null>>
terminationCause = <<null>>
}
callCreditCapability = {
canDisplayAmountString = TRUE
canEnforceDurationLimit = TRUE
}
}
2005/01/19 09:35:21.403 1 RasSrv.cxx(1056) GK RRQ Received
2005/01/19 09:35:21.403 3 radproto.cxx(1818) RADIUS Sending PDU to RADIUS server 192.168.2.17 (192.168.2.17:1812) from port:45765[0,120-121], PDU: Access-Request, id 120
2005/01/19 09:35:21.411 3 radproto.cxx(1844) RADIUS Received PDU from RADIUS server 192.168.2.17 (192.168.2.17:1812) by socket port:45765[0,120-121], PDU: Access-Accept, id 120
2005/01/19 09:35:21.411 3 gkauth.cxx(1201) GKAUTH RadAuth RRQ check ok
2005/01/19 09:35:21.411 3 gkauth.cxx(1201) GKAUTH default RRQ check ok
2005/01/19 09:35:21.412 1 RasTbl.cxx(68) New EP|192.168.2.55:1720|1:dialedDigits|terminal|9276_endp


2005/01/19 09:35:21.412 2 RasSrv.cxx(1363) RCF|192.168.2.55:1720|1:dialedDigits|terminal|9276_endp;

2005/01/19 09:35:21.412 3 RasSrv.cxx(2632) GK Send to 192.168.2.55:3762
registrationConfirm {
requestSeqNum = 43835
protocolIdentifier = 0.0.8.2250.0.4
callSignalAddress = 1 entries {
[0]=ipAddress {
ip = 4 octets {
c0 a8 02 08 ....
}
port = 1719
}
}
terminalAlias = 1 entries {
[0]=dialedDigits "1"
}
gatekeeperIdentifier = 10 characters {
004f 0070 0065 006e 0048 0033 0032 0033 OpenH323
0047 004b GK
}
endpointIdentifier = 9 characters {
0039 0032 0037 0036 005f 0065 006e 0064 9276_end
0070 p
}
timeToLive = 600
willRespondToIRR = FALSE
maintainConnection = FALSE
serviceControl = 1 entries {
[0]={
sessionId = 0
contents = callCreditServiceControl {
amountString = 7 characters {
0039 002e 0039 0036 0055 0053 0044 9.96USD
}
billingMode = debit <<null>>
callStartingPoint = connect <<null>>
}
reason = open <<null>>
}
}
}





-- Best regards,

e-mail: mailto:romal@xxxxxxxxxx



------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt

_______________________________________________________

List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/

[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux