Hi All
I have gnugk 2.2.1 and sql bill.
I have been getting auth failure when trying to
authenticate a cisco 3745 gw.
gnugk works normal for setup messages sent by other
gateways.
All entries in DB are correct. Can someone help
radacct auth-detail file shows a entry for the auth
request. But Radact reply-detail does not show a entry
for this.
I have attached the GNUlog and the config
Thanks
Steve
============
gnugk Config:
[Gatekeeper::Main]
Fourtytwo=42
Name=gk3
UnicastRasPort=1719
EndpointSignalPort=1720
[LogFile]
Rotate=Hourly
RotateTime=59
[RoutedMode]
GKRouted=1
H245Routed=0
DropCallsByReleaseComplete=1
SendReleaseCompleteOnDRQ=1
ForwardOnFacility=0
CallSignalPort=1720
CallSignalHandlerNumber=1
RemoveH245AddressOnTunneling=1
AcceptNeighborsCalls=1
AcceptUnregisteredCalls=1
[Proxy]
Enable=0
[RasSrv::RRQFeatures]
OverwriteEPOnSameAddress=1
AcceptEndpointIdentifier=0
[RasSrv::ARQFeatures]
ArjReasonRouteCallToSCN=0
ArjReasonRouteCallToGatekeeper=1
;CallUnregisteredEndpoints=1
;RemoveTrailingChar=#
;RoundRobinGateways=1
[GkStatus::Auth]
rule=allow
Shutdown=0
[RasSrv::RewriteE164]
;Fastmatch=
;0190703100=052418088663
;01903142=0521178260
;5241908601903142=521178260
4556254=254
04194=94
[RasSrv::LRQFeatures]
CiscoGKCompatible=1
[RasSrv::PermanentEndpoints]
2.2.2.2=gk2;99,9988
#
[Gatekeeper::Auth]
;RadAuth=optional;RRQ,ARQ
RadAliasAuth=required;RRQ,ARQ,Setup,SetupUnreg
;SQLPasswordAuth=optional;RRQ
;SQLAliasAuth=required;RRQ
default=allow
[Gatekeeper::Acct]
FileAcct=optional;start,stop
RadAcct=required;start,update,stop,on,off
;SQLAcct=required;start,update,stop
[FileAcct]
;DetailFile=/var/log/gnulogs/gnucdr.log
DetailFile=/var/log/gnulogs/gnucdr-new.log
;#StandardCDRFormat=0
;#CDRString=%s|%{ConfId}|%u|%{Calling-Station-Id}|%{Called-Station-Id}|%d|%c
CDRString=%s|%g|%u|%{Calling-Station-Id}|%{Called-Station-Id}|%{caller-ip}|%{callee-ip}|%{connect-time}|%{disconnect-time}|%d|%c|
Rotate=daily
RotateTime=23:59
[RadAuth]
Servers=127.0.0.1
SharedSecret=testing
AppendCiscoAttributes=1
IncludeTerminalAliases=1
IncludeEndpointIP=1
[RadAliasAuth]
Servers=127.0.0.1
SharedSecret=testing
AppendCiscoAttributes=1
FixedPassword=gkcom
[RadAcct]
Servers=127.0.0.1
SharedSecret=testing
AppendCiscoAttributes=1
IncludeEndpointIP=1
[SQLPasswordAuth]
Driver=PostgreSQL
Host=localhost
Database=voipdb
Username=gkradius
Password=gkradius
Query=SELECT u.chappassword FROM voipuser u JOIN
voipaccount a ON u.accountid = a.id WHERE u.h323id =
'%1' AND NOT u.disabled AND NOT a.disabled AND
a.closed IS NULL
[SQLAliasAuth]
Driver=PostgreSQL
Host=localhost
Database=voipdb
Username=gkradius
Password=gkradius
Query=SELECT CASE WHEN u.framedip IS NULL THEN 'allow'
ELSE 'sigip:' || host(u.framedip) END FROM voipuser u
JOIN voipaccount a ON u.accountid = a.id WHERE
u.h323id = '%1' AND NOT u.disabled AND NOT a.disabled
AND a.closed IS NULL
[SQLAcct]
Driver=PostgreSQL
Host=localhost
Database=voipdb
Username=gkradius
Password=gkradius
StartQuery=INSERT INTO voipcall (id, h323id,
acctsessionid, h323confid, gkip, gkid,
callingstationip, callingstationid, calledstationip,
calledstationid, setuptime, acctstarttime,
acctstartdelay, acctupdatetime) VALUES (DEFAULT, '%u',
'%s', '%{ConfId}', '%{gkip}', '%g',
NULLIF('%{caller-ip}', '')::INET,
'%{Calling-Station-Id}', NULLIF('%{callee-ip}',
'')::INET, '%{Called-Station-Id}',
NULLIF('%{setup-time}', '')::TIMESTAMP(0) WITH TIME
ZONE, now(), 0, now())
UpdateQuery=UPDATE voipcall SET duration = '%d',
connecttime =
NULLIF('%{connect-time}','')::TIMESTAMP(0) WITH TIME
ZONE, acctupdatetime = now() WHERE acctsessionid =
'%s' AND gkid = '%g' AND acctstoptime IS NULL
StopQuery=UPDATE voipcall SET acctstoptime = now(),
duration = '%d', terminatecause = '%c', acctstopdelay
= 0, setuptime = NULLIF('%{setup-time}',
'')::TIMESTAMP(0) WITH TIME ZONE, connecttime =
NULLIF('%{connect-time}', '')::TIMESTAMP(0) WITH TIME
ZONE, disconnecttime = NULLIF('%{disconnect-time}',
'')::TIMESTAMP(0) WITH TIME ZONE WHERE acctsessionid =
'%s' AND gkid = '%g' AND acctstoptime IS NULL
StopQueryAlt=INSERT INTO voipcall (id, h323id,
acctsessionid, h323confid, gkip, gkid,
callingstationip, callingstationid, calledstationip,
calledstationid, setuptime, connecttime,
disconnecttime, terminatecause, duration,
acctstarttime, acctstartdelay, acctupdatetime,
acctstoptime, acctstopdelay) VALUES (DEFAULT,'%u',
'%s', '%{ConfId}', '%{gkip}', '%g',
NULLIF('%{caller-ip}', '')::INET,
'%{Calling-Station-Id}', NULLIF('%{callee-ip}',
'')::INET, '%{Called-Station-Id}',
NULLIF('%{setup-time}','')::TIMESTAMP(0) WITH TIME
ZONE, NULLIF('%{connect-time}','')::TIMESTAMP(0) WITH
TIME ZONE,
NULLIF('%{disconnect-time}','')::TIMESTAMP(0) WITH
TIME ZONE, '%c', '%d', (now() - '%d'::INTERVAL), 0,
now(), now(), 0)
=====================================
Gnugk log:
2005/04/12 05:25:05.431 3 ProxyChannel.cxx(722) Q931s
Received: Setup CRV=18196 from 1.1.1.1:19192
2005/04/12 05:25:05.439 4 ProxyChannel.cxx(669) Q931
Received: {
q931pdu = {
protocolDiscriminator = 8
callReference = 18196
from = originator
messageType = Setup
IE: Bearer-Capability = {
90 90 a3
...
}
IE: Called-Party-Number = {
81 38 38 31 30 39 34 31 31 32 35 36 30 33 36 37
.4444444444444
}
IE: User-User = {
20 80 06 00 08 91 4a 00 04 28 00 b5 00 00 12 40
.....J..(.....@
01 3c 05 01 00 00 1c c9 cd 04 18 46 11 cc 81 b3
.<.........F....
f8 a3 a1 04 57 80 00 cd 1d 82 00 07 00 c0 d8 7b
....W..........{
5a 4a f8 11 00 1c cb 05 54 18 46 11 cc 81 b5 f8
ZJ......T.F.....
a3 a1 04 57 80 34 02 13 00 00 00 0d 40 01 80 0b
...W.4......@...
05 00 01 00 c0 d8 7b 5a 48 5d 80 1e 40 00 00 06
......{ZH]..@...
04 01 00 4d 40 01 80 12 15 00 01 00 c0 d8 7b 5a
...M@.........{Z
48 5c 00 c0 d8 7b 5a 48 5d 80 01 00 01 00 01 80
H\...{ZH].......
01 80 01 00 10 a8 01 80 52 01 40 b5 00 00 12 4b
........R.@....K
e0 01 12 00 01 1c 3b 1c 39 9e 01 00 03 67 74 64
......;.9....gtd
00 00 00 2e 49 41 4d 2c 0d 0a 47 43 49 2c 31 63
....IAM,..GCI,1c
63 39 63 64 30 34 31 38 34 36 31 31 63 63 38 31
c9cd04184611cc81
62 33 66 38 61 33 61 31 30 34 35 37 38 30 0d 0a
b3f8a3a1045780..
0d 0a 06 80 06 00 04 00 00 00 03 35 02 04 67 74
...........5..gt
64 01 2e 49 41 4d 2c 0d 0a 47 43 49 2c 31 63 63
d..IAM,..GCI,1cc
39 63 64 30 34 31 38 34 36 31 31 63 63 38 31 62
9cd04184611cc81b
33 66 38 61 33 61 31 30 34 35 37 38 30 0d 0a 0d
3f8a3a1045780...
0a
.
}
}
h225pdu = {
h323_uu_pdu = {
h323_message_body = setup {
protocolIdentifier = 0.0.8.2250.0.4
sourceInfo = {
vendor = {
vendor = {
t35CountryCode = 181
t35Extension = 0
manufacturerCode = 18
}
}
gateway = {
protocol = 1 entries {
[0]=voice {
supportedPrefixes = 0 entries {
}
}
}
}
mc = FALSE
undefinedNode = FALSE
}
activeMC = FALSE
conferenceID = 16 octets {
1c c9 cd 04 18 46 11 cc 81 b3 f8 a3 a1 04
57 80 .....F........W.
}
conferenceGoal = create <<null>>
callType = pointToPoint <<null>>
sourceCallSignalAddress = ipAddress {
ip = 4 octets {
ff ff ff ff
..{Z
}
port = 19192
}
callIdentifier = {
guid = 16 octets {
1c cb 05 54 18 46 11 cc 81 b5 f8 a3 a1 04
57 80 ...T.F........W.
}
}
fastStart = 2 entries {
[0]= 19 octets {
00 00 00 0d 40 01 80 0b 05 00 01 00 c0 d8
7b 5a ....@.........{Z
48 5d 80
H].
}
[1]= 30 octets {
40 00 00 06 04 01 00 4d 40 01 80 12 15 00
01 00 @......M@.......
c0 d8 7b 5a 48 5c 00 c0 d8 7b 5a 48 5d 80
..{ZH\...{ZH].
}
}
mediaWaitForConnect = FALSE
canOverlapSend = FALSE
multipleCalls = TRUE
maintainConnection = TRUE
symmetricOperationRequired = <<null>>
}
h245Tunneling = TRUE
nonStandardControl = 1 entries {
[0]={
nonStandardIdentifier = h221NonStandard {
t35CountryCode = 181
t35Extension = 0
manufacturerCode = 18
}
data = 75 octets {
e0 01 12 00 01 1c 3b 1c 39 9e 01 00 03 67
74 64 ......;.9....gtd
00 00 00 2e 49 41 4d 2c 0d 0a 47 43 49 2c
31 63 ....IAM,..GCI,1c
63 39 63 64 30 34 31 38 34 36 31 31 63 63
38 31 c9cd04184611cc81
62 33 66 38 61 33 61 31 30 34 35 37 38 30
0d 0a b3f8a3a1045780..
0d 0a 06 80 06 00 04 00 00 00 03
...........
}
}
}
tunnelledSignallingMessage = {
tunnelledProtocolID = {
id = tunnelledProtocolAlternateID {
protocolType = "gtd"
}
}
messageContent = 1 entries {
[0]= 46 octets {
49 41 4d 2c 0d 0a 47 43 49 2c 31 63 63 39
63 64 IAM,..GCI,1cc9cd
30 34 31 38 34 36 31 31 63 63 38 31 62 33
66 38 04184611cc81b3f8
61 33 61 31 30 34 35 37 38 30 0d 0a 0d 0a
a3a1045780....
}
}
}
}
}
}
2005/04/12 05:25:05.442 3 radauth.cxx(1260)
RADAUTH RadAuth Setup auth failed: no tokens
2005/04/12 05:25:05.442 3 radproto.cxx(2098)
RADIUS Sending PDU to RADIUS server 127.0.0.1
(127.0.0.1:1812) from port:43029[active requests: 0,
ID space: 254-0], PDU: Access-Request, id 255
2005/04/12 05:25:06.440 3 radproto.cxx(2137)
RADIUS Received PDU from RADIUS server 127.0.0.1
(127.0.0.1:1812) by socket port:43029[active requests:
1, ID space: 254-0], PDU: Access-Reject, id 254
2005/04/12 05:25:06.440 3 gkauth.cxx(1070)
GKAUTH RadAliasAuth Setup check failed
2005/04/12 05:25:06.443 3 radproto.cxx(2098)
RADIUS Sending PDU to RADIUS server 127.0.0.1
(127.0.0.1:1813) from port:49007[active requests: 0,
ID space: 6-8], PDU: Accounting-Request, id 7
2005/04/12 05:25:06.450 3 radproto.cxx(2137)
RADIUS Received PDU from RADIUS server 127.0.0.1
(127.0.0.1:1812) by socket port:43029[active requests:
0, ID space: 254-0], PDU: Access-Reject, id 255
2005/04/12 05:25:06.450 3 gkauth.cxx(1070)
GKAUTH RadAliasAuth Setup check failed
2005/04/12 05:25:06.450 4 ProxyChannel.cxx(1440) Q931
Dropping call from 1.1.1.1:19192 due to Setup
authentication failure
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________________
Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/
