Re: RADAUTH RadAuth RRQ auth failed: tokens not found

Shashi Dahal <shashi0@xxxxxxxxx> · Wed, 2 Nov 2005 22:38:14 +0545

Solved.

Thanks All.

Cheers,

Shashi 

On 10/28/05, Deepak Singhal <dsinghal@xxxxxxxxxxxxxxxx> wrote:

This mean the devices are getting registered via 
RadAliasAuth Module (They are not sending h235 password). 
RadAliasAuth module by default sends password same as 
username.

Deepak Singhal

From: 
openh323gk-users-admin@xxxxxxxxxxxxxxxxxxxxx 
[mailto:openh323gk-users-admin@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Shashi 
Dahal
Sent: Wednesday, October 26, 2005 1:30 AM
To: 
openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re:  
RADAUTH RadAuth RRQ auth failed: tokens not found

I was able to get all devices to work when I set their h323id and 
password same in the db. I am not sure if this is the way to do it, but it 
worked.

duh!

Cheers,
Shashi

On 10/25/05, Shashi 
Dahal <shashi0@xxxxxxxxx> 
wrote:
Hi,

Currently, 
  the system is   MVTS+AdvancedRadius
I tested 3 devices,  1. 
  ciscoATA, 2. HSTellian IP Phone and 3. a dialup device which also runs on 
  h323. There is also a softphone that works via username and password, and the 
  devices work via h323id.

Using your sqlbill/freeradius/postgresql, I 
  was able to make the softphone work via username/password and it works 
  fine.

However, for all 3 devices, I get the mentioned error. After 
  posting this thread yesterday, I checked the past archives and  added a 
  few combinations in the gnugk.ini 
  file.

[RadAliasAuth]
Servers=192.168.150.128:1812
SharedSecret=mysecret
LocalInterface=
192.168.150.128
AppendCiscoAttributes=1
IncludeEndpointIP=1
IncludeTerminalAliases=1

[Gatekeeper::Auth]
RadAuth=required;RRQ,ARQ
RadAliasAuth=sufficiend;RRQ,ARQ
default=allow

"use RadAliasAuth and fix your database"
I am 
  sure that sqlbill/freeradius/postgresql  will work fine on the h323id 
  based authentication as well, and a small pointer in your part might help me 
  get somewhere. maybe a sample of a working h323id based db structure and 
  corresponding snippet of  gnugk.ini 

Use 
  allowedaliases and assignaliases fields only when you know what they do 
  exactly."
I have been trying to find out what they do exactly, but 
  could not get an exact via the archive search of this 
  list.

Cheers,
Shashi 

  On 10/25/05, Zygmuntowicz Michal <m.zygmuntowicz@xxxxxxx 
  > wrote:
  Either 
    configure ATA to send username/password correctly or use RadAliasAuth
and 
    fix your database. Use allowedaliases and assignaliases fields only when 
    you
know what they do exactly.

----- Original Message ----- 

From: "Shashi Dahal" <shashi0@xxxxxxxxx>
Sent: Monday, October 24, 2005 
    4:18 PM

I followed this page: http://www.gnugk.org/gnugk-cisco-ata.html
and am usign 
    sqlbill/freeradius/postgresql

I am getting the following in the gnugk 
    log

2005/10/24 12:04:21.851 1 RasSrv.cxx(343) RAS RRQ 
    Received
2005/10/24 12:04: 21.852 3 radauth.cxx(1239) RADAUTH RadAuth RRQ 
    auth failed:
tokens not found
2005/10/24 12:04:21.852 3 
    gkauth.cxx(968) GKAUTH RadAuth RRQ check failed
2005/10/24 12:04:21.853 2 
    RasSrv.cxx(388)
RRJ|192.168.1.101|123456:h323_ID=123456:dialedDigits|terminal|securityDenial; 

2005/10/24 12:04:21.854 3 RasSrv.cxx(231) RAS Send to
192.168.1.101:1027<

    http://192.168.1.101:1027>

db structure is the 
    following: 

voipdb=> select * from voipuser where id='1';
id | 
    h323id | accountid | disabled | checkh323id | chappassword 
    |
allowedaliases | assignaliases | framedip | firstname | surname 
    |
terminating
----+--------+-----------+----------+-------------+--------------+----------------+---------------+----------+-----------+---------+------------- 

1 | user1 | 1 | f | t | pass1 | 123456 | | | User-01 | Voip-01 | t
(1 
    row)

gnugk setting 
    ----

[RasSrv::RRQAuth]
default=allow

[Endpoint]
Password=MyPass

[Proxy]
Enable=1 

ProxyForNAT=1

[RasSrv::RRQFeatures]
AcceptGatewayPrefixes=1
OverwriteEPOnSameAddress=1
AcceptEndpointIdentifier=1

[RasSrv::ARQFeatures]
ArjReasonRouteCallToSCN=1
ArjReasonRouteCallToGatekeeper=1 

CallUnregisteredEndpoints=1
RemoveTrailingChar=#
ParseEmailAliases=1

[RasSrv::LRQFeatures]
NeighborTimeout=2
ForwardHopCount=2
AlwaysForwardLRQ=1
AcceptForwardedLRQ=1
IncludeDestinationInfoInLCF=1 

CiscoGKCompatible=1

[Gatekeeper::Auth]
RadAuth=required;RRQ,ARQ
NeighbourPasswordAuth=required
default=allow

[RadAuth]
Servers=
 92.168.150.128:1812 
    < http://92.168.150.128:1812>
SharedSecret=secret
LocalInterface=
 192.168.150.128 <http://192.168.150.128 
    >
AppendCiscoAttributes=1
IncludeEndpointIP=1

[Gatekeeper::Acct]
RadAcct=required;start,stop
default=accept

[RadAcct]
Servers=
 192.168.150.128:1813 
    <http://192.168.150.128:1813>
LocalInterface=
 192.168.150.128 <http://192.168.150.128>
SharedSecret=secret
RequestRetransmissions=4
RoundRobinServers=1

AppendCiscoAttributes=1

[RasSrv::GWPrefixes]
GW=*

[RasSrv::PermanentEndpoints]
192.168.150.250=GW;*

Where 
    am I missing something to allow h323id based authentication 

Cheers,
Shashi

-------------------------------------------------------
This 
    SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * 
    Register for a JBoss Training Course
Free Certification Exam for All 
    Training Attendees Through End of 2005 
Visit http://www.jboss.com/services/certification
 for more 
    information
_______________________________________________________ 

Posting: mailto: 
    Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 

Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users

Homepage: 
    http://www.gnugk.org/