[Auth Problem] ATA, GunGK, and FreeRADIUS

"Byoung-Ju Jeon@PS@DCKR-SEL" <bjjeon@xxxxxxxxxxxxxxxxxxx> · Tue, 10 Jan 2006 18:19:59 +0900

Hi,

I am now in using ATA 188 v3.1.2, GunGK 2.2.2_4, and  FreeRADIUS 1.0.5 on
FreeBSD 6.0.
When I am trying to use H.235 authentication, I've got securityDenial.
You can check the log from GnuGK and FreeRADIUS.

Is there anybody who succeed to use ATA with H.235 authentication?
Could you tell me how to configure all the equipment?

Thanks in advance.
Bye.

BJ.

=========================== The Config of ATA ===========================
UseLoginID: 1
AutMethod: 0x00000002
=====================================================================

=========================== The log from GnuGK ===========================
    timeToLive = 300
    tokens = 1 entries {
      [0]={
        tokenOID = 1.2.840.113548.10.1.2.1
        timeStamp = 1
        challenge =  16 octets {
          73 27 8c 27 13 71 f3 a4  4d db bc 4c 39 14 08 6e
s'.'.q..M..L9..n
        }
        random = 18
        generalID =  6 characters {
          0069 0066 0067 0069 0072 006c             ifgirl
        }
      }
    }
    keepAlive = FALSE
    willSupplyUUIEs = FALSE
    maintainConnection = FALSE
  }
2006/01/10 18:05:57.967 1             RasSrv.cxx(330)   RAS     RRQ Received
2006/01/10 18:05:57.969 3           radproto.cxx(2121)  RADIUS  Sending PDU
to RADIUS server 152.102.50.225 (152.102.50.225:1812) from port:64821[active
requests: 0, ID space: 251-253], PDU: Access-Request, id 252
2006/01/10 18:05:57.981 3           radproto.cxx(2160)  RADIUS  Received PDU
from RADIUS server 152.102.50.225 (152.102.50.225:1812) by socket
port:64821[active requests: 0, ID space: 251-253], PDU: Access-Reject, id
252
2006/01/10 18:05:57.981 3             gkauth.cxx(969)   GKAUTH  RadAuth RRQ
check failed
2006/01/10 18:05:57.982 2             RasSrv.cxx(375)
RRJ|152.102.50.223|ifgirl:h323_ID=0175685273:dialedDigits|terminal|securityD
enial;
2006/01/10 18:05:57.982 3             RasSrv.cxx(221)   RAS     Send to
152.102.50.223:1739
======================================================================

=========================== The log from FreeRADIUS
===========================
rad_recv: Access-Request packet from host 152.102.50.225:64821, id=252,
length=143
        User-Name = "ifgirl"
        CHAP-Password = 0x1273278c271371f3a44ddbbc4c3914086e
        CHAP-Challenge = 0x00000001
        NAS-IP-Address = 152.102.50.225
        NAS-Identifier = "Gatekeeper"
        NAS-Port-Type = Virtual
        Service-Type = Login-User
        Framed-IP-Address = 152.102.50.223
        Cisco-AVPair = "h323-ivr-out=terminal-alias:ifgirl,0175685273;"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 216
.................
radius_xlat:  'SELECT id, 'ifgirl', attrname, attrvalue, attrop FROM
??radius_get_reply_attrs('ifgirl', NULLIF('152.102.50.223', '')::INET,
???CASE ????WHEN '' = '' THEN TRUE ????ELSE FALSE ???END, ???CASE WHEN
'Login-User' = 'Call-Check' THEN TRUE ELSE FALSE END, ???'', NULLIF('',''),
???parse_avpair('h323-ivr-out=3Dterminal-alias:ifgirl=2C0175685273=3B',
'h323-ivr-out', 'terminal-alias') ???)'
rlm_sql_postgresql: query: SELECT id, 'ifgirl', attrname, attrvalue, attrop
FROM ??radius_get_reply_attrs('ifgirl', NULLIF('152.102.50.223', '')::INET,
???CASE ????WHEN '' = '' THEN TRUE ????ELSE FALSE ???END, ???CASE WHEN
'Login-User' = 'Call-Check' THEN TRUE ELSE FALSE END, ???'', NULLIF('',''),
???parse_avpair('h323-ivr-out=3Dterminal-alias:ifgirl=2C0175685273=3B',
'h323-ivr-out', 'terminal-alias') ???)
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows = 
radius_xlat:  ''
rlm_sql (sql): Released sql socket id: 3
  modcall[authorize]: module "sql" returns ok for request 216
modcall: group authorize returns ok for request 216
  rad_check_password:  Found Auth-Type Reject
  rad_check_password: Auth-Type = Reject, rejecting user
auth: Failed to validate the user.
Login incorrect: [ifgirl/<CHAP-Password>] (from client Gatekeeper port 0)
Sending Access-Reject of id 252 to 152.102.50.225:64821
======================================================================

-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________________

Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/