Re: [Auth Problem] ATA, GunGK, and FreeRADIUS

["Zygmuntowicz Michal" <m.zygmuntowicz@xxxxxxx>]

Make sure database enteries for this user are correct.
Also enter a valid NTP server in your ATA configuration
to have a correct timestamp in H.235 tokens.

----- Original Message ----- 
From: "Byoung-Ju Jeon@PS@DCKR-SEL" <bjjeon@xxxxxxxxxxxxxxxxxxx>
Sent: Tuesday, January 10, 2006 10:19 AM


> I am now in using ATA 188 v3.1.2, GunGK 2.2.2_4, and  FreeRADIUS 1.0.5 on
> FreeBSD 6.0.
> When I am trying to use H.235 authentication, I've got securityDenial.
> You can check the log from GnuGK and FreeRADIUS.
>
> Is there anybody who succeed to use ATA with H.235 authentication?
> Could you tell me how to configure all the equipment?
>
> Thanks in advance.
> Bye.
>
> BJ.
>
> =========================== The Config of ATA ===========================
> UseLoginID: 1
> AutMethod: 0x00000002
> =====================================================================
>
> =========================== The log from GnuGK ===========================
>    timeToLive = 300
>    tokens = 1 entries {
>      [0]={
>        tokenOID = 1.2.840.113548.10.1.2.1
>        timeStamp = 1
>        challenge =  16 octets {
>          73 27 8c 27 13 71 f3 a4  4d db bc 4c 39 14 08 6e
> s'.'.q..M..L9..n
>        }
>        random = 18
>        generalID =  6 characters {
>          0069 0066 0067 0069 0072 006c             ifgirl
>        }
>      }
>    }
>    keepAlive = FALSE
>    willSupplyUUIEs = FALSE
>    maintainConnection = FALSE
>  }
> 2006/01/10 18:05:57.967 1             RasSrv.cxx(330)   RAS     RRQ Received
> 2006/01/10 18:05:57.969 3           radproto.cxx(2121)  RADIUS  Sending PDU
> to RADIUS server 152.102.50.225 (152.102.50.225:1812) from port:64821[active
> requests: 0, ID space: 251-253], PDU: Access-Request, id 252
> 2006/01/10 18:05:57.981 3           radproto.cxx(2160)  RADIUS  Received PDU
> from RADIUS server 152.102.50.225 (152.102.50.225:1812) by socket
> port:64821[active requests: 0, ID space: 251-253], PDU: Access-Reject, id
> 252
> 2006/01/10 18:05:57.981 3             gkauth.cxx(969)   GKAUTH  RadAuth RRQ
> check failed
> 2006/01/10 18:05:57.982 2             RasSrv.cxx(375)
> RRJ|152.102.50.223|ifgirl:h323_ID=0175685273:dialedDigits|terminal|securityD
> enial;
> 2006/01/10 18:05:57.982 3             RasSrv.cxx(221)   RAS     Send to
> 152.102.50.223:1739
> ======================================================================
>
> =========================== The log from FreeRADIUS
> ===========================
> rad_recv: Access-Request packet from host 152.102.50.225:64821, id=252,
> length=143
>        User-Name = "ifgirl"
>        CHAP-Password = 0x1273278c271371f3a44ddbbc4c3914086e
>        CHAP-Challenge = 0x00000001
>        NAS-IP-Address = 152.102.50.225
>        NAS-Identifier = "Gatekeeper"
>        NAS-Port-Type = Virtual
>        Service-Type = Login-User
>        Framed-IP-Address = 152.102.50.223
>        Cisco-AVPair = "h323-ivr-out=terminal-alias:ifgirl,0175685273;"
>  Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 216
> .................
> radius_xlat:  'SELECT id, 'ifgirl', attrname, attrvalue, attrop FROM
> ??radius_get_reply_attrs('ifgirl', NULLIF('152.102.50.223', '')::INET,
> ???CASE ????WHEN '' = '' THEN TRUE ????ELSE FALSE ???END, ???CASE WHEN
> 'Login-User' = 'Call-Check' THEN TRUE ELSE FALSE END, ???'', NULLIF('',''),
> ???parse_avpair('h323-ivr-out=3Dterminal-alias:ifgirl=2C0175685273=3B',
> 'h323-ivr-out', 'terminal-alias') ???)'
> rlm_sql_postgresql: query: SELECT id, 'ifgirl', attrname, attrvalue, attrop
> FROM ??radius_get_reply_attrs('ifgirl', NULLIF('152.102.50.223', '')::INET,
> ???CASE ????WHEN '' = '' THEN TRUE ????ELSE FALSE ???END, ???CASE WHEN
> 'Login-User' = 'Call-Check' THEN TRUE ELSE FALSE END, ???'', NULLIF('',''),
> ???parse_avpair('h323-ivr-out=3Dterminal-alias:ifgirl=2C0175685273=3B',
> 'h323-ivr-out', 'terminal-alias') ???)
> rlm_sql_postgresql: Status: PGRES_TUPLES_OK
> rlm_sql_postgresql: affected rows = 
> radius_xlat:  ''
> rlm_sql (sql): Released sql socket id: 3
>  modcall[authorize]: module "sql" returns ok for request 216
> modcall: group authorize returns ok for request 216
>  rad_check_password:  Found Auth-Type Reject
>  rad_check_password: Auth-Type = Reject, rejecting user
> auth: Failed to validate the user.
> Login incorrect: [ifgirl/<CHAP-Password>] (from client Gatekeeper port 0)
> Sending Access-Reject of id 252 to 152.102.50.225:64821
> ======================================================================



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________________

Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/