Voip database

miha- miha_zoubek at hotmail.com
Fri Dec 17 09:58:14 CET 2010 

Hello,

in wireshark I can see now that the first request for access goes throught
but the second one for accounting is rejected.

Can you help me out why?

What about encryption ? The secret on the nas server and on the radius is
100% same.

Where can I look for this?

I have chacked everything you said for now.

Thanks!

Miha




Cleaning up request 1 ID 176 with timestamp +12
Ready to process requests.
rad_recv: Access-Request packet from host 1.2.3.4 port 55983, id=139,
length=206
        Acct-Multi-Session-Id = "1292574457509"
        Cisco-Attr-130 =
0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258
        Calling-Station-Id = "81609000"
        NAS-Identifier = "intraswitch"
        NAS-IP-Address = 1.2.3.4
        3GPP2-Prepaid-acct-Capability = 0x010600000002
        3GPP2-Session-Termination-Capability = 1
        h323-conf-id = "h323-conf-id=1292574457509"
        Vendor-Specific = 0x00000009
        Event-Timestamp = "Dec 17 2010 09:27:37 CET"
        User-Name = "081609000"
        User-Password = "1122"
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "081609000", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[pgsql-voip]    expand: %{User-Name} -> 081609000
[pgsql-voip] sql_set_user escaped user --> '081609000'
rlm_sql (pgsql-voip): Reserving sql socket id: 22
[pgsql-voip]    expand: SELECT id, UserName, Attribute, Value, Op   FROM
radcheck   WHERE Username = '%{SQL-User-Name}'   ORDER BY id -> SELECT id,
UserName, Attribute, Value, Op   FROM radcheck   WHERE Username =
'081609000'   ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 3 , fields = 5
[pgsql-voip] User found in radcheck table
[pgsql-voip]    expand: SELECT id, UserName, Attribute, Value, Op   FROM
radreply   WHERE Username = '%{SQL-User-Name}'   ORDER BY id -> SELECT id,
UserName, Attribute, Value, Op   FROM radreply   WHERE Username =
'081609000'   ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
[pgsql-voip]    expand: SELECT GroupName FROM radusergroup WHERE
UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
radusergroup WHERE UserName='081609000' ORDER BY priority
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
[pgsql-voip]    expand: SELECT id, GroupName, Attribute, Value, op   FROM
radgroupcheck   WHERE GroupName = '%{Sql-Group}'   ORDER BY id -> SELECT id,
GroupName, Attribute, Value, op   FROM radgroupcheck   WHERE GroupName =
'dynamic'   ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
[pgsql-voip] User found in group dynamic
[pgsql-voip]    expand: SELECT id, GroupName, Attribute, Value, op   FROM
radgroupreply   WHERE GroupName = '%{Sql-Group}'   ORDER BY id -> SELECT id,
GroupName, Attribute, Value, op   FROM radgroupreply   WHERE GroupName =
'dynamic'   ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 4 , fields = 5
rlm_sql (pgsql-voip): Released sql socket id: 22
++[pgsql-voip] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing MD5-Password from hex encoding
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "1122"
[pap] Using MD5 encryption.
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 139 to 1.2.3.4 port 55983
        Vendor-Specific := 0x3347505032
        3GPP2-Prepaid-acct-Capability := 0x303130363030303030303032
        3GPP2-Session-Termination-Capability := 1
        3GPP2-Release-Indicator := 0
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 1.2.3.4 port 55121, id=193,
length=335
        User-Name = "081609000"
        User-Password = "\022\312w\014"
        Cisco-Attr-130 =
0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258
        Acct-Multi-Session-Id = "1292574457509"
        Calling-Station-Id = "81609000"
        Called-Station-Id = "38651357952"
        Cisco-AVPair = "h323-called-enterprise-id=External"
        h323-remote-address = "h323-remote-address=unknown"
        Acct-Session-Id = "129257445750920"
        h323-conf-id = "h323-conf-id=1292574457509"
        h323-incoming-conf-id = "h323-incoming-conf-id=1292574457509"
        3GPP2-Prepaid-Acct-Quota = 0x0a06564f495008040002
        Event-Timestamp = "Dec 17 2010 09:27:37 CET"
        Acct-Status-Type = One-Time
        Message-Authenticator = 0x6f793daff586ab35701631c5f2a48d96
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "081609000", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[pgsql-voip]    expand: %{User-Name} -> 081609000
[pgsql-voip] sql_set_user escaped user --> '081609000'
rlm_sql (pgsql-voip): Reserving sql socket id: 21
[pgsql-voip]    expand: SELECT id, UserName, Attribute, Value, Op   FROM
radcheck   WHERE Username = '%{SQL-User-Name}'   ORDER BY id -> SELECT id,
UserName, Attribute, Value, Op   FROM radcheck   WHERE Username =
'081609000'   ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 3 , fields = 5
[pgsql-voip] User found in radcheck table
[pgsql-voip]    expand: SELECT id, UserName, Attribute, Value, Op   FROM
radreply   WHERE Username = '%{SQL-User-Name}'   ORDER BY id -> SELECT id,
UserName, Attribute, Value, Op   FROM radreply   WHERE Username =
'081609000'   ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
[pgsql-voip]    expand: SELECT GroupName FROM radusergroup WHERE
UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
radusergroup WHERE UserName='081609000' ORDER BY priority
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
[pgsql-voip]    expand: SELECT id, GroupName, Attribute, Value, op   FROM
radgroupcheck   WHERE GroupName = '%{Sql-Group}'   ORDER BY id -> SELECT id,
GroupName, Attribute, Value, op   FROM radgroupcheck   WHERE GroupName =
'dynamic'   ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
[pgsql-voip] User found in group dynamic
[pgsql-voip]    expand: SELECT id, GroupName, Attribute, Value, op   FROM
radgroupreply   WHERE GroupName = '%{Sql-Group}'   ORDER BY id -> SELECT id,
GroupName, Attribute, Value, op   FROM radgroupreply   WHERE GroupName =
'dynamic'   ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 4 , fields = 5
rlm_sql (pgsql-voip): Released sql socket id: 21
++[pgsql-voip] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing MD5-Password from hex encoding
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "?Êw?"
[pap] Using MD5 encryption.
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
  WARNING: Unprintable characters in the password.        Double-check the
shared secret on the server and the NAS!
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> 081609000
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 3 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 3
Sending Access-Reject of id 193 to 1.2.3.4 port 55121
Waking up in 3.9 seconds.
rad_recv: Access-Request packet from host 1.2.3.4 port 55121, id=193,
length=335
Sending duplicate reply to client intraswitch port 55121 - ID: 193
Sending Access-Reject of id 193 to 1.2.3.4 port 55121
Waking up in 3.9 seconds.
Cleaning up request 2 ID 139 with timestamp +728
Waking up in 1.0 seconds.
Cleaning up request 3 ID 193 with timestamp +728
Ready to process requests.
-- 
View this message in context: http://freeradius.1045715.n5.nabble.com/Voip-database-tp3295546p3309116.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

More information about the Freeradius-Users mailing list