top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

freediamater with radius issue

+2 votes
580 views

I just want to covert my radius request as an diameter request for authentication.

So I configured radgw and all mentioned configurations.

But I'm facing below issue
"No suitable candidate to route the message to." and getting access reject

My setup is like below

Started freediameter with radgw support and initiated the radius request by executing radtest.

$ sudo ../../../build/freeDiameterd/freeDiameterd-1.1.4  freeDiameterd-1.1.4 -c freeDiameter-1.conf
libfdproto initialized.
libgnutls '2.12.14' initialized.
Generating fresh Diffie-Hellman parameters of size 1024 (this takes some time)...
Loading : /usr/local/lib/freeDiameter/test_app.fdx
Extension Test_App initialized with configuration: 'doc/test_app1.conf'
------- app_test configuration dump: ---------
 Vendor Id .......... : 999999
 Application Id ..... : 16777215
 Command Id ......... : 16777214
 AVP Id ............. : 16777215
 Mode ............... : Cli
 Destination Realm .. : localdomain
 Destination Host ... : - none -
 Signal ............. : 10
------- /app_test configuration dump ---------
Loading : /usr/local/lib/freeDiameter/dict_nasreq.fdx
Extension 'Dictionary definitions for NASREQ' initialized
Loading : /usr/local/lib/freeDiameter/dict_eap.fdx
Extension 'Dictionary definitions for EAP' initialized
Loading : /usr/local/lib/freeDiameter/app_radgw.fdx
Extension RADIUS Gateway initialized with configuration: 'doc/rgw.conf'
Loading : /usr/local/lib/freeDiameter/app_diameap.fdx
-------- DiamEAP extension : Configuration parameters (Dump) -------------
    -Configuration file.....: doc/app_diameap.conf
    -EAP Application Id.....: 5
    -EAP Application Command: 268
    -EAP Application Vendor.: 0
    -Max invalid EAP packets: 5
    -Multi-Round Timeout....: 30
    -MySQL Database Params..:
        User .......:root
        Server .....:127.0.0.1
        Database....:diameap
    -EAP Method Plugins.....:
         - EAP Identity plugin      [Type: 1, Vendor: 0]  loaded
-------- DiamEAP extension : Configuration parameters (End) ---------------
[DiamEAP extension] Diameter EAP Application Extension started successfully.
All extensions loaded.
-- Configuration :
  Debug trace level ...... : +1
  Configuration file ..... : freeDiameter-1.conf
  Diameter Identity ...... : peer1.localdomain (l:17)
  Diameter Realm ......... : localdomain (l:11)
  Tc Timer ............... : 30
  Tw Timer ............... : 30
  Local port ............. : 3868
  Local secure port ...... : 3869
  Number of SCTP streams . : 30
  Number of server threads : 4
  Local endpoints ........ : Default (use all available)
  Local applications ..... : App: 1    Au--    Vnd: 0
                             App: 3    --Ac    Vnd: 0
                             App: 5    Au--    Vnd: 0
                             App: 16777215    Au--    Vnd: 999999
  Flags : - IP ........... : Enabled
          - IPv6 ......... : Enabled
          - Relay app .... : Enabled
          - TCP .......... : Enabled
          - SCTP ......... : Enabled
          - Pref. proto .. : SCTP
          - TLS method ... : Separate port
  TLS :   - Certificate .. : peer1.cert.pem
          - Private key .. : peer1.key.pem
          - CA (trust) ... : cacert.pem (1 certs)
          - CRL .......... : (none)
          - Priority ..... : (default: 'NORMAL')
          - DH bits ...... : 1024
  Origin-State-Id ........ : **********
freeDiameterd daemon initialized.

------------- RADIUS/Diameter Request Debug -------------
 RADIUS request (0x8887088) DUMP:
 id  : 0xf7, code: 1 (Access-Request [RFC2865])
 auth: 41 f9 0b ae  86 19 2b 6c
       0b 59 1a 79  0f ae db cd
 RADIUS answer: NULL pointer
 Diameter message (0xb5000558) DUMP:
------ Dumping object 0xb5000558 (w)-------
|MSG: 0xb5000558
|   (no model)
|   public: V:1 L:20 fl:RP-- CC:265 A:1 hi:0 ei:ffe00000
|   intern: rwb:(nil) rt:0 cb:(nil)((nil)) qry:(nil) asso:0 sess:(nil) src:(nil)(0)
 |   model : v/m:-M/VM,  OCTETSTRING, 263 "Session-Id"
 |   public: C:263 fl:-M L:8 V:0  data:@0xb50008ac
 |   value t: 'UTF8String' (OCTETSTRING) v: chris-VirtualBox;**********;1;user;peer1.l
 |   intern: src:(nil) mf:1 raw:(nil)(0)
 |   model : v/m:-M/VM,  OCTETSTRING, 283 "Destination-Realm"
 |   public: C:283 fl:-M L:8 V:0  data:@0xb5000764
 |   value t: 'DiameterIdentity' (OCTETSTRING) v: localdomain
 |   intern: src:(nil) mf:1 raw:(nil)(0)
 |   model : v/m:-M/VM,  OCTETSTRING, 264 "Origin-Host"
 |   public: C:264 fl:-M L:8 V:0  data:@0xb5000624
 |   value t: 'DiameterIdentity' (OCTETSTRING) v: chris-VirtualBox
 |   intern: src:(nil) mf:1 raw:(nil)(0)
 |   model : v/m:-M/VM,  OCTETSTRING, 296 "Origin-Realm"
 |   public: C:296 fl:-M L:8 V:0  data:@0xb500069c
 |   value t: 'DiameterIdentity' (OCTETSTRING) v: localdomain
 |   intern: src:(nil) mf:1 raw:(nil)(0)
 |   model : v/m:-M/VM,   UNSIGNED32, 258 "Auth-Application-Id"
 |   public: C:258 fl:-M L:12 V:0  data:@0xb500094c
 |   value (UNSIGNED32) v: 1 (0x1)
 |   intern: src:(nil) mf:0 raw:(nil)(0)
 |   model : v/m:-M/VM,    INTEGER32, 274 "Auth-Request-Type"
 |   public: C:274 fl:-M L:12 V:0  data:@0xb50009ac
 |   value t: 'Enumerated(Auth-Request-Type)' (INTEGER32) v: 'AUTHORIZE_AUTHENTICATE' (3 (0x3))
 |   intern: src:(nil) mf:0 raw:(nil)(0)
 |   model : v/m:-M/VM,   UNSIGNED32, 408 "Origin-AAA-Protocol"
 |   public: C:408 fl:-M L:12 V:0  data:@0xb5000a0c
 |   value t: 'Enumerated(Origin-AAA-Protocol)' (UNSIGNED32) v: 'RADIUS' (1 (0x1))
 |   intern: src:(nil) mf:0 raw:(nil)(0)
 |   model : v/m:-M/VM,  OCTETSTRING, 1 "User-Name"
 |   public: C:1 fl:-M L:8 V:0  data:@0xb5000a6c
 |   value t: 'UTF8String' (OCTETSTRING) v: user
 |   intern: src:(nil) mf:1 raw:(nil)(0)
 |   model : v/m:-M/VM,  OCTETSTRING, 2 "User-Password"
 |   public: C:2 fl:-M L:8 V:0  data:@0xb5000adc
 |   value (OCTETSTRING) v: 75 73 65 72 00 00 00 00 00 00 00 00 00 00 00 00
 |   intern: src:(nil) mf:1 raw:(nil)(0)
 |   model : v/m:-M/VM,  OCTETSTRING, 4 "NAS-IP-Address"
 |   public: C:4 fl:-M L:8 V:0  data:@0xb5000b54
 |   value (OCTETSTRING) v: C0 A8 38 66
 |   intern: src:(nil) mf:1 raw:(nil)(0)
 |   model : v/m:-M/VM,   UNSIGNED32, 5 "NAS-Port"
 |   public: C:5 fl:-M L:12 V:0  data:@0xb5000bc4
 |   value (UNSIGNED32) v: 0 (0x0)
 |   intern: src:(nil) mf:0 raw:(nil)(0)
------ /end of object 0xb5000558 -------
 Diameter session: chris-VirtualBox;**********;1;user;peer1.localdomain
===========  Debug complete =============
No suitable candidate to route the message to.
Logged: 05/11/15,08:50:59.543145

 |MSG: 0xb5000558
 |   model : v/m:RP--/RPE-, 265 "AA-Request"
 |   public: V:1 L:20 fl:RP-- CC:265 A:1 hi:0 ei:ffe00000
 |   intern: rwb:(nil) rt:0 cb:0xb4fe7ddb(0xb5001c28) qry:(nil) asso:0 sess:(nil) src:(nil)(0)
[auth.rgwx] Received Diameter answer with error code '3002' from server 'peer1.localdomain', session chris-VirtualBox;**********;1;user;peer1.localdomain, translating into Access-Reject
[auth.rgwx]   Error-Message content: 'No suitable candidate to route the message to'
------------- RADIUS/Diameter Answer Debug -------------
 Diameter message (0x88871b0) DUMP:
------ Dumping object 0x88871b0 (w)-------
|MSG: 0x88871b0
|   model : v/m:-P--/RP--, 265 "AA-Answer"
|   public: V:1 L:20 fl:--E- CC:265 A:1 hi:0 ei:ffe00000
|   intern: rwb:(nil) rt:0 cb:(nil)((nil)) qry:0xb5000558 asso:0 sess:0xb50007f0 src:(nil)(0)
------ /end of object 0x88871b0 -------
 RADIUS answer (0xb4c00508) DUMP:
 id  : 0xf7, code: 3 (Access-Reject [RFC2865])
 auth: 00 00 00 00  00 00 00 00
       00 00 00 00  00 00 00 00
  - len: 47, type:0x12 (Reply-Message )
  - len:  6, type:0x65 (Error-Cause Attribute[RFC3576])
===========  Debug complete =============
ERROR: in '(pthread_mutex_lock( &sess->stlock ))':    Invalid argument
freeDiameterd-1.1.4: /home/chris/diameter/freeDiameter-1.1.4/freeDiameter-1.1.4/libfdproto/sessions.c:626: fd_sess_destroy: Assertion `0' failed.

freediameter conf

# -------- Test configuration ---------

Identity = "peer1.localdomain";
Realm = "localdomain";
# Port = 3868;
# SecPort = 3869;

TLS_Cred = "peer1.cert.pem",
           "peer1.key.pem";
TLS_CA = "cacert.pem";

LoadExtension = "test_app.fdx" : "doc/test_app1.conf";
LoadExtension = "dict_nasreq.fdx":"doc/app_diameap.conf";
LoadExtension = "dict_eap.fdx":"doc/app_diameap.conf";
LoadExtension = "app_radgw.fdx":"doc/rgw.conf";
LoadExtension = "app_diameap.fdx":"doc/app_diameap.conf";

rgw.conf
# Handle some attributes
#RGWX = "echodrop.rgwx" : "doc/echodrop.rgwx.conf";

# Handle Accounting-Request messages received on the correct port
RGWX = "acct.rgwx" : acct : 4;

# Handle Access-Request messages received on the correct port
RGWX = "auth.rgwx" : auth : 1;

# Dump state when loop ends
RGWX = "debug.rgwx";

##################

nas = 192.168.56.101 / "radiusecret" ;
nas = 192.168.56.105 / "radiusecret" ;
nas = 127.0.0.1 / "radiusecret" ;
nas = 192.168.56.102 / "radiusecret" ;

Please help me to proceed further,

posted May 11, 2015 by anonymous

Looking for an answer?  Promote on:
Facebook Share Button Twitter Share Button LinkedIn Share Button
I have the same problem

Similar Questions
+5 votes

Not sure I am missing something obvious, looking for a method to achieve Radius COA functionality with all possible command codes

Using Diameter. I see, it would be possible with server initiated messages, looking for more details in case any draft talks more about the respected messages.

+1 vote

Diameter and Radius both are used for authentication, authorization, and accounting in network/telecom system. My question here is why someone should use diameter where we already have proven Radius protocol.

+2 votes

I am not able to figure out an use-case where radius authentication is used and also how the credentials are provided, like manually or automatically by UE, in LTE attach procedure?

Please help me with an example?

...