Ah ok. BTW I'm testing radius authentication now, and i can't get authenticated. I use ser-0.9.3 and freeradius. Here are the information about my test and setup:
On Users file of freeradius i have these:
rpagquil@server4all Auth-Type := Digest, User-Password == "test123" Reply-Message = "Authenticated"
rpagquil@server4all Auth-Type := Accept Reply-Message = "Authorized"
On ser.cfg i have these:
modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") modparam("auth_radius", "service_type", 15)
if (!radius_www_authorize("server4all")){ www_challenge("", "1"); break; };
save("location"); break;
and this is my radius log with radiusd -X:
rad_recv: Access-Request packet from host 127.0.0.1:1733, id=95, length=318 User-Name = "rpagquil@server4all" Digest-Attributes = "\n\nrpagquil" Digest-Attributes = "\001\014server4all" Digest-Attributes = "\002*42ee018773f7ef0ca37028652e16deef71bdc6e9" Digest-Attributes = "\004\020sip:server4all" Digest-Attributes = "\003\nREGISTER" Digest-Attributes = "\005\006auth" Digest-Attributes = "\t\n00000002" Digest-Attributes = "\010"D845A10802BC11DABFB500E04CAB4AB4" Digest-Response = "67c537d0fb13d95416e2bb973b3caa4a" Service-Type = Sip-Session Sip-URI-User = "rpagquil" Cisco-AVPair = "call-id=D845A10302BC11DABFB500E04CAB4AB4@server4all" NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 rlm_realm: Looking up realm "server4all" for User-Name = "rpagquil@server4all" rlm_realm: Found realm "DEFAULT" rlm_realm: Adding Stripped-User-Name = "rpagquil" rlm_realm: Proxying request from user rpagquil to realm DEFAULT rlm_realm: Adding Realm = "DEFAULT" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 0 users: Matched DEFAULT at 162 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_unix: Attribute "User-Password" is required for authentication. modcall[authenticate]: module "unix" returns invalid for request 0 modcall: group authenticate returns invalid for request 0 auth: Failed to validate the user. Login incorrect: [rpagquil@server4all] (from client server port 5060) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 127.0.0.1:1734, id=96, length=318 User-Name = "rpagquil@server4all" Digest-Attributes = "\n\nrpagquil" Digest-Attributes = "\001\014server4all" Digest-Attributes = "\002*42ee018773f7ef0ca37028652e16deef71bdc6e9" Digest-Attributes = "\004\020sip:server4all" Digest-Attributes = "\003\nREGISTER" Digest-Attributes = "\005\006auth" Digest-Attributes = "\t\n00000002" Digest-Attributes = "\010"D845A10902BC11DABFB500E04CAB4AB4" Digest-Response = "4c7a54f5710a95dc6c7620ac04271c28" Service-Type = Sip-Session Sip-URI-User = "rpagquil" Cisco-AVPair = "call-id=D845A10302BC11DABFB500E04CAB4AB4@server4all" NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 1 rlm_realm: Looking up realm "server4all" for User-Name = "rpagquil@server4all" rlm_realm: Found realm "DEFAULT" rlm_realm: Adding Stripped-User-Name = "rpagquil" rlm_realm: Proxying request from user rpagquil to realm DEFAULT rlm_realm: Adding Realm = "DEFAULT" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 1 users: Matched DEFAULT at 162 modcall[authorize]: module "files" returns ok for request 1 modcall[authorize]: module "mschap" returns noop for request 1 modcall: group authorize returns ok for request 1 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_unix: Attribute "User-Password" is required for authentication. modcall[authenticate]: module "unix" returns invalid for request 1 modcall: group authenticate returns invalid for request 1 auth: Failed to validate the user. Login incorrect: [rpagquil@server4all] (from client server port 5060) Delaying request 1 for 1 seconds Finished request 1 Going to the next request Sending Access-Reject of id 95 to 127.0.0.1:1733 Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 96 to 127.0.0.1:1734 Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 95 with timestamp 42ee005c Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 96 with timestamp 42ee005d Nothing to do. Sleeping until we see a request.
Please help.
Thanks,
Klaus Darilion wrote:
The users need not to be in the users file. You can store your users anywhere (file, database, ...). The imporating thing however is: the radius server has to support digest authentication. Thus, the passwords must be stored in cleartext.
regards klaus
Ryan Pagquil wrote:
So it means that the System authentication that we are using now for radius will be ignored? Every users must exists in the users file of the freeradius?
Thanks,
Klaus Darilion wrote:
Greger V. Teigre wrote:
Ryan, Only if it supports the http digest authentication mechanism. g-)
This means, you need the user passwords in clear text.
regards, klaus
Ryan Pagquil wrote:
Hi,
Can I use my existing radius server as my login authentication for ser? The existing radius uses the system to read the user accounts, but explained on the radius howto i must create the user accounts on users file of the freeradius. Please help.
Thanks,
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers