Lucas, Your RADIUS server needs to implement the Digest algorithm. Attributes are non-standard and are NOT sent as vendor-encapsulated, but wrapped in the Digest-Attributes avpair. The RADIUS server thus needs to be able to read the digest-attributes, convert them to individual attributes (as below) and then implement the DIGEST authentication mechanism. Translated: There is no password attribute. g-)
ATTRIBUTE Digest-Response 206 string ATTRIBUTE Digest-Attributes 207 string ATTRIBUTE Digest-Realm 1063 string ATTRIBUTE Digest-Nonce 1064 string ATTRIBUTE Digest-Method 1065 string ATTRIBUTE Digest-URI 1066 string ATTRIBUTE Digest-QOP 1067 string ATTRIBUTE Digest-Algorithm 1068 string ATTRIBUTE Digest-Body-Digest 1069 string ATTRIBUTE Digest-CNonce 1070 string ATTRIBUTE Digest-Nonce-Count 1071 string ATTRIBUTE Digest-User-Name 1072 string
Lucas Aimaretto wrote:
Hi there,
This is my ser.cfg configuration
if(method=="REGISTER") { if (!radius_www_authorize("")) { www_challenge("", "0"); break; }; save("location"); break; };
And here is some sniffing done with ngrep ...
U IP_UA:11006 -> IP_SER:5060 REGISTER sip:IP_SER SIP/2.0. Via: SIP/2.0/UDP 192.168.1.178:11006;rport;branch=z9hG4bK810E80344EB24AE5B8D5FD21043E78CE . From: Lucas sip:1991006@IP_SER. To: Lucas sip:1991006@IP_SER. Contact: "Lucas" sip:1991006@192.168.1.178:11006. Call-ID: FCA6F7DD4BA94FA090F446BCE4AAE5B9@IP_SER. CSeq: 57327 REGISTER. Expires: 1800. Authorization: Digest username="1991006@IP_SER",realm="IP_SER",nonce="425b03326e0f4f0071f1a766 4c8823f1271f1212",response="8b9ec4e8e633c5dd7d4aee4aef1ffdba",uri="sip:I P_SER". Max-Forwards: 70. User-Agent: X-PRO build 1082. Content-Length: 0. .
# U IP_SER:5060 -> IP_UA:11006 SIP/2.0 401 Unauthorized. Via: SIP/2.0/UDP 192.168.1.178:11006;rport=11006;branch=z9hG4bK810E80344EB24AE5B8D5FD2104 3E78CE;received=IP_UA. From: Lucas sip:1991006@IP_SER. To: Lucas sip:1991006@IP_SER;tag=6f0d146d94c4cb042663ff3cf87e2e72.d766. Call-ID: FCA6F7DD4BA94FA090F446BCE4AAE5B9@IP_SER. CSeq: 57327 REGISTER. WWW-Authenticate: Digest realm="IP_SER", nonce="425b03326e0f4f0071f1a7664c8823f1271f1212". Content-Length: 0. Warning: 392 IP_SER:5060 "Noisy feedback tells: pid=23023 req_src_ip=IP_UA req_src_port=11006 in_uri=sip:IP_SER out_uri=sip:IP_SER via_cnt==1".
The thing is that I'm not seeing the Password Attribute at the radius output ... Well, to be honest, I do not know wich is the attribute SER uses to send password, but, the truth is no Password Attribute is sent to RADIUS.
Any ideas ?
Regards,
Lucas