Hi All,
I seem to have run into a situation where OpenSER doesn't send the user-password to the Radius server, upon initiating the Register method. The following information is received at the radius end:
rad_recv: Access-Request packet from host 192.168.2.80:48582, id=200, length=194 User-Name = "101@192.168.2.80" Digest-Attributes = 0x0a05313031 Digest-Attributes = 0x010e3139322e3136382e322e3830 Digest-Attributes = 0x022a34363961326338396334343963303038323664396265313331653431376334316333303763376134 Digest-Attributes = 0x04127369703a3139322e3136382e322e3830 Digest-Attributes = 0x030a5245474953544552 Digest-Response = "8a61cba1c0729fa70929a115c6ae7c31" Service-Type = Authenticate-Only X-Ascend-PW-Lifetime = 0x313031 NAS-Port = 5060 NAS-IP-Address = 192.168.2.80 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 75 perl_pool: item 0x98baa10 asigned new request. Handled so far: 3 found interpetator at address 0x98baa10 rlm_perl: RAD_REQUEST: X-Ascend-PW-Lifetime = 0x313031 rlm_perl: RAD_REQUEST: Digest-Response = 8a61cba1c0729fa70929a115c6ae7c31 rlm_perl: RAD_REQUEST: User-Name = 101@192.168.2.80 rlm_perl: RAD_REQUEST: Service-Type = Authenticate-Only rlm_perl: RAD_REQUEST: NAS-IP-Address = 192.168.2.80 rlm_perl: RAD_REQUEST: NAS-Port = 5060 rlm_perl: RAD_REQUEST: Digest-Attributes = ARRAY(0x99f368c) perl_pool total/active/spare [32/0/32]
This clearly shows that the User-Password attribute is not sent. Anyone can point me at the direction to look?
z2l
SIP uses digest authentication: The SIP proxy does not receive a password, thus it can't send it to the radius server.
Instead the client is sending a digest response to the SIP proxy (a hash calculated from the nonce, the password and some more parameters).
This response is forwarded to the Radius Server:
Digest-Response = "8a61cba1c0729fa70929a115c6ae7c31"
Thus, you have to configure your Radius Server to use digest authentication - then it should work
regards klaus
Service-Type = Authenticate-Only X-Ascend-PW-Lifetime = 0x313031 NAS-Port = 5060 NAS-IP-Address = 192.168.2.80Processing the authorize section of radiusd.conf modcall: entering group authorize for request 75 perl_pool: item 0x98baa10 asigned new request. Handled so far: 3 found interpetator at address 0x98baa10 rlm_perl: RAD_REQUEST: X-Ascend-PW-Lifetime = 0x313031 rlm_perl: RAD_REQUEST: Digest-Response = 8a61cba1c0729fa70929a115c6ae7c31 rlm_perl: RAD_REQUEST: User-Name = 101@192.168.2.80 rlm_perl: RAD_REQUEST: Service-Type = Authenticate-Only rlm_perl: RAD_REQUEST: NAS-IP-Address = 192.168.2.80 rlm_perl: RAD_REQUEST: NAS-Port = 5060 rlm_perl: RAD_REQUEST: Digest-Attributes = ARRAY(0x99f368c) perl_pool total/active/spare [32/0/32]
This clearly shows that the User-Password attribute is not sent. Anyone can point me at the direction to look?
z2l
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-
Klaus Darilion -
OpenSer ML