18 Sep
2004
18 Sep
'04
2 a.m.
Dear Users
i have Fedora Core 1 intalled with a SER 8.0.14 working fine with
accounting and autentification with MySql,
but i 've been tried to configure with FreeRadius and RadiusClient 4.3 and
the next Error appears
When i configure all like Ser_Radius like this
/etc/raddb Dir
****************** file
dictioary************************************************************
$INCLUDE /usr/share/freeradius/dictionary
$INCLUDE /usr/local/etc/radiusclient/dictionary.ser ### the dictionary
thet cames with the source in ser_8.0.14
****************** File
users************************************************
test Auth-Type := Digest, User-Password == "test"
Reply-Message = "Hello, test with digest"
******************* File Clients.conf******************************
client 127.0.0.1 {
#
# The shared secret use to "encrypt" and "sign" packets between
# the NAS and FreeRADIUS. You MUST change this secret from the
# default, otherwise it's not a secret any more!
#
# The secret can be any string, up to 32 characters in length.
#
secret = xxxx
#
# The short name is used as an alias for the fully qualified
# domain name, or the IP address.
#
shortname = localhost
#
# the following three fields are optional, but may be used by
# checkrad.pl for simultaneous use checks
#
#
# The nastype tells 'checkrad.pl' which NAS-specific method to
# use to query the NAS for simultaneous use.
#
# Permitted NAS types are:
#
# cisco
# computone
# livingston
# max40xx
# multitech
# netserver
# pathras
# patton
# portslave
# tc
# usrhiper
# other # for all other types
#
nastype = other # localhost isn't usually a NAS...
#
# The following two configurations are for future use.
# The 'naspasswd' file is currently used to store the NAS
# login name and password, which is used by checkrad.pl
# when querying the NAS for simultaneous use.
#
# login = !root
# password = someadminpas
}
***********************File Radiusd.conf***********************************
i've been uncoment the line with diget in "Autentication" and
"Authorize"
****************************************************************************
****
And i've been included the dictionary.ser in
/usr/local/etc/radiusclient/dictionary
so when i make a test like the ser_radius.txt
radclient -f digest localhost auth xxxxx
in the radius log apears :
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=138,
length=140
User-Name = "test"
Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7"
Digest-Attributes = "\001\013testrealm"
Digest-Attributes = "\002\n1234abcd"
Digest-Attributes = "\003\010INVITE"
Digest-Attributes = "\004\034sip:5555551212@example.com"
Digest-Attributes = "\006\005MD5"
Digest-Attributes = "\n\006test"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
rlm_eap: EAP-Message not found
modcall[authorize]: module "eap" returns noop
rlm_digest: Converting Digest-Attributes to something sane...
Digest-Realm = "testrealm"
Digest-Nonce = "1234abcd"
Digest-Method = "INVITE"
Digest-URI = "sip:5555551212@example.com"
Digest-Algorithm = "MD5"
Digest-User-Name = "test"
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type DIGEST
auth: type "digest"
modcall: entering group authenticate
rlm_digest: Configuration item "User-Password" is required for
authentication. ##############this is my problem..................
modcall[authenticate]: module "digest" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 138 to 127.0.0.1:32769
Waking up in 4 seconds...
****************************************************************************
******************
then if i change the dictionary.ser for dictionary.sip that comes with the
source in radiusClient4.3.................the test works well.......
but if i try to autenticate an UA like a ATA-186, the same message appears
rlm_digest: Configuration item "User-Password" is required for
authentication. ##############this is my problem..................
Best Regards
Gustaf
24 Sep
24 Sep
1:25 a.m.
I also have a similar problem.
------------------------------------------------------
rlm_realm: Looking up realm "10.10.50.52" for User-Name =
"test(a)10.10.50.52"
rlm_realm: Found realm "DEFAULT"
rlm_realm: Adding Stripped-User-Name = "test"
rlm_realm: Proxying request from user test to realm DEFAULT
rlm_realm: Adding Realm = "DEFAULT"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 52
modcall[authorize]: module "files" returns notfound for request 52
modcall[authorize]: module "mschap" returns noop for request 52
modcall: group authorize returns ok for request 52
rad_check_password: Found Auth-Type Digest
auth: type "digest"
modcall: entering group authenticate for request 52
A1 = test:10.10.50.52:test
A2 = REGISTER:sip:10.10.50.52
KD =
4d384009e03edfce7bab0866e13fab7f:41533f845abad13f73f097a45a6abbf301a9f2ff:87ed77f9f0c3af1df63cd35c7ccd110c
modcall[authenticate]: module "digest" returns ok for request 52
modcall: group authenticate returns ok for request 52
Login OK: [test(a)10.10.50.52/<no User-Password attribute>] (from client
localhost port 5060)
Sending Access-Accept of id 75 to 127.0.0.1:38542
--------------
Even though it says "Login OK" it's not..it just keeps doing this over
and over again. I can't figure out why it's saying "no User-Password
attribute" I've gone over the steps in the radius guide numerous times.
I'm stuck.
- Darren
On Fri, 2004-09-17 at 15:00, Gustavo Villegas wrote:
Dear Users
i have Fedora Core 1 intalled with a SER 8.0.14 working fine with
accounting and autentification with MySql,
but i 've been tried to configure with FreeRadius and RadiusClient 4.3 and
the next Error appears
When i configure all like Ser_Radius like this
/etc/raddb Dir
****************** file
dictioary************************************************************
$INCLUDE /usr/share/freeradius/dictionary
$INCLUDE /usr/local/etc/radiusclient/dictionary.ser ### the dictionary
thet cames with the source in ser_8.0.14
****************** File
users************************************************
test Auth-Type := Digest, User-Password == "test"
Reply-Message = "Hello, test with digest"
******************* File Clients.conf******************************
client 127.0.0.1 {
#
# The shared secret use to "encrypt" and "sign" packets between
# the NAS and FreeRADIUS. You MUST change this secret from the
# default, otherwise it's not a secret any more!
#
# The secret can be any string, up to 32 characters in length.
#
secret = xxxx
#
# The short name is used as an alias for the fully qualified
# domain name, or the IP address.
#
shortname = localhost
#
# the following three fields are optional, but may be used by
# checkrad.pl for simultaneous use checks
#
#
# The nastype tells 'checkrad.pl' which NAS-specific method to
# use to query the NAS for simultaneous use.
#
# Permitted NAS types are:
#
# cisco
# computone
# livingston
# max40xx
# multitech
# netserver
# pathras
# patton
# portslave
# tc
# usrhiper
# other # for all other types
#
nastype = other # localhost isn't usually a NAS...
#
# The following two configurations are for future use.
# The 'naspasswd' file is currently used to store the NAS
# login name and password, which is used by checkrad.pl
# when querying the NAS for simultaneous use.
#
# login = !root
# password = someadminpas
}
***********************File Radiusd.conf***********************************
i've been uncoment the line with diget in "Autentication" and
"Authorize"
****************************************************************************
****
And i've been included the dictionary.ser in
/usr/local/etc/radiusclient/dictionary
so when i make a test like the ser_radius.txt
radclient -f digest localhost auth xxxxx
in the radius log apears :
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=138,
length=140
User-Name = "test"
Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7"
Digest-Attributes = "\001\013testrealm"
Digest-Attributes = "\002\n1234abcd"
Digest-Attributes = "\003\010INVITE"
Digest-Attributes = "\004\034sip:5555551212@example.com"
Digest-Attributes = "\006\005MD5"
Digest-Attributes = "\n\006test"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
rlm_eap: EAP-Message not found
modcall[authorize]: module "eap" returns noop
rlm_digest: Converting Digest-Attributes to something sane...
Digest-Realm = "testrealm"
Digest-Nonce = "1234abcd"
Digest-Method = "INVITE"
Digest-URI = "sip:5555551212@example.com"
Digest-Algorithm = "MD5"
Digest-User-Name = "test"
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type DIGEST
auth: type "digest"
modcall: entering group authenticate
rlm_digest: Configuration item "User-Password" is required for
authentication. ##############this is my problem..................
modcall[authenticate]: module "digest" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 138 to 127.0.0.1:32769
Waking up in 4 seconds...
****************************************************************************
******************
then if i change the dictionary.ser for dictionary.sip that comes with the
source in radiusClient4.3.................the test works well.......
but if i try to autenticate an UA like a ATA-186, the same message appears
rlm_digest: Configuration item "User-Password" is required for
authentication. ##############this is my problem..................
Best Regards
Gustaf
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
1:37 a.m.
New subject: [Serusers] problem with radius autentifacation
I also have a similar problem.
------------------------------------------------------
rlm_realm: Looking up realm "10.10.50.52" for User-Name =
"test(a)10.10.50.52"
rlm_realm: Found realm "DEFAULT"
rlm_realm: Adding Stripped-User-Name = "test"
rlm_realm: Proxying request from user test to realm DEFAULT
rlm_realm: Adding Realm = "DEFAULT"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 52
modcall[authorize]: module "files" returns notfound for request 52
modcall[authorize]: module "mschap" returns noop for request 52
modcall: group authorize returns ok for request 52
rad_check_password: Found Auth-Type Digest
auth: type "digest"
modcall: entering group authenticate for request 52
A1 = test:10.10.50.52:test
A2 = REGISTER:sip:10.10.50.52
KD =
4d384009e03edfce7bab0866e13fab7f:41533f845abad13f73f097a45a6abbf301a9f2ff:87ed77f9f0c3af1df63cd35c7ccd110c
modcall[authenticate]: module "digest" returns ok for request 52
modcall: group authenticate returns ok for request 52
Login OK: [test(a)10.10.50.52/<no User-Password attribute>] (from client
localhost port 5060)
Sending Access-Accept of id 75 to 127.0.0.1:38542
--------------
Even though it says "Login OK" it's not..it just keeps doing this over
and over again. I can't figure out why it's saying "no User-Password
attribute" I've gone over the steps in the radius guide numerous times.
I'm stuck.
- Darren
On Fri, 2004-09-17 at 15:00, Gustavo Villegas wrote:
> Dear Users
> i have Fedora Core 1 intalled with a SER 8.0.14 working fine with
> accounting and autentification with MySql,
> but i 've been tried to configure with FreeRadius and RadiusClient 4.3
> and
> the next Error appears
>
> When i configure all like Ser_Radius like this
>
> /etc/raddb Dir
>
> ****************** file
> dictioary************************************************************
> $INCLUDE /usr/share/freeradius/dictionary
> $INCLUDE /usr/local/etc/radiusclient/dictionary.ser ### the
> dictionary
> thet cames with the source in ser_8.0.14
>
> ****************** File
> users************************************************
>
> test Auth-Type := Digest, User-Password == "test"
> Reply-Message = "Hello, test with digest"
>
> ******************* File Clients.conf******************************
>
> client 127.0.0.1 {
> #
> # The shared secret use to "encrypt" and "sign" packets
between
> # the NAS and FreeRADIUS. You MUST change this secret from the
> # default, otherwise it's not a secret any more!
> #
> # The secret can be any string, up to 32 characters in length.
> #
> secret = xxxx
>
> #
> # The short name is used as an alias for the fully qualified
> # domain name, or the IP address.
> #
> shortname = localhost
>
> #
> # the following three fields are optional, but may be used by
> # checkrad.pl for simultaneous use checks
> #
>
> #
> # The nastype tells 'checkrad.pl' which NAS-specific method to
> # use to query the NAS for simultaneous use.
> #
> # Permitted NAS types are:
> #
> # cisco
> # computone
> # livingston
> # max40xx
> # multitech
> # netserver
> # pathras
> # patton
> # portslave
> # tc
> # usrhiper
> # other # for all other types
>
> #
> nastype = other # localhost isn't usually a NAS...
>
> #
> # The following two configurations are for future use.
> # The 'naspasswd' file is currently used to store the NAS
> # login name and password, which is used by checkrad.pl
> # when querying the NAS for simultaneous use.
> #
> # login = !root
> # password = someadminpas
> }
> ***********************File
> Radiusd.conf***********************************
>
> i've been uncoment the line with diget in "Autentication" and
> "Authorize"
>
> ****************************************************************************
> ****
>
> And i've been included the dictionary.ser in
> /usr/local/etc/radiusclient/dictionary
> so when i make a test like the ser_radius.txt
> radclient -f digest localhost auth xxxxx
>
>
> in the radius log apears :
>
> rad_recv: Access-Request packet from host 127.0.0.1:32769, id=138,
> length=140
> User-Name = "test"
> Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7"
> Digest-Attributes = "\001\013testrealm"
> Digest-Attributes = "\002\n1234abcd"
> Digest-Attributes = "\003\010INVITE"
> Digest-Attributes = "\004\034sip:5555551212@example.com"
> Digest-Attributes = "\006\005MD5"
> Digest-Attributes = "\n\006test"
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> modcall[authorize]: module "chap" returns noop
> rlm_eap: EAP-Message not found
> modcall[authorize]: module "eap" returns noop
> rlm_digest: Converting Digest-Attributes to something sane...
> Digest-Realm = "testrealm"
> Digest-Nonce = "1234abcd"
> Digest-Method = "INVITE"
> Digest-URI = "sip:5555551212@example.com"
> Digest-Algorithm = "MD5"
> Digest-User-Name = "test"
> rlm_digest: Adding Auth-Type = DIGEST
> modcall[authorize]: module "digest" returns ok
> rlm_realm: No '@' in User-Name = "test", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop
> users: Matched DEFAULT at 152
> modcall[authorize]: module "files" returns ok
> modcall[authorize]: module "mschap" returns noop
> modcall: group authorize returns ok
> rad_check_password: Found Auth-Type DIGEST
> auth: type "digest"
> modcall: entering group authenticate
> rlm_digest: Configuration item "User-Password" is required for
> authentication. ##############this is my problem..................
> modcall[authenticate]: module "digest" returns invalid
> modcall: group authenticate returns invalid
> auth: Failed to validate the user.
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 138 to 127.0.0.1:32769
> Waking up in 4 seconds...
>
>
> ****************************************************************************
> ******************
> then if i change the dictionary.ser for dictionary.sip that comes with
> the
> source in radiusClient4.3.................the test works well.......
> but if i try to autenticate an UA like a ATA-186, the same message
> appears
>
> rlm_digest: Configuration item "User-Password" is required for
> authentication. ##############this is my problem..................
>
>
>
> Best Regards
>
> Gustaf
>
>
Have you tried to put User-Password := "test" instead User-Password ==
"test" ?
1:39 a.m.
New subject: [Serusers] problem with radius autentifacation
I also have a similar problem.
------------------------------------------------------
rlm_realm: Looking up realm "10.10.50.52" for User-Name =
"test(a)10.10.50.52"
rlm_realm: Found realm "DEFAULT"
rlm_realm: Adding Stripped-User-Name = "test"
rlm_realm: Proxying request from user test to realm DEFAULT
rlm_realm: Adding Realm = "DEFAULT"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 52
modcall[authorize]: module "files" returns notfound for request 52
modcall[authorize]: module "mschap" returns noop for request 52
modcall: group authorize returns ok for request 52
rad_check_password: Found Auth-Type Digest
auth: type "digest"
modcall: entering group authenticate for request 52
A1 = test:10.10.50.52:test
A2 = REGISTER:sip:10.10.50.52
KD =
4d384009e03edfce7bab0866e13fab7f:41533f845abad13f73f097a45a6abbf301a9f2ff:87ed77f9f0c3af1df63cd35c7ccd110c
modcall[authenticate]: module "digest" returns ok for request 52
modcall: group authenticate returns ok for request 52
Login OK: [test(a)10.10.50.52/<no User-Password attribute>] (from client
localhost port 5060)
Sending Access-Accept of id 75 to 127.0.0.1:38542
--------------
Even though it says "Login OK" it's not..it just keeps doing this over
and over again. I can't figure out why it's saying "no User-Password
attribute" I've gone over the steps in the radius guide numerous times.
I'm stuck.
- Darren
On Fri, 2004-09-17 at 15:00, Gustavo Villegas wrote:
> Dear Users
> i have Fedora Core 1 intalled with a SER 8.0.14 working fine with
> accounting and autentification with MySql,
> but i 've been tried to configure with FreeRadius and RadiusClient 4.3
> and
> the next Error appears
>
> When i configure all like Ser_Radius like this
>
> /etc/raddb Dir
>
> ****************** file
> dictioary************************************************************
> $INCLUDE /usr/share/freeradius/dictionary
> $INCLUDE /usr/local/etc/radiusclient/dictionary.ser ### the
> dictionary
> thet cames with the source in ser_8.0.14
>
> ****************** File
> users************************************************
>
> test Auth-Type := Digest, User-Password == "test"
> Reply-Message = "Hello, test with digest"
>
> ******************* File Clients.conf******************************
>
> client 127.0.0.1 {
> #
> # The shared secret use to "encrypt" and "sign" packets
between
> # the NAS and FreeRADIUS. You MUST change this secret from the
> # default, otherwise it's not a secret any more!
> #
> # The secret can be any string, up to 32 characters in length.
> #
> secret = xxxx
>
> #
> # The short name is used as an alias for the fully qualified
> # domain name, or the IP address.
> #
> shortname = localhost
>
> #
> # the following three fields are optional, but may be used by
> # checkrad.pl for simultaneous use checks
> #
>
> #
> # The nastype tells 'checkrad.pl' which NAS-specific method to
> # use to query the NAS for simultaneous use.
> #
> # Permitted NAS types are:
> #
> # cisco
> # computone
> # livingston
> # max40xx
> # multitech
> # netserver
> # pathras
> # patton
> # portslave
> # tc
> # usrhiper
> # other # for all other types
>
> #
> nastype = other # localhost isn't usually a NAS...
>
> #
> # The following two configurations are for future use.
> # The 'naspasswd' file is currently used to store the NAS
> # login name and password, which is used by checkrad.pl
> # when querying the NAS for simultaneous use.
> #
> # login = !root
> # password = someadminpas
> }
> ***********************File
> Radiusd.conf***********************************
>
> i've been uncoment the line with diget in "Autentication" and
> "Authorize"
>
> ****************************************************************************
> ****
>
> And i've been included the dictionary.ser in
> /usr/local/etc/radiusclient/dictionary
> so when i make a test like the ser_radius.txt
> radclient -f digest localhost auth xxxxx
>
>
> in the radius log apears :
>
> rad_recv: Access-Request packet from host 127.0.0.1:32769, id=138,
> length=140
> User-Name = "test"
> Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7"
> Digest-Attributes = "\001\013testrealm"
> Digest-Attributes = "\002\n1234abcd"
> Digest-Attributes = "\003\010INVITE"
> Digest-Attributes = "\004\034sip:5555551212@example.com"
> Digest-Attributes = "\006\005MD5"
> Digest-Attributes = "\n\006test"
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> modcall[authorize]: module "chap" returns noop
> rlm_eap: EAP-Message not found
> modcall[authorize]: module "eap" returns noop
> rlm_digest: Converting Digest-Attributes to something sane...
> Digest-Realm = "testrealm"
> Digest-Nonce = "1234abcd"
> Digest-Method = "INVITE"
> Digest-URI = "sip:5555551212@example.com"
> Digest-Algorithm = "MD5"
> Digest-User-Name = "test"
> rlm_digest: Adding Auth-Type = DIGEST
> modcall[authorize]: module "digest" returns ok
> rlm_realm: No '@' in User-Name = "test", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop
> users: Matched DEFAULT at 152
> modcall[authorize]: module "files" returns ok
> modcall[authorize]: module "mschap" returns noop
> modcall: group authorize returns ok
> rad_check_password: Found Auth-Type DIGEST
> auth: type "digest"
> modcall: entering group authenticate
> rlm_digest: Configuration item "User-Password" is required for
> authentication. ##############this is my problem..................
> modcall[authenticate]: module "digest" returns invalid
> modcall: group authenticate returns invalid
> auth: Failed to validate the user.
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 138 to 127.0.0.1:32769
> Waking up in 4 seconds...
>
>
> ****************************************************************************
> ******************
> then if i change the dictionary.ser for dictionary.sip that comes with
> the
> source in radiusClient4.3.................the test works well.......
> but if i try to autenticate an UA like a ATA-186, the same message
> appears
>
> rlm_digest: Configuration item "User-Password" is required for
> authentication. ##############this is my problem..................
>
>
>
> Best Regards
>
> Gustaf
>
Have you tried to put User-Password := "test" instead of User-Password ==
"test" ?
1:57 a.m.
New subject: [Serusers] problem with radius autentifacation
On Thu, 2004-09-23 at 14:39, mike(a)yes.net.ua wrote:
Just tried that, no luck. I'm using MySQL for the radius backend.
Here's my tables:
radcheck:
UserName: test(a)10.10.50.52
Attribute: User-Password
op: ==
Value: test
radgroupcheck:
GroupName: phone
Attribute: Auth-Type
op: :=
Value: Digest
usergroup:
UserName: test(a)10.10.50.52
GroupName: phone
So does it that look ok?
Thanks,
- Darren
I also have a
similar problem.
------------------------------------------------------
rlm_realm: Looking up realm "10.10.50.52" for User-Name =
"test(a)10.10.50.52"
rlm_realm: Found realm "DEFAULT"
rlm_realm: Adding Stripped-User-Name = "test"
rlm_realm: Proxying request from user test to realm DEFAULT
rlm_realm: Adding Realm = "DEFAULT"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 52
modcall[authorize]: module "files" returns notfound for request 52
modcall[authorize]: module "mschap" returns noop for request 52
modcall: group authorize returns ok for request 52
rad_check_password: Found Auth-Type Digest
auth: type "digest"
modcall: entering group authenticate for request 52
A1 = test:10.10.50.52:test
A2 = REGISTER:sip:10.10.50.52
KD =
4d384009e03edfce7bab0866e13fab7f:41533f845abad13f73f097a45a6abbf301a9f2ff:87ed77f9f0c3af1df63cd35c7ccd110c
modcall[authenticate]: module "digest" returns ok for request 52
modcall: group authenticate returns ok for request 52
Login OK: [test(a)10.10.50.52/<no User-Password attribute>] (from client
localhost port 5060)
Sending Access-Accept of id 75 to 127.0.0.1:38542
--------------
Even though it says "Login OK" it's not..it just keeps doing this over
and over again. I can't figure out why it's saying "no User-Password
attribute" I've gone over the steps in the radius guide numerous times.
I'm stuck.
- Darren
On Fri, 2004-09-17 at 15:00, Gustavo Villegas wrote:
> Dear Users
> i have Fedora Core 1 intalled with a SER 8.0.14 working fine with
> accounting and autentification with MySql,
> but i 've been tried to configure with FreeRadius and RadiusClient 4.3
> and
> the next Error appears
>
> When i configure all like Ser_Radius like this
>
> /etc/raddb Dir
>
> ****************** file
> dictioary************************************************************
> $INCLUDE /usr/share/freeradius/dictionary
> $INCLUDE /usr/local/etc/radiusclient/dictionary.ser ### the
> dictionary
> thet cames with the source in ser_8.0.14
>
> ****************** File
> users************************************************
>
> test Auth-Type := Digest, User-Password == "test"
> Reply-Message = "Hello, test with digest"
>
> ******************* File Clients.conf******************************
>
> client 127.0.0.1 {
> #
> # The shared secret use to "encrypt" and "sign" packets
between
> # the NAS and FreeRADIUS. You MUST change this secret from the
> # default, otherwise it's not a secret any more!
> #
> # The secret can be any string, up to 32 characters in length.
> #
> secret = xxxx
>
> #
> # The short name is used as an alias for the fully qualified
> # domain name, or the IP address.
> #
> shortname = localhost
>
> #
> # the following three fields are optional, but may be used by
> # checkrad.pl for simultaneous use checks
> #
>
> #
> # The nastype tells 'checkrad.pl' which NAS-specific method to
> # use to query the NAS for simultaneous use.
> #
> # Permitted NAS types are:
> #
> # cisco
> # computone
> # livingston
> # max40xx
> # multitech
> # netserver
> # pathras
> # patton
> # portslave
> # tc
> # usrhiper
> # other # for all other types
>
> #
> nastype = other # localhost isn't usually a NAS...
>
> #
> # The following two configurations are for future use.
> # The 'naspasswd' file is currently used to store the NAS
> # login name and password, which is used by checkrad.pl
> # when querying the NAS for simultaneous use.
> #
> # login = !root
> # password = someadminpas
> }
> ***********************File
> Radiusd.conf***********************************
>
> i've been uncoment the line with diget in "Autentication" and
> "Authorize"
>
> ****************************************************************************
> ****
>
> And i've been included the dictionary.ser in
> /usr/local/etc/radiusclient/dictionary
> so when i make a test like the ser_radius.txt
> radclient -f digest localhost auth xxxxx
>
>
> in the radius log apears :
>
> rad_recv: Access-Request packet from host 127.0.0.1:32769, id=138,
> length=140
> User-Name = "test"
> Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7"
> Digest-Attributes = "\001\013testrealm"
> Digest-Attributes = "\002\n1234abcd"
> Digest-Attributes = "\003\010INVITE"
> Digest-Attributes = "\004\034sip:5555551212@example.com"
> Digest-Attributes = "\006\005MD5"
> Digest-Attributes = "\n\006test"
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> modcall[authorize]: module "chap" returns noop
> rlm_eap: EAP-Message not found
> modcall[authorize]: module "eap" returns noop
> rlm_digest: Converting Digest-Attributes to something sane...
> Digest-Realm = "testrealm"
> Digest-Nonce = "1234abcd"
> Digest-Method = "INVITE"
> Digest-URI = "sip:5555551212@example.com"
> Digest-Algorithm = "MD5"
> Digest-User-Name = "test"
> rlm_digest: Adding Auth-Type = DIGEST
> modcall[authorize]: module "digest" returns ok
> rlm_realm: No '@' in User-Name = "test", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop
> users: Matched DEFAULT at 152
> modcall[authorize]: module "files" returns ok
> modcall[authorize]: module "mschap" returns noop
> modcall: group authorize returns ok
> rad_check_password: Found Auth-Type DIGEST
> auth: type "digest"
> modcall: entering group authenticate
> rlm_digest: Configuration item "User-Password" is required for
> authentication. ##############this is my problem..................
> modcall[authenticate]: module "digest" returns invalid
> modcall: group authenticate returns invalid
> auth: Failed to validate the user.
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 138 to 127.0.0.1:32769
> Waking up in 4 seconds...
>
>
> ****************************************************************************
> ******************
> then if i change the dictionary.ser for dictionary.sip that comes with
> the
> source in radiusClient4.3.................the test works well.......
> but if i try to autenticate an UA like a ATA-186, the same message
> appears
>
> rlm_digest: Configuration item "User-Password" is required for
> authentication. ##############this is my problem..................
>
>
>
> Best Regards
>
> Gustaf
>
Have you tried to put User-Password := "test" instead of User-Password ==
"test" ?
7355
days inactive
7361
days old
4 comments
3 participants
participants (3)
-
Darren Bentley -
Gustavo Villegas -
mike@yes.net.ua