30 May
2007
30 May
'07
10:15 a.m.
Hi All,
I'm configuring radius support on openser using
radiusclient-ng-0.5.5.1.tar.gz,and the radius server is Lucent AAA
server,everytime openser sent the request to AAA server,the AAA server could
not parse the request,the logs on AAA server is as below.I noticed that the
the server said it was "Unsupported algorithm",and the algorithm was
null,I'm wandering what kind of algorithm does radiusclient-ng use?MD5 or
HA1......... Please help ! Thanks in advance.
~~~~~~~~~~~~~~~~~~~~~~~
2007/05/29 16:51:45.685 <engine.item.setup> Initializing Radius Item:
192.168.1.42:33345->0.0.0.0:1812(77)
0 <engine.item.setup> Using dictionary: draft-sterman-aaa-sip-01
0 <engine.item.setup> Request decode:
User-Name = "21230001(a)192.168.1.42"
Digest-Attributes =
User-Name = "21230001"
Digest-Attributes =
Realm = "192.168.1.42"
Digest-Attributes =
Nonce = "465c49b766fa11f4a9db29977bf16857d3372780"
Digest-Attributes =
URI = "sip:192.168.1.42"
Digest-Attributes =
Method = "REGISTER"
Digest-Response = "689a0f89cd73751f61b12d04f585a224"
Service-Type = IAPP-Register
Anonymous = v0-a208-3231323330303031
NAS-Port = 5060
NAS-IP-Address = 192.168.1.42
0 <engine.item.setup> User-Name parsed: Base-User-Name =
"21230001",
User-Realm = "192.168.1.42"
0 <engine.item.setup> Item setup complete
0 <engine.worker.1> <setup> ==> ReadUserFile.auth:readUserFile
0 <plugin.ReadUserFile.auth:readUserFile> searchValue = '
21230001(a)192.168.1.42'#39;.
0 <plugin.ReadUserFile.auth:readUserFile> Found entry:
21230001(a)192.168.1.42
0 <plugin.ReadUserFile.auth:readUserFile> Check items for found entry:
User-Password = <hidden>
Auth-Type = Local
0 <plugin.ReadUserFile.auth:readUserFile> Reply items for found entry:
0 <plugin.ReadUserFile.auth:readUserFile> SUCCESS -- Read User
21230001(a)192.168.1.42
0 <engine.worker.1> ReadUserFile.auth:readUserFile ==>
AuthHttpDigest.auth:checkDigest by SUCCESS -- Read User
21230001(a)192.168.1.42
0 <plugin.AuthHttpDigest.auth:checkDigest> response =
689a0f89cd73751f61b12d04f585a224
0 <plugin.AuthHttpDigest.auth:checkDigest> realm = 192.168.1.42
0 <plugin.AuthHttpDigest.auth:checkDigest> nonce =
465c49b766fa11f4a9db29977bf16857d3372780
0 <plugin.AuthHttpDigest.auth:checkDigest> method = REGISTER
0 <plugin.AuthHttpDigest.auth:checkDigest> uri = sip:192.168.1.42
0 <plugin.AuthHttpDigest.auth:checkDigest> qop =
0 <plugin.AuthHttpDigest.auth:checkDigest> algorithm =
0 <plugin.AuthHttpDigest.auth:checkDigest> entityBodyHash =
0 <plugin.AuthHttpDigest.auth:checkDigest> cNonce =
0 <plugin.AuthHttpDigest.auth:checkDigest> nonceCount =
0 <plugin.AuthHttpDigest.auth:checkDigest> username = 21230001
0 <plugin.AuthHttpDigest.auth:checkDigest> ERROR -- Error generating
HTTP digest: java.io.IOException: Unsupported algorithm: :
java.io.IOException: Unsupported algorithm:
1 <engine.worker.1> AuthHttpDigest.auth:checkDigest ==> End-Of-Methods
by ERROR -- Error generating HTTP digest: java.io.IOException: Unsupported
algorithm:
1 <engine.worker.1> 21230001(a)192.168.1.42 login discarded due to Error
generating HTTP digest: java.io.IOException: Unsupported algorithm:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
30 May
30 May
11:07 a.m.
Hello,
the algorithm for authentication is www digest (or http digest --
rfc2617). The password has to be stored either plain text or HA1 format
(see the rfc for how to get the HA1). This auth algorithm uses md5 to
compute the response and decide whether auth was successful or not.
Cheers,
Daniel
On 05/30/07 17:15, Jason Ma wrote:
Hi All,
I'm configuring radius support on openser using
radiusclient-ng-0.5.5.1.tar.gz,and the radius server is Lucent AAA
server,everytime openser sent the request to AAA server,the AAA server
could not parse the request,the logs on AAA server is as below.I
noticed that the the server said it was "Unsupported algorithm",and
the algorithm was null,I'm wandering what kind of algorithm does
radiusclient-ng use?MD5 or HA1......... Please help ! Thanks in advance.
~~~~~~~~~~~~~~~~~~~~~~~
2007/05/29 16:51:45.685 <engine.item.setup> Initializing Radius Item:
192.168.1.42:33345->0.0.0.0:1812(77)
0 <engine.item.setup> Using dictionary: draft-sterman-aaa-sip-01
0 <engine.item.setup> Request decode:
User-Name = "21230001(a)192.168.1.42
<mailto:21230001@192.168.1.42>"
Digest-Attributes =
User-Name = "21230001"
Digest-Attributes =
Realm = "192.168.1.42 <http://192.168.1.42>"
Digest-Attributes =
Nonce = "465c49b766fa11f4a9db29977bf16857d3372780"
Digest-Attributes =
URI = "sip:192.168.1.42 <http://192.168.1.42>"
Digest-Attributes =
Method = "REGISTER"
Digest-Response = "689a0f89cd73751f61b12d04f585a224"
Service-Type = IAPP-Register
Anonymous = v0-a208-3231323330303031
NAS-Port = 5060
NAS-IP-Address = 192.168.1.42 <http://192.168.1.42>
0 <engine.item.setup > User-Name parsed: Base-User-Name =
"21230001", User-Realm = "192.168.1.42 <http://192.168.1.42>"
0 <engine.item.setup> Item setup complete
0 <engine.worker.1 > <setup> ==> ReadUserFile.auth:readUserFile
0 <plugin.ReadUserFile.auth:readUserFile> searchValue =
'21230001(a)192.168.1.42 <mailto:21230001@192.168.1.42>'.
0 <plugin.ReadUserFile.auth:readUserFile > Found entry:
21230001(a)192.168.1.42 <mailto:21230001@192.168.1.42>
0 <plugin.ReadUserFile.auth:readUserFile> Check items for found
entry:
User-Password = <hidden>
Auth-Type = Local
0 <plugin.ReadUserFile.auth:readUserFile> Reply items for found
entry:
0 <plugin.ReadUserFile.auth:readUserFile> SUCCESS -- Read User
21230001(a)192.168.1.42 <mailto:21230001@192.168.1.42>
0 <engine.worker.1> ReadUserFile.auth:readUserFile ==>
AuthHttpDigest.auth:checkDigest by SUCCESS -- Read User
21230001(a)192.168.1.42 <mailto:21230001@192.168.1.42>
0 <plugin.AuthHttpDigest.auth:checkDigest > response =
689a0f89cd73751f61b12d04f585a224
0 <plugin.AuthHttpDigest.auth:checkDigest> realm = 192.168.1.42
<http://192.168.1.42>
0 <plugin.AuthHttpDigest.auth:checkDigest> nonce =
465c49b766fa11f4a9db29977bf16857d3372780
0 <plugin.AuthHttpDigest.auth:checkDigest> method = REGISTER
0 <plugin.AuthHttpDigest.auth:checkDigest> uri =
sip:192.168.1.42 <http://192.168.1.42>
0 <plugin.AuthHttpDigest.auth:checkDigest > qop =
0 <plugin.AuthHttpDigest.auth:checkDigest> algorithm =
0 <plugin.AuthHttpDigest.auth:checkDigest> entityBodyHash =
0 <plugin.AuthHttpDigest.auth:checkDigest> cNonce =
0 <plugin.AuthHttpDigest.auth:checkDigest> nonceCount =
0 <plugin.AuthHttpDigest.auth:checkDigest> username = 21230001
0 <plugin.AuthHttpDigest.auth:checkDigest> ERROR -- Error
generating HTTP digest: java.io.IOException: Unsupported algorithm: :
java.io.IOException: Unsupported algorithm:
1 <engine.worker.1> AuthHttpDigest.auth:checkDigest ==>
End-Of-Methods by ERROR -- Error generating HTTP digest:
java.io.IOException: Unsupported algorithm:
1 <engine.worker.1> 21230001(a)192.168.1.42
<mailto:21230001@192.168.1.42> login discarded due to Error generating
HTTP digest: java.io.IOException: Unsupported algorithm:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
11:56 a.m.
Hi Daniel,
Thanks for your reply,a quick question,how can I trace or check whether my
radiusclient-ng sent the right information and algorithm to AAA server?Is
the information below in the log conrrect for radius server to parse?Thanks
a lot.
On 5/30/07, Daniel-Constantin Mierla <daniel(a)voice-system.ro> wrote:
Hello,
the algorithm for authentication is www digest (or http digest --
rfc2617). The password has to be stored either plain text or HA1 format
(see the rfc for how to get the HA1). This auth algorithm uses md5 to
compute the response and decide whether auth was successful or not.
Cheers,
Daniel
On 05/30/07 17:15, Jason Ma wrote:
Hi All,
I'm configuring radius support on openser using
radiusclient-ng-0.5.5.1.tar.gz,and the radius server is Lucent AAA
server,everytime openser sent the request to AAA server,the AAA server
could not parse the request,the logs on AAA server is as below.I
noticed that the the server said it was "Unsupported algorithm",and
the algorithm was null,I'm wandering what kind of algorithm does
radiusclient-ng use?MD5 or HA1......... Please help ! Thanks in advance.
~~~~~~~~~~~~~~~~~~~~~~~
2007/05/29 16:51:45.685 <engine.item.setup> Initializing Radius Item:
192.168.1.42:33345->0.0.0.0:1812(77)
0 <engine.item.setup> Using dictionary: draft-sterman-aaa-sip-01
0 <engine.item.setup> Request decode:
User-Name = "21230001(a)192.168.1.42 <mailto:21230001@192.168.1.42
"
Digest-Attributes =
User-Name = "21230001"
Digest-Attributes =
Realm = "192.168.1.42 <http://192.168.1.42>"
Digest-Attributes =
Nonce = "465c49b766fa11f4a9db29977bf16857d3372780"
Digest-Attributes =
URI = "sip:192.168.1.42 <http://192.168.1.42>"
Digest-Attributes =
Method = "REGISTER"
Digest-Response = "689a0f89cd73751f61b12d04f585a224"
Service-Type = IAPP-Register
Anonymous = v0-a208-3231323330303031
NAS-Port = 5060
NAS-IP-Address = 192.168.1.42 <http://192.168.1.42>
0 <engine.item.setup > User-Name parsed: Base-User-Name =
"21230001", User-Realm = "192.168.1.42 <http://192.168.1.42>"
0 <engine.item.setup> Item setup complete
0 <engine.worker.1 > <setup> ==> ReadUserFile.auth:readUserFile
0 <plugin.ReadUserFile.auth:readUserFile> searchValue =
'21230001(a)192.168.1.42 <mailto:21230001@192.168.1.42>'.
0 <plugin.ReadUserFile.auth:readUserFile > Found entry:
21230001(a)192.168.1.42 <mailto:21230001@192.168.1.42>
0 <plugin.ReadUserFile.auth:readUserFile> Check items for found
entry:
User-Password = <hidden>
Auth-Type = Local
0 <plugin.ReadUserFile.auth:readUserFile> Reply items for found
entry:
0 <plugin.ReadUserFile.auth:readUserFile> SUCCESS -- Read User
21230001(a)192.168.1.42 <mailto:21230001@192.168.1.42>
0 <engine.worker.1> ReadUserFile.auth:readUserFile ==>
AuthHttpDigest.auth:checkDigest by SUCCESS -- Read User
21230001(a)192.168.1.42 <mailto:21230001@192.168.1.42>
0 <plugin.AuthHttpDigest.auth:checkDigest > response =
689a0f89cd73751f61b12d04f585a224
0 <plugin.AuthHttpDigest.auth:checkDigest> realm = 192.168.1.42
<http://192.168.1.42>
0 <plugin.AuthHttpDigest.auth:checkDigest> nonce =
465c49b766fa11f4a9db29977bf16857d3372780
0 <plugin.AuthHttpDigest.auth:checkDigest> method = REGISTER
0 <plugin.AuthHttpDigest.auth:checkDigest> uri =
sip:192.168.1.42 <http://192.168.1.42>
0 <plugin.AuthHttpDigest.auth:checkDigest > qop =
0 <plugin.AuthHttpDigest.auth:checkDigest> algorithm =
0 <plugin.AuthHttpDigest.auth:checkDigest> entityBodyHash =
0 <plugin.AuthHttpDigest.auth:checkDigest> cNonce =
0 <plugin.AuthHttpDigest.auth:checkDigest> nonceCount =
0 <plugin.AuthHttpDigest.auth:checkDigest> username = 21230001
0 <plugin.AuthHttpDigest.auth:checkDigest> ERROR -- Error
generating HTTP digest: java.io.IOException: Unsupported algorithm: :
java.io.IOException: Unsupported algorithm:
1 <engine.worker.1> AuthHttpDigest.auth:checkDigest ==>
End-Of-Methods by ERROR -- Error generating HTTP digest:
java.io.IOException: Unsupported algorithm:
1 <engine.worker.1> 21230001(a)192.168.1.42
<mailto:21230001@192.168.1.42> login discarded due to Error generating
HTTP digest: java.io.IOException: Unsupported algorithm:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
2:59 p.m.
Here is the log on my openser.What is the problem?occured on openser or AAA
server?Thanks a lot.
~~~~~~~~~~~~~~~~~~~~
May 30 09:32:15 openser openser[9161]: [ Method REGISTER from 9.2.243.87
] REGISTER sip:192.168.1.42 SIP/2.0^M Via: SIP/2.0/UDP
9.2.243.87:62670;branch=z9hG4bK-d87543-6e521f158010ff19-1--d87543-;rport^M
Max-Forwards: 70^M Contact:
<sip:21210001@9.2.243.87:62670;rinstance=b18b56e9bba1df1e>^M
To: <sip:21210001@192.168.1.42>^M From:
<sip:21210001@192.168.1.42>;tag=7e7ed574^M
Call-ID: MTJmNmY4MjJlZjdkMzk3ZmMzOWU3MmIyOTg5NTk0ZGM.^M CSeq: 2 REGISTER^M
Expires: 3600^M Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY,
MESSAGE, SUBSCRIBE, INFO^M User-Agent: X-Lite release 1006e stamp 34025^M
Authorization: Digest username="21210001",realm="192.168.1.42
",nonce="465d7e0bc14d2273090b3951280b59a4d2d358dd",uri="sip:192.168.1.42",response="d1d410d0448405e10eb669bd665b2a2d",algorithm=MD5^M
Content-Length: 0^M ^M [ End of Request ]
May 30 09:32:15 openser openser[9161]: parse_headers: flags=100
May 30 09:32:15 openser openser[9161]: DEBUG:maxfwd:is_maxfwd_present: value
= 70
May 30 09:32:15 openser openser[9161]: parse_headers: flags=200
May 30 09:32:15 openser openser[9161]: DEBUG:parse_to:end of header reached,
state=10
May 30 09:32:15 openser openser[9161]: DBUG:parse_to: display={}, ruri={
sip:21210001@192.168.1.42}
May 30 09:32:15 openser openser[9161]: DEBUG: get_hdr_field: <To> [26];
uri=[sip:21210001@192.168.1.42]
May 30 09:32:15 openser openser[9161]: DEBUG: to body [<
sip:21210001@192.168.1.42>^M ]
May 30 09:32:15 openser openser[9161]: get_hdr_field: cseq <CSeq>: <2>
<REGISTER>
May 30 09:32:15 openser openser[9161]: DEBUG: get_hdr_body :
content_length=0
May 30 09:32:15 openser openser[9161]: found end of header
May 30 09:32:15 openser openser[9161]: find_first_route: No Route headers
found
May 30 09:32:15 openser openser[9161]: loose_route: There is no Route HF
May 30 09:32:15 openser openser[9161]: parse_headers: flags=ffffffffffffffff
May 30 09:32:15 openser openser[9161]: check_via_address(9.2.243.87,
9.2.243.87, 0)
May 30 09:32:15 openser openser[9161]: check_nonce(): comparing
[465d7e0bc14d2273090b3951280b59a4d2d358dd] and
[465d7e0bc14d2273090b3951280b59a4d2d358dd]
May 30 09:32:15 openser openser[9161]:
ERROR:auth_radius:radius_authorize_sterman: rc_auth failed
May 30 09:32:15 openser openser[9161]: DEBUG: add_param: tag=7e7ed574
May 30 09:32:15 openser openser[9161]: DEBUG:parse_to:end of header reached,
state=29
May 30 09:32:15 openser openser[9161]: DBUG:parse_to: display={}, ruri={
sip:21210001@192.168.1.42}
May 30 09:32:15 openser openser[9161]: Register authentication failed -
M=REGISTER RURI=sip:192.168.1.42 F=sip:21210001@192.168.1.42 T=
sip:21210001@192.168.1.42
IP=9.2.243.87ID=MTJmNmY4MjJlZjdkMzk3ZmMzOWU3MmIyOTg5NTk0ZGM.
May 30 09:32:15 openser openser[9161]: build_auth_hf(): 'WWW-Authenticate:
Digest realm="192.168.1.42",
nonce="465d7e0bc14d2273090b3951280b59a4d2d358dd"
May 30 09:32:15 openser openser[9161]: parse_headers: flags=ffffffffffffffff
May 30 09:32:15 openser openser[9161]: check_via_address(9.2.243.87,
9.2.243.87, 0)
May 30 09:32:15 openser openser[9161]: DEBUG:destroy_avp_list: destroying
list (nil)
May 30 09:32:15 openser openser[9161]: receive_msg: cleaning up
"/var/log/openser.log" 81830L,
7470638C
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
On 5/30/07, Jason Ma <realmj(a)gmail.com> wrote:
Hi Daniel,
Thanks for your reply,a quick question,how can I trace or check whether my
radiusclient-ng sent the right information and algorithm to AAA server?Is
the information below in the log conrrect for radius server to parse?Thanks
a lot.
On 5/30/07, Daniel-Constantin Mierla < daniel(a)voice-system.ro> wrote:
Hello,
the algorithm for authentication is www digest (or http digest --
rfc2617). The password has to be stored either plain text or HA1 format
(see the rfc for how to get the HA1). This auth algorithm uses md5 to
compute the response and decide whether auth was successful or not.
Cheers,
Daniel
On 05/30/07 17:15, Jason Ma wrote:
Hi All,
I'm configuring radius support on openser using
radiusclient-ng-0.5.5.1.tar.gz,and the radius server is Lucent AAA
server,everytime openser sent the request to AAA server,the AAA server
could not parse the request,the logs on AAA
server is as below.I
noticed that the the server said it was "Unsupported algorithm",and
the algorithm was null,I'm wandering what kind of algorithm does
radiusclient-ng use?MD5 or HA1......... Please help ! Thanks in
advance.
~~~~~~~~~~~~~~~~~~~~~~~
2007/05/29 16:51:45.685 <engine.item.setup> Initializing Radius Item:
192.168.1.42:33345 ->0.0.0.0:1812(77)
0 <engine.item.setup> Using dictionary: draft-sterman-aaa-sip-01
0 <engine.item.setup> Request decode:
User-Name = " 21230001(a)192.168.1.42 <mailto:
21230001(a)192.168.1.42>"
Digest-Attributes =
User-Name = "21230001"
Digest-Attributes =
Realm = "192.168.1.42 <http://192.168.1.42>"
Digest-Attributes =
Nonce = "465c49b766fa11f4a9db29977bf16857d3372780"
Digest-Attributes =
URI = "sip:192.168.1.42 <http://192.168.1.42>"
Digest-Attributes =
Method = "REGISTER"
Digest-Response = "689a0f89cd73751f61b12d04f585a224"
Service-Type = IAPP-Register
Anonymous = v0-a208-3231323330303031
NAS-Port = 5060
NAS-IP-Address = 192.168.1.42 <http://192.168.1.42>
0 <engine.item.setup > User-Name parsed: Base-User-Name =
"21230001", User-Realm = "192.168.1.42 <http://192.168.1.42>"
0 <engine.item.setup> Item setup complete
0 <engine.worker.1 > <setup> ==> ReadUserFile.auth:readUserFile
0 <plugin.ReadUserFile.auth:readUserFile> searchValue =
' 21230001(a)192.168.1.42 <mailto:21230001@192.168.1.42>'.
0 <plugin.ReadUserFile.auth:readUserFile > Found entry:
21230001(a)192.168.1.42 <mailto:21230001@192.168.1.42>
0 <plugin.ReadUserFile.auth:readUserFile> Check items for found
entry:
User-Password = <hidden>
Auth-Type = Local
0 <plugin.ReadUserFile.auth:readUserFile> Reply items for found
entry:
0 <plugin.ReadUserFile.auth:readUserFile> SUCCESS -- Read User
21230001(a)192.168.1.42 <mailto:21230001@192.168.1.42>
0 <engine.worker.1> ReadUserFile.auth:readUserFile ==>
AuthHttpDigest.auth:checkDigest by SUCCESS -- Read User
21230001(a)192.168.1.42 <mailto:21230001@192.168.1.42>
0 <plugin.AuthHttpDigest.auth:checkDigest > response =
689a0f89cd73751f61b12d04f585a224
0 <plugin.AuthHttpDigest.auth:checkDigest> realm = 192.168.1.42
<http://192.168.1.42>
0 <plugin.AuthHttpDigest.auth:checkDigest> nonce =
465c49b766fa11f4a9db29977bf16857d3372780
0 <plugin.AuthHttpDigest.auth:checkDigest > method = REGISTER
0 <plugin.AuthHttpDigest.auth:checkDigest> uri =
sip:192.168.1.42 <http://192.168.1.42>
0 < plugin.AuthHttpDigest.auth:checkDigest > qop =
0 <plugin.AuthHttpDigest.auth:checkDigest> algorithm =
0 <plugin.AuthHttpDigest.auth:checkDigest> entityBodyHash =
0 < plugin.AuthHttpDigest.auth:checkDigest> cNonce =
0 <plugin.AuthHttpDigest.auth:checkDigest> nonceCount =
0 <plugin.AuthHttpDigest.auth:checkDigest> username = 21230001
0 < plugin.AuthHttpDigest.auth:checkDigest> ERROR -- Error
generating HTTP digest: java.io.IOException: Unsupported algorithm: :
java.io.IOException: Unsupported algorithm:
1 <engine.worker.1 > AuthHttpDigest.auth:checkDigest ==>
End-Of-Methods by ERROR -- Error generating HTTP digest:
java.io.IOException: Unsupported algorithm:
1 <engine.worker.1> 21230001(a)192.168.1.42
<mailto:21230001@192.168.1.42> login discarded due to Error generating
HTTP digest: java.io.IOException: Unsupported algorithm:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
6420
days inactive
6420
days old
3 comments
2 participants
participants (2)
-
Daniel-Constantin Mierla -
Jason Ma