Hi All, I'm configuring radius support on openser using radiusclient-ng-0.5.5.1.tar.gz,and the radius server is Lucent AAA server,everytime openser sent the request to AAA server,the AAA server could not parse the request,the logs on AAA server is as below.I noticed that the the server said it was "Unsupported algorithm",and the algorithm was null,I'm wandering what kind of algorithm does radiusclient-ng use?MD5 or HA1......... Please help ! Thanks in advance.
~~~~~~~~~~~~~~~~~~~~~~~ 2007/05/29 16:51:45.685 <engine.item.setup> Initializing Radius Item: 192.168.1.42:33345->0.0.0.0:1812(77) 0 <engine.item.setup> Using dictionary: draft-sterman-aaa-sip-01 0 <engine.item.setup> Request decode: User-Name = "21230001@192.168.1.42" Digest-Attributes = User-Name = "21230001" Digest-Attributes = Realm = "192.168.1.42" Digest-Attributes = Nonce = "465c49b766fa11f4a9db29977bf16857d3372780" Digest-Attributes = URI = "sip:192.168.1.42" Digest-Attributes = Method = "REGISTER" Digest-Response = "689a0f89cd73751f61b12d04f585a224" Service-Type = IAPP-Register Anonymous = v0-a208-3231323330303031 NAS-Port = 5060 NAS-IP-Address = 192.168.1.42
0 <engine.item.setup> User-Name parsed: Base-User-Name = "21230001", User-Realm = "192.168.1.42" 0 <engine.item.setup> Item setup complete 0 <engine.worker.1> <setup> ==> ReadUserFile.auth:readUserFile 0 plugin.ReadUserFile.auth:readUserFile searchValue = ' 21230001@192.168.1.42'. 0 plugin.ReadUserFile.auth:readUserFile Found entry: 21230001@192.168.1.42 0 plugin.ReadUserFile.auth:readUserFile Check items for found entry: User-Password = <hidden> Auth-Type = Local
0 plugin.ReadUserFile.auth:readUserFile Reply items for found entry:
0 plugin.ReadUserFile.auth:readUserFile SUCCESS -- Read User 21230001@192.168.1.42 0 <engine.worker.1> ReadUserFile.auth:readUserFile ==> AuthHttpDigest.auth:checkDigest by SUCCESS -- Read User 21230001@192.168.1.42 0 plugin.AuthHttpDigest.auth:checkDigest response = 689a0f89cd73751f61b12d04f585a224 0 plugin.AuthHttpDigest.auth:checkDigest realm = 192.168.1.42 0 plugin.AuthHttpDigest.auth:checkDigest nonce = 465c49b766fa11f4a9db29977bf16857d3372780 0 plugin.AuthHttpDigest.auth:checkDigest method = REGISTER 0 plugin.AuthHttpDigest.auth:checkDigest uri = sip:192.168.1.42 0 plugin.AuthHttpDigest.auth:checkDigest qop = 0 plugin.AuthHttpDigest.auth:checkDigest algorithm = 0 plugin.AuthHttpDigest.auth:checkDigest entityBodyHash = 0 plugin.AuthHttpDigest.auth:checkDigest cNonce = 0 plugin.AuthHttpDigest.auth:checkDigest nonceCount = 0 plugin.AuthHttpDigest.auth:checkDigest username = 21230001 0 plugin.AuthHttpDigest.auth:checkDigest ERROR -- Error generating HTTP digest: java.io.IOException: Unsupported algorithm: : java.io.IOException: Unsupported algorithm: 1 <engine.worker.1> AuthHttpDigest.auth:checkDigest ==> End-Of-Methods by ERROR -- Error generating HTTP digest: java.io.IOException: Unsupported algorithm: 1 <engine.worker.1> 21230001@192.168.1.42 login discarded due to Error generating HTTP digest: java.io.IOException: Unsupported algorithm: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hello,
the algorithm for authentication is www digest (or http digest -- rfc2617). The password has to be stored either plain text or HA1 format (see the rfc for how to get the HA1). This auth algorithm uses md5 to compute the response and decide whether auth was successful or not.
Cheers, Daniel
On 05/30/07 17:15, Jason Ma wrote:
Hi All, I'm configuring radius support on openser using radiusclient-ng-0.5.5.1.tar.gz,and the radius server is Lucent AAA server,everytime openser sent the request to AAA server,the AAA server could not parse the request,the logs on AAA server is as below.I noticed that the the server said it was "Unsupported algorithm",and the algorithm was null,I'm wandering what kind of algorithm does radiusclient-ng use?MD5 or HA1......... Please help ! Thanks in advance.
2007/05/29 16:51:45.685 <engine.item.setup> Initializing Radius Item: 192.168.1.42:33345->0.0.0.0:1812(77) 0 <engine.item.setup> Using dictionary: draft-sterman-aaa-sip-01 0 <engine.item.setup> Request decode: User-Name = "21230001@192.168.1.42 <mailto:21230001@192.168.1.42>" Digest-Attributes = User-Name = "21230001" Digest-Attributes = Realm = "192.168.1.42 <http://192.168.1.42>" Digest-Attributes = Nonce = "465c49b766fa11f4a9db29977bf16857d3372780" Digest-Attributes = URI = "sip:192.168.1.42 <http://192.168.1.42>" Digest-Attributes = Method = "REGISTER" Digest-Response = "689a0f89cd73751f61b12d04f585a224" Service-Type = IAPP-Register Anonymous = v0-a208-3231323330303031 NAS-Port = 5060 NAS-IP-Address = 192.168.1.42 <http://192.168.1.42> 0 <engine.item.setup > User-Name parsed: Base-User-Name = "21230001", User-Realm = "192.168.1.42 <http://192.168.1.42>" 0 <engine.item.setup> Item setup complete 0 <engine.worker.1 > <setup> ==> ReadUserFile.auth:readUserFile 0 <plugin.ReadUserFile.auth:readUserFile> searchValue = '21230001@192.168.1.42 <mailto:21230001@192.168.1.42>'. 0 <plugin.ReadUserFile.auth:readUserFile > Found entry: 21230001@192.168.1.42 <mailto:21230001@192.168.1.42> 0 <plugin.ReadUserFile.auth:readUserFile> Check items for found entry: User-Password = <hidden> Auth-Type = Local 0 <plugin.ReadUserFile.auth:readUserFile> Reply items for found entry: 0 <plugin.ReadUserFile.auth:readUserFile> SUCCESS -- Read User 21230001@192.168.1.42 <mailto:21230001@192.168.1.42> 0 <engine.worker.1> ReadUserFile.auth:readUserFile ==> AuthHttpDigest.auth:checkDigest by SUCCESS -- Read User 21230001@192.168.1.42 <mailto:21230001@192.168.1.42> 0 <plugin.AuthHttpDigest.auth:checkDigest > response = 689a0f89cd73751f61b12d04f585a224 0 <plugin.AuthHttpDigest.auth:checkDigest> realm = 192.168.1.42 <http://192.168.1.42> 0 <plugin.AuthHttpDigest.auth:checkDigest> nonce = 465c49b766fa11f4a9db29977bf16857d3372780 0 <plugin.AuthHttpDigest.auth:checkDigest> method = REGISTER 0 <plugin.AuthHttpDigest.auth:checkDigest> uri = sip:192.168.1.42 <http://192.168.1.42> 0 <plugin.AuthHttpDigest.auth:checkDigest > qop = 0 <plugin.AuthHttpDigest.auth:checkDigest> algorithm = 0 <plugin.AuthHttpDigest.auth:checkDigest> entityBodyHash = 0 <plugin.AuthHttpDigest.auth:checkDigest> cNonce = 0 <plugin.AuthHttpDigest.auth:checkDigest> nonceCount = 0 <plugin.AuthHttpDigest.auth:checkDigest> username = 21230001 0 <plugin.AuthHttpDigest.auth:checkDigest> ERROR -- Error generating HTTP digest: java.io.IOException: Unsupported algorithm: : java.io.IOException: Unsupported algorithm: 1 <engine.worker.1> AuthHttpDigest.auth:checkDigest ==> End-Of-Methods by ERROR -- Error generating HTTP digest: java.io.IOException: Unsupported algorithm: 1 <engine.worker.1> 21230001@192.168.1.42 <mailto:21230001@192.168.1.42> login discarded due to Error generating HTTP digest: java.io.IOException: Unsupported algorithm:
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Hi Daniel, Thanks for your reply,a quick question,how can I trace or check whether my radiusclient-ng sent the right information and algorithm to AAA server?Is the information below in the log conrrect for radius server to parse?Thanks a lot.
On 5/30/07, Daniel-Constantin Mierla daniel@voice-system.ro wrote:
Hello,
the algorithm for authentication is www digest (or http digest -- rfc2617). The password has to be stored either plain text or HA1 format (see the rfc for how to get the HA1). This auth algorithm uses md5 to compute the response and decide whether auth was successful or not.
Cheers, Daniel
On 05/30/07 17:15, Jason Ma wrote:
Hi All, I'm configuring radius support on openser using radiusclient-ng-0.5.5.1.tar.gz,and the radius server is Lucent AAA server,everytime openser sent the request to AAA server,the AAA server could not parse the request,the logs on AAA server is as below.I noticed that the the server said it was "Unsupported algorithm",and the algorithm was null,I'm wandering what kind of algorithm does radiusclient-ng use?MD5 or HA1......... Please help ! Thanks in advance.
2007/05/29 16:51:45.685 <engine.item.setup> Initializing Radius Item: 192.168.1.42:33345->0.0.0.0:1812(77) 0 <engine.item.setup> Using dictionary: draft-sterman-aaa-sip-01 0 <engine.item.setup> Request decode: User-Name = "21230001@192.168.1.42 <mailto:21230001@192.168.1.42 " Digest-Attributes = User-Name = "21230001" Digest-Attributes = Realm = "192.168.1.42 <http://192.168.1.42>" Digest-Attributes = Nonce = "465c49b766fa11f4a9db29977bf16857d3372780" Digest-Attributes = URI = "sip:192.168.1.42 <http://192.168.1.42>" Digest-Attributes = Method = "REGISTER" Digest-Response = "689a0f89cd73751f61b12d04f585a224" Service-Type = IAPP-Register Anonymous = v0-a208-3231323330303031 NAS-Port = 5060 NAS-IP-Address = 192.168.1.42 <http://192.168.1.42> 0 <engine.item.setup > User-Name parsed: Base-User-Name = "21230001", User-Realm = "192.168.1.42 <http://192.168.1.42>" 0 <engine.item.setup> Item setup complete 0 <engine.worker.1 > <setup> ==> ReadUserFile.auth:readUserFile 0 <plugin.ReadUserFile.auth:readUserFile> searchValue = '21230001@192.168.1.42 <mailto:21230001@192.168.1.42>'. 0 <plugin.ReadUserFile.auth:readUserFile > Found entry: 21230001@192.168.1.42 <mailto:21230001@192.168.1.42> 0 <plugin.ReadUserFile.auth:readUserFile> Check items for found entry: User-Password = <hidden> Auth-Type = Local 0 <plugin.ReadUserFile.auth:readUserFile> Reply items for found entry: 0 <plugin.ReadUserFile.auth:readUserFile> SUCCESS -- Read User 21230001@192.168.1.42 <mailto:21230001@192.168.1.42> 0 <engine.worker.1> ReadUserFile.auth:readUserFile ==> AuthHttpDigest.auth:checkDigest by SUCCESS -- Read User 21230001@192.168.1.42 <mailto:21230001@192.168.1.42> 0 <plugin.AuthHttpDigest.auth:checkDigest > response = 689a0f89cd73751f61b12d04f585a224 0 <plugin.AuthHttpDigest.auth:checkDigest> realm = 192.168.1.42 <http://192.168.1.42> 0 <plugin.AuthHttpDigest.auth:checkDigest> nonce = 465c49b766fa11f4a9db29977bf16857d3372780 0 <plugin.AuthHttpDigest.auth:checkDigest> method = REGISTER 0 <plugin.AuthHttpDigest.auth:checkDigest> uri = sip:192.168.1.42 <http://192.168.1.42> 0 <plugin.AuthHttpDigest.auth:checkDigest > qop = 0 <plugin.AuthHttpDigest.auth:checkDigest> algorithm = 0 <plugin.AuthHttpDigest.auth:checkDigest> entityBodyHash = 0 <plugin.AuthHttpDigest.auth:checkDigest> cNonce = 0 <plugin.AuthHttpDigest.auth:checkDigest> nonceCount = 0 <plugin.AuthHttpDigest.auth:checkDigest> username = 21230001 0 <plugin.AuthHttpDigest.auth:checkDigest> ERROR -- Error generating HTTP digest: java.io.IOException: Unsupported algorithm: : java.io.IOException: Unsupported algorithm: 1 <engine.worker.1> AuthHttpDigest.auth:checkDigest ==> End-Of-Methods by ERROR -- Error generating HTTP digest: java.io.IOException: Unsupported algorithm: 1 <engine.worker.1> 21230001@192.168.1.42 <mailto:21230001@192.168.1.42> login discarded due to Error generating HTTP digest: java.io.IOException: Unsupported algorithm:
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Here is the log on my openser.What is the problem?occured on openser or AAA server?Thanks a lot. ~~~~~~~~~~~~~~~~~~~~
May 30 09:32:15 openser openser[9161]: [ Method REGISTER from 9.2.243.87 ] REGISTER sip:192.168.1.42 SIP/2.0^M Via: SIP/2.0/UDP 9.2.243.87:62670;branch=z9hG4bK-d87543-6e521f158010ff19-1--d87543-;rport^M Max-Forwards: 70^M Contact: sip:21210001@9.2.243.87:62670;rinstance=b18b56e9bba1df1e^M To: sip:21210001@192.168.1.42^M From: sip:21210001@192.168.1.42;tag=7e7ed574^M Call-ID: MTJmNmY4MjJlZjdkMzk3ZmMzOWU3MmIyOTg5NTk0ZGM.^M CSeq: 2 REGISTER^M Expires: 3600^M Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO^M User-Agent: X-Lite release 1006e stamp 34025^M Authorization: Digest username="21210001",realm="192.168.1.42 ",nonce="465d7e0bc14d2273090b3951280b59a4d2d358dd",uri="sip:192.168.1.42",response="d1d410d0448405e10eb669bd665b2a2d",algorithm=MD5^M Content-Length: 0^M ^M [ End of Request ] May 30 09:32:15 openser openser[9161]: parse_headers: flags=100 May 30 09:32:15 openser openser[9161]: DEBUG:maxfwd:is_maxfwd_present: value = 70 May 30 09:32:15 openser openser[9161]: parse_headers: flags=200 May 30 09:32:15 openser openser[9161]: DEBUG:parse_to:end of header reached, state=10 May 30 09:32:15 openser openser[9161]: DBUG:parse_to: display={}, ruri={ sip:21210001@192.168.1.42} May 30 09:32:15 openser openser[9161]: DEBUG: get_hdr_field: <To> [26]; uri=[sip:21210001@192.168.1.42] May 30 09:32:15 openser openser[9161]: DEBUG: to body [< sip:21210001@192.168.1.42>^M ] May 30 09:32:15 openser openser[9161]: get_hdr_field: cseq <CSeq>: <2> <REGISTER> May 30 09:32:15 openser openser[9161]: DEBUG: get_hdr_body : content_length=0 May 30 09:32:15 openser openser[9161]: found end of header May 30 09:32:15 openser openser[9161]: find_first_route: No Route headers found May 30 09:32:15 openser openser[9161]: loose_route: There is no Route HF May 30 09:32:15 openser openser[9161]: parse_headers: flags=ffffffffffffffff May 30 09:32:15 openser openser[9161]: check_via_address(9.2.243.87, 9.2.243.87, 0) May 30 09:32:15 openser openser[9161]: check_nonce(): comparing [465d7e0bc14d2273090b3951280b59a4d2d358dd] and [465d7e0bc14d2273090b3951280b59a4d2d358dd] May 30 09:32:15 openser openser[9161]: ERROR:auth_radius:radius_authorize_sterman: rc_auth failed May 30 09:32:15 openser openser[9161]: DEBUG: add_param: tag=7e7ed574 May 30 09:32:15 openser openser[9161]: DEBUG:parse_to:end of header reached, state=29 May 30 09:32:15 openser openser[9161]: DBUG:parse_to: display={}, ruri={ sip:21210001@192.168.1.42} May 30 09:32:15 openser openser[9161]: Register authentication failed - M=REGISTER RURI=sip:192.168.1.42 F=sip:21210001@192.168.1.42 T= sip:21210001@192.168.1.42 IP=9.2.243.87ID=MTJmNmY4MjJlZjdkMzk3ZmMzOWU3MmIyOTg5NTk0ZGM. May 30 09:32:15 openser openser[9161]: build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.1.42", nonce="465d7e0bc14d2273090b3951280b59a4d2d358dd" May 30 09:32:15 openser openser[9161]: parse_headers: flags=ffffffffffffffff May 30 09:32:15 openser openser[9161]: check_via_address(9.2.243.87, 9.2.243.87, 0) May 30 09:32:15 openser openser[9161]: DEBUG:destroy_avp_list: destroying list (nil) May 30 09:32:15 openser openser[9161]: receive_msg: cleaning up "/var/log/openser.log" 81830L, 7470638C ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
On 5/30/07, Jason Ma realmj@gmail.com wrote:
Hi Daniel, Thanks for your reply,a quick question,how can I trace or check whether my radiusclient-ng sent the right information and algorithm to AAA server?Is the information below in the log conrrect for radius server to parse?Thanks a lot.
On 5/30/07, Daniel-Constantin Mierla < daniel@voice-system.ro> wrote:
Hello,
the algorithm for authentication is www digest (or http digest -- rfc2617). The password has to be stored either plain text or HA1 format (see the rfc for how to get the HA1). This auth algorithm uses md5 to compute the response and decide whether auth was successful or not.
Cheers, Daniel
On 05/30/07 17:15, Jason Ma wrote:
Hi All, I'm configuring radius support on openser using radiusclient-ng-0.5.5.1.tar.gz,and the radius server is Lucent AAA server,everytime openser sent the request to AAA server,the AAA server
could not parse the request,the logs on AAA server is as below.I noticed that the the server said it was "Unsupported algorithm",and the algorithm was null,I'm wandering what kind of algorithm does radiusclient-ng use?MD5 or HA1......... Please help ! Thanks in
advance.
2007/05/29 16:51:45.685 <engine.item.setup> Initializing Radius Item: 192.168.1.42:33345 ->0.0.0.0:1812(77) 0 <engine.item.setup> Using dictionary: draft-sterman-aaa-sip-01 0 <engine.item.setup> Request decode: User-Name = " 21230001@192.168.1.42 <mailto:21230001@192.168.1.42>"
Digest-Attributes = User-Name = "21230001" Digest-Attributes = Realm = "192.168.1.42 <http://192.168.1.42>" Digest-Attributes = Nonce = "465c49b766fa11f4a9db29977bf16857d3372780" Digest-Attributes = URI = "sip:192.168.1.42 <http://192.168.1.42>" Digest-Attributes = Method = "REGISTER" Digest-Response = "689a0f89cd73751f61b12d04f585a224" Service-Type = IAPP-Register Anonymous = v0-a208-3231323330303031 NAS-Port = 5060 NAS-IP-Address = 192.168.1.42 <http://192.168.1.42> 0 <engine.item.setup > User-Name parsed: Base-User-Name ="21230001", User-Realm = "192.168.1.42 http://192.168.1.42" 0 <engine.item.setup> Item setup complete 0 <engine.worker.1 > <setup> ==> ReadUserFile.auth:readUserFile 0 plugin.ReadUserFile.auth:readUserFile searchValue = ' 21230001@192.168.1.42 mailto:21230001@192.168.1.42'. 0 <plugin.ReadUserFile.auth:readUserFile > Found entry: 21230001@192.168.1.42 mailto:21230001@192.168.1.42 0 plugin.ReadUserFile.auth:readUserFile Check items for found entry: User-Password = <hidden> Auth-Type = Local
0 <plugin.ReadUserFile.auth:readUserFile> Reply items for foundentry:
0 <plugin.ReadUserFile.auth:readUserFile> SUCCESS -- Read User21230001@192.168.1.42 mailto:21230001@192.168.1.42 0 <engine.worker.1> ReadUserFile.auth:readUserFile ==> AuthHttpDigest.auth:checkDigest by SUCCESS -- Read User 21230001@192.168.1.42 mailto:21230001@192.168.1.42 0 <plugin.AuthHttpDigest.auth:checkDigest > response = 689a0f89cd73751f61b12d04f585a224 0 plugin.AuthHttpDigest.auth:checkDigest realm = 192.168.1.42 http://192.168.1.42 0 plugin.AuthHttpDigest.auth:checkDigest nonce = 465c49b766fa11f4a9db29977bf16857d3372780 0 <plugin.AuthHttpDigest.auth:checkDigest > method = REGISTER 0 plugin.AuthHttpDigest.auth:checkDigest uri = sip:192.168.1.42 http://192.168.1.42 0 < plugin.AuthHttpDigest.auth:checkDigest > qop = 0 plugin.AuthHttpDigest.auth:checkDigest algorithm = 0 plugin.AuthHttpDigest.auth:checkDigest entityBodyHash = 0 < plugin.AuthHttpDigest.auth:checkDigest> cNonce = 0 plugin.AuthHttpDigest.auth:checkDigest nonceCount = 0 plugin.AuthHttpDigest.auth:checkDigest username = 21230001 0 < plugin.AuthHttpDigest.auth:checkDigest> ERROR -- Error generating HTTP digest: java.io.IOException: Unsupported algorithm: : java.io.IOException: Unsupported algorithm: 1 <engine.worker.1 > AuthHttpDigest.auth:checkDigest ==> End-Of-Methods by ERROR -- Error generating HTTP digest: java.io.IOException: Unsupported algorithm: 1 <engine.worker.1> 21230001@192.168.1.42 mailto:21230001@192.168.1.42 login discarded due to Error generating HTTP digest: java.io.IOException: Unsupported algorithm:
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-
Daniel-Constantin Mierla -
Jason Ma