[Serusers] SER/SIP & RADIUS/Auth-Type = Digest

Daniel-Constantin Mierla Daniel-Constantin.Mierla at fokus.fraunhofer.de
Wed Oct 1 19:16:38 CEST 2003 

On 10/1/2003 6:45 PM, Steve Dolloff wrote:

>[...]
>
>Please see my radiusd-x output...
>
>
>modcall: group authorize returns ok
>  rad_check_password:  Found Auth-Type Digest
>auth: type "digest"
>modcall: entering group authenticate
>A1 = sdolloff:voip2.test.net:test
>A2 = REGISTER:sip:voip2.test.net
>KD =
>ad3c99a75e03ad3ead8254ce95a59a3b:3f7b05a030240eba31ec566b2d783170e9c9830
>0:797c155d7796a9cb0be4154d07e88417
>rlm_digest: FAILED authentication
>  modcall[authenticate]: module "digest" returns reject
>
The only thing I think it could be wrong is the password. Is it 'test' 
for user 'sdolloff'? Perhaps someone that has more experience using 
Radius can help you more.

>modcall: group authenticate returns reject
>
I am not sure, I never really used it, but I don't think that this 
message is related to the group module of ser.

}Daniel

>auth: Failed to validate the user.
>
>Stephen
>
>
>-----Original Message-----
>From: Daniel-Constantin Mierla
>[mailto:Daniel-Constantin.Mierla at fokus.fraunhofer.de] 
>Sent: Wednesday, October 01, 2003 3:39 AM
>To: Steve Dolloff
>Cc: Serusers
>Subject: Re: [Serusers] SER/SIP & RADIUS/Auth-Type = Digest
>
>Hello,
>comments inline.
>
>On 9/30/2003 10:32 PM, Steve Dolloff wrote:
>
>  
>
>>I have installed freeradius according to the "HOW TO" for radius and
>>    
>>
>now
>  
>
>>I am seeing the following error.  I assume that since I am seeing
>>    
>>
>errors
>  
>
>>on both servers that it is a problem with either the dictionary or the
>>client. Here are the new error logs... any ideas?
>>
>>rad_recv: Access-Request packet from host 209.242.100.153:33612,
>>    
>>
>id=103,
>  
>
>>length=148
>>       User-Name = "sdolloff"
>>       Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7"
>>       Digest-Attributes = "\001\017voip2.test.net"
>>       Digest-Attributes = "\002\006test"
>>       Digest-Attributes = "\003\010INVITE"
>>       Digest-Attributes = "\004\034sip:5555551212 at example.com"
>>       Digest-Attributes = "\006\005MD5"
>>       Digest-Attributes = "\n\nsdolloff"
>>modcall: entering group authorize
>> modcall[authorize]: module "preprocess" returns ok
>> modcall[authorize]: module "chap" returns noop
>>rlm_eap: EAP-Message not found
>> modcall[authorize]: module "eap" returns noop
>>   rlm_digest: Converting Digest-Attributes to something sane...
>>       Digest-Realm = "voip2.test.net"
>>       Digest-Nonce = "test"
>>       Digest-Method = "INVITE"
>>       Digest-Uri = "sip:5555551212 at example.com"
>>       Digest-Algorithm = "MD5"
>>       Digest-User-Name = "sdolloff"
>>rlm_digest: Adding Auth-Type = DIGEST
>> modcall[authorize]: module "digest" returns ok
>>   rlm_realm: No '@' in User-Name = "sdolloff", looking up realm NULL
>>   rlm_realm: No such realm "NULL"
>> modcall[authorize]: module "suffix" returns noop
>>   users: Matched DEFAULT at 152
>> modcall[authorize]: module "files" returns ok
>> modcall[authorize]: module "mschap" returns noop
>>modcall: group authorize returns ok
>> rad_check_password:  Found Auth-Type DIGEST
>>auth: type "digest"
>>modcall: entering group authenticate
>>rlm_digest: Configuration item "User-Password" is required for
>>authentication.
>>
>>    
>>
>It seems that the "User-Password" attribute is missing for user 
>"sdolloff" in radius users file. It should look like the example from 
>Radius HOW-TO:
>http://iptel.org/ser/doc/ser_radius/ser_radius.html#AEN139.
>
>Daniel
>
>  
>
>> modcall[authenticate]: module "digest" returns invalid
>>modcall: group authenticate returns invalid
>>auth: Failed to validate the user.
>>Delaying request 6 for 1 seconds
>>Finished request 6
>>Going to the next request
>>--- Walking the entire request list ---
>>Waking up in 1 seconds...
>>--- Walking the entire request list ---
>>Waking up in 1 seconds...
>>--- Walking the entire request list ---
>>Sending Access-Reject of id 103 to 209.242.100.153:33612
>>Waking up in 4 seconds...
>>--- Walking the entire request list ---
>>Cleaning up request 6 ID 103 with timestamp 3f79e7dc
>>Nothing to do.  Sleeping until we see a request.
>>Subject: Re: [Serusers] SER/SIP & RADIUS/Auth-Type = Digest
>>
>>On (30.09.03 13:54), Steve Dolloff wrote:
>> 
>>
>>    
>>
>>>209.242.100.153 for 'sdolloff at voip2.test.net' is ignored;no password
>>>or CHAP password is used
>>>   
>>>
>>>      
>>>
>>Your RADIUS server has to support Digest Authentication, and the line
>>above seems to indicate that it does not do that.
>>
>>If you can change your Radius server software, give Freeradius or
>>Radiator (commercial, but excellent) a try. If you can not, try to
>>educate your existing server to do CHAP-Type authentication.
>>
>>hope that helps.
>>
>>Alex Mayrhofer
>>nic.at
>>
>>_______________________________________________
>>Serusers mailing list
>>serusers at lists.iptel.org
>>http://lists.iptel.org/mailman/listinfo/serusers
>>
>> 
>>
>>    
>>
>
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
>
>  
>

More information about the sr-users mailing list