[Serusers] SER/SIP & RADIUS/Auth-Type = Digest

Steve Dolloff sdolloff at noc.dls.net
Tue Sep 30 22:32:19 CEST 2003


I have installed freeradius according to the "HOW TO" for radius and now
I am seeing the following error.  I assume that since I am seeing errors
on both servers that it is a problem with either the dictionary or the
client. Here are the new error logs... any ideas?

rad_recv: Access-Request packet from host 209.242.100.153:33612, id=103,
length=148
        User-Name = "sdolloff"
        Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7"
        Digest-Attributes = "\001\017voip2.test.net"
        Digest-Attributes = "\002\006test"
        Digest-Attributes = "\003\010INVITE"
        Digest-Attributes = "\004\034sip:5555551212 at example.com"
        Digest-Attributes = "\006\005MD5"
        Digest-Attributes = "\n\nsdolloff"
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "chap" returns noop
rlm_eap: EAP-Message not found
  modcall[authorize]: module "eap" returns noop
    rlm_digest: Converting Digest-Attributes to something sane...
        Digest-Realm = "voip2.test.net"
        Digest-Nonce = "test"
        Digest-Method = "INVITE"
        Digest-Uri = "sip:5555551212 at example.com"
        Digest-Algorithm = "MD5"
        Digest-User-Name = "sdolloff"
rlm_digest: Adding Auth-Type = DIGEST
  modcall[authorize]: module "digest" returns ok
    rlm_realm: No '@' in User-Name = "sdolloff", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop
    users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok
  modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type DIGEST
auth: type "digest"
modcall: entering group authenticate
rlm_digest: Configuration item "User-Password" is required for
authentication.
  modcall[authenticate]: module "digest" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Delaying request 6 for 1 seconds
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 103 to 209.242.100.153:33612
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 6 ID 103 with timestamp 3f79e7dc
Nothing to do.  Sleeping until we see a request.
Subject: Re: [Serusers] SER/SIP & RADIUS/Auth-Type = Digest

On (30.09.03 13:54), Steve Dolloff wrote:
> 209.242.100.153 for 'sdolloff at voip2.test.net' is ignored;no password
>  or CHAP password is used

Your RADIUS server has to support Digest Authentication, and the line
above seems to indicate that it does not do that.

If you can change your Radius server software, give Freeradius or
Radiator (commercial, but excellent) a try. If you can not, try to
educate your existing server to do CHAP-Type authentication.

hope that helps.

Alex Mayrhofer
nic.at




More information about the sr-users mailing list