[Serusers] SER/SIP & RADIUS/Auth-Type = Digest
Steve Dolloff
sdolloff at noc.dls.net
Tue Sep 30 22:32:19 CEST 2003
I have installed freeradius according to the "HOW TO" for radius and now
I am seeing the following error. I assume that since I am seeing errors
on both servers that it is a problem with either the dictionary or the
client. Here are the new error logs... any ideas?
rad_recv: Access-Request packet from host 209.242.100.153:33612, id=103,
length=148
User-Name = "sdolloff"
Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7"
Digest-Attributes = "\001\017voip2.test.net"
Digest-Attributes = "\002\006test"
Digest-Attributes = "\003\010INVITE"
Digest-Attributes = "\004\034sip:5555551212 at example.com"
Digest-Attributes = "\006\005MD5"
Digest-Attributes = "\n\nsdolloff"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
rlm_eap: EAP-Message not found
modcall[authorize]: module "eap" returns noop
rlm_digest: Converting Digest-Attributes to something sane...
Digest-Realm = "voip2.test.net"
Digest-Nonce = "test"
Digest-Method = "INVITE"
Digest-Uri = "sip:5555551212 at example.com"
Digest-Algorithm = "MD5"
Digest-User-Name = "sdolloff"
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok
rlm_realm: No '@' in User-Name = "sdolloff", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type DIGEST
auth: type "digest"
modcall: entering group authenticate
rlm_digest: Configuration item "User-Password" is required for
authentication.
modcall[authenticate]: module "digest" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Delaying request 6 for 1 seconds
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 103 to 209.242.100.153:33612
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 6 ID 103 with timestamp 3f79e7dc
Nothing to do. Sleeping until we see a request.
Subject: Re: [Serusers] SER/SIP & RADIUS/Auth-Type = Digest
On (30.09.03 13:54), Steve Dolloff wrote:
> 209.242.100.153 for 'sdolloff at voip2.test.net' is ignored;no password
> or CHAP password is used
Your RADIUS server has to support Digest Authentication, and the line
above seems to indicate that it does not do that.
If you can change your Radius server software, give Freeradius or
Radiator (commercial, but excellent) a try. If you can not, try to
educate your existing server to do CHAP-Type authentication.
hope that helps.
Alex Mayrhofer
nic.at
More information about the sr-users
mailing list