[Serusers] SER and IC-RADIUS

Jan Janak jan at iptel.org
Thu Nov 18 22:03:33 CET 2004 

On 16-11 17:39, Lucas Aimaretto wrote:
> Hello everyone,
> 
> I've succesfully compiled and installed SER 0.8.14 on a redhat 7.3.
> Got an Xlite and a Grandstream Budgetone-100 registered and they both
> could communicate between them.
> 
> Now, I want to use RADIUS with SER. I got SER compiled with RADIUS
> support, and also compiled the radiusclient 0.4.3, and it seems
> everything went fine.
> 
> I added both dictionary.ser and dictionary.sip to my dictionary, and I
> believe there is something wrong here.
> 
> I followed the instrucitions at the RADIUS-HOWTO ...
> 
> 1) touch digest
> 2) echo User-Name = "110 at 192.168.1.253", Digest-Response =
> "631d6d73147add2f9e437f59bbc3aeb7", Digest-Realm = "testrealm",
> Digest-Nonce = "1234abcd" , Digest-Method = "INVITE", Digest-URI =
> "sip:5555551212 at example.com", Digest-Algorithm = "MD5", Digest-User-Name
> = "110 at 192.168.1.253" > digest
> 3) radclient -f digest localhost auth radiussecret
> 
> ... And this is the RADIUS OUTPUT ...
> 
> radrecv: Access Request from host c0a801fd code=1, id=86, length=174
>     User-Name = "1992005 at 192.168.1.253"
>     Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7"
>     Digest-Attributes = "\001\013testrealm"
>     Digest-Attributes = "\002\0121234abcd"
>     Digest-Attributes = "\003\010INVITE"
>     Digest-Attributes = "\004\034sip:5555551212 at example.com"
>     Digest-Attributes = "\006\005MD5"
>     Digest-Attributes = "\012\0271992005 at 192.168.1.253"
> Username is now 1992005 at 192.168.1.253
> Calling station Id is now (null)
>   Client 1992005 at 192.168.1.253 is PREPAID
> credit_amount (19.00)
> Sending Access Ack of id 86 to c0a801fd (nas linux)
>     Credit-Amount =
> "V9:T102:L26:683332332d6372656469742d616d6f756e743d31392e3030"
> 
> ... And this is the radclient OUTPUT ...
> 
> Received response ID 86, code 2, length = 52
>         Vendor-9-Attr-102 =
> 0x683332332d6372656469742d616d6f756e743d31392e3030
> 
> Questions:
> 
> 1) Although I sent to radius diferent ATTRIBUTES, RADIUS recognized all
> of them (except for one, Digest-Response) as Digest-Attributes. Why is
> that?

  That's because they are encoded and sent as sub-attributes, not real
  RADIUS attributes, see draft-sterman-aaa-sip-00 for more details.

> 2) All of the values sent to RADIUS, for each attribute, are different
> from the ones originally sent. For example ...
> 
> 	sent: 	Digest-Method = "INVITE"
> 	received:	Digest-Attributes = "\003\010INVITE"
> 
> 	So you see the "\003\010" chars in front of the string "INVITE"
> ... Why is that?

 This is the sub-type of the atttribute, see the draft mentioned before.
 Note that the radius server has to explicitely support this "attribute
 mangling" (try to find out if it supports icradius server supports 
 draft-sterman-aaa-sip-00

> 
> Well, I hope you can clarify some (better if all of them ;-) ) of my
> doubts.

  In conclusion, digest authentication attributes are encoded as
  sub-attributes into a single RADIUS attribute and it will work only if
  the radius server explicitely supports that (according to
  draft-sterman-aaa-sip-00).

    Jan.

More information about the sr-users mailing list