[Serusers] Ser with Radius/Mysql - digest problem?

Darren Bentley darren at bcgroup.net
Thu Sep 9 00:21:44 CEST 2004


Hello,

I'm using radius for auth with a mysql backend. I'm a little confused
about Digest. I've read the radius howto and the mysql guide
(http://www.frontios.com/freeradius.html) but it doesn't really explain
digest.

When I add new users I'm putting them in the mysql table 
"radcheck". Do I then always have to enter the user in the
/etc/raddb/digest file as well?

I'm trying to run a basic test. Here's what I have in the digest file:

User-Name = "test", Digest-Response =
"631d6d73147add2f9e437f59bbc3aeb7", Digest-Realm = "testrealm",
User-Password = "test", Digest-Nonce = "test" ,
Digest-Method = "INVITE", Digest-URI = "sip:5555551212 at example.com",
Digest-Algorithm = "MD5", Digest-User-Name = "test"

"radcheck" table:

UserName = test
Attribute = Password
Value = test

"radgroupcheck" table:

GroupName = phone
Attribute = Auth-Type
Value = Digest

"usergroup" table:
UserName = test
GroupName = phone

When I run:
[root at scratch raddb]# radclient -f digest localhost auth qwerty
Received response ID 81, code 3, length = 20

Here's the debug output:

rad_recv: Access-Request packet from host 127.0.0.1:38061, id=91,
length=154
        User-Name = "test"
        Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7"
        Digest-Attributes = "\001\013testrealm"
        User-Password = "test"
        Digest-Attributes = "\002\006test"
        Digest-Attributes = "\003\010INVITE"
        Digest-Attributes = "\004\034sip:5555551212 at example.com"
        Digest-Attributes = "\006\005MD5"
        Digest-Attributes = "\n\006test"
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "eap" returns noop for request 0
    rlm_digest: Converting Digest-Attributes to something sane...
        Digest-Realm = "testrealm"
        Digest-Nonce = "test"
        Digest-Method = "INVITE"
        Digest-Uri = "sip:5555551212 at example.com"
        Digest-Algorithm = "MD5"
        Digest-User-Name = "test"
rlm_digest: Adding Auth-Type = DIGEST
  modcall[authorize]: module "digest" returns ok for request 0
radius_xlat:  'test'
rlm_sql (sql): sql_set_user escaped user --> 'test'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'test' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'test' ORDER BY id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'test' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok for request 0
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
    users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type DIGEST
  rad_check_password:  Found Auth-Type Digest
Warning:  Found 2 auth-types on request for user 'test'
auth: type "digest"
modcall: entering group authenticate for request 0
A1 = test:testrealm:test
A2 = INVITE:sip:5555551212 at example.com
KD =
1e00d6dbd30441265df6064b9d9b7da9:test:675b8c827b388805aa252ea38bfb6804
rlm_digest: FAILED authentication
  modcall[authenticate]: module "digest" returns reject for request 0
modcall: group authenticate returns reject for request 0
auth: Failed to validate the user.
Login incorrect: [test/test] (from client localhost port 0)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 91 to 127.0.0.1:38061
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 91 with timestamp 413f842e
Nothing to do.  Sleeping until we see a request.

-------------------------

The username is "test" and the password is "test". I'm stumped.

I'm using FreeRadius 0.9.3 / SER 0.8.12 / radiusclient 0.3.2

Any help is appreciated.

Thanks,

- Darren




More information about the sr-users mailing list