[Serusers] problem with radius autentifacation

Gustavo Villegas gvillegas at global-bo.com
Sat Sep 18 00:00:26 CEST 2004 

Dear Users
	i have Fedora Core 1 intalled with a SER 8.0.14 working fine with
accounting and autentification with MySql,
	but i 've been tried to configure with FreeRadius and RadiusClient 4.3 and
the next Error appears

	When i configure all like Ser_Radius  like this

	/etc/raddb Dir

******************	file
dictioary************************************************************
	$INCLUDE	/usr/share/freeradius/dictionary
	$INCLUDE	/usr/local/etc/radiusclient/dictionary.ser   ### the dictionary
thet cames with the source in ser_8.0.14

******************	File
users************************************************

	test Auth-Type := Digest, User-Password == "test"
	     Reply-Message = "Hello, test with digest"

*******************	File Clients.conf******************************

	client 127.0.0.1 {
	#
	#  The shared secret use to "encrypt" and "sign" packets between
	#  the NAS and FreeRADIUS.  You MUST change this secret from the
	#  default, otherwise it's not a secret any more!
	#
	#  The secret can be any string, up to 32 characters in length.
	#
	secret		= xxxx

	#
	#  The short name is used as an alias for the fully qualified
	#  domain name, or the IP address.
	#
	shortname	= localhost

	#
	# the following three fields are optional, but may be used by
	# checkrad.pl for simultaneous use checks
	#

	#
	# The nastype tells 'checkrad.pl' which NAS-specific method to
	#  use to query the NAS for simultaneous use.
	#
	#  Permitted NAS types are:
	#
	#	cisco
	#	computone
	#	livingston
	#	max40xx
	#	multitech
	#	netserver
	#	pathras
	#	patton
	#	portslave
	#	tc
	#	usrhiper
	#	other		# for all other types

	#
	nastype     = other	# localhost isn't usually a NAS...

	#
	#  The following two configurations are for future use.
	#  The 'naspasswd' file is currently used to store the NAS
	#  login name and password, which is used by checkrad.pl
	#  when querying the NAS for simultaneous use.
	#
	#	login       = !root
	#	password    = someadminpas
	}
***********************File Radiusd.conf***********************************

	i've been uncoment the line with diget in "Autentication" and "Authorize"

****************************************************************************
****

And i've been included the dictionary.ser in
/usr/local/etc/radiusclient/dictionary
so when i make a test like the ser_radius.txt
radclient -f digest localhost auth xxxxx


in the radius log apears  :

rad_recv: Access-Request packet from host 127.0.0.1:32769, id=138,
length=140
	User-Name = "test"
	Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7"
	Digest-Attributes = "\001\013testrealm"
	Digest-Attributes = "\002\n1234abcd"
	Digest-Attributes = "\003\010INVITE"
	Digest-Attributes = "\004\034sip:5555551212 at example.com"
	Digest-Attributes = "\006\005MD5"
	Digest-Attributes = "\n\006test"
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "chap" returns noop
rlm_eap: EAP-Message not found
  modcall[authorize]: module "eap" returns noop
    rlm_digest: Converting Digest-Attributes to something sane...
	Digest-Realm = "testrealm"
	Digest-Nonce = "1234abcd"
	Digest-Method = "INVITE"
	Digest-URI = "sip:5555551212 at example.com"
	Digest-Algorithm = "MD5"
	Digest-User-Name = "test"
rlm_digest: Adding Auth-Type = DIGEST
  modcall[authorize]: module "digest" returns ok
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop
    users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok
  modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type DIGEST
auth: type "digest"
modcall: entering group authenticate
							rlm_digest: Configuration item "User-Password" is required for
authentication.   ##############this is my problem..................
  modcall[authenticate]: module "digest" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 138 to 127.0.0.1:32769
Waking up in 4 seconds...


****************************************************************************
******************
then if i change the dictionary.ser for dictionary.sip that comes with the
source in radiusClient4.3.................the test works well.......
but if i try to autenticate an UA like a ATA-186, the same message appears

							rlm_digest: Configuration item "User-Password" is required for
authentication.   ##############this is my problem..................



Best Regards

Gustaf

More information about the sr-users mailing list