[Serusers] problem with radius autentifacation

Darren Bentley darren at bcgroup.net
Thu Sep 23 23:25:51 CEST 2004 

I also have a similar problem.

------------------------------------------------------

    rlm_realm: Looking up realm "10.10.50.52" for User-Name =
"test at 10.10.50.52"
    rlm_realm: Found realm "DEFAULT"
    rlm_realm: Adding Stripped-User-Name = "test"
    rlm_realm: Proxying request from user test to realm DEFAULT
    rlm_realm: Adding Realm = "DEFAULT"
    rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 52
  modcall[authorize]: module "files" returns notfound for request 52
  modcall[authorize]: module "mschap" returns noop for request 52
modcall: group authorize returns ok for request 52
  rad_check_password:  Found Auth-Type Digest
auth: type "digest"
modcall: entering group authenticate for request 52
A1 = test:10.10.50.52:test
A2 = REGISTER:sip:10.10.50.52
KD =
4d384009e03edfce7bab0866e13fab7f:41533f845abad13f73f097a45a6abbf301a9f2ff:87ed77f9f0c3af1df63cd35c7ccd110c
  modcall[authenticate]: module "digest" returns ok for request 52
modcall: group authenticate returns ok for request 52
Login OK: [test at 10.10.50.52/<no User-Password attribute>] (from client
localhost port 5060)
Sending Access-Accept of id 75 to 127.0.0.1:38542

--------------

Even though it says "Login OK" it's not..it just keeps doing this over
and over again. I can't figure out why it's saying "no User-Password
attribute" I've gone over the steps in the radius guide numerous times.
I'm stuck.

- Darren

On Fri, 2004-09-17 at 15:00, Gustavo Villegas wrote:
> Dear Users
> 	i have Fedora Core 1 intalled with a SER 8.0.14 working fine with
> accounting and autentification with MySql,
> 	but i 've been tried to configure with FreeRadius and RadiusClient 4.3 and
> the next Error appears
> 
> 	When i configure all like Ser_Radius  like this
> 
> 	/etc/raddb Dir
> 
> ******************	file
> dictioary************************************************************
> 	$INCLUDE	/usr/share/freeradius/dictionary
> 	$INCLUDE	/usr/local/etc/radiusclient/dictionary.ser   ### the dictionary
> thet cames with the source in ser_8.0.14
> 
> ******************	File
> users************************************************
> 
> 	test Auth-Type := Digest, User-Password == "test"
> 	     Reply-Message = "Hello, test with digest"
> 
> *******************	File Clients.conf******************************
> 
> 	client 127.0.0.1 {
> 	#
> 	#  The shared secret use to "encrypt" and "sign" packets between
> 	#  the NAS and FreeRADIUS.  You MUST change this secret from the
> 	#  default, otherwise it's not a secret any more!
> 	#
> 	#  The secret can be any string, up to 32 characters in length.
> 	#
> 	secret		= xxxx
> 
> 	#
> 	#  The short name is used as an alias for the fully qualified
> 	#  domain name, or the IP address.
> 	#
> 	shortname	= localhost
> 
> 	#
> 	# the following three fields are optional, but may be used by
> 	# checkrad.pl for simultaneous use checks
> 	#
> 
> 	#
> 	# The nastype tells 'checkrad.pl' which NAS-specific method to
> 	#  use to query the NAS for simultaneous use.
> 	#
> 	#  Permitted NAS types are:
> 	#
> 	#	cisco
> 	#	computone
> 	#	livingston
> 	#	max40xx
> 	#	multitech
> 	#	netserver
> 	#	pathras
> 	#	patton
> 	#	portslave
> 	#	tc
> 	#	usrhiper
> 	#	other		# for all other types
> 
> 	#
> 	nastype     = other	# localhost isn't usually a NAS...
> 
> 	#
> 	#  The following two configurations are for future use.
> 	#  The 'naspasswd' file is currently used to store the NAS
> 	#  login name and password, which is used by checkrad.pl
> 	#  when querying the NAS for simultaneous use.
> 	#
> 	#	login       = !root
> 	#	password    = someadminpas
> 	}
> ***********************File Radiusd.conf***********************************
> 
> 	i've been uncoment the line with diget in "Autentication" and "Authorize"
> 
> ****************************************************************************
> ****
> 
> And i've been included the dictionary.ser in
> /usr/local/etc/radiusclient/dictionary
> so when i make a test like the ser_radius.txt
> radclient -f digest localhost auth xxxxx
> 
> 
> in the radius log apears  :
> 
> rad_recv: Access-Request packet from host 127.0.0.1:32769, id=138,
> length=140
> 	User-Name = "test"
> 	Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7"
> 	Digest-Attributes = "\001\013testrealm"
> 	Digest-Attributes = "\002\n1234abcd"
> 	Digest-Attributes = "\003\010INVITE"
> 	Digest-Attributes = "\004\034sip:5555551212 at example.com"
> 	Digest-Attributes = "\006\005MD5"
> 	Digest-Attributes = "\n\006test"
> modcall: entering group authorize
>   modcall[authorize]: module "preprocess" returns ok
>   modcall[authorize]: module "chap" returns noop
> rlm_eap: EAP-Message not found
>   modcall[authorize]: module "eap" returns noop
>     rlm_digest: Converting Digest-Attributes to something sane...
> 	Digest-Realm = "testrealm"
> 	Digest-Nonce = "1234abcd"
> 	Digest-Method = "INVITE"
> 	Digest-URI = "sip:5555551212 at example.com"
> 	Digest-Algorithm = "MD5"
> 	Digest-User-Name = "test"
> rlm_digest: Adding Auth-Type = DIGEST
>   modcall[authorize]: module "digest" returns ok
>     rlm_realm: No '@' in User-Name = "test", looking up realm NULL
>     rlm_realm: No such realm "NULL"
>   modcall[authorize]: module "suffix" returns noop
>     users: Matched DEFAULT at 152
>   modcall[authorize]: module "files" returns ok
>   modcall[authorize]: module "mschap" returns noop
> modcall: group authorize returns ok
>   rad_check_password:  Found Auth-Type DIGEST
> auth: type "digest"
> modcall: entering group authenticate
> 							rlm_digest: Configuration item "User-Password" is required for
> authentication.   ##############this is my problem..................
>   modcall[authenticate]: module "digest" returns invalid
> modcall: group authenticate returns invalid
> auth: Failed to validate the user.
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 138 to 127.0.0.1:32769
> Waking up in 4 seconds...
> 
> 
> ****************************************************************************
> ******************
> then if i change the dictionary.ser for dictionary.sip that comes with the
> source in radiusClient4.3.................the test works well.......
> but if i try to autenticate an UA like a ATA-186, the same message appears
> 
> 							rlm_digest: Configuration item "User-Password" is required for
> authentication.   ##############this is my problem..................
> 
> 
> 
> Best Regards
> 
> Gustaf
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list