Re: [Serusers] problem with radius autentifacation
mike at yes.net.ua
mike at yes.net.ua
Thu Sep 23 23:37:33 CEST 2004
> I also have a similar problem.
>
> ------------------------------------------------------
>
> rlm_realm: Looking up realm "10.10.50.52" for User-Name =
> "test at 10.10.50.52"
> rlm_realm: Found realm "DEFAULT"
> rlm_realm: Adding Stripped-User-Name = "test"
> rlm_realm: Proxying request from user test to realm DEFAULT
> rlm_realm: Adding Realm = "DEFAULT"
> rlm_realm: Authentication realm is LOCAL.
> modcall[authorize]: module "suffix" returns noop for request 52
> modcall[authorize]: module "files" returns notfound for request 52
> modcall[authorize]: module "mschap" returns noop for request 52
> modcall: group authorize returns ok for request 52
> rad_check_password: Found Auth-Type Digest
> auth: type "digest"
> modcall: entering group authenticate for request 52
> A1 = test:10.10.50.52:test
> A2 = REGISTER:sip:10.10.50.52
> KD =
> 4d384009e03edfce7bab0866e13fab7f:41533f845abad13f73f097a45a6abbf301a9f2ff:87ed77f9f0c3af1df63cd35c7ccd110c
> modcall[authenticate]: module "digest" returns ok for request 52
> modcall: group authenticate returns ok for request 52
> Login OK: [test at 10.10.50.52/<no User-Password attribute>] (from client
> localhost port 5060)
> Sending Access-Accept of id 75 to 127.0.0.1:38542
>
> --------------
>
> Even though it says "Login OK" it's not..it just keeps doing this over
> and over again. I can't figure out why it's saying "no User-Password
> attribute" I've gone over the steps in the radius guide numerous times.
> I'm stuck.
>
> - Darren
>
> On Fri, 2004-09-17 at 15:00, Gustavo Villegas wrote:
>> Dear Users
>> i have Fedora Core 1 intalled with a SER 8.0.14 working fine with
>> accounting and autentification with MySql,
>> but i 've been tried to configure with FreeRadius and RadiusClient 4.3
>> and
>> the next Error appears
>>
>> When i configure all like Ser_Radius like this
>>
>> /etc/raddb Dir
>>
>> ****************** file
>> dictioary************************************************************
>> $INCLUDE /usr/share/freeradius/dictionary
>> $INCLUDE /usr/local/etc/radiusclient/dictionary.ser ### the
>> dictionary
>> thet cames with the source in ser_8.0.14
>>
>> ****************** File
>> users************************************************
>>
>> test Auth-Type := Digest, User-Password == "test"
>> Reply-Message = "Hello, test with digest"
>>
>> ******************* File Clients.conf******************************
>>
>> client 127.0.0.1 {
>> #
>> # The shared secret use to "encrypt" and "sign" packets between
>> # the NAS and FreeRADIUS. You MUST change this secret from the
>> # default, otherwise it's not a secret any more!
>> #
>> # The secret can be any string, up to 32 characters in length.
>> #
>> secret = xxxx
>>
>> #
>> # The short name is used as an alias for the fully qualified
>> # domain name, or the IP address.
>> #
>> shortname = localhost
>>
>> #
>> # the following three fields are optional, but may be used by
>> # checkrad.pl for simultaneous use checks
>> #
>>
>> #
>> # The nastype tells 'checkrad.pl' which NAS-specific method to
>> # use to query the NAS for simultaneous use.
>> #
>> # Permitted NAS types are:
>> #
>> # cisco
>> # computone
>> # livingston
>> # max40xx
>> # multitech
>> # netserver
>> # pathras
>> # patton
>> # portslave
>> # tc
>> # usrhiper
>> # other # for all other types
>>
>> #
>> nastype = other # localhost isn't usually a NAS...
>>
>> #
>> # The following two configurations are for future use.
>> # The 'naspasswd' file is currently used to store the NAS
>> # login name and password, which is used by checkrad.pl
>> # when querying the NAS for simultaneous use.
>> #
>> # login = !root
>> # password = someadminpas
>> }
>> ***********************File
>> Radiusd.conf***********************************
>>
>> i've been uncoment the line with diget in "Autentication" and
>> "Authorize"
>>
>> ****************************************************************************
>> ****
>>
>> And i've been included the dictionary.ser in
>> /usr/local/etc/radiusclient/dictionary
>> so when i make a test like the ser_radius.txt
>> radclient -f digest localhost auth xxxxx
>>
>>
>> in the radius log apears :
>>
>> rad_recv: Access-Request packet from host 127.0.0.1:32769, id=138,
>> length=140
>> User-Name = "test"
>> Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7"
>> Digest-Attributes = "\001\013testrealm"
>> Digest-Attributes = "\002\n1234abcd"
>> Digest-Attributes = "\003\010INVITE"
>> Digest-Attributes = "\004\034sip:5555551212 at example.com"
>> Digest-Attributes = "\006\005MD5"
>> Digest-Attributes = "\n\006test"
>> modcall: entering group authorize
>> modcall[authorize]: module "preprocess" returns ok
>> modcall[authorize]: module "chap" returns noop
>> rlm_eap: EAP-Message not found
>> modcall[authorize]: module "eap" returns noop
>> rlm_digest: Converting Digest-Attributes to something sane...
>> Digest-Realm = "testrealm"
>> Digest-Nonce = "1234abcd"
>> Digest-Method = "INVITE"
>> Digest-URI = "sip:5555551212 at example.com"
>> Digest-Algorithm = "MD5"
>> Digest-User-Name = "test"
>> rlm_digest: Adding Auth-Type = DIGEST
>> modcall[authorize]: module "digest" returns ok
>> rlm_realm: No '@' in User-Name = "test", looking up realm NULL
>> rlm_realm: No such realm "NULL"
>> modcall[authorize]: module "suffix" returns noop
>> users: Matched DEFAULT at 152
>> modcall[authorize]: module "files" returns ok
>> modcall[authorize]: module "mschap" returns noop
>> modcall: group authorize returns ok
>> rad_check_password: Found Auth-Type DIGEST
>> auth: type "digest"
>> modcall: entering group authenticate
>> rlm_digest: Configuration item "User-Password" is required for
>> authentication. ##############this is my problem..................
>> modcall[authenticate]: module "digest" returns invalid
>> modcall: group authenticate returns invalid
>> auth: Failed to validate the user.
>> Delaying request 0 for 1 seconds
>> Finished request 0
>> Going to the next request
>> --- Walking the entire request list ---
>> Waking up in 1 seconds...
>> --- Walking the entire request list ---
>> Waking up in 1 seconds...
>> --- Walking the entire request list ---
>> Sending Access-Reject of id 138 to 127.0.0.1:32769
>> Waking up in 4 seconds...
>>
>>
>> ****************************************************************************
>> ******************
>> then if i change the dictionary.ser for dictionary.sip that comes with
>> the
>> source in radiusClient4.3.................the test works well.......
>> but if i try to autenticate an UA like a ATA-186, the same message
>> appears
>>
>> rlm_digest: Configuration item "User-Password" is required for
>> authentication. ##############this is my problem..................
>>
>>
>>
>> Best Regards
>>
>> Gustaf
>>
>>
Have you tried to put User-Password := "test" instead User-Password ==
"test" ?
More information about the sr-users
mailing list