[Serusers] Password not being sent during Radius Auth

Greger V. Teigre greger at teigre.com
Tue Apr 12 11:39:33 CEST 2005 

Lucas,
Your RADIUS server needs to implement the Digest algorithm. Attributes are 
non-standard and are NOT sent as vendor-encapsulated, but wrapped in the 
Digest-Attributes avpair.  The RADIUS server thus needs to be able to read 
the digest-attributes, convert them to individual attributes (as below) and 
then implement the DIGEST authentication mechanism.
    Translated: There is no password attribute.
g-)

ATTRIBUTE       Digest-Response                 206     string
ATTRIBUTE       Digest-Attributes               207     string
ATTRIBUTE       Digest-Realm                    1063    string
ATTRIBUTE       Digest-Nonce                    1064    string
ATTRIBUTE       Digest-Method                   1065    string
ATTRIBUTE       Digest-URI                      1066    string
ATTRIBUTE       Digest-QOP                      1067    string
ATTRIBUTE       Digest-Algorithm                1068    string
ATTRIBUTE       Digest-Body-Digest              1069    string
ATTRIBUTE       Digest-CNonce                   1070    string
ATTRIBUTE       Digest-Nonce-Count              1071    string
ATTRIBUTE       Digest-User-Name                1072    string

Lucas Aimaretto wrote:
> Hi there,
>
> This is my ser.cfg configuration
>
> if(method=="REGISTER")
> {
> if (!radius_www_authorize(""))
>            {
>                www_challenge("", "0");
>                break;
>            };
> save("location");
> break;
> };
>
> And here is some sniffing done with ngrep ...
>
> U IP_UA:11006 -> IP_SER:5060
> REGISTER sip:IP_SER SIP/2.0.
> Via: SIP/2.0/UDP
> 192.168.1.178:11006;rport;branch=z9hG4bK810E80344EB24AE5B8D5FD21043E78CE
> .
> From: Lucas <sip:1991006 at IP_SER>.
> To: Lucas <sip:1991006 at IP_SER>.
> Contact: "Lucas" <sip:1991006 at 192.168.1.178:11006>.
> Call-ID: FCA6F7DD4BA94FA090F446BCE4AAE5B9 at IP_SER.
> CSeq: 57327 REGISTER.
> Expires: 1800.
> Authorization: Digest
> username="1991006 at IP_SER",realm="IP_SER",nonce="425b03326e0f4f0071f1a766
> 4c8823f1271f1212",response="8b9ec4e8e633c5dd7d4aee4aef1ffdba",uri="sip:I
> P_SER".
> Max-Forwards: 70.
> User-Agent: X-PRO build 1082.
> Content-Length: 0.
> .
>
> #
> U IP_SER:5060 -> IP_UA:11006
> SIP/2.0 401 Unauthorized.
> Via: SIP/2.0/UDP
> 192.168.1.178:11006;rport=11006;branch=z9hG4bK810E80344EB24AE5B8D5FD2104
> 3E78CE;received=IP_UA.
> From: Lucas <sip:1991006 at IP_SER>.
> To: Lucas
> <sip:1991006 at IP_SER>;tag=6f0d146d94c4cb042663ff3cf87e2e72.d766.
> Call-ID: FCA6F7DD4BA94FA090F446BCE4AAE5B9 at IP_SER.
> CSeq: 57327 REGISTER.
> WWW-Authenticate: Digest realm="IP_SER",
> nonce="425b03326e0f4f0071f1a7664c8823f1271f1212".
> Content-Length: 0.
> Warning: 392 IP_SER:5060 "Noisy feedback tells:  pid=23023
> req_src_ip=IP_UA req_src_port=11006 in_uri=sip:IP_SER
> out_uri=sip:IP_SER via_cnt==1".
>
> The thing is that I'm not seeing the Password Attribute at the radius
> output ...
> Well, to be honest, I do not know wich is the attribute SER uses to
> send password, but, the truth is no Password Attribute is sent to
> RADIUS.
>
> Any ideas ?
>
> Regards,
>
> Lucas

More information about the sr-users mailing list