[Serusers] Password not being sent during Radius Auth

Lucas Aimaretto lucas at cyneric.com
Tue Apr 12 16:21:19 CEST 2005 

> > The thing is that I'm not seeing the Password Attribute at 
> > the radius output ... 

> Lucas,
> Your RADIUS server needs to implement the Digest algorithm. 
> Attributes are 
> non-standard and are NOT sent as vendor-encapsulated, but 
> wrapped in the 
> Digest-Attributes avpair.  The RADIUS server thus needs to be 
> able to read 
> the digest-attributes, convert them to individual attributes 
> (as below) and 
> then implement the DIGEST authentication mechanism.
>     Translated: There is no password attribute.
> g-)
> 
> ATTRIBUTE       Digest-Response                 206     string
> ATTRIBUTE       Digest-Attributes               207     string
> ATTRIBUTE       Digest-Realm                    1063    string
> ATTRIBUTE       Digest-Nonce                    1064    string
> ATTRIBUTE       Digest-Method                   1065    string
> ATTRIBUTE       Digest-URI                      1066    string
> ATTRIBUTE       Digest-QOP                      1067    string
> ATTRIBUTE       Digest-Algorithm                1068    string
> ATTRIBUTE       Digest-Body-Digest              1069    string
> ATTRIBUTE       Digest-CNonce                   1070    string
> ATTRIBUTE       Digest-Nonce-Count              1071    string
> ATTRIBUTE       Digest-User-Name                1072    string

Ok, thanx for the answer. Anyways, I think I'll need a little help with
this. I already loaded those attributes into my dictionary, both
dictionary.ser and dictionary.sip. Now, If I have no password assigned
to my user, Users can authenticate with no problems at all. Now, if I
assign password, I see the following ...

RADIUS OUTPUT:

radrecv: Access Request from host c0a801fd code=1, id=158, length=271
    User-Name = "1991006 at 192.168.1.253"
    Digest-Attributes = "\012\0111991006"
    Digest-Attributes = "\001\017192.168.1.253"
    Digest-Attributes = "\002*425bde0ae10d15c59c4e3a5c45288ed4175a8a2a"
    Digest-Attributes = "\004\023sip:192.168.1.253"
    Digest-Attributes = "\003\012REGISTER"
    Digest-Response = "a341b3fdbacc4747b82e0718b31e627c"
    Service-Type = Sip-Session
    Sip-URI-User = "1991006"
    Unknown-Attr-327681 =
"call-id=EAED054A3CA3478184AA441574592609 at 192.168.1.253"
    NAS-IP-Address = 192.168.1.253
    NAS-Port-Id = 5060
SQL: Attempting to reserve socket
SQL: Reserved socket 0
Username is now 1991006
Calling station Id is now 1991006
Calling station Id is now (null)
Sending Access Reject of id 158 to c0a801fd (nas linux)
  Se envio Auth Reject
SQL: Socket 0 used for 0.61 seconds
SQL: Released socket 0

SER OUTPUT:

 0(17666) get_hdr_field: cseq <CSeq>: <27392> <REGISTER>
 0(17666) DEBUG: is_maxfwd_present: value = 70
 0(17666) end of header reached, state=9
 0(17666) parse_headers: flags=256
 0(17666) DEBUG: get_hdr_body : content_length=0
 0(17666) found end of header
 0(17666) find_first_route(): No Route headers found
 0(17666) loose_route(): There is no Route HF
 0(17666) check_self - checking if host==us: 13==13 &&  [192.168.1.253]
== [192.168.1.253]
 0(17666) check_self - checking if port 5060 matches port 5060
 0(17666) check_nonce(): comparing
[425bde0ae10d15c59c4e3a5c45288ed4175a8a2a] and
[425bde0ae10d15c59c4e3a5c45288ed4175a8a2a]
 0(17666) res: -2
 0(17666) radius_authorize_sterman(): Failure
 0(17666) build_auth_hf(): 'WWW-Authenticate: Digest
realm="192.168.1.253", nonce="425bde0ae10d15c59c4e3a5c45288ed4175a8a2a"'
 0(17666) parse_headers: flags=-1
 0(17666) check_via_address(192.168.1.178, 192.168.1.178, 0)
 0(17666) DEBUG:destroy_avp_list: destroing list (nil)
 0(17666) receive_msg: cleaning up

Now, these are the questions:

1) What my radius is receiving, looks fine ?
2) What must my radius be capable of doing to authenticate users with
password ? I know you said it must resolve digest attributes, but, what
does it mean ? ( or please give me some place where to read something ).
3) I know my radius supports CHAP-MD5. Isn't it enough ?

The thing is I've using this radius for some time now, and have modified
it to help my needs. I know it's a bit old already (2002). Its ic-radius
and, according to its web page it does support digest. I think ...

Please, help me out with this one. Thanx very much

Regards,

Lucas

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.7 - Release Date: 12/04/2005

More information about the sr-users mailing list