[Serusers] Existing Radius Authentication

Ryan Pagquil rpagquil at philonline.com
Mon Aug 1 12:49:44 CEST 2005 

Ah ok. BTW I'm testing radius authentication now, and i can't get 
authenticated. I use ser-0.9.3 and freeradius. Here are the information 
about my test and setup:

On Users file of freeradius i have these:

rpagquil at server4all Auth-Type := Digest, User-Password == "test123"
        Reply-Message = "Authenticated"

rpagquil at server4all Auth-Type := Accept
        Reply-Message = "Authorized"

On ser.cfg i have these:

modparam("auth_radius", "radius_config", 
"/usr/local/etc/radiusclient/radiusclient.conf")
modparam("auth_radius", "service_type", 15)

 if (!radius_www_authorize("server4all")){
                                www_challenge("", "1");
                        break;
                        };

                        save("location");
                        break;

and this is my radius log with radiusd -X:

rad_recv: Access-Request packet from host 127.0.0.1:1733, id=95, length=318
        User-Name = "rpagquil at server4all"
        Digest-Attributes = "\n\nrpagquil"
        Digest-Attributes = "\001\014server4all"
        Digest-Attributes = "\002*42ee018773f7ef0ca37028652e16deef71bdc6e9"
        Digest-Attributes = "\004\020sip:server4all"
        Digest-Attributes = "\003\nREGISTER"
        Digest-Attributes = "\005\006auth"
        Digest-Attributes = "\t\n00000002"
        Digest-Attributes = "\010"D845A10802BC11DABFB500E04CAB4AB4"
        Digest-Response = "67c537d0fb13d95416e2bb973b3caa4a"
        Service-Type = Sip-Session
        Sip-URI-User = "rpagquil"
        Cisco-AVPair = "call-id=D845A10302BC11DABFB500E04CAB4AB4 at server4all"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 5060
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    rlm_realm: Looking up realm "server4all" for User-Name = 
"rpagquil at server4all"
    rlm_realm: Found realm "DEFAULT"
    rlm_realm: Adding Stripped-User-Name = "rpagquil"
    rlm_realm: Proxying request from user rpagquil to realm DEFAULT
    rlm_realm: Adding Realm = "DEFAULT"
    rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 0
    users: Matched DEFAULT at 162
  modcall[authorize]: module "files" returns ok for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_unix: Attribute "User-Password" is required for authentication.
  modcall[authenticate]: module "unix" returns invalid for request 0
modcall: group authenticate returns invalid for request 0
auth: Failed to validate the user.
Login incorrect: [rpagquil at server4all] (from client server port 5060)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1734, id=96, length=318
        User-Name = "rpagquil at server4all"
        Digest-Attributes = "\n\nrpagquil"
        Digest-Attributes = "\001\014server4all"
        Digest-Attributes = "\002*42ee018773f7ef0ca37028652e16deef71bdc6e9"
        Digest-Attributes = "\004\020sip:server4all"
        Digest-Attributes = "\003\nREGISTER"
        Digest-Attributes = "\005\006auth"
        Digest-Attributes = "\t\n00000002"
        Digest-Attributes = "\010"D845A10902BC11DABFB500E04CAB4AB4"
        Digest-Response = "4c7a54f5710a95dc6c7620ac04271c28"
        Service-Type = Sip-Session
        Sip-URI-User = "rpagquil"
        Cisco-AVPair = "call-id=D845A10302BC11DABFB500E04CAB4AB4 at server4all"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 5060
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 1
    rlm_realm: Looking up realm "server4all" for User-Name = 
"rpagquil at server4all"
    rlm_realm: Found realm "DEFAULT"
    rlm_realm: Adding Stripped-User-Name = "rpagquil"
    rlm_realm: Proxying request from user rpagquil to realm DEFAULT
    rlm_realm: Adding Realm = "DEFAULT"
    rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 1
    users: Matched DEFAULT at 162
  modcall[authorize]: module "files" returns ok for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
modcall: group authorize returns ok for request 1
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_unix: Attribute "User-Password" is required for authentication.
  modcall[authenticate]: module "unix" returns invalid for request 1
modcall: group authenticate returns invalid for request 1
auth: Failed to validate the user.
Login incorrect: [rpagquil at server4all] (from client server port 5060)
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
Sending Access-Reject of id 95 to 127.0.0.1:1733
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 96 to 127.0.0.1:1734
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 95 with timestamp 42ee005c
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 96 with timestamp 42ee005d
Nothing to do.  Sleeping until we see a request.


Please help.

Thanks,



Klaus Darilion wrote:

> The users need not to be in the users file. You can store your users 
> anywhere (file, database, ...). The imporating thing however is: the 
> radius server has to support digest authentication. Thus, the 
> passwords must be stored in cleartext.
>
> regards
> klaus
>
> Ryan Pagquil wrote:
>
>> So it means that the System authentication that we are using now for 
>> radius will be ignored? Every users must exists in the users file of 
>> the freeradius?
>>
>> Thanks,
>>
>>
>> Klaus Darilion wrote:
>>
>>>
>>>
>>> Greger V. Teigre wrote:
>>>
>>>> Ryan,
>>>> Only if it supports the http digest authentication mechanism.
>>>> g-)
>>>
>>>
>>>
>>>
>>> This means, you need the user passwords in clear text.
>>>
>>> regards,
>>> klaus
>>>
>>>
>>>>
>>>> Ryan Pagquil wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>>    Can I use my existing radius server as my login authentication for
>>>>> ser? The existing radius uses the system to read the user accounts,
>>>>> but explained on the radius howto i must create the user accounts on
>>>>> users file of the freeradius.
>>>>> Please help.
>>>>>
>>>>> Thanks,
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Serusers mailing list
>>>> serusers at lists.iptel.org
>>>> http://lists.iptel.org/mailman/listinfo/serusers
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>
>
>


-- 
Ryan Pagquil
Infodyne Inc. - PhilOnline.com
3603 Antel Global Corporate Center
Doña Julia Vargas Ave.
Ortigas Center Pasig City
Tel: 687-0715
Web: www.philonline.com

More information about the sr-users mailing list