[Serusers] Auth Radius and draft-sterman-aaa-sip-00 question.
Greger V. Teigre
greger at teigre.com
Fri Jun 3 09:24:43 CEST 2005
Inline.
Ricardo Martinez wrote:
> Hello list.
> I have a question about the radius authentication message. As i can
> see in the radius authorize message reaching to my Radius Server the
> format of this message is as follow:
>
> Attributes:
> User-Name = "user1 at mydomain.com"
> Digest-Attributes = "<10><10>user1"
> Digest-Attributes = "<1><23>mydomain.com"
> Digest-Attributes = "<2>*429f5a94dfac500699b5465aae863a390d5ebd92"
> Digest-Attributes = "<4>&sip:1234567 at mydomain.com"
> Digest-Attributes = "<3><10>REGISTER"
> Digest-Attributes = "<5><6>auth"
> Digest-Attributes = "<9><10>00000037"
> Digest-Attributes = "<8><10>dbb06da4"
> Digest-Response = "08525b9e17e0ed25fccc61b104ff9e20"
> Service-Type = Sip-Session
> Sip-Uri-User = "1234567"
> NAS-IP-Address = 10.1.1.3
> NAS-Port = 5060
>
>
> my question is... the format of this radius auth message with the
> "Digest-Attributes" attributes is created by SER module auth_radius
> or by the radiusclient ?
auth_radius, radiusclient just forwards the request.
> When this message reach to my server (by the way is a Radiator) i
> used a "patch" created by me to "understand" the differents
> Digest-Attributes and parse to the Digest-Uri, Digest-Method. Digest
> Real. etc that correspond, because my Radiator server seems not to
> parse the different Digest-Attributes. As i have seen in another
> post regarding to auth radius issues, the message in this format is
> understand perfect by for example the FreeRadius Server. Is there a
> special configuration (maybe with the dictionary file) to make this
> work?. What special feature do i need to set in the radius server?
> maybe the draft-sterman-aaa-sip-00 ??????
The various Digest attributes are wrapped in Digest-Attributes. All Digest
attributes, including Digest-Attributes must be defined in the dictionary
file. freeradius has an implementation of parsing Digest-Attributes and
interpreting the content as individual Digest-* attributes.
In addition, once you have the correct unwrapped Digest-* attributes, your
server must implement the http digest authentication algorithm (an rfc,
don't remember the number right now)
> Is somone using Radiator
> with SER?
Not that I am aware of, but I have heard of others trying. Maybe they have
already implemented Digest support?
g-)
More information about the sr-users
mailing list