[Serusers] Radius Authenication Problems...

Greger V. Teigre greger at teigre.com
Fri Jul 21 11:39:54 CEST 2006 

I cannot really see anything wrong. Try without domain in your 
radius_www_authorize and www_challenge and see if you get the same.  I 
assume this is freeRADIUS?  I haven't used it, so there might be 
configuration stuff I'm not aware of, but again, the log seems ok.  Do 
you have the problem with one or all users?
g-)

Natambu Obleton wrote:
>
> I am new to SER and radius and I am having a digest problem.
>
>  
>
>  
>
> My ser.cfg section:
>
>         if (method=="REGISTER" || method=="INVITE") {
>
>                 log("**************************WTF mate?");
>
>                 if (!radius_www_authorize("voip.fasttrackcomm.net")) {
>
>                         log("WTF mate auth?");
>
>                         www_challenge("voip.fasttrackcomm.net", "0");
>
>                         break;
>
>                 };
>
>  
>
> My users file:
>
> Line 50-
>
> 9703751000 at voip.fasttrackcomm.net       Auth-Type := Digest, 
> User-Password == "5321"
>
>         Reply-Message = "Authenticated"
>
>  
>
> Radius_logging:
>
> --- Walking the entire request list ---
>
> Cleaning up request 96 ID 55 with timestamp 44be52aa
>
> Sending Access-Reject of id 56 to 127.0.0.1 port 34690
>
>         Reply-Message = "Authenticated"
>
> Waking up in 4 seconds...
>
> rad_recv: Access-Request packet from host 127.0.0.1:34691, id=57, 
> length=247
>
>         User-Name = "9703751000 at voip.fasttrackcomm.net"
>
>         Digest-Attributes = 0x0a0c39373033373531303030
>
>         Digest-Attributes = 
> 0x0118766f69702e66617374747261636b636f6d6d2e6e6574
>
>         Digest-Attributes = 
> 0x022a34346265353363613034613664386636363465613466303132313031343666303665316361316333
>
>         Digest-Attributes = 
> 0x04207369703a35303040766f69702e66617374747261636b636f6d6d2e6e6574
>
>         Digest-Attributes = 0x0308494e56495445
>
>         Digest-Response = "e311972978c1d06b6341c18aba7373c7"
>
>         Service-Type = Sip-Session
>
>         Sip-Uri-User = "9703751000"
>
>         NAS-Port = 5060
>
>         NAS-IP-Address = 127.0.0.1
>
>   Processing the authorize section of radiusd.conf
>
> modcall: entering group authorize for request 98
>
>   modcall[authorize]: module "preprocess" returns ok for request 98
>
> rlm_digest: Adding Auth-Type = DIGEST
>
>   modcall[authorize]: module "digest" returns ok for request 98
>
>     rlm_realm: Looking up realm "voip.fasttrackcomm.net" for User-Name 
> = "9703751000 at voip.fasttrackcomm.net"
>
>     rlm_realm: Found realm "voip.fasttrackcomm.net"
>
>     rlm_realm: Proxying request from user 9703751000 to realm 
> voip.fasttrackcomm.net
>
>     rlm_realm: Adding Realm = "voip.fasttrackcomm.net"
>
>     rlm_realm: Authentication realm is LOCAL.
>
>   modcall[authorize]: module "suffix" returns noop for request 98
>
>     users: Matched entry 9703751000 at voip.fasttrackcomm.net at line 50
>
>   modcall[authorize]: module "files" returns ok for request 98
>
> modcall: leaving group authorize (returns ok) for request 98
>
>   rad_check_password:  Found Auth-Type Digest
>
> auth: type "digest"
>
>   Processing the authenticate section of radiusd.conf
>
> modcall: entering group authenticate for request 98
>
>     rlm_digest: Converting Digest-Attributes to something sane...
>
>         Digest-User-Name = "9703751000"
>
>         Digest-Realm = "voip.fasttrackcomm.net"
>
>         Digest-Nonce = "44be53ca04a6d8f664ea4f01210146f06e1ca1c3"
>
>         Digest-URI = "sip:500 at voip.fasttrackcomm.net"
>
>         Digest-Method = "INVITE"
>
> A1 = 9703751000:voip.fasttrackcomm.net:5321
>
> A2 = INVITE:sip:500 at voip.fasttrackcomm.net
>
> KD = 
> bde2dd5ada6b4377bf8167616c47236f:44be53ca04a6d8f664ea4f01210146f06e1ca1c3:d9ed5d99fee1e1f435339ff6f206edac 
>
>
> rlm_digest: FAILED authentication
>
>   modcall[authenticate]: module "digest" returns reject for request 98
>
> modcall: leaving group authenticate (returns reject) for request 98
>
> auth: Failed to validate the user.
>
> Delaying request 98 for 1 seconds
>
> Finished request 98
>
>  
>
>  
>
>  
>
>  
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20060721/e1037bc0/attachment.htm>

More information about the sr-users mailing list