[Serusers] a problem about radius and digest - openser patch
Greger V. Teigre
greger at teigre.com
Wed Jan 31 09:15:19 CET 2007
I suggest you file a bug report on this issue in http://tracker.iptel.org/
I don't think you can apply the patch directly and I wouldn't recommend
using another client in ser, it will just give you headaches with later
versions/fixes.
g-)
TZieleniewski wrote:
>
>
> Peter Nixon napisał(a):
>> On Mon 29 Jan 2007 17:22, Alan DeKok wrote:
>>
>>> tzieleniewski wrote:
>>>
>>>> I am using radius to authenticate request from the radiusclient-ng2 with
>>>> the digest method. I have a strange situation because client log the
>>>> following problem: "received invalid reply digest from RADIUS server"
>>>> This is strange because as I read on web this error is due to wrong
>>>> secrets configuration.
>>>>
>>> Yes. The shared secrets are wrong, or there is some miscalculation of
>>> the reply digest.
>>>
>>>
>>>> I checked a few times and secrets are the same I even tried to reinstall
>>>> both freeradius and libradiusclient-ng2. Please help me and point what
>>>> could be a reason for this??
>>>>
>>> Which OS are you running on? Is it 64-bit? What CPU?
>>>
>>> The libradiusclient code MAY be doing MD5 incorrectly.
>>>
>>>
>>>> here is my radius debug (maybe will help):
>>>> rad_recv: Access-Request packet from host 127.0.0.1 port 32894, id=198,
>>>> length=300 User-Name = "hellboy at voip.touk.pl"
>>>> Digest-Attributes = 0x0a0968656c6c626f79
>>>> Digest-Attributes = 0x010e766f69702e746f756b2e706c
>>>> Digest-Attributes =
>>>> 0x022a343562646565313636643534373338383937363231623565643437303833313236
>>>> 61316461636633 Digest-Attributes =
>>>> 0x04187369703a746f6d697840766f69702e746f756b2e706c Digest-Attributes =
>>>> 0x0308494e56495445
>>>> Digest-Attributes = 0x050661757468
>>>> Digest-Attributes = 0x090a3030303030303031
>>>> Digest-Attributes =
>>>> 0x08223639464435383136374435424646364631304633363746453943433138333339
>>>> Digest-Response = "2c8b62ee23ac6cbe4a551b8b698a509c"
>>>> Service-Type = 0x0000000f00000000
>>>>
>>> That looks like a bug in libradiusclient. The Service-Type attribute
>>> should be 4 bytes of data, not 8.
>>>
>>>
>>>> SER-Service-Type = 0x0000000300000000
>>>> SER-Uri-User = "hellboy"
>>>> NAS-Port = 0x000013c400000000
>>>> NAS-IP-Address = 0x7f00000100000000
>>>>
>>> Again, the NAS-Port & NAS-IP-Address attributes should be 4 bytes of
>>> data, not 8.
>>>
>>> This makes me suspect you're running on a 64-bit system, and that the
>>> libradiusclient code isn't 64-bit clean.
>>>
>>
>> Yes. I _think_ that this is the bug that chris fixed in freeradius-client 2
>> days ago.
>>
>> Try using a current snapshot of freeradius-client instead of radiusclient-ng
>> and see if the problem is solved. Here is a link:
>> ftp://ftp.suntel.com.tr/pub/freeradius/snapshots/freeradius-client-snapshot-20070129.tar.bz2
>>
>> A patch I wrote to make OpenSER use freeradius-client instead of
>> radiusclient-ng is at:
>> https://sourceforge.net/tracker/?func=detail&atid=743022&aid=1631052&group_id=139143
>>
>> If you run SER instead of OpenSER you may have to fiddle with the patch
>> slightly..
>>
>> A modified version of the patch has been applied to openser cvs. (See the
>> comments for details)
>>
>> Cheers
>>
>>
> Thank you !
>
> I 've never worked with OpenSer and I have never tried to apply a
> patch to SER. Could you point me some resources
> where I can get some more understanding what such patch is and how to
> apply it ?
> I read the comments and from them I understood that what I need to do
> is install FreeRadius Client,
> because the problem considers client side, and then intergrete
> ser/openser to use this client.
> And this is what I don't know exactly how to achieve please help me
> with this issue.
>
> bests
> -tomasz
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20070131/7c530f16/attachment.htm>
More information about the sr-users
mailing list