[Serusers] a problem about radius and digest - openser patch

Greger V. Teigre greger at teigre.com
Wed Jan 31 09:15:19 CET 2007 

I suggest you file a bug report on this issue in http://tracker.iptel.org/
I don't think you can apply the patch directly and I wouldn't recommend 
using another client in ser, it will just give you headaches with later 
versions/fixes.
g-)

TZieleniewski wrote:
>
>
> Peter Nixon napisał(a):
>> On Mon 29 Jan 2007 17:22, Alan DeKok wrote:
>>   
>>> tzieleniewski wrote:
>>>     
>>>> I am using radius to authenticate request from the radiusclient-ng2 with
>>>> the digest method. I have a strange situation because client log the
>>>> following problem: "received invalid reply digest from RADIUS server"
>>>> This is strange because as I read on web this error is due to wrong
>>>> secrets configuration.
>>>>       
>>>   Yes.  The shared secrets are wrong, or there is some miscalculation of
>>> the reply digest.
>>>
>>>     
>>>> I checked a few times and secrets are the same I even tried to reinstall
>>>> both freeradius and libradiusclient-ng2. Please help me and point what
>>>> could be a reason for this??
>>>>       
>>>   Which OS are you running on?  Is it 64-bit?  What CPU?
>>>
>>>   The libradiusclient code MAY be doing MD5 incorrectly.
>>>
>>>     
>>>> here is my radius debug (maybe will help):
>>>> rad_recv: Access-Request packet from host 127.0.0.1 port 32894, id=198,
>>>> length=300 User-Name = "hellboy at voip.touk.pl"
>>>>         Digest-Attributes = 0x0a0968656c6c626f79
>>>>         Digest-Attributes = 0x010e766f69702e746f756b2e706c
>>>>         Digest-Attributes =
>>>> 0x022a343562646565313636643534373338383937363231623565643437303833313236
>>>> 61316461636633 Digest-Attributes =
>>>> 0x04187369703a746f6d697840766f69702e746f756b2e706c Digest-Attributes =
>>>> 0x0308494e56495445
>>>>         Digest-Attributes = 0x050661757468
>>>>         Digest-Attributes = 0x090a3030303030303031
>>>>         Digest-Attributes =
>>>> 0x08223639464435383136374435424646364631304633363746453943433138333339
>>>> Digest-Response = "2c8b62ee23ac6cbe4a551b8b698a509c"
>>>>         Service-Type = 0x0000000f00000000
>>>>       
>>>   That looks like a bug in libradiusclient.  The Service-Type attribute
>>> should be 4 bytes of data, not 8.
>>>
>>>     
>>>>         SER-Service-Type = 0x0000000300000000
>>>>         SER-Uri-User = "hellboy"
>>>>         NAS-Port = 0x000013c400000000
>>>>         NAS-IP-Address = 0x7f00000100000000
>>>>       
>>>   Again, the NAS-Port & NAS-IP-Address attributes should be 4 bytes of
>>> data, not 8.
>>>
>>>   This makes me suspect you're running on a 64-bit system, and that the
>>> libradiusclient code isn't 64-bit clean.
>>>     
>>
>> Yes. I _think_ that this is the bug that chris fixed in freeradius-client 2 
>> days ago.
>>
>> Try using a current snapshot of freeradius-client instead of radiusclient-ng 
>> and see if the problem is solved. Here is a link:
>> ftp://ftp.suntel.com.tr/pub/freeradius/snapshots/freeradius-client-snapshot-20070129.tar.bz2
>>
>> A patch I wrote to make OpenSER use freeradius-client instead of 
>> radiusclient-ng is at:
>> https://sourceforge.net/tracker/?func=detail&atid=743022&aid=1631052&group_id=139143
>>
>> If you run SER instead of OpenSER you may have to fiddle with the patch 
>> slightly..
>>
>> A modified version of the patch has been applied to openser cvs. (See the 
>> comments for details)
>>
>> Cheers
>>
>>   
> Thank you !
>
> I 've never worked with OpenSer and I have never tried to apply a 
> patch to SER. Could you point me some resources
> where I can get some more understanding what such patch  is and how to 
> apply it ?
> I read the comments and from them I understood that what I need to do 
> is install FreeRadius Client,
> because the problem considers client side, and then intergrete 
> ser/openser to use this client.
> And this is what I don't know exactly how to achieve please help me 
> with this issue.
>
> bests
> -tomasz
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20070131/7c530f16/attachment.htm>

More information about the sr-users mailing list