[OpenSER-Users] OpenSER not sending User-Password to Radius Server
Klaus Darilion
klaus.mailinglists at pernau.at
Tue Jul 17 23:31:05 CEST 2007
SIP uses digest authentication: The SIP proxy does not receive a
password, thus it can't send it to the radius server.
Instead the client is sending a digest response to the SIP proxy (a hash
calculated from the nonce, the password and some more parameters).
This response is forwarded to the Radius Server:
> Digest-Response = "8a61cba1c0729fa70929a115c6ae7c31"
Thus, you have to configure your Radius Server to use digest
authentication - then it should work
regards
klaus
> Service-Type = Authenticate-Only
> X-Ascend-PW-Lifetime = 0x313031
> NAS-Port = 5060
> NAS-IP-Address = 192.168.2.80
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 75
> perl_pool: item 0x98baa10 asigned new request. Handled so far: 3
> found interpetator at address 0x98baa10
> rlm_perl: RAD_REQUEST: X-Ascend-PW-Lifetime = 0x313031
> rlm_perl: RAD_REQUEST: Digest-Response = 8a61cba1c0729fa70929a115c6ae7c31
> rlm_perl: RAD_REQUEST: User-Name = 101 at 192.168.2.80
> rlm_perl: RAD_REQUEST: Service-Type = Authenticate-Only
> rlm_perl: RAD_REQUEST: NAS-IP-Address = 192.168.2.80
> rlm_perl: RAD_REQUEST: NAS-Port = 5060
> rlm_perl: RAD_REQUEST: Digest-Attributes = ARRAY(0x99f368c)
> perl_pool total/active/spare [32/0/32]
>
> This clearly shows that the User-Password attribute is not sent. Anyone can point me at the direction to look?
>
> z2l
>
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
More information about the sr-users
mailing list