Ok, I think there is a misunderstanding here. Here's my target:
OpenSER -> FreeRadius -- rlm_perl --> TCP Server Now, if I understand correctly, in order to validate that a SIP register coming in from the OpenSER is a valid username/password combo, I'm required to calculate the Digest on the TCP Server, and verify it against the digest that is calculated at the OpenSER, and that is being done using the AVP information that is passwed to the FreeRadius server, and the password that is stored at the remote TCP Server. Tell me if I have something backwards here? Z2L ----- Original Message ----- From: "FreeRadius-ML" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" <[email protected]> Sent: Tuesday, July 24, 2007 2:10:49 PM (GMT+0200) Asia/Jerusalem Subject: Re: rml_perl question Ok, That makes more sense, do you have an example I can look at? In any case, let me see if I understand the below: I see that we perform 3 MD5 sums, each time on a different concatenated string. The fields that I'm not recognizing are nc-val and entiry-body. Can you please add information about these, as I would like to get more information on this, as there may be a possibility that I would be required to calculate this externally. Regards, Z2L ----- Original Message ----- From: "Phil Mayers" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" <[email protected]> Sent: Tuesday, July 24, 2007 2:00:33 PM (GMT+0200) Asia/Jerusalem Subject: Re: rml_perl question On Tue, 2007-07-24 at 11:43 +0300, FreeRadius-ML wrote: > Hi Peter, > > Well, according to the RFC, the string should be: > username:realm:password and then into the md5sum. No, the digest response is: md5 ( concat ( md5 ( user:realm:passwd ) nonce:nc-val:cnonce:qop:md5(method:uri[:entity-body]) ) ) > So, I did the following: echo '[EMAIL PROTECTED]:192.168.2.80:101' | > md5sum, which generated > the following output: ec6cec8f0b5904ba56401b1e305638b5. *Even* if that were how it worked, you've md5'ed the "\n" that echo will echo. In any event, you're going about this totally wrong. FreeRadius has a digest auth module; you should be extracting the credentials from your database and letting FreeRadius do the auth algorithm. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
