Hi All,
Ok, after reviewing all the information that was received, I've setup my
FreeRadius
as following:
1. The authorize and authenticate sections are setup to activate digest and
perl.
2. My rlm_perl script utilizes the following lines in order to return the
unencrypted
user password back to FreeRadius for digest authentication:
$RAD_CHECK{'Cleartext-Password'} = "xxxxxx"; # Remove this line for
production
$RAD_CHECK{'User-Password'}="xxxxxx"; # Remove this line for
production
I just put these inside my script for checking, later on this information
will be
retrieved from an external source.
Now, FreeRadius activates my rlm_perl module, no problem, as I can see the
various
reply fields being setup, however, I'm still getting the following error:
rlm_perl: RAD_REQUEST: Client-IP-Address = 192.168.2.80
rlm_perl: RAD_REQUEST: Digest-Response = 632905a2325f672f049800eda7df9ee4
rlm_perl: RAD_REQUEST: User-Name = [EMAIL PROTECTED]
rlm_perl: RAD_REQUEST: Service-Type = IAPP-Register
rlm_perl: RAD_REQUEST: NAS-IP-Address = 192.168.2.80
rlm_perl: RAD_REQUEST: NAS-Port = 5060
rlm_perl: RAD_REQUEST: Sip-Uri-User = z2l
rlm_perl: RAD_REQUEST: Digest-Attributes = ARRAY(0xbbc93f0)
rlm_perl: RAD_REPLY: Reply-Message = User accepted by z2l WSDL
rlm_perl: RAD_REPLY: z2l-Duration = 60
rlm_perl: RAD_REPLY: z2l-Status = 2
rlm_perl: RAD_REPLY: z2l-Session = 833abb3d-d047-4d0d-a40e-2e147049f96d
rlm_perl: Added pair Reply-Message = User accepted by z2l
rlm_perl: Added pair z2l-Duration = 60
rlm_perl: Added pair z2l-Status = 2
rlm_perl: Added pair z2l-Session = 833abb3d-d047-4d0d-a40e-2e147049f96d
rlm_perl: Added pair Cleartext-Password = z2l
rlm_perl: Added pair User-Password = z2l
rlm_perl: Added pair Auth-Type = digest
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0xb933260
modcall[authorize]: module "perl" returns ok for request 5
rlm_realm: Looking up realm "192.168.2.80" for User-Name = "[EMAIL
PROTECTED]"
rlm_realm: No such realm "192.168.2.80"
modcall[authorize]: module "suffix" returns noop for request 5
modcall: leaving group authorize (returns ok) for request 5
rad_check_password: Found Auth-Type DIGEST
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_digest: Configuration item "User-Password" or Digest-HA1 is required for
authentication.
modcall[authenticate]: module "digest" returns invalid for request 5
modcall: leaving group authenticate (returns invalid) for request 5
auth: Failed to validate the user.
Login incorrect: [EMAIL PROTECTED]/<no User-Password attribute>] (from client
192.168.2.80 port 5060)
Delaying request 5 for 1 seconds
Finished request 5
Going to the next request
Waking up in 3 seconds...
Now, my configuration is very very simple. In the authorize I have digest and
perl
enabled, in authenticate I have only digest enabled. If I read the debug
correctly, the
authorization is going ok:
modcall[authorize]: module "perl" returns ok for request 5
rlm_realm: Looking up realm "192.168.2.80" for User-Name = "[EMAIL
PROTECTED]"
rlm_realm: No such realm "192.168.2.80"
modcall[authorize]: module "suffix" returns noop for request 5
modcall: leaving group authorize (returns ok) for request 5
However, the authentication section fails:
rad_check_password: Found Auth-Type DIGEST
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_digest: Configuration item "User-Password" or Digest-HA1 is required for
authentication.
modcall[authenticate]: module "digest" returns invalid for request 5
modcall: leaving group authenticate (returns invalid) for request 5
auth: Failed to validate the user.
Login incorrect: [EMAIL PROTECTED]/<no User-Password attribute>] (from client
192.168.2.80 port 5060)
So, I'm either returning something in the wrong way, or I've broken something
again.
Any pointers on the issue would be highly appreciated.
Regards,
Z2L
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
