Hi, I successfully done my authentication and authorization with the perl and digest with mix mode, and it reply access accept packets from the radius server. But when i tried to call through asterisk, the server again try to authenticate again and rejected. The auth type is turned into local again though i put perl and digest. How the auth type will be into perl and digest when I called through asterisk.
*This is the output log after the server authenticate a user: * rad_recv: Access-Request packet from host 192.168.1.227 port 32958, id=215, length=259 User-Name = "[EMAIL PROTECTED]" Digest-Attributes = "\n\005100" Digest-Attributes = "\001\017192.168.1.227" Digest-Attributes = "\002*4832e5db308756e206b4536810ea3e70cf300c66" Digest-Attributes = "\004\023sip:192.168.1.227" Digest-Attributes = "\003\nREGISTER" Digest-Response = "805279e87b5ef1a7bc640350165079ff" Service-Type = SIP Sip-URI-User = "100" Cisco-AVPair = "call-id= [EMAIL PROTECTED]" NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 +- entering group authorize ++[preprocess] returns ok perl_pool: item 0x98c2a88 asigned new request. Handled so far: 1 found interpetator at address 0x98c2a88 rlm_perl: Added pair Digest-Response = 805279e87b5ef1a7bc640350165079ff rlm_perl: Added pair Service-Type = SIP rlm_perl: Added pair Cisco-AVPair = call-id= [EMAIL PROTECTED] rlm_perl: Added pair User-Name = [EMAIL PROTECTED] rlm_perl: Added pair Sip-URI-User = 100 rlm_perl: Added pair NAS-IP-Address = 127.0.0.1 rlm_perl: Added pair NAS-Port = 5060 rlm_perl: Added pair Digest-Attributes = \n\005100 rlm_perl: Added pair Digest-Attributes = \001\017192.168.1.227 rlm_perl: Added pair Digest-Attributes = \002*4832e5db308756e206b4536810ea3e70cf300c66 rlm_perl: Added pair Digest-Attributes = \004\023sip:192.168.1.227 rlm_perl: Added pair Digest-Attributes = \003\nREGISTER rlm_perl: Added pair Cleartext-Password = 100 perl_pool total/active/spare [32/0/32] Unreserve perl at address 0x98c2a88 ++[perl] returns ok rlm_digest: Adding Auth-Type = DIGEST ++[digest] returns ok rlm_realm: Looking up realm "192.168.1.227" for User-Name = " [EMAIL PROTECTED]" rlm_realm: No such realm "192.168.1.227" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rad_check_password: Found Auth-Type DIGEST auth: type "digest" +- entering group authenticate rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "100" Digest-Realm = "192.168.1.227" Digest-Nonce = "4832e5db308756e206b4536810ea3e70cf300c66" Digest-URI = "sip:192.168.1.227" Digest-Method = "REGISTER" A1 = 100:192.168.1.227:100 A2 = REGISTER:sip:192.168.1.227 H(A1) = fc0ea6eaea4a4b50ad280e803f4bd6a2 H(A2) = fbf27b090821dd0f71c0a0dda09e5e8e KD = fc0ea6eaea4a4b50ad280e803f4bd6a2:4832e5db308756e206b4536810ea3e70cf300c66:fbf27b090821dd0f71c0a0dda09e5e8e EXPECTED 805279e87b5ef1a7bc640350165079ff RECEIVED 805279e87b5ef1a7bc640350165079ff ++[digest] returns ok Login OK: [EMAIL PROTECTED]/<via Auth-Type = DIGEST>] (from client 192.168.1.227 port 5060) +- entering group post-auth perl_pool: item 0x9997960 asigned new request. Handled so far: 1 found interpetator at address 0x9997960 rlm_perl: Added pair Digest-User-Name = 100 rlm_perl: Added pair Digest-Response = 805279e87b5ef1a7bc640350165079ff rlm_perl: Added pair Service-Type = SIP rlm_perl: Added pair Digest-URI = sip:192.168.1.227 rlm_perl: Added pair Digest-Realm = 192.168.1.227 rlm_perl: Added pair Cisco-AVPair = call-id= [EMAIL PROTECTED] rlm_perl: Added pair Digest-Method = REGISTER rlm_perl: Added pair User-Name = [EMAIL PROTECTED] rlm_perl: Added pair Sip-URI-User = 100 rlm_perl: Added pair Digest-Nonce = 4832e5db308756e206b4536810ea3e70cf300c66 rlm_perl: Added pair NAS-IP-Address = 127.0.0.1 rlm_perl: Added pair NAS-Port = 5060 rlm_perl: Added pair Digest-Attributes = \n\005100 rlm_perl: Added pair Digest-Attributes = \001\017192.168.1.227 rlm_perl: Added pair Digest-Attributes = \002*4832e5db308756e206b4536810ea3e70cf300c66 rlm_perl: Added pair Digest-Attributes = \004\023sip:192.168.1.227 rlm_perl: Added pair Digest-Attributes = \003\nREGISTER rlm_perl: Added pair Cleartext-Password = 100 rlm_perl: Added pair Auth-Type = digest perl_pool total/active/spare [32/0/32] Unreserve perl at address 0x9997960 ++[perl] returns ok Sending Access-Accept of id 215 to 192.168.1.227 port 32958 Finished request 1. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 214 with timestamp +5 Cleaning up request 1 ID 215 with timestamp +5 Ready to process requests. *This is the output log after the server reject a user when it is call through asterisk *rad_recv: Access-Request packet from host 192.168.1.227 port 33036, id=222, length=104 Called-Station-Id = "200" Calling-Station-Id = "100" User-Name = "100" User-Password = "\034]W\242\237\233\312s6\210Sx\241\345pl" NAS-Identifier = "Asterisk" h323-conf-id = "1211297773.35" NAS-IP-Address = 192.168.1.227 NAS-Port = 5071 +- entering group authorize ++[preprocess] returns ok perl_pool: item 0x9cc2358 asigned new request. Handled so far: 1 found interpetator at address 0x9cc2358 rlm_perl: Added pair Calling-Station-Id = 100 rlm_perl: Added pair Called-Station-Id = 200 rlm_perl: Added pair User-Name = 100 rlm_perl: Added pair User-Password = \034]W\242\237\233\312s6\210Sx\241\345pl rlm_perl: Added pair NAS-Identifier = Asterisk rlm_perl: Added pair h323-conf-id = 1211297773.35 rlm_perl: Added pair NAS-IP-Address = 192.168.1.227 rlm_perl: Added pair NAS-Port = 5071 rlm_perl: Added pair Cleartext-Password = 100 perl_pool total/active/spare [32/0/32] Unreserve perl at address 0x9cc2358 ++[perl] returns ok ++[digest] returns noop rlm_realm: No '@' in User-Name = "100", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Login incorrect: [100/\034]W\242\237\233\312s6\210Sx\241\345pl] (from client 192.168.1.227 port 5071 cli 100) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> 100 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 2 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 2 Sending Access-Reject of id 222 to 192.168.1.227 port 33036 Waking up in 4.9 seconds. Cleaning up request 2 ID 222 with timestamp +768 Ready to process requests. with regards, Elangbam Johnson
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html