with Digest

Darren Bentley Fri, 24 Sep 2004 12:37:17 -0700

Hello,

I'm setting up a SER (sip express router) box. I've got FreeRadius 0.9.3
using MySQL for the backend.


I've uncommented the digest lines in the radiusd.conf file and appended
the dictionary.ser to the main dictionary file.

Here are my tables:

radcheck:

UserName: [EMAIL PROTECTED]
Attribute: User-Password
op: ==
Value: test

radgroupcheck:

GroupName: phone
Attribute: Auth-Type
op: :=
Value: Digest

usergroup:
UserName: [EMAIL PROTECTED]
GroupName: phone

So when I try to register my SIP Phone I get this in the radius log:

rad_recv: Access-Request packet from host 127.0.0.1:38555, id=31,
length=249
        User-Name = "[EMAIL PROTECTED]"
        Digest-Attributes = "\n\006test"
        Digest-Attributes = "\001\02010.10.50.52"
        Digest-Attributes =
"\002*41547685a3d48602db4cca03c745d46c0c7fe0f9"
        Digest-Attributes = "\004\024sip:10.10.50.52"
        Digest-Attributes = "\003\nREGISTER"
        Digest-Response = "2badc7fccc223775a7bc12cbacca4a68"
        Service-Type = Sip-Session
        Sip-URI-User = "test"
        Cisco-AVPair = "[EMAIL PROTECTED]"
        NAS-IP-Address = 127.0.0.1
        NAS-Port-Id = 5060
modcall: entering group authorize for request 2
  modcall[authorize]: module "preprocess" returns ok for request 2
  modcall[authorize]: module "chap" returns noop for request 2
  modcall[authorize]: module "eap" returns noop for request 2
    rlm_digest: Converting Digest-Attributes to something sane...
        Digest-User-Name = "test"
        Digest-Realm = "10.10.50.52"
        Digest-Nonce = "41547685a3d48602db4cca03c745d46c0c7fe0f9"
        Digest-URI = "sip:10.10.50.52"
        Digest-Method = "REGISTER"
rlm_digest: Adding Auth-Type = DIGEST
  modcall[authorize]: module "digest" returns ok for request 2
radius_xlat:  '[EMAIL PROTECTED]'
rlm_sql (sql): sql_set_user escaped user --> '[EMAIL PROTECTED]'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = '[EMAIL PROTECTED]' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql_mysql: query:  SELECT id,UserName,Attribute,Value,op FROM
radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
  FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND 
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query:  SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
  FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND 
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = '[EMAIL PROTECTED]' ORDER BY id'
rlm_sql_mysql: query:  SELECT id,UserName,Attribute,Value,op FROM
radreply WHERE Username = '[EMAIL PROTECTED]' ORDER BY id
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
  FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND 
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query:  SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
  FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND 
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 2
  modcall[authorize]: module "sql" returns ok for request 2
    rlm_realm: Looking up realm "10.10.50.52" for User-Name =
"[EMAIL PROTECTED]"
    rlm_realm: Found realm "DEFAULT"
    rlm_realm: Adding Stripped-User-Name = "test"
    rlm_realm: Proxying request from user test to realm DEFAULT
    rlm_realm: Adding Realm = "DEFAULT"
    rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 2
  modcall[authorize]: module "files" returns notfound for request 2
  modcall[authorize]: module "mschap" returns noop for request 2
modcall: group authorize returns ok for request 2
  rad_check_password:  Found Auth-Type Digest
auth: type "digest"
modcall: entering group authenticate for request 2
A1 = test:10.10.50.52:test
A2 = REGISTER:sip:10.10.50.52
KD =
4d384009e03edfce7bab0866e13fab7f:41547685a3d48602db4cca03c745d46c0c7fe0f9:87ed77f9f0c3af1df63cd35c7ccd110c
  modcall[authenticate]: module "digest" returns ok for request 2
modcall: group authenticate returns ok for request 2
Login OK: [EMAIL PROTECTED]/<no User-Password attribute>] (from client
localhost port 5060)
Sending Access-Accept of id 31 to 127.0.0.1:38555
Finished request 2
Going to the next request

-------------------------------------

I'm not sure why it's saying Login OK ? It just keeps repeating this
over and over again.

Any ideas why I get the <no User-Password attribute> message?

Thanks,

- Darren


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

with Digest

Reply via email to