subject:"Re\: \[SR\-Users\] Auth_radius \- digest auth problem"

Re: [SR-Users] Auth_radius - digest auth problem

2017-06-06 Thread Daniel-Constantin Mierla

Hello,


On 22.05.17 16:56, Donat Zenichev wrote:
> Well, actually I can try.
> What will be the main goal of this edition?
to get it updated for latest kamailio stable version, 5.0.x.
>
> Now I'm trying to find all features (about Radius) that have any
> influence on authentication process.
> And one more question, is it possible to discuss the refurbish actions
> of the article not at sr-list, but in personal mailing?

Discussions on mailing list is better. I don't use RADIUS anymore, for
many years, so I can't really help much on private.

Moreover, my inbox is not checked very often, it's a lot of unsolicited
mail there. I rarely respond to emails there, unless I ask explicitly
for some sensitive details and then have a filter on catching such
messages. I check always the folders for mailing lists when I have a bit
of time, when it's nothing do respond on mailing list, nothing to fix
from bug tracker or nothing else to spend time on it, then I may get on
the inbox -- in other words, it's very unlikely, that's why I send from
time to time reminders here that writing private messages regarding
kamailio have little chance to be answered - mailing lists are way better.

Cheers,
Daniel

>
>
>
> 2017-05-22 9:56 GMT+03:00 Donat Zenichev  >:
>
> What did you mean, when you ask for 'backend'?
> If you meant an storage, so it's not a .txt users file, I'm using
> db - radcheck table.
>
> So guys, the I've solved the problem.
> It wasn't consisted of kamailio functions or radius configuration.
>
> So you're free to use: www_challenge("$fd", "1"), until
> up radius_www_authorize("$fd","$fU") comes up.
> Qop parameter does what he does and changes nothing within radius
> authentication process.
>
>
> My problem was about username column in radcheck table.
> It's not enough to insert an username, you ought to use full URI,
> like: username@my.proxy.domain
> Also don't forget about attributes of the row that belongs to a
> certain user agent.
>
> So my part of table for one of users looks like that:
> 
> ;---;
> 
> ;---id---;---username---;--attribute-;--op---;--value-;
> 
> ;---;
> ;__1__;__ua@dom.com_;__User-Password_;___==_;_hereuapassowrd;
> ;__2__;__ua@dom.com_;__Auth-Type_;___:=__;_Digest;
> ;__
>
> Actually, I don't know why, but there is just a few articles all
> over the net, that describes a bit the functionality and
> processing with auth_radius module.
> I hope my case will be useful for others, who uses kamailio +
> radius/db
>
> But I have a problem how to request AVPs for a certain user from
> RADIUS, I found some solutions with SIP-AVP attribute, but still
> haven't done it.
> Now I have to databases, one for Kamailio (that contains users
> AVPs, that Kamailio gets by avp_db_query) and second for users
> credentials (that are used while authorization on INVITE, REGISTER
> requests).
>
> And as for the future, I have a goal to store passwords in ha1,
> haven't started to discover this.
>
>
>
>
> 2017-05-18 17:11 GMT+03:00 Donat Zenichev
> mailto:donat.zenic...@gmail.com>>:
>
> Hi all.
> Have a problem with radius authorization.
>
> I'm using auth_radius.so
>
> modparams, only path to client file:
> modparam("auth_radius", "radius_config",
> "/etc/radiusclient/radiusclient.conf")
>
> Freeradius installed and is working properly, radtest
> authentication from kamailio host succeed .
>
> How authorization block looks like:
>
> if (!is_present_hf("Authorization")) {
> xlog("L_NOTICE", "- Athorization HF is not found - passing
> the challenge -\n");
>
> if (nat_uac_test("2")) {
> force_rport();
> }
>
> www_challenge("$fd", "1");
> exit;
>
>
> if (!radius_www_authorize("$fd","$fU")) {
>
> if (nat_uac_test("2")) {
> force_rport();
> }
> xlog("L_NOTICE", "- Registeration $au@$ar ($fU) from
> $si:$sp Rejected. Code: $rc -\n");
>
> sl_send_reply("401","Unauthorized");
> exit;
>
> Radius log is filled by rows like:
> Auth: [digest] Cleartext-Password or Digest-HA1 is required
> for authentication.
>
> Tried to use radius_www_authorize without $fU - didn't change
> anything.
> Tried to use www_challenge without qop - didn't change anything.
>
> So, this solution is quite simple, but I have a fail while
> digest authentication.
> Any ideas? 
>
>

Re: [SR-Users] Auth_radius - digest auth problem

2017-06-06 Thread Daniel-Constantin Mierla

Hello,

the tutorial is now in markdown format at:

  - https://github.com/kamailio/kamailio-tutorials

It is a plain migration from old html version to mkdocs, only replacing
some of openser words with kamailio.

Pull requests to get it up to date are welcome!

Cheers,
Daniel

On 22.05.17 21:29, Alfonso Pinto wrote:
> Hi Daniel,
>
> I don't use radius since ages but I think I can install a small PoC
> and update the tutorial.
>
> Cheers,
> Alfonso
>
> On Mon, May 22, 2017 at 3:00 PM, Daniel-Constantin Mierla
>  wrote:
>> Hello,
>>
>> thanks for sharing back the solution. It will be useful in the future for
>> people facing the same issue.
>>
>> Probably we should update the very old tutorial for using Radius
>> (https://www.kamailio.org/docs/openser-radius-1.0.x.html). I can take the
>> time to put it on gihub (probably as markdown file so we can use mkdocs to
>> publish it in nice html output), but I need people using Radius these days
>> to contribute updates, because I don't use Radius anymore for many years.
>>
>> Is anyone interested in helping with it?
>>
>> Cheers,
>> Daniel
>>
>> On Mon, May 22, 2017 at 8:56 AM, Donat Zenichev 
>> wrote:
>>> What did you mean, when you ask for 'backend'?
>>> If you meant an storage, so it's not a .txt users file, I'm using db -
>>> radcheck table.
>>>
>>> So guys, the I've solved the problem.
>>> It wasn't consisted of kamailio functions or radius configuration.
>>>
>>> So you're free to use: www_challenge("$fd", "1"), until up
>>> radius_www_authorize("$fd","$fU") comes up.
>>> Qop parameter does what he does and changes nothing within radius
>>> authentication process.
>>>
>>>
>>> My problem was about username column in radcheck table.
>>> It's not enough to insert an username, you ought to use full URI, like:
>>> username@my.proxy.domain
>>> Also don't forget about attributes of the row that belongs to a certain
>>> user agent.
>>>
>>> So my part of table for one of users looks like that:
>>>
>>> ;---;
>>>
>>> ;---id---;---username---;--attribute-;--op---;--value-;
>>>
>>> ;---;
>>> ;__1__;__ua@dom.com_;__User-Password_;___==_;_hereuapassowrd;
>>> ;__2__;__ua@dom.com_;__Auth-Type_;___:=__;_Digest;
>>> ;__
>>>
>>> Actually, I don't know why, but there is just a few articles all over the
>>> net, that describes a bit the functionality and processing with auth_radius
>>> module.
>>> I hope my case will be useful for others, who uses kamailio + radius/db
>>>
>>> But I have a problem how to request AVPs for a certain user from RADIUS, I
>>> found some solutions with SIP-AVP attribute, but still haven't done it.
>>> Now I have to databases, one for Kamailio (that contains users AVPs, that
>>> Kamailio gets by avp_db_query) and second for users credentials (that are
>>> used while authorization on INVITE, REGISTER requests).
>>>
>>> And as for the future, I have a goal to store passwords in ha1, haven't
>>> started to discover this.
>>>
>>>
>>>
>>>
>>> 2017-05-18 17:11 GMT+03:00 Donat Zenichev :
 Hi all.
 Have a problem with radius authorization.

 I'm using auth_radius.so

 modparams, only path to client file:
 modparam("auth_radius", "radius_config",
 "/etc/radiusclient/radiusclient.conf")

 Freeradius installed and is working properly, radtest authentication from
 kamailio host succeed .

 How authorization block looks like:

 if (!is_present_hf("Authorization")) {
 xlog("L_NOTICE", "- Athorization HF is not found - passing the
 challenge -\n");

 if (nat_uac_test("2")) {
 force_rport();
 }

 www_challenge("$fd", "1");
 exit;


 if (!radius_www_authorize("$fd","$fU")) {

 if (nat_uac_test("2")) {
 force_rport();
 }
 xlog("L_NOTICE", "- Registeration $au@$ar ($fU) from $si:$sp
 Rejected. Code: $rc -\n");

 sl_send_reply("401","Unauthorized");
 exit;

 Radius log is filled by rows like:
 Auth: [digest] Cleartext-Password or Digest-HA1 is required for
 authentication.

 Tried to use radius_www_authorize without $fU - didn't change anything.
 Tried to use www_challenge without qop - didn't change anything.

 So, this solution is quite simple, but I have a fail while digest
 authentication.
 Any ideas?


 --
 --
 BR, Donat Zenichev
 Wnet VoIP team
 Tel:  +380(44) 5-900-808
 http://wnet.ua
>>>
>>>
>>>
>>> --
>>> --
>>> BR, Donat Zenichev
>>> Wnet VoIP team
>>> Tel:  +380(44) 5-900-808
>>> http://wnet.ua
>>>
>>> ___
>>> Kamailio (SER) - Users Mailing List
>>> sr-users@lists.kamailio.org

Re: [SR-Users] Auth_radius - digest auth problem

2017-05-22 Thread Donat Zenichev

Well, actually I can try.
What will be the main goal of this edition?

Now I'm trying to find all features (about Radius) that have any influence
on authentication process.
And one more question, is it possible to discuss the refurbish actions of
the article not at sr-list, but in personal mailing?



2017-05-22 9:56 GMT+03:00 Donat Zenichev :

> What did you mean, when you ask for 'backend'?
> If you meant an storage, so it's not a .txt users file, I'm using db -
> radcheck table.
>
> So guys, the I've solved the problem.
> It wasn't consisted of kamailio functions or radius configuration.
>
> So you're free to use: www_challenge("$fd", "1"), until
> up radius_www_authorize("$fd","$fU") comes up.
> Qop parameter does what he does and changes nothing within radius
> authentication process.
>
>
> My problem was about username column in radcheck table.
> It's not enough to insert an username, you ought to use full URI, like:
> username@my.proxy.domain
> Also don't forget about attributes of the row that belongs to a certain
> user agent.
>
> So my part of table for one of users looks like that:
> ;---
> ;
> ;---id---;---username---;--attribute-;--
> op---;--value-;
> ;---
> ;
> ;__1__;__ua@dom.com_;__User-Password_;___==_;_hereuapassowrd;
> ;__2__;__ua@dom.com_;__Auth-Type_;___:=__;_Digest;
> ;__
>
> Actually, I don't know why, but there is just a few articles all over the
> net, that describes a bit the functionality and processing with auth_radius
> module.
> I hope my case will be useful for others, who uses kamailio + radius/db
>
> But I have a problem how to request AVPs for a certain user from RADIUS, I
> found some solutions with SIP-AVP attribute, but still haven't done it.
> Now I have to databases, one for Kamailio (that contains users AVPs, that
> Kamailio gets by avp_db_query) and second for users credentials (that are
> used while authorization on INVITE, REGISTER requests).
>
> And as for the future, I have a goal to store passwords in ha1, haven't
> started to discover this.
>
>
>
>
> 2017-05-18 17:11 GMT+03:00 Donat Zenichev :
>
>> Hi all.
>> Have a problem with radius authorization.
>>
>> I'm using auth_radius.so
>>
>> modparams, only path to client file:
>> modparam("auth_radius", "radius_config", "/etc/radiusclient/radiusclien
>> t.conf")
>>
>> Freeradius installed and is working properly, radtest authentication from
>> kamailio host succeed .
>>
>> How authorization block looks like:
>>
>> if (!is_present_hf("Authorization")) {
>> xlog("L_NOTICE", "- Athorization HF is not found - passing the
>> challenge -\n");
>>
>> if (nat_uac_test("2")) {
>> force_rport();
>> }
>>
>> www_challenge("$fd", "1");
>> exit;
>>
>>
>> if (!radius_www_authorize("$fd","$fU")) {
>>
>> if (nat_uac_test("2")) {
>> force_rport();
>> }
>> xlog("L_NOTICE", "- Registeration $au@$ar ($fU) from $si:$sp
>> Rejected. Code: $rc -\n");
>>
>> sl_send_reply("401","Unauthorized");
>> exit;
>>
>> Radius log is filled by rows like:
>> Auth: [digest] Cleartext-Password or Digest-HA1 is required for
>> authentication.
>>
>> Tried to use radius_www_authorize without $fU - didn't change anything.
>> Tried to use www_challenge without qop - didn't change anything.
>>
>> So, this solution is quite simple, but I have a fail while digest
>> authentication.
>> Any ideas?
>>
>>
>> --
>> --
>> BR, Donat Zenichev
>> Wnet VoIP team
>> Tel:  +380(44) 5-900-808
>> http://wnet.ua
>>
>
>
>
> --
> --
> BR, Donat Zenichev
> Wnet VoIP team
> Tel:  +380(44) 5-900-808
> http://wnet.ua
>



-- 
-- 
BR, Donat Zenichev
Wnet VoIP team
Tel:  +380(44) 5-900-808
http://wnet.ua
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Auth_radius - digest auth problem

2017-05-22 Thread Alfonso Pinto

Hi Daniel,

I don't use radius since ages but I think I can install a small PoC
and update the tutorial.

Cheers,
Alfonso

On Mon, May 22, 2017 at 3:00 PM, Daniel-Constantin Mierla
 wrote:
> Hello,
>
> thanks for sharing back the solution. It will be useful in the future for
> people facing the same issue.
>
> Probably we should update the very old tutorial for using Radius
> (https://www.kamailio.org/docs/openser-radius-1.0.x.html). I can take the
> time to put it on gihub (probably as markdown file so we can use mkdocs to
> publish it in nice html output), but I need people using Radius these days
> to contribute updates, because I don't use Radius anymore for many years.
>
> Is anyone interested in helping with it?
>
> Cheers,
> Daniel
>
> On Mon, May 22, 2017 at 8:56 AM, Donat Zenichev 
> wrote:
>>
>> What did you mean, when you ask for 'backend'?
>> If you meant an storage, so it's not a .txt users file, I'm using db -
>> radcheck table.
>>
>> So guys, the I've solved the problem.
>> It wasn't consisted of kamailio functions or radius configuration.
>>
>> So you're free to use: www_challenge("$fd", "1"), until up
>> radius_www_authorize("$fd","$fU") comes up.
>> Qop parameter does what he does and changes nothing within radius
>> authentication process.
>>
>>
>> My problem was about username column in radcheck table.
>> It's not enough to insert an username, you ought to use full URI, like:
>> username@my.proxy.domain
>> Also don't forget about attributes of the row that belongs to a certain
>> user agent.
>>
>> So my part of table for one of users looks like that:
>>
>> ;---;
>>
>> ;---id---;---username---;--attribute-;--op---;--value-;
>>
>> ;---;
>> ;__1__;__ua@dom.com_;__User-Password_;___==_;_hereuapassowrd;
>> ;__2__;__ua@dom.com_;__Auth-Type_;___:=__;_Digest;
>> ;__
>>
>> Actually, I don't know why, but there is just a few articles all over the
>> net, that describes a bit the functionality and processing with auth_radius
>> module.
>> I hope my case will be useful for others, who uses kamailio + radius/db
>>
>> But I have a problem how to request AVPs for a certain user from RADIUS, I
>> found some solutions with SIP-AVP attribute, but still haven't done it.
>> Now I have to databases, one for Kamailio (that contains users AVPs, that
>> Kamailio gets by avp_db_query) and second for users credentials (that are
>> used while authorization on INVITE, REGISTER requests).
>>
>> And as for the future, I have a goal to store passwords in ha1, haven't
>> started to discover this.
>>
>>
>>
>>
>> 2017-05-18 17:11 GMT+03:00 Donat Zenichev :
>>>
>>> Hi all.
>>> Have a problem with radius authorization.
>>>
>>> I'm using auth_radius.so
>>>
>>> modparams, only path to client file:
>>> modparam("auth_radius", "radius_config",
>>> "/etc/radiusclient/radiusclient.conf")
>>>
>>> Freeradius installed and is working properly, radtest authentication from
>>> kamailio host succeed .
>>>
>>> How authorization block looks like:
>>>
>>> if (!is_present_hf("Authorization")) {
>>> xlog("L_NOTICE", "- Athorization HF is not found - passing the
>>> challenge -\n");
>>>
>>> if (nat_uac_test("2")) {
>>> force_rport();
>>> }
>>>
>>> www_challenge("$fd", "1");
>>> exit;
>>>
>>>
>>> if (!radius_www_authorize("$fd","$fU")) {
>>>
>>> if (nat_uac_test("2")) {
>>> force_rport();
>>> }
>>> xlog("L_NOTICE", "- Registeration $au@$ar ($fU) from $si:$sp
>>> Rejected. Code: $rc -\n");
>>>
>>> sl_send_reply("401","Unauthorized");
>>> exit;
>>>
>>> Radius log is filled by rows like:
>>> Auth: [digest] Cleartext-Password or Digest-HA1 is required for
>>> authentication.
>>>
>>> Tried to use radius_www_authorize without $fU - didn't change anything.
>>> Tried to use www_challenge without qop - didn't change anything.
>>>
>>> So, this solution is quite simple, but I have a fail while digest
>>> authentication.
>>> Any ideas?
>>>
>>>
>>> --
>>> --
>>> BR, Donat Zenichev
>>> Wnet VoIP team
>>> Tel:  +380(44) 5-900-808
>>> http://wnet.ua
>>
>>
>>
>>
>> --
>> --
>> BR, Donat Zenichev
>> Wnet VoIP team
>> Tel:  +380(44) 5-900-808
>> http://wnet.ua
>>
>> ___
>> Kamailio (SER) - Users Mailing List
>> sr-users@lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>
>
>
> --
> Daniel-Constantin Mierla - http://www.asipto.com
> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>

___
Kamailio (SER) - Users Maili

Re: [SR-Users] Auth_radius - digest auth problem

2017-05-22 Thread Daniel-Constantin Mierla

Hello,

thanks for sharing back the solution. It will be useful in the future for
people facing the same issue.

Probably we should update the very old tutorial for using Radius (
https://www.kamailio.org/docs/openser-radius-1.0.x.html). I can take the
time to put it on gihub (probably as markdown file so we can use mkdocs to
publish it in nice html output), but I need people using Radius these days
to contribute updates, because I don't use Radius anymore for many years.

Is anyone interested in helping with it?

Cheers,
Daniel

On Mon, May 22, 2017 at 8:56 AM, Donat Zenichev 
wrote:

> What did you mean, when you ask for 'backend'?
> If you meant an storage, so it's not a .txt users file, I'm using db -
> radcheck table.
>
> So guys, the I've solved the problem.
> It wasn't consisted of kamailio functions or radius configuration.
>
> So you're free to use: www_challenge("$fd", "1"), until
> up radius_www_authorize("$fd","$fU") comes up.
> Qop parameter does what he does and changes nothing within radius
> authentication process.
>
>
> My problem was about username column in radcheck table.
> It's not enough to insert an username, you ought to use full URI, like:
> username@my.proxy.domain
> Also don't forget about attributes of the row that belongs to a certain
> user agent.
>
> So my part of table for one of users looks like that:
> ;---
> ;
> ;---id---;---username---;--attribute-;--
> op---;--value-;
> ;---
> ;
> ;__1__;__ua@dom.com_;__User-Password_;___==_;_hereuapassowrd;
> ;__2__;__ua@dom.com_;__Auth-Type_;___:=__;_Digest;
> ;__
>
> Actually, I don't know why, but there is just a few articles all over the
> net, that describes a bit the functionality and processing with auth_radius
> module.
> I hope my case will be useful for others, who uses kamailio + radius/db
>
> But I have a problem how to request AVPs for a certain user from RADIUS, I
> found some solutions with SIP-AVP attribute, but still haven't done it.
> Now I have to databases, one for Kamailio (that contains users AVPs, that
> Kamailio gets by avp_db_query) and second for users credentials (that are
> used while authorization on INVITE, REGISTER requests).
>
> And as for the future, I have a goal to store passwords in ha1, haven't
> started to discover this.
>
>
>
>
> 2017-05-18 17:11 GMT+03:00 Donat Zenichev :
>
>> Hi all.
>> Have a problem with radius authorization.
>>
>> I'm using auth_radius.so
>>
>> modparams, only path to client file:
>> modparam("auth_radius", "radius_config", "/etc/radiusclient/radiusclien
>> t.conf")
>>
>> Freeradius installed and is working properly, radtest authentication from
>> kamailio host succeed .
>>
>> How authorization block looks like:
>>
>> if (!is_present_hf("Authorization")) {
>> xlog("L_NOTICE", "- Athorization HF is not found - passing the
>> challenge -\n");
>>
>> if (nat_uac_test("2")) {
>> force_rport();
>> }
>>
>> www_challenge("$fd", "1");
>> exit;
>>
>>
>> if (!radius_www_authorize("$fd","$fU")) {
>>
>> if (nat_uac_test("2")) {
>> force_rport();
>> }
>> xlog("L_NOTICE", "- Registeration $au@$ar ($fU) from $si:$sp
>> Rejected. Code: $rc -\n");
>>
>> sl_send_reply("401","Unauthorized");
>> exit;
>>
>> Radius log is filled by rows like:
>> Auth: [digest] Cleartext-Password or Digest-HA1 is required for
>> authentication.
>>
>> Tried to use radius_www_authorize without $fU - didn't change anything.
>> Tried to use www_challenge without qop - didn't change anything.
>>
>> So, this solution is quite simple, but I have a fail while digest
>> authentication.
>> Any ideas?
>>
>>
>> --
>> --
>> BR, Donat Zenichev
>> Wnet VoIP team
>> Tel:  +380(44) 5-900-808
>> http://wnet.ua
>>
>
>
>
> --
> --
> BR, Donat Zenichev
> Wnet VoIP team
> Tel:  +380(44) 5-900-808
> http://wnet.ua
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>


-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Auth_radius - digest auth problem

2017-05-22 Thread Donat Zenichev

What did you mean, when you ask for 'backend'?
If you meant an storage, so it's not a .txt users file, I'm using db -
radcheck table.

So guys, the I've solved the problem.
It wasn't consisted of kamailio functions or radius configuration.

So you're free to use: www_challenge("$fd", "1"), until
up radius_www_authorize("$fd","$fU") comes up.
Qop parameter does what he does and changes nothing within radius
authentication process.


My problem was about username column in radcheck table.
It's not enough to insert an username, you ought to use full URI, like:
username@my.proxy.domain
Also don't forget about attributes of the row that belongs to a certain
user agent.

So my part of table for one of users looks like that:
;---;
;---id---;---username---;--attribute-;--op---;--value-;
;---;
;__1__;__ua@dom.com_;__User-Password_;___==_;_hereuapassowrd;
;__2__;__ua@dom.com_;__Auth-Type_;___:=__;_Digest;
;__

Actually, I don't know why, but there is just a few articles all over the
net, that describes a bit the functionality and processing with auth_radius
module.
I hope my case will be useful for others, who uses kamailio + radius/db

But I have a problem how to request AVPs for a certain user from RADIUS, I
found some solutions with SIP-AVP attribute, but still haven't done it.
Now I have to databases, one for Kamailio (that contains users AVPs, that
Kamailio gets by avp_db_query) and second for users credentials (that are
used while authorization on INVITE, REGISTER requests).

And as for the future, I have a goal to store passwords in ha1, haven't
started to discover this.




2017-05-18 17:11 GMT+03:00 Donat Zenichev :

> Hi all.
> Have a problem with radius authorization.
>
> I'm using auth_radius.so
>
> modparams, only path to client file:
> modparam("auth_radius", "radius_config", "/etc/radiusclient/
> radiusclient.conf")
>
> Freeradius installed and is working properly, radtest authentication from
> kamailio host succeed .
>
> How authorization block looks like:
>
> if (!is_present_hf("Authorization")) {
> xlog("L_NOTICE", "- Athorization HF is not found - passing the
> challenge -\n");
>
> if (nat_uac_test("2")) {
> force_rport();
> }
>
> www_challenge("$fd", "1");
> exit;
>
>
> if (!radius_www_authorize("$fd","$fU")) {
>
> if (nat_uac_test("2")) {
> force_rport();
> }
> xlog("L_NOTICE", "- Registeration $au@$ar ($fU) from $si:$sp
> Rejected. Code: $rc -\n");
>
> sl_send_reply("401","Unauthorized");
> exit;
>
> Radius log is filled by rows like:
> Auth: [digest] Cleartext-Password or Digest-HA1 is required for
> authentication.
>
> Tried to use radius_www_authorize without $fU - didn't change anything.
> Tried to use www_challenge without qop - didn't change anything.
>
> So, this solution is quite simple, but I have a fail while digest
> authentication.
> Any ideas?
>
>
> --
> --
> BR, Donat Zenichev
> Wnet VoIP team
> Tel:  +380(44) 5-900-808
> http://wnet.ua
>



-- 
-- 
BR, Donat Zenichev
Wnet VoIP team
Tel:  +380(44) 5-900-808
http://wnet.ua
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Auth_radius - digest auth problem

2017-05-19 Thread Makhdoom Syed Muhammad Baqir Shah

Hi,

You need to modify "users" file of FreeRadius Server. In "users" file,
change "Password"  attribute name to "Cleartext-Password" and it should
work fine.

On Thu, May 18, 2017 at 7:11 PM, Donat Zenichev 
wrote:

> Hi all.
> Have a problem with radius authorization.
>
> I'm using auth_radius.so
>
> modparams, only path to client file:
> modparam("auth_radius", "radius_config", "/etc/radiusclient/
> radiusclient.conf")
>
> Freeradius installed and is working properly, radtest authentication from
> kamailio host succeed .
>
> How authorization block looks like:
>
> if (!is_present_hf("Authorization")) {
> xlog("L_NOTICE", "- Athorization HF is not found - passing the
> challenge -\n");
>
> if (nat_uac_test("2")) {
> force_rport();
> }
>
> www_challenge("$fd", "1");
> exit;
>
>
> if (!radius_www_authorize("$fd","$fU")) {
>
> if (nat_uac_test("2")) {
> force_rport();
> }
> xlog("L_NOTICE", "- Registeration $au@$ar ($fU) from $si:$sp
> Rejected. Code: $rc -\n");
>
> sl_send_reply("401","Unauthorized");
> exit;
>
> Radius log is filled by rows like:
> Auth: [digest] Cleartext-Password or Digest-HA1 is required for
> authentication.
>
> Tried to use radius_www_authorize without $fU - didn't change anything.
> Tried to use www_challenge without qop - didn't change anything.
>
> So, this solution is quite simple, but I have a fail while digest
> authentication.
> Any ideas?
>
>
> --
> --
> BR, Donat Zenichev
> Wnet VoIP team
> Tel:  +380(44) 5-900-808
> http://wnet.ua
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Auth_radius - digest auth problem

2017-05-19 Thread Alfonso Pinto

Hi,

Please look at this thread
https://lists.kamailio.org/pipermail/sr-users/2015-December/090937.html

It sound like you may have a problem in the configuration of your
radius server, not sure 100%, ages I don't touch a radius server.
What is the backend of your radius server?

On Thu, May 18, 2017 at 4:11 PM, Donat Zenichev
 wrote:
> Hi all.
> Have a problem with radius authorization.
>
> I'm using auth_radius.so
>
> modparams, only path to client file:
> modparam("auth_radius", "radius_config",
> "/etc/radiusclient/radiusclient.conf")
>
> Freeradius installed and is working properly, radtest authentication from
> kamailio host succeed .
>
> How authorization block looks like:
>
> if (!is_present_hf("Authorization")) {
> xlog("L_NOTICE", "- Athorization HF is not found - passing the challenge
> -\n");
>
> if (nat_uac_test("2")) {
> force_rport();
> }
>
> www_challenge("$fd", "1");
> exit;
>
>
> if (!radius_www_authorize("$fd","$fU")) {
>
> if (nat_uac_test("2")) {
> force_rport();
> }
> xlog("L_NOTICE", "- Registeration $au@$ar ($fU) from $si:$sp Rejected.
> Code: $rc -\n");
>
> sl_send_reply("401","Unauthorized");
> exit;
>
> Radius log is filled by rows like:
> Auth: [digest] Cleartext-Password or Digest-HA1 is required for
> authentication.
>
> Tried to use radius_www_authorize without $fU - didn't change anything.
> Tried to use www_challenge without qop - didn't change anything.
>
> So, this solution is quite simple, but I have a fail while digest
> authentication.
> Any ideas?
>
>
> --
> --
> BR, Donat Zenichev
> Wnet VoIP team
> Tel:  +380(44) 5-900-808
> http://wnet.ua
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Auth_radius - digest auth problem

Re: [SR-Users] Auth_radius - digest auth problem

Re: [SR-Users] Auth_radius - digest auth problem

Re: [SR-Users] Auth_radius - digest auth problem

Re: [SR-Users] Auth_radius - digest auth problem

Re: [SR-Users] Auth_radius - digest auth problem

Re: [SR-Users] Auth_radius - digest auth problem

Re: [SR-Users] Auth_radius - digest auth problem

8 matches

Site Navigation

Mail list logo

Footer information