(RADIATOR) SIP Authentication
Mike McCauley
mikem at open.com.au
Tue Aug 5 18:34:02 CDT 2003
Hello Jesus,
On Wed, 6 Aug 2003 02:27 am, Jesus Rodriguez wrote:
> Hello,
>
> There is some example about setting up SIP Digest authentication? I'm
> trying to configure a b2bua (Vovida) and radiator authentication but it
> doesn't work. I always get "Bad password":
This does not look like a Radus SIP authentication. It looks like a
conventional PAP authentication.
SIP authentication sends Radius attributes like:
Digest-Attributes
and possibly:
Digest-User-Name
Digest-Realm
Digest-Nonce
etc...
You can find out what the PAP password being sent in this request is by
enabling PasswordLogFileName in your Handler or Realm.
Cheers.
>
> *** Received from 10.20.0.5 port 1024 ....
> Code: Access-Request
> Identifier: 78
> Authentic: H<214><213><199><147>(<196>b<135><231><188>53<252><151><198>
> Attributes:
> User-Name = "1000"
> User-Password =
> "o}<28>]<249><5><24>tT<149><187><168><171><243>}<210><4>@1X<31>@_<246><28><
>182><231><168><140>R<233><137>" NAS-IP-Address = 10.20.0.5
> NAS-Port = 1000
> Called-Station-Id = "637589919"
> Calling-Station-Id = "1000"
>
> Tue Aug 5 16:25:02 2003: DEBUG: Handling request with Handler
> 'NAS-IP-Address=10.20.0.5'
> Tue Aug 5 16:25:02 2003: DEBUG: Deleting session for 1000, 10.20.0.5,
> 1000 Tue Aug 5 16:25:02 2003: DEBUG: Handling with Radius::AuthFILE:
> Tue Aug 5 16:25:02 2003: DEBUG: Radius::AuthFILE looks for match with 1000
> Tue Aug 5 16:25:02 2003: DEBUG: Radius::AuthFILE REJECT: Bad Password
> Tue Aug 5 16:25:02 2003: INFO: Access rejected for 1000: Bad Password
> Tue Aug 5 16:25:02 2003: DEBUG: Packet dump:
> *** Sending to 10.20.0.5 port 1024 ....
> Code: Access-Reject
> Identifier: 78
> Authentic: H<214><213><199><147>(<196>b<135><231><188>53<252><151><198>
> Attributes:
> Reply-Message = "Request Denied"
> Session-Timeout = 15
>
> I'm using the simplest configuration model in Radiator:
>
> <Handler NAS-IP-Address=10.20.0.5>
>
> AcctLogFileName %L/detail-b2bua-%y%m%d
>
> <AuthBy FILE>
> Filename %D/users
> </AuthBy FILE>
> </Handler>
>
> And this is the user 1000 entry in users file:
>
> 1000 User-Password = "1000"
> Session-Timeout = 60
>
> One of my doubts is if i can use clear text passwords with SIP Digest
> authentication.
>
> This is the "Proxy-Authorization" line of the INVITE:
>
> Proxy-Authorization: Digest
> username="1000",realm="citem.com",nonce="3f2fd1ac0c62d52ecf72c69f5d967bee43
>10c1f8",response="2a4c4bc49581d5e32071ddfeec372ffc",uri="sip:637589919 at citem
>.com"
>
> And this is the username and password sent by b2bua to radiator:
>
> 20030805-175052.521 [06151] DBUG bcWorker: AuthAgent.cxx:106 Setting UID
> (1000), password (2a4c4bc49581d5e32071ddfeec372ffc) from
> Proxy-Authorization header
>
> Thanks.
>
> Saludos
> JesusR.
>
> -------------------------------
> Jesus Rodriguez
> Endercom Comunicaciones, S.L.
> jesusr at endercom.com
> http://www.endercom.com
> Tel. +34 934424293
> -------------------------------
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list