(RADIATOR) Question about Radiator Support.

Rosario Pingaro rpingar at nesec.it
Thu Dec 29 16:02:59 CST 2005


we are experiencing the same problem.
Radiator is the latest 3.13 patched.

I have couppled my dictionary with the sip one like Hugh described some time
Before, but I am not able to let Radiator decoding the Digest-Attribute:
Attributes:
        User-Name = "rpingar at voip.convergenze.it"
        Digest-Attributes = "<10><9>rpingar"
        Digest-Attributes = "<1><21>voip.convergenze.it"
        Digest-Attributes = "<2>*43b45a051b018d59f1ccf21927c56cb5f3b7eabe"
        Digest-Attributes = "<4><25>sip:voip.convergenze.it"
        Digest-Attributes = "<3><10>REGISTER"
        Digest-Response = "e8b688341619b901e17713acec847ff1"
        Service-Type = IAPP-Register
        SIP-URI-User = "rpingar"
        NAS-Port = 5060


This is the dictionary from the radiusclient:
#### Attributes ###
ATTRIBUTE User-Name                      1  string     # RFC2865, acc, 
auth_radius, avp_radius, group_radius, uri_radius
ATTRIBUTE NAS-Port                       5  integer
ATTRIBUTE Service-Type                   6  integer    # RFC2865, acc, 
auth_radius, avp_radius, group_radius, uri_radius
ATTRIBUTE Called-Station-Id             30  string     # RFC2865, acc
ATTRIBUTE Calling-Station-Id            31  string     # RFC2865, acc
ATTRIBUTE Acct-Status-Type              40  integer    # RFC2865, acc
ATTRIBUTE Acct-Session-Id               44  string     # RFC2865, acc
ATTRIBUTE Sip-Method                   101  integer    # Schulzrinne, acc
ATTRIBUTE Sip-Response-Code            102  integer    # Schulzrinne, acc
ATTRIBUTE Sip-Cseq                     103  string     # Schulzrinne, acc
ATTRIBUTE Sip-To-Tag                   104  string     # Schulzrinne, acc
ATTRIBUTE Sip-From-Tag                 105  string     # Schulzrinne, acc
ATTRIBUTE Sip-Translated-Request-URI   107  string     # Proprietary, acc
ATTRIBUTE Digest-Response              206  string     # Sterman, 
auth_radius
ATTRIBUTE Sip-Uri-User                 208  string     # Proprietary, 
auth_radius
ATTRIBUTE Sip-Group                    211  string     # Proprietary, 
group_radius
ATTRIBUTE Sip-Rpid                     213  string     # Proprietary, 
auth_radius
ATTRIBUTE SIP-AVP                      225  string     # Proprietary, 
avp_radius
ATTRIBUTE Digest-Realm                1063  string     # Sterman, 
auth_radius
ATTRIBUTE Digest-Nonce                1064  string     # Sterman, 
auth_radius
ATTRIBUTE Digest-Method               1065  string     # Sterman, 
auth_radius
ATTRIBUTE Digest-URI                  1066  string     # Sterman, 
auth_radius
ATTRIBUTE Digest-QOP                  1067  string     # Sterman, 
auth_radius
ATTRIBUTE Digest-Algorithm            1068  string     # Sterman, 
auth_radius
ATTRIBUTE Digest-Body-Digest          1069  string     # Sterman, 
auth_radius
ATTRIBUTE Digest-CNonce               1070  string     # Sterman, 
auth_radius
ATTRIBUTE Digest-Nonce-Count          1071  string     # Sterman, 
auth_radius
ATTRIBUTE Digest-User-Name            1072  string     # Sterman, 
auth_radius


Seems that what you call attribute 207,  has from the client point of view 
different attributes, from 1063 to 1072

Howto deal with this strange situation?

Thanks
Rosario


----- Original Message ----- 
From: "Hugh Irvine" <hugh at open.com.au>
To: "Ricardo Martinez" <rmartinez at redvoiss.net>
Cc: <radiator at open.com.au>
Sent: Friday, June 03, 2005 6:34 PM
Subject: Re: (RADIATOR) Question about Radiator Support.


>
> Hello Ricardo -
>
> Further to this, I didn't make it clear that if you define your 
> dictionaries like this (in recent versions of Radiator):
>
> DictionaryFile %D/dictionary, %D/dictionary.sip
>
> SIP authentication will work automatically without requiring hooks or 
> whatever.
>
> The most recent version is Radiator 3.13.
>
> regards
>
> Hugh
>
>
> On 3 Jun 2005, at 16:07, Hugh Irvine wrote:
>
>>
>> Hello Ricardo -
>>
>> On this same topic - see the file "dictionary.sip" in the Radiator  3.13 
>> distribution.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 3 Jun 2005, at 05:32, Ricardo Martinez wrote:
>>
>>
>>> Hello list.
>>>     I'm using SER (Sip Express Router) to provide SIP services,  and 
>>> also
>>> i'm using Radiator 3.9 to my AAA services.
>>> SER send to my radius server a authentication message like this :
>>>
>>> Attributes:
>>>     User-Name = "user1 at mydomain.com"
>>>     Digest-Attributes = "<10><10>user1"
>>>     Digest-Attributes = "<1><23>mydomain.com"
>>>     Digest-Attributes =  "<2>*429f5a94dfac500699b5465aae863a390d5ebd92"
>>>     Digest-Attributes = "<4>&sip:1234567 at mydomain.com"
>>>     Digest-Attributes = "<3><10>REGISTER"
>>>     Digest-Attributes = "<5><6>auth"
>>>     Digest-Attributes = "<9><10>00000037"
>>>     Digest-Attributes = "<8><10>dbb06da4"
>>>     Digest-Response = "08525b9e17e0ed25fccc61b104ff9e20"
>>>     Service-Type = Sip-Session
>>>     Sip-Uri-User = "1234567"
>>>     NAS-IP-Address = 10.1.1.3
>>>     NAS-Port = 5060
>>>
>>> As you can see I have different's Digest-Attributes with different 
>>> values.
>>> It suppose that these Digest-Attributes must be parsed to Digest- Uri ,
>>> Digest-Realm, Digest-Nonce, etc...but RADIATOR seems not to be doing
>>> anything about it.
>>> Well.  A long time ago asking in this mailing list Hugh told me  that i 
>>> need
>>> to run a preClientHook and parse by myself this attributes... well 
>>> that's
>>> what i'm doing now and it is working.
>>> What i found out recently is that, for example FreeRadius Server 
>>> recognize
>>> this attributes and do the conversion by itself.  So i0m wondering if
>>> Radiator has maybe now a support for this type of message, i think  that 
>>> is
>>> the draft "draft-sterman-aaa-sip-00".
>>>
>>> I hope that somone could give me a hand here
>>> Thanks in advace.
>>>
>>> Regards,
>>>
>>> Ricardo Martinez.-
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/ 
>> archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> -- 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/ 
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
> 


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list