(RADIATOR) HTTP Digest

Deniz Aydin deniza at netone.net.tr
Fri Feb 10 04:47:04 CST 2006


Thanks for every one. I'll get it done wiht new dictionary file. But now ı have a new problem:)
 
I am tring to autheticate sip user via radiator from SQL database with HTTP Digest.

I have Auth SQL statement like this (ı know simly digest-response cannot be the check item but i dont know what shoul ı check or there is sth else need to be done on the radius); 

<AuthBy SQL>

AuthSelect select PASSWORD from subscriber where USER_ID like '%U'

AuthColumnDef 0, Digest-Response, check ...

 

And my access request is like this,

NAS-IP-Address = 193.192.99.87

NAS-Port-Type = Virtual

User-Name = "08110000003"

Digest-Response = "c540ca4b72a58e7a6a1cc99ccffe52ad"

Digest-Attributes = <1><7>CISCO

Digest-Attributes = <2><10>43eca18f

Digest-Attributes = <3><10>REGISTER

Digest-Attributes = <4>'sip:193.192.99.87;transport=UDP;REG-1

Digest-Attributes = <5><6>auth

Digest-Attributes = <6><5>MD5

Digest-Attributes = <8><9>42c079e

Digest-Attributes = <9><10>00000001

Digest-Attributes = <10><13>08110000003

What should ı do for correct authentication!

	
	-----Original Message-----
	From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On Behalf Of Cem SEN
	Sent: Tuesday, January 31, 2006 11:29 PM
	To: radiator at open.com.au
	Cc: Deniz Aydin
	Subject: Re: (RADIATOR) HTTP Digest
	
	
	Hi Deniz,
	If you add appropriate attributes to your dictionary file, you'll get what you need. Here are some attribs that'll help you.
	 
	Regards,
	Cem SEN
	Network Operations Manager
	DorukNet 
	 
	# Experimental SIP Attributes/Values (draft-sterman-aaa-sip-00.txt etc)

	#

	ATTRIBUTE Sip-Method 101 integer

	ATTRIBUTE Sip-Response-Code 102 integer

	ATTRIBUTE Sip-CSeq 103 string

	ATTRIBUTE Sip-To-Tag 104 string

	ATTRIBUTE Sip-From-Tag 105 string

	ATTRIBUTE Sip-Branch-ID 106 string

	ATTRIBUTE Sip-Translated-Request-URI 107 string

	ATTRIBUTE Sip-Source-IP-Address 108 ipaddr

	ATTRIBUTE Sip-Source-Port 109 integer

	ATTRIBUTE Sip-User-ID 110 string

	ATTRIBUTE Sip-User-Realm 111 string

	ATTRIBUTE Sip-User-Nonce 112 string

	ATTRIBUTE Sip-User-Method 113 string

	ATTRIBUTE Sip-User-Digest-URI 114 string

	ATTRIBUTE Sip-User-Nonce-Count 115 string

	ATTRIBUTE Sip-User-QOP 116 string

	ATTRIBUTE Sip-User-Opaque 117 string

	ATTRIBUTE Sip-User-Response 118 string

	ATTRIBUTE Sip-User-CNonce 119 string

	ATTRIBUTE Sip-URI-User 208 string

	ATTRIBUTE Sip-Req-URI 210 string

	ATTRIBUTE Sip-CC 212 string

	ATTRIBUTE Sip-RPId 213 string

	ATTRIBUTE Digest-Response 206 string

	ATTRIBUTE Digest-Attributes 207 string

	ATTRIBUTE Digest-Realm 1063 string

	ATTRIBUTE Digest-Nonce 1064 string

	ATTRIBUTE Digest-Method 1065 string

	ATTRIBUTE Digest-URI 1066 string

	ATTRIBUTE Digest-QOP 1067 string

	ATTRIBUTE Digest-Algorithm 1068 string

	ATTRIBUTE Digest-Body-Digest 1069 string

	ATTRIBUTE Digest-CNonce 1070 string

	ATTRIBUTE Digest-Nonce-Count 1071 string

	ATTRIBUTE Digest-User-Name 1072 string

	VALUE Service-Type SIP 15

	VALUE Sip-Method Other 0

	VALUE Sip-Method Invite 1

	VALUE Sip-Method Cancel 2

	VALUE Sip-Method Ack 3

	VALUE Sip-Method Bye 4

	VALUE Sip-Response-Code Other 0

	VALUE Sip-Response-Code Invite 1

	VALUE Sip-Response-Code Cancel 2

	VALUE Sip-Response-Code Ack 3

	VALUE Sip-Response-Code Bye 4

	#

	# $Id: dictionary.ser,v 1.5 2004/12/04 22:37:48 janakj Exp $

	#

	# SIP RADIUS attributes

	#

	# Schulzrinne indicates attributes according to

	# draft-schulzrinne-sipping-radius-accounting-00

	#

	# Sterman indicates attributes according to

	# draft-sterman-aaa-sip-00

	#

	# Proprietary indicates an attribute that hasn't

	# been standardized

	#

	# Check out http://www.iana.org/assignments/radius-types

	# for up-to-date list of standard RADIUS attributes

	# and values

	#

	#

	# NOTE: All standard (IANA registered) attributes are 

	# commented out except those that are missing in 

	# the default dictionary of the radiusclient-ng 

	# library.

	#

	 

	#### Attributes ###

	#ATTRIBUTE User-Name 1 string # RFC2865, acc, auth_radius, avp_radius, group_radius, uri_radius

	#ATTRIBUTE Service-Type 6 integer # RFC2865, acc, auth_radius, avp_radius, group_radius, uri_radius

	#ATTRIBUTE Called-Station-Id 30 string # RFC2865, acc

	#ATTRIBUTE Calling-Station-Id 31 string # RFC2865, acc

	#ATTRIBUTE Acct-Status-Type 40 integer # RFC2865, acc

	#ATTRIBUTE Acct-Session-Id 44 string # RFC2865, acc

	ATTRIBUTE Sip-Method 101 integer # Schulzrinne, acc

	ATTRIBUTE Sip-Response-Code 102 integer # Schulzrinne, acc

	ATTRIBUTE Sip-Cseq 103 string # Schulzrinne, acc

	ATTRIBUTE Sip-To-Tag 104 string # Schulzrinne, acc

	ATTRIBUTE Sip-From-Tag 105 string # Schulzrinne, acc

	ATTRIBUTE Sip-Translated-Request-URI 107 string # Proprietary, acc

	ATTRIBUTE Digest-Response 206 string # Sterman, auth_radius

	ATTRIBUTE Sip-Uri-User 208 string # Proprietary, auth_radius

	ATTRIBUTE Sip-Group 211 string # Proprietary, group_radius

	ATTRIBUTE Sip-Rpid 213 string # Proprietary, auth_radius

	ATTRIBUTE SIP-AVP 225 string # Proprietary, avp_radius

	ATTRIBUTE Digest-Realm 1063 string # Sterman, auth_radius

	ATTRIBUTE Digest-Nonce 1064 string # Sterman, auth_radius

	ATTRIBUTE Digest-Method 1065 string # Sterman, auth_radius

	ATTRIBUTE Digest-URI 1066 string # Sterman, auth_radius

	ATTRIBUTE Digest-QOP 1067 string # Sterman, auth_radius

	ATTRIBUTE Digest-Algorithm 1068 string # Sterman, auth_radius

	ATTRIBUTE Digest-Body-Digest 1069 string # Sterman, auth_radius

	ATTRIBUTE Digest-CNonce 1070 string # Sterman, auth_radius

	ATTRIBUTE Digest-Nonce-Count 1071 string # Sterman, auth_radius

	ATTRIBUTE Digest-User-Name 1072 string # Sterman, auth_radius

	### CISCO Vendor Specific Attributes ###

	#VENDOR Cisco 9

	#ATTRIBUTE Cisco-AVPair 1 string Cisco # VSA, auth_radius

	### Acct-Status-Type Values ###

	#VALUE Acct-Status-Type Start 1 # RFC2866, acc

	#VALUE Acct-Status-Type Stop 2 # RFC2866, acc

	VALUE Acct-Status-Type Failed 15 # RFC2866, acc

	### Service-Type Values ###

	VALUE Service-Type Call-Check 10 # RFC2865, uri_radius

	VALUE Service-Type Group-Check 12 # Proprietary, group_radius

	VALUE Service-Type Sip-Session 15 # Schulzrinne, acc, auth_radius

	VALUE Service-Type SIP-Caller-AVPs 30 # Proprietary, avp_radius

	VALUE Service-Type SIP-Callee-AVPs 31 # Proprietary, avp_radius

	 

		----- Original Message ----- 
		From: Deniz Aydin <mailto:deniza at netone.net.tr>  
		To: radiator at open.com.au 
		Sent: Tuesday, January 31, 2006 6:23 PM
		Subject: (RADIATOR) HTTP Digest



		Hi, 

		I have been tring to authenticate Cisco Sip Proxy requests with http-digest authentication.But in the logfile of radiator it seems like this;

		Attributes: 
		        NAS-IP-Address = xxxxxxxx 
		        NAS-Port-Type = Virtual 
		        User-Name = "user1" 
		        Ascend-Menu-Item = "7ec574c399276a1e353c16e8a7376d4a" 
		        Ascend-PW-Warntime = 17253193 
		        Ascend-PW-Warntime = 34223155 
		        Ascend-PW-Warntime = 50874702 
		        Ascend-PW-Warntime = 70546281 
		        Ascend-PW-Warntime = 84304245 
		        Ascend-PW-Warntime = 101010756 
		        Ascend-PW-Warntime = 134689587 
		        Ascend-PW-Warntime = 151662640 
		        Ascend-PW-Warntime = 168260979 


		But raw radius requests is like this, 

		NAS-IP-Address = xxxxx 
		NAS-Port-Type = Virtual 
		User-Name = "user1" 
		Digest-Response = "941e7ee75864b7f9d2fcc69b1c2beef9" 
		Digest-Attributes = 0x0107434953434f 
		Digest-Attributes = 0x020a3366663230636238 
		Digest-Attributes = 0x030a5245474953544552 
		Digest-Attributes = 0x040f7369703a7676732d7669747261 
		Digest-Attributes = 0x050661757468 
		Digest-Attributes = 0x06056d6435 
		Digest-Attributes = 0x080a3061653134323362 
		Digest-Attributes = 0x090a3030303030303031 
		Digest-Attributes = 0x0a0637393035 


		İs this sth about the dictionary file or http digest support.Or about the configuration. 
		My handler is like that. 
		<Handler NAS-IP-Address = xxx> 
		     Identifier sip 
		     AuthBy sip_acconting 

		</Handler> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20060210/09e94f76/attachment.html>


More information about the radiator mailing list