(RADIATOR) HTTP Digest

Mike McCauley mikem at open.com.au
Fri Feb 10 05:14:02 CST 2006 

Hello Deniz,


On Friday 10 February 2006 20:47, Deniz Aydin wrote:
> Thanks for every one. I'll get it done wiht new dictionary file. But now ı
> have a new problem:)
>
> I am tring to autheticate sip user via radiator from SQL database with HTTP
> Digest.
>
> I have Auth SQL statement like this (ı know simly digest-response cannot be
> the check item but i dont know what shoul ı check or there is sth else need
> to be done on the radius);
>
> <AuthBy SQL>
>
> AuthSelect select PASSWORD from subscriber where USER_ID like '%U'
>
> AuthColumnDef 0, Digest-Response, check ...

That should be:
AuthColumnDef 0, User-Password, check

The User-Password check item is used to authenticate the  Digest-Attributes in 
the incoming request.

Cheers.

>
>
>
> And my access request is like this,
>
> NAS-IP-Address = 193.192.99.87
>
> NAS-Port-Type = Virtual
>
> User-Name = "08110000003"
>
> Digest-Response = "c540ca4b72a58e7a6a1cc99ccffe52ad"
>
> Digest-Attributes = <1><7>CISCO
>
> Digest-Attributes = <2><10>43eca18f
>
> Digest-Attributes = <3><10>REGISTER
>
> Digest-Attributes = <4>'sip:193.192.99.87;transport=UDP;REG-1
>
> Digest-Attributes = <5><6>auth
>
> Digest-Attributes = <6><5>MD5
>
> Digest-Attributes = <8><9>42c079e
>
> Digest-Attributes = <9><10>00000001
>
> Digest-Attributes = <10><13>08110000003
>
> What should ı do for correct authentication!
>
>
> 	-----Original Message-----
> 	From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
> Behalf Of Cem SEN Sent: Tuesday, January 31, 2006 11:29 PM
> 	To: radiator at open.com.au
> 	Cc: Deniz Aydin
> 	Subject: Re: (RADIATOR) HTTP Digest
>
>
> 	Hi Deniz,
> 	If you add appropriate attributes to your dictionary file, you'll get what
> you need. Here are some attribs that'll help you.
>
> 	Regards,
> 	Cem SEN
> 	Network Operations Manager
> 	DorukNet
>
> 	# Experimental SIP Attributes/Values (draft-sterman-aaa-sip-00.txt etc)
>
> 	#
>
> 	ATTRIBUTE Sip-Method 101 integer
>
> 	ATTRIBUTE Sip-Response-Code 102 integer
>
> 	ATTRIBUTE Sip-CSeq 103 string
>
> 	ATTRIBUTE Sip-To-Tag 104 string
>
> 	ATTRIBUTE Sip-From-Tag 105 string
>
> 	ATTRIBUTE Sip-Branch-ID 106 string
>
> 	ATTRIBUTE Sip-Translated-Request-URI 107 string
>
> 	ATTRIBUTE Sip-Source-IP-Address 108 ipaddr
>
> 	ATTRIBUTE Sip-Source-Port 109 integer
>
> 	ATTRIBUTE Sip-User-ID 110 string
>
> 	ATTRIBUTE Sip-User-Realm 111 string
>
> 	ATTRIBUTE Sip-User-Nonce 112 string
>
> 	ATTRIBUTE Sip-User-Method 113 string
>
> 	ATTRIBUTE Sip-User-Digest-URI 114 string
>
> 	ATTRIBUTE Sip-User-Nonce-Count 115 string
>
> 	ATTRIBUTE Sip-User-QOP 116 string
>
> 	ATTRIBUTE Sip-User-Opaque 117 string
>
> 	ATTRIBUTE Sip-User-Response 118 string
>
> 	ATTRIBUTE Sip-User-CNonce 119 string
>
> 	ATTRIBUTE Sip-URI-User 208 string
>
> 	ATTRIBUTE Sip-Req-URI 210 string
>
> 	ATTRIBUTE Sip-CC 212 string
>
> 	ATTRIBUTE Sip-RPId 213 string
>
> 	ATTRIBUTE Digest-Response 206 string
>
> 	ATTRIBUTE Digest-Attributes 207 string
>
> 	ATTRIBUTE Digest-Realm 1063 string
>
> 	ATTRIBUTE Digest-Nonce 1064 string
>
> 	ATTRIBUTE Digest-Method 1065 string
>
> 	ATTRIBUTE Digest-URI 1066 string
>
> 	ATTRIBUTE Digest-QOP 1067 string
>
> 	ATTRIBUTE Digest-Algorithm 1068 string
>
> 	ATTRIBUTE Digest-Body-Digest 1069 string
>
> 	ATTRIBUTE Digest-CNonce 1070 string
>
> 	ATTRIBUTE Digest-Nonce-Count 1071 string
>
> 	ATTRIBUTE Digest-User-Name 1072 string
>
> 	VALUE Service-Type SIP 15
>
> 	VALUE Sip-Method Other 0
>
> 	VALUE Sip-Method Invite 1
>
> 	VALUE Sip-Method Cancel 2
>
> 	VALUE Sip-Method Ack 3
>
> 	VALUE Sip-Method Bye 4
>
> 	VALUE Sip-Response-Code Other 0
>
> 	VALUE Sip-Response-Code Invite 1
>
> 	VALUE Sip-Response-Code Cancel 2
>
> 	VALUE Sip-Response-Code Ack 3
>
> 	VALUE Sip-Response-Code Bye 4
>
> 	#
>
> 	# $Id: dictionary.ser,v 1.5 2004/12/04 22:37:48 janakj Exp $
>
> 	#
>
> 	# SIP RADIUS attributes
>
> 	#
>
> 	# Schulzrinne indicates attributes according to
>
> 	# draft-schulzrinne-sipping-radius-accounting-00
>
> 	#
>
> 	# Sterman indicates attributes according to
>
> 	# draft-sterman-aaa-sip-00
>
> 	#
>
> 	# Proprietary indicates an attribute that hasn't
>
> 	# been standardized
>
> 	#
>
> 	# Check out http://www.iana.org/assignments/radius-types
>
> 	# for up-to-date list of standard RADIUS attributes
>
> 	# and values
>
> 	#
>
> 	#
>
> 	# NOTE: All standard (IANA registered) attributes are
>
> 	# commented out except those that are missing in
>
> 	# the default dictionary of the radiusclient-ng
>
> 	# library.
>
> 	#
>
>
>
> 	#### Attributes ###
>
> 	#ATTRIBUTE User-Name 1 string # RFC2865, acc, auth_radius, avp_radius,
> group_radius, uri_radius
>
> 	#ATTRIBUTE Service-Type 6 integer # RFC2865, acc, auth_radius, avp_radius,
> group_radius, uri_radius
>
> 	#ATTRIBUTE Called-Station-Id 30 string # RFC2865, acc
>
> 	#ATTRIBUTE Calling-Station-Id 31 string # RFC2865, acc
>
> 	#ATTRIBUTE Acct-Status-Type 40 integer # RFC2865, acc
>
> 	#ATTRIBUTE Acct-Session-Id 44 string # RFC2865, acc
>
> 	ATTRIBUTE Sip-Method 101 integer # Schulzrinne, acc
>
> 	ATTRIBUTE Sip-Response-Code 102 integer # Schulzrinne, acc
>
> 	ATTRIBUTE Sip-Cseq 103 string # Schulzrinne, acc
>
> 	ATTRIBUTE Sip-To-Tag 104 string # Schulzrinne, acc
>
> 	ATTRIBUTE Sip-From-Tag 105 string # Schulzrinne, acc
>
> 	ATTRIBUTE Sip-Translated-Request-URI 107 string # Proprietary, acc
>
> 	ATTRIBUTE Digest-Response 206 string # Sterman, auth_radius
>
> 	ATTRIBUTE Sip-Uri-User 208 string # Proprietary, auth_radius
>
> 	ATTRIBUTE Sip-Group 211 string # Proprietary, group_radius
>
> 	ATTRIBUTE Sip-Rpid 213 string # Proprietary, auth_radius
>
> 	ATTRIBUTE SIP-AVP 225 string # Proprietary, avp_radius
>
> 	ATTRIBUTE Digest-Realm 1063 string # Sterman, auth_radius
>
> 	ATTRIBUTE Digest-Nonce 1064 string # Sterman, auth_radius
>
> 	ATTRIBUTE Digest-Method 1065 string # Sterman, auth_radius
>
> 	ATTRIBUTE Digest-URI 1066 string # Sterman, auth_radius
>
> 	ATTRIBUTE Digest-QOP 1067 string # Sterman, auth_radius
>
> 	ATTRIBUTE Digest-Algorithm 1068 string # Sterman, auth_radius
>
> 	ATTRIBUTE Digest-Body-Digest 1069 string # Sterman, auth_radius
>
> 	ATTRIBUTE Digest-CNonce 1070 string # Sterman, auth_radius
>
> 	ATTRIBUTE Digest-Nonce-Count 1071 string # Sterman, auth_radius
>
> 	ATTRIBUTE Digest-User-Name 1072 string # Sterman, auth_radius
>
> 	### CISCO Vendor Specific Attributes ###
>
> 	#VENDOR Cisco 9
>
> 	#ATTRIBUTE Cisco-AVPair 1 string Cisco # VSA, auth_radius
>
> 	### Acct-Status-Type Values ###
>
> 	#VALUE Acct-Status-Type Start 1 # RFC2866, acc
>
> 	#VALUE Acct-Status-Type Stop 2 # RFC2866, acc
>
> 	VALUE Acct-Status-Type Failed 15 # RFC2866, acc
>
> 	### Service-Type Values ###
>
> 	VALUE Service-Type Call-Check 10 # RFC2865, uri_radius
>
> 	VALUE Service-Type Group-Check 12 # Proprietary, group_radius
>
> 	VALUE Service-Type Sip-Session 15 # Schulzrinne, acc, auth_radius
>
> 	VALUE Service-Type SIP-Caller-AVPs 30 # Proprietary, avp_radius
>
> 	VALUE Service-Type SIP-Callee-AVPs 31 # Proprietary, avp_radius
>
>
>
> 		----- Original Message -----
> 		From: Deniz Aydin <mailto:deniza at netone.net.tr>
> 		To: radiator at open.com.au
> 		Sent: Tuesday, January 31, 2006 6:23 PM
> 		Subject: (RADIATOR) HTTP Digest
>
>
>
> 		Hi,
>
> 		I have been tring to authenticate Cisco Sip Proxy requests with
> http-digest authentication.But in the logfile of radiator it seems like
> this;
>
> 		Attributes:
> 		        NAS-IP-Address = xxxxxxxx
> 		        NAS-Port-Type = Virtual
> 		        User-Name = "user1"
> 		        Ascend-Menu-Item = "7ec574c399276a1e353c16e8a7376d4a"
> 		        Ascend-PW-Warntime = 17253193
> 		        Ascend-PW-Warntime = 34223155
> 		        Ascend-PW-Warntime = 50874702
> 		        Ascend-PW-Warntime = 70546281
> 		        Ascend-PW-Warntime = 84304245
> 		        Ascend-PW-Warntime = 101010756
> 		        Ascend-PW-Warntime = 134689587
> 		        Ascend-PW-Warntime = 151662640
> 		        Ascend-PW-Warntime = 168260979
>
>
> 		But raw radius requests is like this,
>
> 		NAS-IP-Address = xxxxx
> 		NAS-Port-Type = Virtual
> 		User-Name = "user1"
> 		Digest-Response = "941e7ee75864b7f9d2fcc69b1c2beef9"
> 		Digest-Attributes = 0x0107434953434f
> 		Digest-Attributes = 0x020a3366663230636238
> 		Digest-Attributes = 0x030a5245474953544552
> 		Digest-Attributes = 0x040f7369703a7676732d7669747261
> 		Digest-Attributes = 0x050661757468
> 		Digest-Attributes = 0x06056d6435
> 		Digest-Attributes = 0x080a3061653134323362
> 		Digest-Attributes = 0x090a3030303030303031
> 		Digest-Attributes = 0x0a0637393035
>
>
> 		İs this sth about the dictionary file or http digest support.Or about the
> configuration. My handler is like that.
> 		<Handler NAS-IP-Address = xxx>
> 		     Identifier sip
> 		     AuthBy sip_acconting
>
> 		</Handler>

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list