(RADIATOR) HTTP Digest

Cem SEN cem at doruk.net.tr
Fri Feb 10 06:43:40 CST 2006


MessageHello Deniz,

If  you simply want to check the password item,  you may try using the following due to userid %U or UserName %n. 

<AuthBy SQL>
AuthSelect select PASSWORD from subscriber where USER_ID like '%U'
AuthColumnDef 0, User-Password, check 

Regards
Cem SEN


  ----- Original Message ----- 
  From: Deniz Aydin 
  To: Cem SEN ; radiator at open.com.au 
  Sent: Friday, February 10, 2006 12:47 PM
  Subject: RE: (RADIATOR) HTTP Digest


  Thanks for every one. I'll get it done wiht new dictionary file. But now ı have a new problem:)

  I am tring to autheticate sip user via radiator from SQL database with HTTP Digest.
  I have Auth SQL statement like this (ı know simly digest-response cannot be the check item but i dont know what shoul ı check or there is sth else need to be done on the radius); 

  <AuthBy SQL>

  AuthSelect select PASSWORD from subscriber where USER_ID like '%U'

  AuthColumnDef 0, Digest-Response, check ...



  And my access request is like this,

  NAS-IP-Address = 193.192.99.87

  NAS-Port-Type = Virtual

  User-Name = "08110000003"

  Digest-Response = "c540ca4b72a58e7a6a1cc99ccffe52ad"

  Digest-Attributes = <1><7>CISCO

  Digest-Attributes = <2><10>43eca18f

  Digest-Attributes = <3><10>REGISTER

  Digest-Attributes = <4>'sip:193.192.99.87;transport=UDP;REG-1

  Digest-Attributes = <5><6>auth

  Digest-Attributes = <6><5>MD5

  Digest-Attributes = <8><9>42c079e

  Digest-Attributes = <9><10>00000001

  Digest-Attributes = <10><13>08110000003

  What should ı do for correct authentication!

    -----Original Message-----
    From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On Behalf Of Cem SEN
    Sent: Tuesday, January 31, 2006 11:29 PM
    To: radiator at open.com.au
    Cc: Deniz Aydin
    Subject: Re: (RADIATOR) HTTP Digest


    Hi Deniz,
    If you add appropriate attributes to your dictionary file, you'll get what you need. Here are some attribs that'll help you.

    Regards,
    Cem SEN
    Network Operations Manager
    DorukNet 

    # Experimental SIP Attributes/Values (draft-sterman-aaa-sip-00.txt etc)

    #

    ATTRIBUTE Sip-Method 101 integer

    ATTRIBUTE Sip-Response-Code 102 integer

    ATTRIBUTE Sip-CSeq 103 string

    ATTRIBUTE Sip-To-Tag 104 string

    ATTRIBUTE Sip-From-Tag 105 string

    ATTRIBUTE Sip-Branch-ID 106 string

    ATTRIBUTE Sip-Translated-Request-URI 107 string

    ATTRIBUTE Sip-Source-IP-Address 108 ipaddr

    ATTRIBUTE Sip-Source-Port 109 integer

    ATTRIBUTE Sip-User-ID 110 string

    ATTRIBUTE Sip-User-Realm 111 string

    ATTRIBUTE Sip-User-Nonce 112 string

    ATTRIBUTE Sip-User-Method 113 string

    ATTRIBUTE Sip-User-Digest-URI 114 string

    ATTRIBUTE Sip-User-Nonce-Count 115 string

    ATTRIBUTE Sip-User-QOP 116 string

    ATTRIBUTE Sip-User-Opaque 117 string

    ATTRIBUTE Sip-User-Response 118 string

    ATTRIBUTE Sip-User-CNonce 119 string

    ATTRIBUTE Sip-URI-User 208 string

    ATTRIBUTE Sip-Req-URI 210 string

    ATTRIBUTE Sip-CC 212 string

    ATTRIBUTE Sip-RPId 213 string

    ATTRIBUTE Digest-Response 206 string

    ATTRIBUTE Digest-Attributes 207 string

    ATTRIBUTE Digest-Realm 1063 string

    ATTRIBUTE Digest-Nonce 1064 string

    ATTRIBUTE Digest-Method 1065 string

    ATTRIBUTE Digest-URI 1066 string

    ATTRIBUTE Digest-QOP 1067 string

    ATTRIBUTE Digest-Algorithm 1068 string

    ATTRIBUTE Digest-Body-Digest 1069 string

    ATTRIBUTE Digest-CNonce 1070 string

    ATTRIBUTE Digest-Nonce-Count 1071 string

    ATTRIBUTE Digest-User-Name 1072 string

    VALUE Service-Type SIP 15

    VALUE Sip-Method Other 0

    VALUE Sip-Method Invite 1

    VALUE Sip-Method Cancel 2

    VALUE Sip-Method Ack 3

    VALUE Sip-Method Bye 4

    VALUE Sip-Response-Code Other 0

    VALUE Sip-Response-Code Invite 1

    VALUE Sip-Response-Code Cancel 2

    VALUE Sip-Response-Code Ack 3

    VALUE Sip-Response-Code Bye 4

    #

    # $Id: dictionary.ser,v 1.5 2004/12/04 22:37:48 janakj Exp $

    #

    # SIP RADIUS attributes

    #

    # Schulzrinne indicates attributes according to

    # draft-schulzrinne-sipping-radius-accounting-00

    #

    # Sterman indicates attributes according to

    # draft-sterman-aaa-sip-00

    #

    # Proprietary indicates an attribute that hasn't

    # been standardized

    #

    # Check out http://www.iana.org/assignments/radius-types

    # for up-to-date list of standard RADIUS attributes

    # and values

    #

    #

    # NOTE: All standard (IANA registered) attributes are 

    # commented out except those that are missing in 

    # the default dictionary of the radiusclient-ng 

    # library.

    #



    #### Attributes ###

    #ATTRIBUTE User-Name 1 string # RFC2865, acc, auth_radius, avp_radius, group_radius, uri_radius

    #ATTRIBUTE Service-Type 6 integer # RFC2865, acc, auth_radius, avp_radius, group_radius, uri_radius

    #ATTRIBUTE Called-Station-Id 30 string # RFC2865, acc

    #ATTRIBUTE Calling-Station-Id 31 string # RFC2865, acc

    #ATTRIBUTE Acct-Status-Type 40 integer # RFC2865, acc

    #ATTRIBUTE Acct-Session-Id 44 string # RFC2865, acc

    ATTRIBUTE Sip-Method 101 integer # Schulzrinne, acc

    ATTRIBUTE Sip-Response-Code 102 integer # Schulzrinne, acc

    ATTRIBUTE Sip-Cseq 103 string # Schulzrinne, acc

    ATTRIBUTE Sip-To-Tag 104 string # Schulzrinne, acc

    ATTRIBUTE Sip-From-Tag 105 string # Schulzrinne, acc

    ATTRIBUTE Sip-Translated-Request-URI 107 string # Proprietary, acc

    ATTRIBUTE Digest-Response 206 string # Sterman, auth_radius

    ATTRIBUTE Sip-Uri-User 208 string # Proprietary, auth_radius

    ATTRIBUTE Sip-Group 211 string # Proprietary, group_radius

    ATTRIBUTE Sip-Rpid 213 string # Proprietary, auth_radius

    ATTRIBUTE SIP-AVP 225 string # Proprietary, avp_radius

    ATTRIBUTE Digest-Realm 1063 string # Sterman, auth_radius

    ATTRIBUTE Digest-Nonce 1064 string # Sterman, auth_radius

    ATTRIBUTE Digest-Method 1065 string # Sterman, auth_radius

    ATTRIBUTE Digest-URI 1066 string # Sterman, auth_radius

    ATTRIBUTE Digest-QOP 1067 string # Sterman, auth_radius

    ATTRIBUTE Digest-Algorithm 1068 string # Sterman, auth_radius

    ATTRIBUTE Digest-Body-Digest 1069 string # Sterman, auth_radius

    ATTRIBUTE Digest-CNonce 1070 string # Sterman, auth_radius

    ATTRIBUTE Digest-Nonce-Count 1071 string # Sterman, auth_radius

    ATTRIBUTE Digest-User-Name 1072 string # Sterman, auth_radius

    ### CISCO Vendor Specific Attributes ###

    #VENDOR Cisco 9

    #ATTRIBUTE Cisco-AVPair 1 string Cisco # VSA, auth_radius

    ### Acct-Status-Type Values ###

    #VALUE Acct-Status-Type Start 1 # RFC2866, acc

    #VALUE Acct-Status-Type Stop 2 # RFC2866, acc

    VALUE Acct-Status-Type Failed 15 # RFC2866, acc

    ### Service-Type Values ###

    VALUE Service-Type Call-Check 10 # RFC2865, uri_radius

    VALUE Service-Type Group-Check 12 # Proprietary, group_radius

    VALUE Service-Type Sip-Session 15 # Schulzrinne, acc, auth_radius

    VALUE Service-Type SIP-Caller-AVPs 30 # Proprietary, avp_radius

    VALUE Service-Type SIP-Callee-AVPs 31 # Proprietary, avp_radius



      ----- Original Message ----- 
      From: Deniz Aydin 
      To: radiator at open.com.au 
      Sent: Tuesday, January 31, 2006 6:23 PM
      Subject: (RADIATOR) HTTP Digest




      Hi, 

      I have been tring to authenticate Cisco Sip Proxy requests with http-digest authentication.But in the logfile of radiator it seems like this;

      Attributes: 
              NAS-IP-Address = xxxxxxxx 
              NAS-Port-Type = Virtual 
              User-Name = "user1" 
              Ascend-Menu-Item = "7ec574c399276a1e353c16e8a7376d4a" 
              Ascend-PW-Warntime = 17253193 
              Ascend-PW-Warntime = 34223155 
              Ascend-PW-Warntime = 50874702 
              Ascend-PW-Warntime = 70546281 
              Ascend-PW-Warntime = 84304245 
              Ascend-PW-Warntime = 101010756 
              Ascend-PW-Warntime = 134689587 
              Ascend-PW-Warntime = 151662640 
              Ascend-PW-Warntime = 168260979 



      But raw radius requests is like this, 

      NAS-IP-Address = xxxxx 
      NAS-Port-Type = Virtual 
      User-Name = "user1" 
      Digest-Response = "941e7ee75864b7f9d2fcc69b1c2beef9" 
      Digest-Attributes = 0x0107434953434f 
      Digest-Attributes = 0x020a3366663230636238 
      Digest-Attributes = 0x030a5245474953544552 
      Digest-Attributes = 0x040f7369703a7676732d7669747261 
      Digest-Attributes = 0x050661757468 
      Digest-Attributes = 0x06056d6435 
      Digest-Attributes = 0x080a3061653134323362 
      Digest-Attributes = 0x090a3030303030303031 
      Digest-Attributes = 0x0a0637393035 



      İs this sth about the dictionary file or http digest support.Or about the configuration. 
      My handler is like that. 
      <Handler NAS-IP-Address = xxx> 
           Identifier sip 
           AuthBy sip_acconting 

      </Handler> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20060210/42bc7737/attachment.html>


More information about the radiator mailing list