(RADIATOR) HTTP Digest
Cem SEN
cem at doruk.net.tr
Fri Feb 10 06:43:40 CST 2006
MessageHello Deniz,
If you simply want to check the password item, you may try using the following due to userid %U or UserName %n.
<AuthBy SQL>
AuthSelect select PASSWORD from subscriber where USER_ID like '%U'
AuthColumnDef 0, User-Password, check
Regards
Cem SEN
----- Original Message -----
From: Deniz Aydin
To: Cem SEN ; radiator at open.com.au
Sent: Friday, February 10, 2006 12:47 PM
Subject: RE: (RADIATOR) HTTP Digest
Thanks for every one. I'll get it done wiht new dictionary file. But now ı have a new problem:)
I am tring to autheticate sip user via radiator from SQL database with HTTP Digest.
I have Auth SQL statement like this (ı know simly digest-response cannot be the check item but i dont know what shoul ı check or there is sth else need to be done on the radius);
<AuthBy SQL>
AuthSelect select PASSWORD from subscriber where USER_ID like '%U'
AuthColumnDef 0, Digest-Response, check ...
And my access request is like this,
NAS-IP-Address = 193.192.99.87
NAS-Port-Type = Virtual
User-Name = "08110000003"
Digest-Response = "c540ca4b72a58e7a6a1cc99ccffe52ad"
Digest-Attributes = <1><7>CISCO
Digest-Attributes = <2><10>43eca18f
Digest-Attributes = <3><10>REGISTER
Digest-Attributes = <4>'sip:193.192.99.87;transport=UDP;REG-1
Digest-Attributes = <5><6>auth
Digest-Attributes = <6><5>MD5
Digest-Attributes = <8><9>42c079e
Digest-Attributes = <9><10>00000001
Digest-Attributes = <10><13>08110000003
What should ı do for correct authentication!
-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On Behalf Of Cem SEN
Sent: Tuesday, January 31, 2006 11:29 PM
To: radiator at open.com.au
Cc: Deniz Aydin
Subject: Re: (RADIATOR) HTTP Digest
Hi Deniz,
If you add appropriate attributes to your dictionary file, you'll get what you need. Here are some attribs that'll help you.
Regards,
Cem SEN
Network Operations Manager
DorukNet
# Experimental SIP Attributes/Values (draft-sterman-aaa-sip-00.txt etc)
#
ATTRIBUTE Sip-Method 101 integer
ATTRIBUTE Sip-Response-Code 102 integer
ATTRIBUTE Sip-CSeq 103 string
ATTRIBUTE Sip-To-Tag 104 string
ATTRIBUTE Sip-From-Tag 105 string
ATTRIBUTE Sip-Branch-ID 106 string
ATTRIBUTE Sip-Translated-Request-URI 107 string
ATTRIBUTE Sip-Source-IP-Address 108 ipaddr
ATTRIBUTE Sip-Source-Port 109 integer
ATTRIBUTE Sip-User-ID 110 string
ATTRIBUTE Sip-User-Realm 111 string
ATTRIBUTE Sip-User-Nonce 112 string
ATTRIBUTE Sip-User-Method 113 string
ATTRIBUTE Sip-User-Digest-URI 114 string
ATTRIBUTE Sip-User-Nonce-Count 115 string
ATTRIBUTE Sip-User-QOP 116 string
ATTRIBUTE Sip-User-Opaque 117 string
ATTRIBUTE Sip-User-Response 118 string
ATTRIBUTE Sip-User-CNonce 119 string
ATTRIBUTE Sip-URI-User 208 string
ATTRIBUTE Sip-Req-URI 210 string
ATTRIBUTE Sip-CC 212 string
ATTRIBUTE Sip-RPId 213 string
ATTRIBUTE Digest-Response 206 string
ATTRIBUTE Digest-Attributes 207 string
ATTRIBUTE Digest-Realm 1063 string
ATTRIBUTE Digest-Nonce 1064 string
ATTRIBUTE Digest-Method 1065 string
ATTRIBUTE Digest-URI 1066 string
ATTRIBUTE Digest-QOP 1067 string
ATTRIBUTE Digest-Algorithm 1068 string
ATTRIBUTE Digest-Body-Digest 1069 string
ATTRIBUTE Digest-CNonce 1070 string
ATTRIBUTE Digest-Nonce-Count 1071 string
ATTRIBUTE Digest-User-Name 1072 string
VALUE Service-Type SIP 15
VALUE Sip-Method Other 0
VALUE Sip-Method Invite 1
VALUE Sip-Method Cancel 2
VALUE Sip-Method Ack 3
VALUE Sip-Method Bye 4
VALUE Sip-Response-Code Other 0
VALUE Sip-Response-Code Invite 1
VALUE Sip-Response-Code Cancel 2
VALUE Sip-Response-Code Ack 3
VALUE Sip-Response-Code Bye 4
#
# $Id: dictionary.ser,v 1.5 2004/12/04 22:37:48 janakj Exp $
#
# SIP RADIUS attributes
#
# Schulzrinne indicates attributes according to
# draft-schulzrinne-sipping-radius-accounting-00
#
# Sterman indicates attributes according to
# draft-sterman-aaa-sip-00
#
# Proprietary indicates an attribute that hasn't
# been standardized
#
# Check out http://www.iana.org/assignments/radius-types
# for up-to-date list of standard RADIUS attributes
# and values
#
#
# NOTE: All standard (IANA registered) attributes are
# commented out except those that are missing in
# the default dictionary of the radiusclient-ng
# library.
#
#### Attributes ###
#ATTRIBUTE User-Name 1 string # RFC2865, acc, auth_radius, avp_radius, group_radius, uri_radius
#ATTRIBUTE Service-Type 6 integer # RFC2865, acc, auth_radius, avp_radius, group_radius, uri_radius
#ATTRIBUTE Called-Station-Id 30 string # RFC2865, acc
#ATTRIBUTE Calling-Station-Id 31 string # RFC2865, acc
#ATTRIBUTE Acct-Status-Type 40 integer # RFC2865, acc
#ATTRIBUTE Acct-Session-Id 44 string # RFC2865, acc
ATTRIBUTE Sip-Method 101 integer # Schulzrinne, acc
ATTRIBUTE Sip-Response-Code 102 integer # Schulzrinne, acc
ATTRIBUTE Sip-Cseq 103 string # Schulzrinne, acc
ATTRIBUTE Sip-To-Tag 104 string # Schulzrinne, acc
ATTRIBUTE Sip-From-Tag 105 string # Schulzrinne, acc
ATTRIBUTE Sip-Translated-Request-URI 107 string # Proprietary, acc
ATTRIBUTE Digest-Response 206 string # Sterman, auth_radius
ATTRIBUTE Sip-Uri-User 208 string # Proprietary, auth_radius
ATTRIBUTE Sip-Group 211 string # Proprietary, group_radius
ATTRIBUTE Sip-Rpid 213 string # Proprietary, auth_radius
ATTRIBUTE SIP-AVP 225 string # Proprietary, avp_radius
ATTRIBUTE Digest-Realm 1063 string # Sterman, auth_radius
ATTRIBUTE Digest-Nonce 1064 string # Sterman, auth_radius
ATTRIBUTE Digest-Method 1065 string # Sterman, auth_radius
ATTRIBUTE Digest-URI 1066 string # Sterman, auth_radius
ATTRIBUTE Digest-QOP 1067 string # Sterman, auth_radius
ATTRIBUTE Digest-Algorithm 1068 string # Sterman, auth_radius
ATTRIBUTE Digest-Body-Digest 1069 string # Sterman, auth_radius
ATTRIBUTE Digest-CNonce 1070 string # Sterman, auth_radius
ATTRIBUTE Digest-Nonce-Count 1071 string # Sterman, auth_radius
ATTRIBUTE Digest-User-Name 1072 string # Sterman, auth_radius
### CISCO Vendor Specific Attributes ###
#VENDOR Cisco 9
#ATTRIBUTE Cisco-AVPair 1 string Cisco # VSA, auth_radius
### Acct-Status-Type Values ###
#VALUE Acct-Status-Type Start 1 # RFC2866, acc
#VALUE Acct-Status-Type Stop 2 # RFC2866, acc
VALUE Acct-Status-Type Failed 15 # RFC2866, acc
### Service-Type Values ###
VALUE Service-Type Call-Check 10 # RFC2865, uri_radius
VALUE Service-Type Group-Check 12 # Proprietary, group_radius
VALUE Service-Type Sip-Session 15 # Schulzrinne, acc, auth_radius
VALUE Service-Type SIP-Caller-AVPs 30 # Proprietary, avp_radius
VALUE Service-Type SIP-Callee-AVPs 31 # Proprietary, avp_radius
----- Original Message -----
From: Deniz Aydin
To: radiator at open.com.au
Sent: Tuesday, January 31, 2006 6:23 PM
Subject: (RADIATOR) HTTP Digest
Hi,
I have been tring to authenticate Cisco Sip Proxy requests with http-digest authentication.But in the logfile of radiator it seems like this;
Attributes:
NAS-IP-Address = xxxxxxxx
NAS-Port-Type = Virtual
User-Name = "user1"
Ascend-Menu-Item = "7ec574c399276a1e353c16e8a7376d4a"
Ascend-PW-Warntime = 17253193
Ascend-PW-Warntime = 34223155
Ascend-PW-Warntime = 50874702
Ascend-PW-Warntime = 70546281
Ascend-PW-Warntime = 84304245
Ascend-PW-Warntime = 101010756
Ascend-PW-Warntime = 134689587
Ascend-PW-Warntime = 151662640
Ascend-PW-Warntime = 168260979
But raw radius requests is like this,
NAS-IP-Address = xxxxx
NAS-Port-Type = Virtual
User-Name = "user1"
Digest-Response = "941e7ee75864b7f9d2fcc69b1c2beef9"
Digest-Attributes = 0x0107434953434f
Digest-Attributes = 0x020a3366663230636238
Digest-Attributes = 0x030a5245474953544552
Digest-Attributes = 0x040f7369703a7676732d7669747261
Digest-Attributes = 0x050661757468
Digest-Attributes = 0x06056d6435
Digest-Attributes = 0x080a3061653134323362
Digest-Attributes = 0x090a3030303030303031
Digest-Attributes = 0x0a0637393035
İs this sth about the dictionary file or http digest support.Or about the configuration.
My handler is like that.
<Handler NAS-IP-Address = xxx>
Identifier sip
AuthBy sip_acconting
</Handler>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20060210/42bc7737/attachment.html>
More information about the radiator
mailing list