(RADIATOR) Access reject (sip digest) seems not reacing the radius client
Rosario Pingaro
rpingar at nesec.it
Sun Jan 1 04:50:13 CST 2006
Hi Hugh, have a great 2006
we were able to configure Radiator 3.13 for digest authentication against
ser and its radius client. This is the handler about it (with the
prehadlerhook you mailed me):
<AuthBy SQL>
Identifier SIPDigest
DBSource dbi:mysql:ser:xxx.xxx.xxx.xxx
DBUsername ser
DBAuth xxxxxxxxxxx
AuthSelect select password from subscriber where
username='%{Digest-User-Name}' and domain='%{Dige\
st-Realm}'
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, NAS-Port-Type, reply
</AuthBy>
<Handler Realm=voip.convergenze.it,Digest-Method=REGISTER>
# AuthByPolicy per gestire il Timeout del Mysql
AuthByPolicy ContinueWhileIgnore
AuthBy SIPDigest
<AuthBy INTERNAL>
DefaultResult REJECT
</AuthBy>
# Log authentication to a detail file.Sun Jan 1 11:37:09 2006:
DEBUG: Radius::AuthSQL looks for match with DEFAULT11485
[rpingar at voip.convergenze.it]
Sun Jan 1 11:37:09 2006: DEBUG: Radius::AuthSQL REJECT: Bad Password:
DEFAULT11485 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:09 2006: DEBUG: Query is: 'select password from subscriber
where username='rpingar' and domain='voip.convergenze.it'':
Sun Jan 1 11:37:09 2006: DEBUG: Radius::AuthSQL looks for match with
DEFAULT11486 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:09 2006: DEBUG: Radius::AuthSQL REJECT: Bad Password:
DEFAULT11486 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:09 2006: DEBUG: Query is: 'select password from subscriber
where username='rpingar' and domain='voip.convergenze.it'':
Sun Jan 1 11:37:09 2006: DEBUG: Radius::AuthSQL looks for match with
DEFAULT11487 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:09 2006: DEBUG: Radius::AuthSQL REJECT: Bad Password:
DEFAULT11487 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:09 2006: DEBUG: Query is: 'select password from subscriber
where username='rpingar' and domain='voip.convergenze.it'':
Sun Jan 1 11:37:09 2006: DEBUG: Radius::AuthSQL looks for match with
DEFAULT11488 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:09 2006: DEBUG: Radius::AuthSQL REJECT: Bad Password:
DEFAULT11488 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:09 2006: DEBUG: Query is: 'select password from subscriber
where username='rpingar' and domain='voip.convergenze.it'':
Sun Jan 1 11:37:09 2006: DEBUG: Radius::AuthSQL looks for match with
DEFAULT11489 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:09 2006: DEBUG: Radius::AuthSQL REJECT: Bad Password:
DEFAULT11489 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:09 2006: DEBUG: Query is: 'select password from subscriber
where username='rpingar' and domain='voip.convergenze.it'':
Sun Jan 1 11:37:09 2006: DEBUG: Radius::AuthSQL looks for match with
DEFAULT11490 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:09 2006: DEBUG: Radius::AuthSQL REJECT: Bad Password:
DEFAULT11490 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:09 2006: DEBUG: Query is: 'select password from subscriber
where username='rpingar' and domain='voip.convergenze.it'':
Sun Jan 1 11:37:09 2006: DEBUG: Radius::AuthSQL looks for match with
DEFAULT11491 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:09 2006: DEBUG: Radius::AuthSQL REJECT: Bad Password:
DEFAULT11491 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:09 2006: DEBUG: Query is: 'select password from subscriber
where username='rpingar' and domain='voip.convergenze.it'':
Sun Jan 1 11:37:09 2006: DEBUG: Radius::AuthSQL looks for match with
DEFAULT11492 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:09 2006: DEBUG: Radius::AuthSQL REJECT: Bad Password:
DEFAULT11492 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:09 2006: DEBUG: Query is: 'select password from subscriber
where username='rpingar' and domain='voip.convergenze.it'':
Sun Jan 1 11:37:09 2006: DEBUG: Radius::AuthSQL looks for match with
DEFAULT11493 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:10 2006: DEBUG: Radius::AuthSQL REJECT: Bad Password:
DEFAULT11493 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:10 2006: DEBUG: Query is: 'select password from subscriber
where username='rpingar' and domain='voip.convergenze.it'':
Sun Jan 1 11:37:10 2006: DEBUG: Radius::AuthSQL looks for match with
DEFAULT11494 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:10 2006: DEBUG: Radius::AuthSQL REJECT: Bad Password:
DEFAULT11494 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:10 2006: DEBUG: Query is: 'select password from subscriber
where username='rpingar' and domain='voip.convergenze.it'':
Sun Jan 1 11:37:10 2006: DEBUG: Radius::AuthSQL looks for match with
DEFAULT11495 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:10 2006: DEBUG: Radius::AuthSQL REJECT: Bad Password:
DEFAULT11495 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:10 2006: DEBUG: Query is: 'select password from subscriber
where username='rpingar' and domain='voip.convergenze.it'':
Sun Jan 1 11:37:10 2006: DEBUG: Radius::AuthSQL looks for match with
DEFAULT11496 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:10 2006: DEBUG: Radius::AuthSQL REJECT: Bad Password:
DEFAULT11496 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:10 2006: DEBUG: Query is: 'select password from subscriber
where username='rpingar' and domain='voip.convergenze.it'':
Sun Jan 1 11:37:10 2006: DEBUG: Radius::AuthSQL looks for match with
DEFAULT11497 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:10 2006: DEBUG: Radius::AuthSQL REJECT: Bad Password:
DEFAULT11497 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:10 2006: DEBUG: Query is: 'select password from subscriber
where username='rpingar' and domain='voip.convergenze.it'':
Sun Jan 1 11:37:10 2006: DEBUG: Radius::AuthSQL looks for match with
DEFAULT11498 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:10 2006: DEBUG: Radius::AuthSQL REJECT: Bad Password:
DEFAULT11498 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:10 2006: DEBUG: Query is: 'select password from subscriber
where username='rpingar' and domain='voip.convergenze.it'':
Sun Jan 1 11:37:10 2006: DEBUG: Radius::AuthSQL looks for match with
DEFAULT11499 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:10 2006: DEBUG: Radius::AuthSQL REJECT: Bad Password:
DEFAULT11499 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:10 2006: DEBUG: Query is: 'select password from subscriber
where username='rpingar' and domain='voip.convergenze.it'':
Sun Jan 1 11:37:10 2006: DEBUG: Radius::AuthSQL looks for match with
DEFAULT11500 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:10 2006: DEBUG: Radius::AuthSQL REJECT: Bad Password:
DEFAULT11500 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:10 2006: DEBUG: Query is: 'select password from subscriber
where username='rpingar' and domain='voip.convergenze.it'':
Sun Jan 1 11:37:10 2006: DEBUG: Radius::AuthSQL looks for match with
DEFAULT11501 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:10 2006: DEBUG: Radius::AuthSQL REJECT: Bad Password:
DEFAULT11501 [rpingar at voip.convergenze.it]
Sun Jan 1 11:37:10 2006: DEBUG: Query is: 'select password from subscriber
where username='rpingar' and domain='voip.convergenze.it'':
Sun Jan 1 11:37:10 2006: DEBUG: Radius::AuthSQL looks for match with
DEFAULT11502 [rpingar at voip.convergenze.it]
The client stops only about timeout and not get the access-reject.
At the moment it seems more related to radius confeg that the client one.
Beacuse logging on port 1812 on the radius server I don't get such long
access-request but only the few request it should normally receive and at
same time I don't see the reject message leaving the server to the client.
Can you help me to understand what is going on?
Thanks
Rosario
</Handler>
Now the problem is that when I try to authenticate with the right infos
everything is fine and working. When I try with the wrong one I got this
kind of behaviour:
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list