(RADIATOR) Re: Access reject (sip digest) seems not reacing the radius client

Hugh Irvine hugh at open.com.au
Sun Jan 1 17:35:30 CST 2006


Hello Rosario -

You should add NoDefault to the AuthBy SQL clause:


<AuthBy SQL>
                Identifier      SIPDigest
                DBSource        dbi:mysql:ser:xxx.xxx.xxx.xxx
                DBUsername      ser
                DBAuth          xxxxxxxxxxx

                NoDefault

                AuthSelect select password from subscriber where  
username='%{Digest-User-Name}' and domain='%{Dige\
st-Realm}'

                AuthColumnDef 0, User-Password, check
                AuthColumnDef 1, NAS-Port-Type, reply

</AuthBy>


regards

Hugh


On 1 Jan 2006, at 21:50, Rosario Pingaro wrote:

> Hi Hugh, have a great 2006
>
> we were able to configure Radiator 3.13 for digest authentication  
> against ser and its radius client. This is the handler about it  
> (with the prehadlerhook you mailed me):
> <AuthBy SQL>
>                Identifier      SIPDigest
>                DBSource        dbi:mysql:ser:xxx.xxx.xxx.xxx
>                DBUsername      ser
>                DBAuth          xxxxxxxxxxx
>
>                AuthSelect select password from subscriber where  
> username='%{Digest-User-Name}' and domain='%{Dige\
> st-Realm}'
>
>                AuthColumnDef 0, User-Password, check
>                AuthColumnDef 1, NAS-Port-Type, reply
>
> </AuthBy>
>
> <Handler Realm=voip.convergenze.it,Digest-Method=REGISTER>
>        # AuthByPolicy per gestire il Timeout del Mysql
>        AuthByPolicy ContinueWhileIgnore
>
>        AuthBy SIPDigest
>
>        <AuthBy INTERNAL>
>                DefaultResult REJECT
>        </AuthBy>
>
>        # Log authentication to a detail file.Sun Jan  1 11:37:09  
> 2006: DEBUG: Radius::AuthSQL looks for match with DEFAULT11485  
> [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:09 2006: DEBUG: Radius::AuthSQL REJECT: Bad  
> Password: DEFAULT11485 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:09 2006: DEBUG: Query is: 'select password from  
> subscriber where username='rpingar' and domain='voip.convergenze.it'':
> Sun Jan  1 11:37:09 2006: DEBUG: Radius::AuthSQL looks for match  
> with DEFAULT11486 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:09 2006: DEBUG: Radius::AuthSQL REJECT: Bad  
> Password: DEFAULT11486 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:09 2006: DEBUG: Query is: 'select password from  
> subscriber where username='rpingar' and domain='voip.convergenze.it'':
> Sun Jan  1 11:37:09 2006: DEBUG: Radius::AuthSQL looks for match  
> with DEFAULT11487 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:09 2006: DEBUG: Radius::AuthSQL REJECT: Bad  
> Password: DEFAULT11487 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:09 2006: DEBUG: Query is: 'select password from  
> subscriber where username='rpingar' and domain='voip.convergenze.it'':
> Sun Jan  1 11:37:09 2006: DEBUG: Radius::AuthSQL looks for match  
> with DEFAULT11488 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:09 2006: DEBUG: Radius::AuthSQL REJECT: Bad  
> Password: DEFAULT11488 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:09 2006: DEBUG: Query is: 'select password from  
> subscriber where username='rpingar' and domain='voip.convergenze.it'':
> Sun Jan  1 11:37:09 2006: DEBUG: Radius::AuthSQL looks for match  
> with DEFAULT11489 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:09 2006: DEBUG: Radius::AuthSQL REJECT: Bad  
> Password: DEFAULT11489 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:09 2006: DEBUG: Query is: 'select password from  
> subscriber where username='rpingar' and domain='voip.convergenze.it'':
> Sun Jan  1 11:37:09 2006: DEBUG: Radius::AuthSQL looks for match  
> with DEFAULT11490 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:09 2006: DEBUG: Radius::AuthSQL REJECT: Bad  
> Password: DEFAULT11490 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:09 2006: DEBUG: Query is: 'select password from  
> subscriber where username='rpingar' and domain='voip.convergenze.it'':
> Sun Jan  1 11:37:09 2006: DEBUG: Radius::AuthSQL looks for match  
> with DEFAULT11491 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:09 2006: DEBUG: Radius::AuthSQL REJECT: Bad  
> Password: DEFAULT11491 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:09 2006: DEBUG: Query is: 'select password from  
> subscriber where username='rpingar' and domain='voip.convergenze.it'':
> Sun Jan  1 11:37:09 2006: DEBUG: Radius::AuthSQL looks for match  
> with DEFAULT11492 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:09 2006: DEBUG: Radius::AuthSQL REJECT: Bad  
> Password: DEFAULT11492 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:09 2006: DEBUG: Query is: 'select password from  
> subscriber where username='rpingar' and domain='voip.convergenze.it'':
> Sun Jan  1 11:37:09 2006: DEBUG: Radius::AuthSQL looks for match  
> with DEFAULT11493 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:10 2006: DEBUG: Radius::AuthSQL REJECT: Bad  
> Password: DEFAULT11493 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:10 2006: DEBUG: Query is: 'select password from  
> subscriber where username='rpingar' and domain='voip.convergenze.it'':
> Sun Jan  1 11:37:10 2006: DEBUG: Radius::AuthSQL looks for match  
> with DEFAULT11494 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:10 2006: DEBUG: Radius::AuthSQL REJECT: Bad  
> Password: DEFAULT11494 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:10 2006: DEBUG: Query is: 'select password from  
> subscriber where username='rpingar' and domain='voip.convergenze.it'':
> Sun Jan  1 11:37:10 2006: DEBUG: Radius::AuthSQL looks for match  
> with DEFAULT11495 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:10 2006: DEBUG: Radius::AuthSQL REJECT: Bad  
> Password: DEFAULT11495 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:10 2006: DEBUG: Query is: 'select password from  
> subscriber where username='rpingar' and domain='voip.convergenze.it'':
> Sun Jan  1 11:37:10 2006: DEBUG: Radius::AuthSQL looks for match  
> with DEFAULT11496 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:10 2006: DEBUG: Radius::AuthSQL REJECT: Bad  
> Password: DEFAULT11496 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:10 2006: DEBUG: Query is: 'select password from  
> subscriber where username='rpingar' and domain='voip.convergenze.it'':
> Sun Jan  1 11:37:10 2006: DEBUG: Radius::AuthSQL looks for match  
> with DEFAULT11497 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:10 2006: DEBUG: Radius::AuthSQL REJECT: Bad  
> Password: DEFAULT11497 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:10 2006: DEBUG: Query is: 'select password from  
> subscriber where username='rpingar' and domain='voip.convergenze.it'':
> Sun Jan  1 11:37:10 2006: DEBUG: Radius::AuthSQL looks for match  
> with DEFAULT11498 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:10 2006: DEBUG: Radius::AuthSQL REJECT: Bad  
> Password: DEFAULT11498 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:10 2006: DEBUG: Query is: 'select password from  
> subscriber where username='rpingar' and domain='voip.convergenze.it'':
> Sun Jan  1 11:37:10 2006: DEBUG: Radius::AuthSQL looks for match  
> with DEFAULT11499 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:10 2006: DEBUG: Radius::AuthSQL REJECT: Bad  
> Password: DEFAULT11499 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:10 2006: DEBUG: Query is: 'select password from  
> subscriber where username='rpingar' and domain='voip.convergenze.it'':
> Sun Jan  1 11:37:10 2006: DEBUG: Radius::AuthSQL looks for match  
> with DEFAULT11500 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:10 2006: DEBUG: Radius::AuthSQL REJECT: Bad  
> Password: DEFAULT11500 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:10 2006: DEBUG: Query is: 'select password from  
> subscriber where username='rpingar' and domain='voip.convergenze.it'':
> Sun Jan  1 11:37:10 2006: DEBUG: Radius::AuthSQL looks for match  
> with DEFAULT11501 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:10 2006: DEBUG: Radius::AuthSQL REJECT: Bad  
> Password: DEFAULT11501 [rpingar at voip.convergenze.it]
> Sun Jan  1 11:37:10 2006: DEBUG: Query is: 'select password from  
> subscriber where username='rpingar' and domain='voip.convergenze.it'':
> Sun Jan  1 11:37:10 2006: DEBUG: Radius::AuthSQL looks for match  
> with DEFAULT11502 [rpingar at voip.convergenze.it]
>
> The client stops only about timeout and not get the access-reject.
> At the moment it seems more related to radius confeg that the  
> client one. Beacuse logging on port 1812 on the radius server I  
> don't get such long access-request but only the few request it  
> should normally receive and at same time I don't see the reject  
> message leaving the server to the client.
>
> Can you help me to understand what is going on?
>
> Thanks
> Rosario
> </Handler>
>
>
> Now the problem is that when I try to authenticate with the right  
> infos everything is fine and working. When I try with the wrong one  
> I got this kind of behaviour:
>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list