(RADIATOR) HTTP Digest
Hugh Irvine
hugh at open.com.au
Tue Jan 31 16:40:00 CST 2006
Hello Cem, Hello Deniz -
There is an additional dictionary in the Radiator distribution called
"dictionary.sip" which you can use in conjunction with the standard
dictionary.
You should add this to your configuration file:
DictionaryFile %D/dictionary, %D/dictionary.sip
where both "dictionary" and "dictionary.sip" have been copied to your
"%D" directory.
See also "goodies/hooks.txt" for additional details regarding
multiple Digest-Attribute's.
regards
Hugh
On 1 Feb 2006, at 08:28, Cem SEN wrote:
> Hi Deniz,
> If you add appropriate attributes to your dictionary file, you'll
> get what you need. Here are some attribs that'll help you.
>
> Regards,
> Cem SEN
> Network Operations Manager
> DorukNet
>
> # Experimental SIP Attributes/Values (draft-sterman-aaa-sip-00.txt
> etc)
>
> #
>
> ATTRIBUTE Sip-Method 101 integer
>
> ATTRIBUTE Sip-Response-Code 102 integer
>
> ATTRIBUTE Sip-CSeq 103 string
>
> ATTRIBUTE Sip-To-Tag 104 string
>
> ATTRIBUTE Sip-From-Tag 105 string
>
> ATTRIBUTE Sip-Branch-ID 106 string
>
> ATTRIBUTE Sip-Translated-Request-URI 107 string
>
> ATTRIBUTE Sip-Source-IP-Address 108 ipaddr
>
> ATTRIBUTE Sip-Source-Port 109 integer
>
> ATTRIBUTE Sip-User-ID 110 string
>
> ATTRIBUTE Sip-User-Realm 111 string
>
> ATTRIBUTE Sip-User-Nonce 112 string
>
> ATTRIBUTE Sip-User-Method 113 string
>
> ATTRIBUTE Sip-User-Digest-URI 114 string
>
> ATTRIBUTE Sip-User-Nonce-Count 115 string
>
> ATTRIBUTE Sip-User-QOP 116 string
>
> ATTRIBUTE Sip-User-Opaque 117 string
>
> ATTRIBUTE Sip-User-Response 118 string
>
> ATTRIBUTE Sip-User-CNonce 119 string
>
> ATTRIBUTE Sip-URI-User 208 string
>
> ATTRIBUTE Sip-Req-URI 210 string
>
> ATTRIBUTE Sip-CC 212 string
>
> ATTRIBUTE Sip-RPId 213 string
>
> ATTRIBUTE Digest-Response 206 string
>
> ATTRIBUTE Digest-Attributes 207 string
>
> ATTRIBUTE Digest-Realm 1063 string
>
> ATTRIBUTE Digest-Nonce 1064 string
>
> ATTRIBUTE Digest-Method 1065 string
>
> ATTRIBUTE Digest-URI 1066 string
>
> ATTRIBUTE Digest-QOP 1067 string
>
> ATTRIBUTE Digest-Algorithm 1068 string
>
> ATTRIBUTE Digest-Body-Digest 1069 string
>
> ATTRIBUTE Digest-CNonce 1070 string
>
> ATTRIBUTE Digest-Nonce-Count 1071 string
>
> ATTRIBUTE Digest-User-Name 1072 string
>
> VALUE Service-Type SIP 15
>
> VALUE Sip-Method Other 0
>
> VALUE Sip-Method Invite 1
>
> VALUE Sip-Method Cancel 2
>
> VALUE Sip-Method Ack 3
>
> VALUE Sip-Method Bye 4
>
> VALUE Sip-Response-Code Other 0
>
> VALUE Sip-Response-Code Invite 1
>
> VALUE Sip-Response-Code Cancel 2
>
> VALUE Sip-Response-Code Ack 3
>
> VALUE Sip-Response-Code Bye 4
>
> #
>
> # $Id: dictionary.ser,v 1.5 2004/12/04 22:37:48 janakj Exp $
>
> #
>
> # SIP RADIUS attributes
>
> #
>
> # Schulzrinne indicates attributes according to
>
> # draft-schulzrinne-sipping-radius-accounting-00
>
> #
>
> # Sterman indicates attributes according to
>
> # draft-sterman-aaa-sip-00
>
> #
>
> # Proprietary indicates an attribute that hasn't
>
> # been standardized
>
> #
>
> # Check out http://www.iana.org/assignments/radius-types
>
> # for up-to-date list of standard RADIUS attributes
>
> # and values
>
> #
>
> #
>
> # NOTE: All standard (IANA registered) attributes are
>
> # commented out except those that are missing in
>
> # the default dictionary of the radiusclient-ng
>
> # library.
>
> #
>
>
> #### Attributes ###
>
> #ATTRIBUTE User-Name 1 string # RFC2865, acc, auth_radius,
> avp_radius, group_radius, uri_radius
>
> #ATTRIBUTE Service-Type 6 integer # RFC2865, acc, auth_radius,
> avp_radius, group_radius, uri_radius
>
> #ATTRIBUTE Called-Station-Id 30 string # RFC2865, acc
>
> #ATTRIBUTE Calling-Station-Id 31 string # RFC2865, acc
>
> #ATTRIBUTE Acct-Status-Type 40 integer # RFC2865, acc
>
> #ATTRIBUTE Acct-Session-Id 44 string # RFC2865, acc
>
> ATTRIBUTE Sip-Method 101 integer # Schulzrinne, acc
>
> ATTRIBUTE Sip-Response-Code 102 integer # Schulzrinne, acc
>
> ATTRIBUTE Sip-Cseq 103 string # Schulzrinne, acc
>
> ATTRIBUTE Sip-To-Tag 104 string # Schulzrinne, acc
>
> ATTRIBUTE Sip-From-Tag 105 string # Schulzrinne, acc
>
> ATTRIBUTE Sip-Translated-Request-URI 107 string # Proprietary, acc
>
> ATTRIBUTE Digest-Response 206 string # Sterman, auth_radius
>
> ATTRIBUTE Sip-Uri-User 208 string # Proprietary, auth_radius
>
> ATTRIBUTE Sip-Group 211 string # Proprietary, group_radius
>
> ATTRIBUTE Sip-Rpid 213 string # Proprietary, auth_radius
>
> ATTRIBUTE SIP-AVP 225 string # Proprietary, avp_radius
>
> ATTRIBUTE Digest-Realm 1063 string # Sterman, auth_radius
>
> ATTRIBUTE Digest-Nonce 1064 string # Sterman, auth_radius
>
> ATTRIBUTE Digest-Method 1065 string # Sterman, auth_radius
>
> ATTRIBUTE Digest-URI 1066 string # Sterman, auth_radius
>
> ATTRIBUTE Digest-QOP 1067 string # Sterman, auth_radius
>
> ATTRIBUTE Digest-Algorithm 1068 string # Sterman, auth_radius
>
> ATTRIBUTE Digest-Body-Digest 1069 string # Sterman, auth_radius
>
> ATTRIBUTE Digest-CNonce 1070 string # Sterman, auth_radius
>
> ATTRIBUTE Digest-Nonce-Count 1071 string # Sterman, auth_radius
>
> ATTRIBUTE Digest-User-Name 1072 string # Sterman, auth_radius
>
> ### CISCO Vendor Specific Attributes ###
>
> #VENDOR Cisco 9
>
> #ATTRIBUTE Cisco-AVPair 1 string Cisco # VSA, auth_radius
>
> ### Acct-Status-Type Values ###
>
> #VALUE Acct-Status-Type Start 1 # RFC2866, acc
>
> #VALUE Acct-Status-Type Stop 2 # RFC2866, acc
>
> VALUE Acct-Status-Type Failed 15 # RFC2866, acc
>
> ### Service-Type Values ###
>
> VALUE Service-Type Call-Check 10 # RFC2865, uri_radius
>
> VALUE Service-Type Group-Check 12 # Proprietary, group_radius
>
> VALUE Service-Type Sip-Session 15 # Schulzrinne, acc, auth_radius
>
> VALUE Service-Type SIP-Caller-AVPs 30 # Proprietary, avp_radius
>
> VALUE Service-Type SIP-Callee-AVPs 31 # Proprietary, avp_radius
>
>
> ----- Original Message -----
> From: Deniz Aydin
> To: radiator at open.com.au
> Sent: Tuesday, January 31, 2006 6:23 PM
> Subject: (RADIATOR) HTTP Digest
>
>
> Hi,
>
> I have been tring to authenticate Cisco Sip Proxy requests with
> http-digest authentication.But in the logfile of radiator it seems
> like this;
>
> Attributes:
> NAS-IP-Address = xxxxxxxx
> NAS-Port-Type = Virtual
> User-Name = "user1"
> Ascend-Menu-Item = "7ec574c399276a1e353c16e8a7376d4a"
> Ascend-PW-Warntime = 17253193
> Ascend-PW-Warntime = 34223155
> Ascend-PW-Warntime = 50874702
> Ascend-PW-Warntime = 70546281
> Ascend-PW-Warntime = 84304245
> Ascend-PW-Warntime = 101010756
> Ascend-PW-Warntime = 134689587
> Ascend-PW-Warntime = 151662640
> Ascend-PW-Warntime = 168260979
>
>
> But raw radius requests is like this,
>
> NAS-IP-Address = xxxxx
> NAS-Port-Type = Virtual
> User-Name = "user1"
> Digest-Response = "941e7ee75864b7f9d2fcc69b1c2beef9"
> Digest-Attributes = 0x0107434953434f
> Digest-Attributes = 0x020a3366663230636238
> Digest-Attributes = 0x030a5245474953544552
> Digest-Attributes = 0x040f7369703a7676732d7669747261
> Digest-Attributes = 0x050661757468
> Digest-Attributes = 0x06056d6435
> Digest-Attributes = 0x080a3061653134323362
> Digest-Attributes = 0x090a3030303030303031
> Digest-Attributes = 0x0a0637393035
>
>
> İs this sth about the dictionary file or http digest support.Or
> about the configuration.
> My handler is like that.
> <Handler NAS-IP-Address = xxx>
> Identifier sip
> AuthBy sip_acconting
>
> </Handler>
>
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list