Hello,
here you can find the description of this error:
http://docs.hp.com/en/T1428-90025/ch08s02.html
Received invalid reply digest from server => Server and client do not agree on shared secret => Verify the shared secret in the clients file agrees with the secret configured on the client.
I started an OpenSER-Radius tutorial, but due to time constraints it is not finished yet. Hopefully in next days will be ready. I will post it on the web and announce on the mailing list.
Cheers, Daniel
On 03/30/06 14:24, Nguyen Duc Phi wrote:
Thanks for supporting, Here is syslog of radiusclient.
Mar 30 18:00:49 sipserver openser: rc_check_reply: received invalid reply digest from RADIUS server
----- Original Message ----- From: "Daniel-Constantin Mierla" daniel@voice-system.ro To: "Nguyen Duc Phi" ndphi@vdc.com.vn Cc: users@openser.org Sent: Thursday, March 30, 2006 6:12 PM Subject: Re: [Users] Radius Authentication failed ?
Have you got any message is syslog coming from radiusclient-ng library? The FreeRadius server reports ok for authentication.
Cheers, Daniel
On 03/30/06 05:15, Nguyen Duc Phi wrote:
I config openser authenticate from Radius. when softphone register to openser, Freeradius response "Sending Access-Accept" but openser inform "ERROR:auth_radius:radius_authorize_sterman: rc_auth failed" So softphone not registered. I search this title in google and find on "*OpenSER Users Mailing List*", I didnt find solution to fix problem. Could someone help me fix this problem ? Here is list of product's version I used. openser-1.0.1 OS : CentOS-4 x86_64 radiusclient-ng-0.5.2 freeradius-1.0.5 openser show debug : 8(8985) parse_headers: flags=ffffffffffffffff 8(8985) check_via_address(192.168.212.123, 192.168.212.123, 0) 8(8985) DEBUG:destroy_avp_list: destroying list (nil) 8(8985) receive_msg: cleaning up 7(8982) SIP Request: 7(8982) method: <REGISTER> 7(8982) uri: sip:vdc.com.vn 7(8982) version: <SIP/2.0> 7(8982) parse_headers: flags=2 7(8982) DEBUG: get_hdr_body : content_length=0 7(8982) get_hdr_field: cseq <CSeq>: <2> <REGISTER> 7(8982) DEBUG:parse_to:end of header reached, state=9 7(8982) DEBUG: get_hdr_field: <To> [23]; uri=[sip:5001@vdc.com.vn] 7(8982) DEBUG: to body [sip:5001@vdc.com.vn ] 7(8982) Found param type 235, <rport> = <n/a>; state=6 7(8982) Found param type 232, <branch> = <z9hG4bKc0a8d47b0131c9b1442b39c80000367c00000003>; state=16 7(8982) end of header reached, state=5 7(8982) parse_headers: Via found, flags=2 7(8982) parse_headers: this is the first via 7(8982) After parse_msg... 7(8982) preparing to run routing scripts... 7(8982) DEBUG:maxfwd:is_maxfwd_present: value = 70 7(8982) parse_headers: flags=200 7(8982) found end of header 7(8982) find_first_route: No Route headers found 7(8982) loose_route: There is no Route HF 7(8982) grep_sock_info - checking if host==us: 10==9 && [vdc.com.vn] == [127.0.0.1] 7(8982) grep_sock_info - checking if port 5060 matches port 5060 7(8982) grep_sock_info - checking if host==us: 10==13 && [vdc.com.vn] == [192.168.212.9] 7(8982) grep_sock_info - checking if port 5060 matches port 5060 7(8982) grep_sock_info - checking if host==us: 10==9 && [vdc.com.vn] == [127.0.0.1] 7(8982) grep_sock_info - checking if port 5060 matches port 5060 7(8982) grep_sock_info - checking if host==us: 10==13 && [vdc.com.vn] == [192.168.212.9] 7(8982) grep_sock_info - checking if port 5060 matches port 5060 7(8982) grep_sock_info - checking if host==us: 10==9 && [vdc.com.vn] == [127.0.0.1] 7(8982) grep_sock_info - checking if port 5060 matches port 5060 7(8982) grep_sock_info - checking if host==us: 10==13 && [vdc.com.vn] == [192.168.212.9] 7(8982) grep_sock_info - checking if port 5060 matches port 5060 7(8982) grep_sock_info - checking if host==us: 10==9 && [vdc.com.vn] == [127.0.0.1] 7(8982) grep_sock_info - checking if port 5060 matches port 5060 7(8982) grep_sock_info - checking if host==us: 10==13 && [vdc.com.vn] == [192.168.212.9] 7(8982) grep_sock_info - checking if port 5060 matches port 5060 7(8982) check_nonce(): comparing [442b360523cece6362803c97fa7fb10b37680cd8] and [442b360523cece6362803c97fa7fb10b37680cd8] 7(8982) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed 7(8982) build_auth_hf(): 'WWW-Authenticate: Digest realm="vdc.com.vn", nonce="442b360523cece6362803c97fa7fb10b37680cd8" ' 7(8982) parse_headers: flags=ffffffffffffffff 7(8982) check_via_address(192.168.212.123, 192.168.212.123, 0) 7(8982) DEBUG:destroy_avp_list: destroying list (nil) 7(8982) receive_msg: cleaning up Radius show debug: rad_recv: Access-Request packet from host 192.168.212.9:32826, id=205, length=203 User-Name = "5001@vdc.com.vn mailto:5001@vdc.com.vn" Digest-Attributes = 0x0a0635303031 Digest-Attributes = 0x010c7664632e636f6d2e766e Digest-Attributes = 0x022a34343262333630353233636563653633363238303363393766613766623130623337363830636438
Digest-Attributes = 0x04107369703a7664632e636f6d2e766e Digest-Attributes = 0x030a5245474953544552 Digest-Response = "1c3d532fc6c1c37004c6df6027e6242c" Service-Type = 0x0000000f00000000 Sip-Uri-User = "5001" NAS-Port = 0x000013c400000000 NAS-IP-Address = 0xc0a8d40900000000Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' hints: Matched DEFAULT at 82 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "5001" Digest-Realm = "vdc.com.vn" Digest-Nonce = "442b360523cece6362803c97fa7fb10b37680cd8" Digest-URI = "sip:vdc.com.vn" Digest-Method = "REGISTER" rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok for request 0 rlm_realm: No '@' mailto:%27@%27 in User-Name = "5001", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 radius_xlat: '5001' rlm_sql (sql): sql_set_user escaped user --> '5001' radius_xlat: 'SELECT 1 as id,'5001' as UserName,'User-Password' as Attribute,subscriber_password as Value,'==' as op FROM subscribers WHERE subscriber_username = '5001'AND subscriber_status=1' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: '' radius_xlat: 'SELECT 1 as id,'5001' as UserName,'Session-Timeout' as Attribute,getSessionTime('5001','')as Value,'=' as op FROM dual' radius_xlat: '' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type DIGEST auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 A1 = 5001:vdc.com.vn:test A2 = REGISTER:sip:vdc.com.vn H(A1) = 454e15015603bd4bd79faf0c5ddd3346 H(A2) = ac5bd79ed3d6bd2bddcb1cffafbbd09a KD = 454e15015603bd4bd79faf0c5ddd3346:442b360523cece6362803c97fa7fb10b37680cd8:ac5bd79ed3d6bd2bddcb1cffafbbd09a
EXPECTED 1c3d532fc6c1c37004c6df6027e6242c RECEIVED 1c3d532fc6c1c37004c6df6027e6242c modcall[authenticate]: module "digest" returns ok for request 0 modcall: group authenticate returns ok for request 0 Login OK: [5001] (from client 192.168.212.9 port 3134307025) Sending Access-Accept of id 205 to 192.168.212.9:32826 Session-Timeout = 60 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 205 with timestamp 442b3adf Nothing to do. Sleeping until we see a request. Best regards, Nguyen
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users