Re: [Serusers] Password not being sent during Radius Auth

12 Apr 2005

Lucas,
Your RADIUS server needs to implement the Digest algorithm. Attributes are 
non-standard and are NOT sent as vendor-encapsulated, but wrapped in the 
Digest-Attributes avpair.  The RADIUS server thus needs to be able to read 
the digest-attributes, convert them to individual attributes (as below) and 
then implement the DIGEST authentication mechanism.
    Translated: There is no password attribute.
g-)

ATTRIBUTE       Digest-Response                 206     string
ATTRIBUTE       Digest-Attributes               207     string
ATTRIBUTE       Digest-Realm                    1063    string
ATTRIBUTE       Digest-Nonce                    1064    string
ATTRIBUTE       Digest-Method                   1065    string
ATTRIBUTE       Digest-URI                      1066    string
ATTRIBUTE       Digest-QOP                      1067    string
ATTRIBUTE       Digest-Algorithm                1068    string
ATTRIBUTE       Digest-Body-Digest              1069    string
ATTRIBUTE       Digest-CNonce                   1070    string
ATTRIBUTE       Digest-Nonce-Count              1071    string
ATTRIBUTE       Digest-User-Name                1072    string

Lucas Aimaretto wrote:
...
  Hi there,

 This is my ser.cfg configuration

 if(method=="REGISTER")
 {
 if (!radius_www_authorize(""))
            {
                www_challenge("", "0");
                break;
            };
 save("location");
 break;
 };

 And here is some sniffing done with ngrep ...

 U IP_UA:11006 -> IP_SER:5060
 REGISTER sip:IP_SER SIP/2.0.
 Via: SIP/2.0/UDP
 192.168.1.178:11006;rport;branch=z9hG4bK810E80344EB24AE5B8D5FD21043E78CE
 .
 From: Lucas <sip:1991006@IP_SER>.
 To: Lucas <sip:1991006@IP_SER>.
 Contact: "Lucas" <sip:1991006@192.168.1.178:11006>.
 Call-ID: FCA6F7DD4BA94FA090F446BCE4AAE5B9@IP_SER.
 CSeq: 57327 REGISTER.
 Expires: 1800.
 Authorization: Digest

username="1991006@IP_SER",realm="IP_SER",nonce="425b03326e0f4f0071f1a766

4c8823f1271f1212",response="8b9ec4e8e633c5dd7d4aee4aef1ffdba",uri="sip:I
 P_SER".
 Max-Forwards: 70.
 User-Agent: X-PRO build 1082.
 Content-Length: 0.
 .

 #
 U IP_SER:5060 -> IP_UA:11006
 SIP/2.0 401 Unauthorized.
 Via: SIP/2.0/UDP
 192.168.1.178:11006;rport=11006;branch=z9hG4bK810E80344EB24AE5B8D5FD2104
 3E78CE;received=IP_UA.
 From: Lucas <sip:1991006@IP_SER>.
 To: Lucas
 <sip:1991006@IP_SER>;tag=6f0d146d94c4cb042663ff3cf87e2e72.d766.
 Call-ID: FCA6F7DD4BA94FA090F446BCE4AAE5B9@IP_SER.
 CSeq: 57327 REGISTER.
 WWW-Authenticate: Digest realm="IP_SER",
 nonce="425b03326e0f4f0071f1a7664c8823f1271f1212".
 Content-Length: 0.
 Warning: 392 IP_SER:5060 "Noisy feedback tells:  pid=23023
 req_src_ip=IP_UA req_src_port=11006 in_uri=sip:IP_SER
 out_uri=sip:IP_SER via_cnt==1".

 The thing is that I'm not seeing the Password Attribute at the radius
 output ...
 Well, to be honest, I do not know wich is the attribute SER uses to
 send password, but, the truth is no Password Attribute is sent to
 RADIUS.

 Any ideas ?

 Regards,

 Lucas  

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: [Serusers] Password not being sent during Radius Auth