1 Aug
2005
1 Aug
'05
12:59 p.m.
What is "System" authentication? Does it use the unix user accounts
(passwd)? If yes, it can't work, as the sytem does not store the
passwords in clear text.
regards,
klaus
Ryan Pagquil wrote:
Ah ok. BTW I'm testing radius authentication now,
and i can't get
authenticated. I use ser-0.9.3 and freeradius. Here are the information
about my test and setup:
On Users file of freeradius i have these:
rpagquil@server4all Auth-Type := Digest, User-Password == "test123"
Reply-Message = "Authenticated"
rpagquil@server4all Auth-Type := Accept
Reply-Message = "Authorized"
On ser.cfg i have these:
modparam("auth_radius", "radius_config",
"/usr/local/etc/radiusclient/radiusclient.conf")
modparam("auth_radius", "service_type", 15)
if (!radius_www_authorize("server4all")){
www_challenge("", "1");
break;
};
save("location");
break;
and this is my radius log with radiusd -X:
rad_recv: Access-Request packet from host 127.0.0.1:1733, id=95, length=318
User-Name = "rpagquil@server4all"
Digest-Attributes = "\n\nrpagquil"
Digest-Attributes = "\001\014server4all"
Digest-Attributes = "\002*42ee018773f7ef0ca37028652e16deef71bdc6e9"
Digest-Attributes = "\004\020sip:server4all"
Digest-Attributes = "\003\nREGISTER"
Digest-Attributes = "\005\006auth"
Digest-Attributes = "\t\n00000002"
Digest-Attributes = "\010"D845A10802BC11DABFB500E04CAB4AB4"
Digest-Response = "67c537d0fb13d95416e2bb973b3caa4a"
Service-Type = Sip-Session
Sip-URI-User = "rpagquil"
Cisco-AVPair = "call-id=D845A10302BC11DABFB500E04CAB4AB4@server4all"
NAS-IP-Address = 127.0.0.1
NAS-Port = 5060
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
rlm_realm: Looking up realm "server4all" for User-Name =
"rpagquil@server4all"
rlm_realm: Found realm "DEFAULT"
rlm_realm: Adding Stripped-User-Name = "rpagquil"
rlm_realm: Proxying request from user rpagquil to realm DEFAULT
rlm_realm: Adding Realm = "DEFAULT"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched DEFAULT at 162
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_unix: Attribute "User-Password" is required for authentication.
modcall[authenticate]: module "unix" returns invalid for request 0
modcall: group authenticate returns invalid for request 0
auth: Failed to validate the user.
Login incorrect: [rpagquil@server4all] (from client server port 5060)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1734, id=96, length=318
User-Name = "rpagquil@server4all"
Digest-Attributes = "\n\nrpagquil"
Digest-Attributes = "\001\014server4all"
Digest-Attributes = "\002*42ee018773f7ef0ca37028652e16deef71bdc6e9"
Digest-Attributes = "\004\020sip:server4all"
Digest-Attributes = "\003\nREGISTER"
Digest-Attributes = "\005\006auth"
Digest-Attributes = "\t\n00000002"
Digest-Attributes = "\010"D845A10902BC11DABFB500E04CAB4AB4"
Digest-Response = "4c7a54f5710a95dc6c7620ac04271c28"
Service-Type = Sip-Session
Sip-URI-User = "rpagquil"
Cisco-AVPair = "call-id=D845A10302BC11DABFB500E04CAB4AB4@server4all"
NAS-IP-Address = 127.0.0.1
NAS-Port = 5060
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 1
rlm_realm: Looking up realm "server4all" for User-Name =
"rpagquil@server4all"
rlm_realm: Found realm "DEFAULT"
rlm_realm: Adding Stripped-User-Name = "rpagquil"
rlm_realm: Proxying request from user rpagquil to realm DEFAULT
rlm_realm: Adding Realm = "DEFAULT"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 1
users: Matched DEFAULT at 162
modcall[authorize]: module "files" returns ok for request 1
modcall[authorize]: module "mschap" returns noop for request 1
modcall: group authorize returns ok for request 1
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_unix: Attribute "User-Password" is required for authentication.
modcall[authenticate]: module "unix" returns invalid for request 1
modcall: group authenticate returns invalid for request 1
auth: Failed to validate the user.
Login incorrect: [rpagquil@server4all] (from client server port 5060)
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
Sending Access-Reject of id 95 to 127.0.0.1:1733
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 96 to 127.0.0.1:1734
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 95 with timestamp 42ee005c
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 96 with timestamp 42ee005d
Nothing to do. Sleeping until we see a request.
Please help.
Thanks,
Klaus Darilion wrote:
The users need not to be in the users file. You
can store your users
anywhere (file, database, ...). The imporating thing however is: the
radius server has to support digest authentication. Thus, the
passwords must be stored in cleartext.
regards
klaus
Ryan Pagquil wrote:
So it means that the System authentication that
we are using now for
radius will be ignored? Every users must exists in the users file of
the freeradius?
Thanks,
Klaus Darilion wrote:
Greger V. Teigre wrote:
> Ryan,
> Only if it supports the http digest authentication mechanism.
> g-)
This means, you need the user passwords in clear text.
regards,
klaus
>
> Ryan Pagquil wrote:
>
>> Hi,
>>
>> Can I use my existing radius server as my login authentication for
>> ser? The existing radius uses the system to read the user accounts,
>> but explained on the radius howto i must create the user accounts on
>> users file of the freeradius.
>> Please help.
>>
>> Thanks,
>
>
>
>
>
>
> _______________________________________________
> Serusers mailing list
> serusers(a)lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>