Hello list. I have a question about the radius authentication message. As i can see in the radius authorize message reaching to my Radius Server the format of this message is as follow:
Attributes: User-Name = "user1@mydomain.com" Digest-Attributes = "<10><10>user1" Digest-Attributes = "<1><23>mydomain.com" Digest-Attributes = "<2>*429f5a94dfac500699b5465aae863a390d5ebd92" Digest-Attributes = "<4>&sip:1234567@mydomain.com" Digest-Attributes = "<3><10>REGISTER" Digest-Attributes = "<5><6>auth" Digest-Attributes = "<9><10>00000037" Digest-Attributes = "<8><10>dbb06da4" Digest-Response = "08525b9e17e0ed25fccc61b104ff9e20" Service-Type = Sip-Session Sip-Uri-User = "1234567" NAS-IP-Address = 10.1.1.3 NAS-Port = 5060
my question is... the format of this radius auth message with the "Digest-Attributes" attributes is created by SER module auth_radius or by the radiusclient ? When this message reach to my server (by the way is a Radiator) i used a "patch" created by me to "understand" the differents Digest-Attributes and parse to the Digest-Uri, Digest-Method. Digest Real. etc that correspond, because my Radiator server seems not to parse the different Digest-Attributes. As i have seen in another post regarding to auth radius issues, the message in this format is understand perfect by for example the FreeRadius Server. Is there a special configuration (maybe with the dictionary file) to make this work?. What special feature do i need to set in the radius server? maybe the draft-sterman-aaa-sip-00 ?????? Is somone using Radiator with SER? I hope someone could help me.
Thanks in advance
Regards Ricardo Martinez.-
Inline.
Ricardo Martinez wrote:
Hello list. I have a question about the radius authentication message. As i can see in the radius authorize message reaching to my Radius Server the format of this message is as follow:
Attributes: User-Name = "user1@mydomain.com" Digest-Attributes = "<10><10>user1" Digest-Attributes = "<1><23>mydomain.com" Digest-Attributes = "<2>*429f5a94dfac500699b5465aae863a390d5ebd92" Digest-Attributes = "<4>&sip:1234567@mydomain.com" Digest-Attributes = "<3><10>REGISTER" Digest-Attributes = "<5><6>auth" Digest-Attributes = "<9><10>00000037" Digest-Attributes = "<8><10>dbb06da4" Digest-Response = "08525b9e17e0ed25fccc61b104ff9e20" Service-Type = Sip-Session Sip-Uri-User = "1234567" NAS-IP-Address = 10.1.1.3 NAS-Port = 5060
my question is... the format of this radius auth message with the "Digest-Attributes" attributes is created by SER module auth_radius or by the radiusclient ?
auth_radius, radiusclient just forwards the request.
When this message reach to my server (by the way is a Radiator) i used a "patch" created by me to "understand" the differents Digest-Attributes and parse to the Digest-Uri, Digest-Method. Digest Real. etc that correspond, because my Radiator server seems not to parse the different Digest-Attributes. As i have seen in another post regarding to auth radius issues, the message in this format is understand perfect by for example the FreeRadius Server. Is there a special configuration (maybe with the dictionary file) to make this work?. What special feature do i need to set in the radius server? maybe the draft-sterman-aaa-sip-00 ??????
The various Digest attributes are wrapped in Digest-Attributes. All Digest attributes, including Digest-Attributes must be defined in the dictionary file. freeradius has an implementation of parsing Digest-Attributes and interpreting the content as individual Digest-* attributes. In addition, once you have the correct unwrapped Digest-* attributes, your server must implement the http digest authentication algorithm (an rfc, don't remember the number right now)
Is somone using Radiator with SER?
Not that I am aware of, but I have heard of others trying. Maybe they have already implemented Digest support? g-)
-
Greger V. Teigre -
Ricardo Martinez