On 16-11 17:39, Lucas Aimaretto wrote:
Hello everyone,
I've succesfully compiled and installed SER 0.8.14 on a redhat 7.3.
Got an Xlite and a Grandstream Budgetone-100 registered and they both
could communicate between them.
Now, I want to use RADIUS with SER. I got SER compiled with RADIUS
support, and also compiled the radiusclient 0.4.3, and it seems
everything went fine.
I added both dictionary.ser and dictionary.sip to my dictionary, and I
believe there is something wrong here.
I followed the instrucitions at the RADIUS-HOWTO ...
1) touch digest
2) echo User-Name = "110(a)192.168.1.253".253", Digest-Response =
"631d6d73147add2f9e437f59bbc3aeb7", Digest-Realm = "testrealm",
Digest-Nonce = "1234abcd" , Digest-Method = "INVITE", Digest-URI =
"sip:5555551212@example.com", Digest-Algorithm = "MD5",
Digest-User-Name
= "110(a)192.168.1.253" > digest
3) radclient -f digest localhost auth radiussecret
... And this is the RADIUS OUTPUT ...
radrecv: Access Request from host c0a801fd code=1, id=86, length=174
User-Name = "1992005(a)192.168.1.253"
Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7"
Digest-Attributes = "\001\013testrealm"
Digest-Attributes = "\002\0121234abcd"
Digest-Attributes = "\003\010INVITE"
Digest-Attributes = "\004\034sip:5555551212@example.com"
Digest-Attributes = "\006\005MD5"
Digest-Attributes = "\012\0271992005(a)192.168.1.253"
Username is now 1992005(a)192.168.1.253
Calling station Id is now (null)
Client 1992005(a)192.168.1.253 is PREPAID
credit_amount (19.00)
Sending Access Ack of id 86 to c0a801fd (nas linux)
Credit-Amount =
"V9:T102:L26:683332332d6372656469742d616d6f756e743d31392e3030"
... And this is the radclient OUTPUT ...
Received response ID 86, code 2, length = 52
Vendor-9-Attr-102 =
0x683332332d6372656469742d616d6f756e743d31392e3030
Questions:
1) Although I sent to radius diferent ATTRIBUTES, RADIUS recognized all
of them (except for one, Digest-Response) as Digest-Attributes. Why is
that?
That's because they are encoded and sent as sub-attributes, not real
RADIUS attributes, see draft-sterman-aaa-sip-00 for more details.
2) All of the values sent to RADIUS, for each
attribute, are different
from the ones originally sent. For example ...
sent: Digest-Method = "INVITE"
received: Digest-Attributes = "\003\010INVITE"
So you see the "\003\010" chars in front of the string "INVITE"
... Why is that?
This is the sub-type of the atttribute, see the draft mentioned before.
Note that the radius server has to explicitely support this "attribute
mangling" (try to find out if it supports icradius server supports
draft-sterman-aaa-sip-00
Well, I hope you can clarify some (better if all of them ;-) ) of my
doubts.
In conclusion, digest authentication attributes are encoded as
sub-attributes into a single RADIUS attribute and it will work only if
the radius server explicitely supports that (according to
draft-sterman-aaa-sip-00).
Jan.