9 Sep
2004
9 Sep
'04
1:21 a.m.
Hello,
I'm using radius for auth with a mysql backend. I'm a little confused
about Digest. I've read the radius howto and the mysql guide
(http://www.frontios.com/freeradius.html) but it doesn't really explain
digest.
When I add new users I'm putting them in the mysql table
"radcheck". Do I then always have to enter the user in the
/etc/raddb/digest file as well?
I'm trying to run a basic test. Here's what I have in the digest file:
User-Name = "test", Digest-Response =
"631d6d73147add2f9e437f59bbc3aeb7", Digest-Realm = "testrealm",
User-Password = "test", Digest-Nonce = "test" ,
Digest-Method = "INVITE", Digest-URI = "sip:5555551212@example.com",
Digest-Algorithm = "MD5", Digest-User-Name = "test"
"radcheck" table:
UserName = test
Attribute = Password
Value = test
"radgroupcheck" table:
GroupName = phone
Attribute = Auth-Type
Value = Digest
"usergroup" table:
UserName = test
GroupName = phone
When I run:
[root@scratch raddb]# radclient -f digest localhost auth qwerty
Received response ID 81, code 3, length = 20
Here's the debug output:
rad_recv: Access-Request packet from host 127.0.0.1:38061, id=91,
length=154
User-Name = "test"
Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7"
Digest-Attributes = "\001\013testrealm"
User-Password = "test"
Digest-Attributes = "\002\006test"
Digest-Attributes = "\003\010INVITE"
Digest-Attributes = "\004\034sip:5555551212@example.com"
Digest-Attributes = "\006\005MD5"
Digest-Attributes = "\n\006test"
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "eap" returns noop for request 0
rlm_digest: Converting Digest-Attributes to something sane...
Digest-Realm = "testrealm"
Digest-Nonce = "test"
Digest-Method = "INVITE"
Digest-Uri = "sip:5555551212@example.com"
Digest-Algorithm = "MD5"
Digest-User-Name = "test"
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok for request 0
radius_xlat: 'test'
rlm_sql (sql): sql_set_user escaped user --> 'test'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'test' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'test' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'test' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for request 0
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type DIGEST
rad_check_password: Found Auth-Type Digest
Warning: Found 2 auth-types on request for user 'test'
auth: type "digest"
modcall: entering group authenticate for request 0
A1 = test:testrealm:test
A2 = INVITE:sip:5555551212@example.com
KD =
1e00d6dbd30441265df6064b9d9b7da9:test:675b8c827b388805aa252ea38bfb6804
rlm_digest: FAILED authentication
modcall[authenticate]: module "digest" returns reject for request 0
modcall: group authenticate returns reject for request 0
auth: Failed to validate the user.
Login incorrect: [test/test] (from client localhost port 0)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 91 to 127.0.0.1:38061
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 91 with timestamp 413f842e
Nothing to do. Sleeping until we see a request.
-------------------------
The username is "test" and the password is "test". I'm stumped.
I'm using FreeRadius 0.9.3 / SER 0.8.12 / radiusclient 0.3.2
Any help is appreciated.
Thanks,
- Darren
9 Sep
9 Sep
3:39 p.m.
Hi Darren,
You don't have to put the information in digest file if mysql is used to
store the information. Make sure you have "sql" within the authorize{}
section of radiusd.conf file.
If this doesn't work, try put the following in your radcheck table.
UserName Attribute op Value
-------- --------- ----- -------
test@yourdomain User-Password == test
test@yourdomain Auth-Type := Digest
Zeus
-----Original Message-----
From: serusers-bounces(a)lists.iptel.org
[mailto:serusers-bounces@lists.iptel.org] On Behalf Of Darren Bentley
Sent: Thursday, 9 September 2004 8:22 AM
To: serusers(a)lists.iptel.org
Subject: [Serusers] Ser with Radius/Mysql - digest problem?
Hello,
I'm using radius for auth with a mysql backend. I'm a little
confused about Digest. I've read the radius howto and the mysql guide
(http://www.frontios.com/freeradius.html) but it doesn't
really explain digest.
When I add new users I'm putting them in the mysql table
"radcheck". Do I then always have to enter the user in the
/etc/raddb/digest file as well?
I'm trying to run a basic test. Here's what I have in the digest file:
User-Name = "test", Digest-Response =
"631d6d73147add2f9e437f59bbc3aeb7", Digest-Realm =
"testrealm", User-Password = "test", Digest-Nonce = "test"
,
Digest-Method = "INVITE", Digest-URI =
"sip:5555551212@example.com", Digest-Algorithm = "MD5",
Digest-User-Name = "test"
"radcheck" table:
UserName = test
Attribute = Password
Value = test
"radgroupcheck" table:
GroupName = phone
Attribute = Auth-Type
Value = Digest
"usergroup" table:
UserName = test
GroupName = phone
When I run:
[root@scratch raddb]# radclient -f digest localhost auth
qwerty Received response ID 81, code 3, length = 20
Here's the debug output:
rad_recv: Access-Request packet from host 127.0.0.1:38061,
id=91, length=154
User-Name = "test"
Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7"
Digest-Attributes = "\001\013testrealm"
User-Password = "test"
Digest-Attributes = "\002\006test"
Digest-Attributes = "\003\010INVITE"
Digest-Attributes = "\004\034sip:5555551212@example.com"
Digest-Attributes = "\006\005MD5"
Digest-Attributes = "\n\006test"
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "eap" returns noop for request 0
rlm_digest: Converting Digest-Attributes to something sane...
Digest-Realm = "testrealm"
Digest-Nonce = "test"
Digest-Method = "INVITE"
Digest-Uri = "sip:5555551212@example.com"
Digest-Algorithm = "MD5"
Digest-User-Name = "test"
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok for request 0
radius_xlat: 'test'
rlm_sql (sql): sql_set_user escaped user --> 'test'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM
radcheck WHERE Username = 'test' ORDER BY id' rlm_sql (sql):
Reserving sql socket id: 4
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribu
te,radgroupcheck.Value,radgroupcheck.op FROM
radgroupcheck,usergroup WHERE usergroup.Username = 'test' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY
radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM
radreply WHERE Username = 'test' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribu
te,radgroupreply.Value,radgroupreply.op FROM
radgroupreply,usergroup WHERE usergroup.Username = 'test' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY
radgroupreply.id' rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for request 0
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type DIGEST
rad_check_password: Found Auth-Type Digest
Warning: Found 2 auth-types on request for user 'test'
auth: type "digest"
modcall: entering group authenticate for request 0
A1 = test:testrealm:test
A2 = INVITE:sip:5555551212@example.com
KD =
1e00d6dbd30441265df6064b9d9b7da9:test:675b8c827b388805aa252ea38bfb6804
rlm_digest: FAILED authentication
modcall[authenticate]: module "digest" returns reject for request 0
modcall: group authenticate returns reject for request 0
auth: Failed to validate the user.
Login incorrect: [test/test] (from client localhost port 0)
Delaying request 0 for 1 seconds Finished request 0 Going to
the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 91 to 127.0.0.1:38061
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 91 with timestamp 413f842e
Nothing to do. Sleeping until we see a request.
-------------------------
The username is "test" and the password is "test". I'm stumped.
I'm using FreeRadius 0.9.3 / SER 0.8.12 / radiusclient 0.3.2
Any help is appreciated.
Thanks,
- Darren
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
7382
days inactive
7383
days old
1 comments
2 participants
participants (2)
-
Darren Bentley -
Zeus Ng