dear Alan<br>
I changed the version of freeradius to 1.1.1 and we kept the last
radiusd.conf file from 1.0.5 version unchanged. Belove you can see the
excerpt of radiusd.conf file <br>
<br>
expr {<br>
}<br>
digest {<br>
}<br>
exec {<br>
wait = yes<br>
input_pairs = request<br>
}<br>
exec echo {<br>
wait = yes<br>
program = "/bin/echo %{User-Name}"<br>
input_pairs = request<br>
output_pairs = reply<br>
}<br>
ippool main_pool {<br>
range-start = <a href="http://192.168.1.1/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.1</a><br>
range-stop = <a href="http://192.168.3.254/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.3.254</a><br>
netmask = <a href="http://255.255.255.0/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">255.255.255.0</a><br>
cache-size = 800<br>
session-db = ${raddbdir}/db.ippool<br>
ip-index = ${raddbdir}/db.ipindex<br>
override = no<br>
maximum-timeout = 0<br>
}<br>
}<br>
instantiate {<br>
exec<br>
expr<br>
}<br>
authorize {<br>
# preprocess<br>
# auth_log<br>
# attr_filter<br>
# chap<br>
# mschap<br>
digest<br>
# eap<br>
sql<br>
}<br>
authenticate {<br>
# Auth-Type PAP {<br>
# pap<br>
# }<br>
<br>
# Auth-Type CHAP {<br>
# chap<br>
# }<br>
<br>
# Auth-Type MS-CHAP {<br>
# mschap<br>
# }<br>
digest<br>
# unix<br>
# eap<br>
}<br>
<br>
=============================================================== <br>
When I test the server with some open source sip phones, everything is
ok but when I want to test following user with MSN messenger
, reject packet was received :<br>
user = server2_user1<br>
password = test<br>
URI =<a href="mailto:user@testrealm.icii.com">user@testrealm.icii.com</a><br>
Method = REGISTER<br>
Algorithm = "MD5"
<br>
<br>
Here it is the dubug of freeradius for this packet :<br>
<br>
<br>
rad_recv: Access-Request packet from host <a href="http://10.10.1.3:2309">10.10.1.3:2309</a>, id=242, length=200<br>
NAS-Identifier = "testrealm"<br>
Digest-Attributes = 0x030a5245474953544552<br>
Digest-Attributes = 0x0a0f736572766572325f7573657231<br>
Digest-Attributes =
0x02226530663765326631373633376638323638316463323461396262363264643637<br>
Digest-Attributes = 0x06054d4435<br>
User-Name = "server2_user1"<br>
Digest-Attributes = 0x04187369703a746573747265616c6d2e696369692e636f6d<br>
Digest-Response = "5f0fc8449eb607379d80ad34a83fe512"<br>
Digest-Attributes = 0x0114746573747265616c6d2e696369692e636f6d<br>
Processing the authorize section of radiusd.conf<br>
modcall: entering group authorize for request 0<br>
rlm_digest: Adding Auth-Type = DIGEST<br>
modcall[authorize]: module "digest" returns ok for request 0<br>
radius_xlat: 'server2_user1'<br>
rlm_sql (sql): sql_set_user escaped user --> 'server2_user1'<br>
radius_xlat: 'SELECT id, UserName, Attribute, Value,
op FROM
radcheck
WHERE Username =
'server2_user1'
ORDER BY
id'<br>
rlm_sql (sql): Reserving sql socket id: 4<br>
radius_xlat: 'SELECT
<a href="http://radgroupcheck.id">radgroupcheck.id</a>,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'server2_user1'
AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY
<a href="http://radgroupcheck.id">radgroupcheck.id</a>'<br>
radius_xlat: 'SELECT id, UserName, Attribute, Value,
op FROM
radreply
WHERE Username =
'server2_user1'
ORDER BY
id'<br>
radius_xlat: 'SELECT
<a href="http://radgroupreply.id">radgroupreply.id</a>,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'test' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY <a href="http://radgroupreply.id">radgroupreply.id</a>'<br>
rlm_sql (sql): Released sql socket id: 4<br>
modcall[authorize]: module "sql" returns ok for request 0<br>
modcall: leaving group authorize (returns ok) for request 0<br>
rad_check_password: Found Auth-Type DIGEST<br>
auth: type "digest"<br>
Processing the authenticate section of radiusd.conf<br>
modcall: entering group authenticate for request 0<br>
rlm_digest: Converting Digest-Attributes to something sane...<br>
Digest-Method = "REGISTER"<br>
Digest-User-Name = "server2_user1"<br>
Digest-Nonce = "e0f7e2f17637f82681dc24a9bb62dd67"<br>
Digest-Algorithm = "MD5"<br>
Digest-URI = "sip:<a href="http://testrealm.icii.com">testrealm.icii.com</a>"<br>
Digest-Realm = "<a href="http://testrealm.icii.com">testrealm.icii.com</a>"<br>
A1 = server2_user1:testrealm.icii.com:test<br>
A2 = REGISTER:sip:<a href="http://testrealm.icii.com">testrealm.icii.com</a><br>
KD = 590b483ad6e6df65edb1826f5404e3a5:e0f7e2f17637f82681dc24a9bb62dd67:684a8ca612e13a06c419dc89351ac183<br>
rlm_digest: FAILED authentication<br>
modcall[authenticate]: module "digest" returns reject for request 0<br>
modcall: leaving group authenticate (returns reject) for request 0<br>
auth: Failed to validate the user.<br>
<br>
=======================================================<br>
<br>
Now let's look at a correct authentication that was sent by open source sip phone.<br>
<br>
rad_recv: Access-Request packet from host <a href="http://10.10.1.3:2773">10.10.1.3:2773</a>, id=22, length=200<br>
NAS-Identifier = "testrealm"<br>
Digest-Attributes = 0x030a5245474953544552<br>
Digest-Attributes = 0x0a0f736572766572325f7573657231<br>
Digest-Attributes =
0x02226562376234336638333032613234656261343338313533366338346334393335<br>
Digest-Attributes = 0x06054d4435<br>
User-Name = "server2_user1"<br>
Digest-Attributes = 0x04187369703a746573747265616c6d2e696369692e636f6d<br>
Digest-Response = "d1b993f54dc5e242c4b67389188db5dd"<br>
Digest-Attributes = 0x0114746573747265616c6d2e696369692e636f6d<br>
Processing the authorize section of radiusd.conf<br>
modcall: entering group authorize for request 36<br>
rlm_digest: Adding Auth-Type = DIGEST<br>
modcall[authorize]: module "digest" returns ok for request 36<br>
radius_xlat: 'server2_user1'<br>
rlm_sql (sql): sql_set_user escaped user --> 'server2_user1'<br>
radius_xlat: 'SELECT id, UserName, Attribute, Value,
op FROM
radcheck
WHERE Username =
'server2_user1'
ORDER BY
id'<br>
rlm_sql (sql): Reserving sql socket id: 3<br>
radius_xlat: 'SELECT
<a href="http://radgroupcheck.id">radgroupcheck.id</a>,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'server2_user1'
AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY
<a href="http://radgroupcheck.id">radgroupcheck.id</a>'<br>
radius_xlat: 'SELECT id, UserName, Attribute, Value,
op FROM
radreply
WHERE Username =
'server2_user1'
ORDER BY
id'<br>
radius_xlat: 'SELECT
<a href="http://radgroupreply.id">radgroupreply.id</a>,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'server2_user1'
AND usergroup.GroupName = radgroupreply.GroupName ORDER BY
<a href="http://radgroupreply.id">radgroupreply.id</a>'<br>
rlm_sql (sql): Released sql socket id: 3<br>
modcall[authorize]: module "sql" returns ok for request 36<br>
modcall: leaving group authorize (returns ok) for request 36<br>
rad_check_password: Found Auth-Type DIGEST<br>
auth: type "digest"<br>
Processing the authenticate section of radiusd.conf<br>
modcall: entering group authenticate for request 36<br>
rlm_digest: Converting Digest-Attributes to something sane...<br>
Digest-Method = "REGISTER"<br>
Digest-User-Name = "server2_user1"<br>
Digest-Nonce = "eb7b43f8302a24eba4381536c84c4935"<br>
Digest-Algorithm = "MD5"<br>
Digest-URI = "sip:<a href="http://testrealm.icii.com">testrealm.icii.com</a>"<br>
Digest-Realm = "<a href="http://testrealm.icii.com">testrealm.icii.com</a>"<br>
A1 = server2_user1:testrealm.icii.com:test<br>
A2 = REGISTER:sip:<a href="http://testrealm.icii.com">testrealm.icii.com</a><br>
KD = 590b483ad6e6df65edb1826f5404e3a5:eb7b43f8302a24eba4381536c84c4935:684a8ca612e13a06c419dc89351ac183<br>
modcall[authenticate]: module "digest" returns ok for request 36<br>
modcall: leaving group authenticate (returns ok) for request 36<br>
Processing the post-auth section of radiusd.conf<br>
modcall: entering group post-auth for request 36<br>
rlm_sql (sql): Processing sql_postauth<br>
radius_xlat: 'server2_user1'<br>
rlm_sql (sql): sql_set_user escaped user --> 'server2_user1'<br>
radius_xlat: 'INSERT into radpostauth (id, user, pass, reply, date)
values ('', 'server2_user1', 'Chap-Password', 'Access-Accept', NOW())'<br>
rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id,
user, pass, reply, date) values ('', 'server2_user1', 'Chap-Password',
'Access-Accept', NOW())<br>
rlm_sql (sql): Reserving sql socket id: 2<br>
rlm_sql (sql): Released sql socket id: 2<br>
modcall[post-auth]: module "sql" returns ok for request 36<br>
modcall: leaving group post-auth (returns ok) for request 36<br>
Sending Access-Accept of id 22 to <a href="http://10.10.1.3">10.10.1.3</a> port 2773<br><br clear="all"><br>
<br>
<pre>><i> I have installed FreeRadius 1.1.0 as an authentication server for our sip<br></i>><i> proxy, I am using MSN messenger and some other sip phone to test.<br></i>><i> everything in my database is ok and I receive access packet by the sip
<br></i>><i> phones except MSN messenger , when I am using MSN mesenger , I receive<br></i>><i> reject packet.<br></i><br> Run the server in debugging mode to see what's going wrong.<br><br> Also, you might try using version
1.1.1, which has updates to the<br>digest module.<br><br> Alan DeKok.</pre>
<br>-- <br>S.A.A