hi, <br> I am using freeradius 2.0.3 with radiusclient-ng <a href="http://0.5.6.">0.5.6.</a> I need to used the following attributes<br>Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response' into my perl code, to do my md5 calculation, unfortunately I can't get any of the values except Digest-Response, <br>
hopefully i've tried all the alternatives that is posted by Ivan Kalik earlier.<br><br>1. I've uncommented all the digest entries in sites-enabled/default file and I've uncommented out all the perl entries from the<br>
default.<br>2. I've tried accessing the digest attributes in my perl code by using RAD_CHECK as well as RAD_CHECK.<br><br>But it doesn't work.<br><br>can anybody please tell me that is it possible to call the digest attributes in the perl code. If it is possible, please show me the way how to call these attributes('Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'.<br>
<br>Or will it be the problem of not getting the digest attributes by the incompatible dictionaries of radius client and radius server.<br>Please help,I am really confused where is the problem.<br><br>Thanks for your valuable time.<br>
<br><i><b>Here is the output files when running in debug mode before authenticate a user</b></i><br><br>FreeRADIUS Version 2.0.3, for host i686-pc-linux-gnu, built on May 7 2008 at 16:45:53<br>Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.<br>
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A<br>PARTICULAR PURPOSE.<br>You may redistribute copies of FreeRADIUS under the terms of the<br>GNU General Public License.<br>Starting - reading configuration files ...<br>
including configuration file /usr/local/etc/raddb/radiusd.conf<br>including configuration file /usr/local/etc/raddb/clients.conf<br>including configuration file /usr/local/etc/raddb/snmp.conf<br>including configuration file /usr/local/etc/raddb/eap.conf<br>
including configuration file /usr/local/etc/raddb/sql.conf<br>including configuration file /usr/local/etc/raddb/policy.conf<br>including files in directory /usr/local/etc/raddb/sites-enabled/<br>including configuration file /usr/local/etc/raddb/sites-enabled/default<br>
including dictionary file /usr/local/etc/raddb/dictionary<br>main {<br> prefix = "/usr/local"<br> localstatedir = "/usr/local/var"<br> logdir = "/usr/local/var/log/radius"<br>
libdir = "/usr/local/lib"<br> radacctdir = "/usr/local/var/log/radius/radacct"<br> hostname_lookups = no<br> max_request_time = 30<br> cleanup_delay = 5<br> max_requests = 1024<br>
allow_core_dumps = no<br> pidfile = "/usr/local/var/run/radiusd/radiusd.pid"<br> checkrad = "/usr/local/sbin/checkrad"<br> debug_level = 0<br> proxy_requests = yes<br>
security {<br> max_attributes = 200<br> reject_delay = 1<br> status_server = yes<br> }<br>}<br> client localhost {<br> ipaddr = <a href="http://127.0.0.1">127.0.0.1</a><br> require_message_authenticator = no<br>
secret = "testing123"<br> shortname = "localhost"<br> nastype = "other"<br> }<br> client <a href="http://192.168.1.227">192.168.1.227</a> {<br> require_message_authenticator = no<br>
secret = "johnson"<br> shortname = "mynetwork"<br> nastype = "other"<br> }<br>radiusd: #### Loading Realms and Home Servers ####<br>radiusd: #### Instantiating modules ####<br>
instantiate {<br> Module: Linked to module rlm_exec<br> Module: Instantiating exec<br> exec {<br> wait = yes<br> input_pairs = "request"<br> shell_escape = yes<br> }<br> Module: Linked to module rlm_expr<br>
Module: Instantiating expr<br> Module: Linked to module rlm_expiration<br> Module: Instantiating expiration<br> expiration {<br> reply-message = "Password Has Expired "<br> }<br> Module: Linked to module rlm_logintime<br>
Module: Instantiating logintime<br> logintime {<br> reply-message = "You are calling outside your allowed timespan "<br> minimum-timeout = 60<br> }<br> }<br>radiusd: #### Loading Virtual Servers ####<br>
server {<br> modules {<br> Module: Checking authenticate {...} for more modules to load<br> Module: Linked to module rlm_digest<br> Module: Instantiating digest<br> Module: Linked to module rlm_perl<br> Module: Instantiating perl<br>
perl {<br> module = "/usr/local/etc/raddb/myperltemp.pl"<br> func_authorize = "authorize"<br> func_authenticate = "authenticate"<br> func_accounting = "accounting"<br>
func_preacct = "preacct"<br> func_checksimul = "checksimul"<br> func_detach = "detach"<br> func_xlat = "xlat"<br> func_pre_proxy = "pre_proxy"<br>
func_post_proxy = "post_proxy"<br> func_post_auth = "post_auth"<br> }<br> perl {<br> max_clones = 32<br> start_clones = 32<br> min_spare_clones = 0<br> max_spare_clones = 32<br>
cleanup_delay = 5<br> max_request_per_clone = 0<br> }<br> Module: Checking authorize {...} for more modules to load<br> Module: Linked to module rlm_preprocess<br> Module: Instantiating preprocess<br> preprocess {<br>
huntgroups = "/usr/local/etc/raddb/huntgroups"<br> hints = "/usr/local/etc/raddb/hints"<br> with_ascend_hack = no<br> ascend_channels_per_line = 23<br> with_ntdomain_hack = no<br>
with_specialix_jetstream_hack = no<br> with_cisco_vsa_hack = no<br> with_alvarion_vsa_hack = no<br> }<br> Module: Linked to module rlm_realm<br> Module: Instantiating suffix<br> realm suffix {<br> format = "suffix"<br>
delimiter = "@"<br> ignore_default = no<br> ignore_null = no<br> }<br> Module: Linked to module rlm_eap<br> Module: Instantiating eap<br> eap {<br> default_eap_type = "md5"<br>
timer_expire = 60<br> ignore_unknown_eap_types = no<br> cisco_accounting_username_bug = no<br> }<br> Module: Linked to sub-module rlm_eap_md5<br> Module: Instantiating eap-md5<br> Module: Linked to sub-module rlm_eap_leap<br>
Module: Instantiating eap-leap<br> Module: Linked to sub-module rlm_eap_gtc<br> Module: Instantiating eap-gtc<br> gtc {<br> challenge = "Password: "<br> auth_type = "PAP"<br> }<br> Module: Linked to sub-module rlm_eap_tls<br>
Module: Instantiating eap-tls<br> tls {<br> rsa_key_exchange = no<br> dh_key_exchange = yes<br> rsa_key_length = 512<br> dh_key_length = 512<br> verify_depth = 0<br> pem_file_type = yes<br>
private_key_file = "/usr/local/etc/raddb/certs/server.pem"<br> certificate_file = "/usr/local/etc/raddb/certs/server.pem"<br> CA_file = "/usr/local/etc/raddb/certs/ca.pem"<br>
private_key_password = "whatever"<br> dh_file = "/usr/local/etc/raddb/certs/dh"<br> random_file = "/usr/local/etc/raddb/certs/random"<br> fragment_size = 1024<br>
include_length = yes<br> check_crl = no<br> cipher_list = "DEFAULT"<br> make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"<br> }<br> Module: Linked to sub-module rlm_eap_ttls<br>
Module: Instantiating eap-ttls<br> ttls {<br> default_eap_type = "md5"<br> copy_request_to_tunnel = no<br> use_tunneled_reply = no<br> }<br> Module: Linked to sub-module rlm_eap_peap<br>
Module: Instantiating eap-peap<br> peap {<br> default_eap_type = "mschapv2"<br> copy_request_to_tunnel = no<br> use_tunneled_reply = no<br> proxy_tunneled_request_as_eap = yes<br> }<br>
Module: Linked to sub-module rlm_eap_mschapv2<br> Module: Instantiating eap-mschapv2<br> mschapv2 {<br> with_ntdomain_hack = no<br> }<br> Module: Linked to module rlm_files<br> Module: Instantiating files<br> files {<br>
usersfile = "/usr/local/etc/raddb/users"<br> acctusersfile = "/usr/local/etc/raddb/acct_users"<br> preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"<br> compat = "no"<br>
}<br> Module: Linked to module rlm_pap<br> Module: Instantiating pap<br> pap {<br> encryption_scheme = "auto"<br> auto_header = no<br> }<br> Module: Checking preacct {...} for more modules to load<br>
Module: Linked to module rlm_acct_unique<br> Module: Instantiating acct_unique<br> acct_unique {<br> key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"<br> }<br> Module: Checking accounting {...} for more modules to load<br>
Module: Linked to module rlm_detail<br> Module: Instantiating detail<br> detail {<br> detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"<br> header = "%t"<br>
detailperm = 384<br> dirperm = 493<br> locking = no<br> log_packet_header = no<br> }<br> Module: Linked to module rlm_radutmp<br> Module: Instantiating radutmp<br> radutmp {<br> filename = "/usr/local/var/log/radius/radutmp"<br>
username = "%{User-Name}"<br> case_sensitive = yes<br> check_with_nas = yes<br> perm = 384<br> callerid = yes<br> }<br> Module: Linked to module rlm_attr_filter<br> Module: Instantiating attr_filter.accounting_response<br>
attr_filter attr_filter.accounting_response {<br> attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"<br> key = "%{User-Name}"<br> }<br> Module: Checking session {...} for more modules to load<br>
Module: Checking post-proxy {...} for more modules to load<br> Module: Checking post-auth {...} for more modules to load<br> Module: Instantiating attr_filter.access_reject<br> attr_filter attr_filter.access_reject {<br>
attrsfile = "/usr/local/etc/raddb/attrs.access_reject"<br> key = "%{User-Name}"<br> }<br> }<br>}<br>radiusd: #### Opening IP addresses and Ports ####<br>listen {<br> type = "auth"<br>
ipaddr = *<br> port = 0<br>}<br>listen {<br> type = "acct"<br> ipaddr = *<br> port = 0<br>}<br>main {<br> snmp = no<br> smux_password = ""<br> snmp_write_access = no<br>
}<br>Listening on authentication address * port 1812<br>Listening on accounting address * port 1813<br>Listening on proxy address * port 1814<br>Ready to process requests.<br><br><i><b>Here is the output after rejecting a user</b></i><br>
<br>rad_recv: Access-Request packet from host <a href="http://192.168.1.227">192.168.1.227</a> port 33360, id=95, length=252<br> User-Name = "<a href="mailto:john@192.168.1.227">john@192.168.1.227</a>"<br>
X-Ascend-Netware-timeout = 1785686126<br> X-Ascend-Send-Secret = 0x3139322e3136382e312e323237<br> X-Ascend-Receive-Secret = 0x34383231633363636239626234663963343639646561323765653066666534346438373831653830<br>
X-Ascend-IP-Pool-Definition = "sip:<a href="http://192.168.1.227">192.168.1.227</a>"<br> X-Ascend-IPX-Peer-Mode = 0x5245474953544552<br> Digest-Response = "7cfeea7f2242db43d8ee8956cf116617"<br>
Service-Type = IAPP-Register<br> X-Ascend-PW-Lifetime = 1785686126<br> Cisco-AVPair = "call-id=<a href="mailto:b848148f9ebb461b92072b1eca706df5@192.168.1.193">b848148f9ebb461b92072b1eca706df5@192.168.1.193</a>"<br>
NAS-IP-Address = <a href="http://127.0.0.1">127.0.0.1</a><br> NAS-Port = 5060<br>+- entering group authorize<br>++[preprocess] returns ok<br>ERROR: Received Digest-Response without Digest-Attributes<br>++[digest] returns invalid<br>
Invalid user: [<a href="http://john@192.168.1.227/">john@192.168.1.227/</a><no User-Password attribute>] (from client mynetwork port 5060)<br> Found Post-Auth-Type Reject<br>+- entering group REJECT<br> expand: %{User-Name} -> <a href="mailto:john@192.168.1.227">john@192.168.1.227</a><br>
attr_filter: Matched entry DEFAULT at line 11<br>++[attr_filter.access_reject] returns updated<br>Delaying reject of request 0 for 1 seconds<br>Going to the next request<br>Waking up in 0.9 seconds.<br>rad_recv: Access-Request packet from host <a href="http://192.168.1.227">192.168.1.227</a> port 33361, id=96, length=252<br>
User-Name = "<a href="mailto:john@192.168.1.227">john@192.168.1.227</a>"<br> X-Ascend-Netware-timeout = 1785686126<br> X-Ascend-Send-Secret = 0x3139322e3136382e312e323237<br> X-Ascend-Receive-Secret = 0x34383231633363636239626234663963343639646561323765653066666534346438373831653830<br>
X-Ascend-IP-Pool-Definition = "sip:<a href="http://192.168.1.227">192.168.1.227</a>"<br> X-Ascend-IPX-Peer-Mode = 0x5245474953544552<br> Digest-Response = "7cfeea7f2242db43d8ee8956cf116617"<br>
Service-Type = IAPP-Register<br> X-Ascend-PW-Lifetime = 1785686126<br> Cisco-AVPair = "call-id=<a href="mailto:b848148f9ebb461b92072b1eca706df5@192.168.1.193">b848148f9ebb461b92072b1eca706df5@192.168.1.193</a>"<br>
NAS-IP-Address = <a href="http://127.0.0.1">127.0.0.1</a><br> NAS-Port = 5060<br>+- entering group authorize<br>++[preprocess] returns ok<br>ERROR: Received Digest-Response without Digest-Attributes<br>++[digest] returns invalid<br>
Invalid user: [<a href="http://john@192.168.1.227/">john@192.168.1.227/</a><no User-Password attribute>] (from client mynetwork port 5060)<br> Found Post-Auth-Type Reject<br>+- entering group REJECT<br> expand: %{User-Name} -> <a href="mailto:john@192.168.1.227">john@192.168.1.227</a><br>
attr_filter: Matched entry DEFAULT at line 11<br>++[attr_filter.access_reject] returns updated<br>Delaying reject of request 1 for 1 seconds<br>Going to the next request<br>Waking up in 0.5 seconds.<br>Sending delayed reject for request 0<br>
Sending Access-Reject of id 95 to <a href="http://192.168.1.227">192.168.1.227</a> port 33360<br>Waking up in 0.4 seconds.<br>Sending delayed reject for request 1<br>Sending Access-Reject of id 96 to <a href="http://192.168.1.227">192.168.1.227</a> port 33361<br>
Waking up in 4.5 seconds.<br>Cleaning up request 0 ID 95 with timestamp +3<br>Waking up in 0.4 seconds.<br>Cleaning up request 1 ID 96 with timestamp +3<br>Ready to process requests.<br><br>With Regards<br>Elangbam Johnson<br>
<br><br><br>