I'm manually setting Auth-Type to DIGEST on the LDAP Server. This is all radiusd.conf has to say about digest: # # The 'digest' module currently has no configuration. # # "Digest" authentication against a Cisco SIP server. # See 'doc/rfc/draft-sterman-aaa-sip-00.txt' for details # on performing digest authentication for Cisco SIP servers. # digest { } and # # If you have a Cisco SIP server authenticating against # FreeRADIUS, uncomment the following line, and the 'digest' # line in the 'authenticate' section. digest Which does not help me much. Both entries aren't commented. -Daniel On 9/7/05, Alan DeKok <aland@ox.org> wrote:
Daniel Corbe <daniel.junkmail@gmail.com> wrote:
Since the SIP server requires DIGEST authentication, the Auth-Type attribute is present and it is set to DIGEST which forces FreeRADIUS to attempt a digest authentication. Once this fails an Access-Reject packet is sent back to the RADIUS client
You don't say who's setting Auth-Type. In the example config, the "digest" module sets it. If you're setting it yourself, there's a high likelihood that something will go wrong.
Is there a way to configure FreeRADIUS so it first attempts a DIGEST authentication, and when that fails, we go ahead and attempt normal authentication?
No. That doesn't make sense.
There IS a way to configure the server to try digest authentication only when the RADIUS packet contains digest attributes. Uncomment the lines referring to "digest" in radiusd.conf.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html