All, I am using freeradiusd 1.0.4 on RedHat Linux 9 and have just run the digest test suggested in the doc area through radclient. As it stands, I receive a code 3 reply (Access-Reject). The instruction for the test tells me to do the following: 1. In the /etc/raddb/users file insert entry as below :- test Auth-Type := Digest, User-Password = "test" Reply-Message = "Hello, test with Digest" 2. Initiate radclient with a file called digest (i.e. radclient -f digest localhost auth testing123) User-Name = "test", Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7", Digest-Realm = "testrealm", Digest-Nonce = "1234abcd", Digest-Method = "INVITE", Digest-URI = "sip:5555551212@example.com", Digest-Algorithm = "MD5", Digest-User-Name = "test" The command line holds the shared secret as defined in clients.conf file. However for this test to work, I had to insert a User-Password = "xxxx" (where xxxx is the actual password), into the digest file. After this I get a code 2 reply (Access-Accept). A radiusd -X dump shows freerad trying to do a unix authentication via the rlm_unix module. I've tried to comment out any instances of unix authentication from the radiusd.conf file but with the same results. Is there a way to tell freerad not to check user-password ? Ian Davies {02476 564662} Internal (x740 4662) IMS-SIPAC Software Development Engineer
"Iandc Davies" <Iandc.Davies@Marconi.com> wrote:
The instruction for the test tells me to do the following: 1. In the /etc/raddb/users file insert entry as below :- test Auth-Type := Digest, User-Password = "test"
That should be ... User-Password := "test". The "users" file isn't really set up for modern deployments. It's design goes back to 1993, when all the fancy authentication methods didn't exist. Alan DeKok.
participants (2)
-
Alan DeKok -
Iandc Davies