Can you point to a specification saying how this hashing works?
A---------->B(nsis server)--------->C(radius server) User A generates a large buffer which contains various Authentication Attributes, A hash of this string is generated using MD5 algorithm with a key known to both users A and C, This string is appended to the original string and sent over the network, Node B get this string and it extract various session attributes from this string. The attributes extracted should be used to construct the diameter message using freeradius client library. On 4/12/07, freeradius-users-request@lists.freeradius.org < freeradius-users-request@lists.freeradius.org> wrote:Date: Thu, 12 Apr 2007 10:23:51 +0200 From: Alan DeKok <aland@deployingradius.com> Subject: Re: Generating AAA message for freeradius. To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <461DEC97.7030807@deployingradius.com> Content-Type: text/plain; charset=ISO-8859-1 Prateek Gupta wrote:
User A sends the NSIS request with its keyed hash (generated using User A's key) appended to it to the NSIS server. Now the NSIS server needs to authenticate that request with a Radius server.
Can you point to a specification saying how this hashing works?
Is there a way to do this i.e. how to generate a AAA message with the information available i.e. a string, its keyed hash and User A's id ? Assuming that the Radius server has keys of all legitimate users.
Yes. http://www.freeradius.org/freeradius-client/ Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Prateek Gupta wrote:
Can you point to a specification saying how this hashing works?
A---------->B(nsis server)--------->C(radius server)
User A generates a large buffer which contains various Authentication Attributes, A hash of this string is generated using MD5 algorithm with a key known to both users A and C, This string is appended to the original string and sent over the network, Node B get this string and it extract various session attributes from this string.
That's not a particularly clear explanation, and not a pointer to a specification.
The attributes extracted should be used to construct the diameter message using freeradius client library.
FreeRADIUS doesn't implement diameter messages. If you need Diameter, see OpenDiameter.org. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
I have followed all your steps on how to get freeradius to work with AD, but still no luck. How do I go about getting assistance with my configuration? Donny On 4/12/07, Alan DeKok <aland@deployingradius.com> wrote:
Prateek Gupta wrote:
Can you point to a specification saying how this hashing works?
A---------->B(nsis server)--------->C(radius server)
User A generates a large buffer which contains various Authentication Attributes, A hash of this string is generated using MD5 algorithm with a key known to both users A and C, This string is appended to the original string and sent over the network, Node B get this string and it extract various session attributes from this string.
That's not a particularly clear explanation, and not a pointer to a specification.
The attributes extracted should be used to construct the diameter message using freeradius client library.
FreeRADIUS doesn't implement diameter messages.
If you need Diameter, see OpenDiameter.org.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (3)
-
Alan DeKok -
Donny Jekels -
Prateek Gupta