Mixed-mode authentication enviornment
Daniel Corbe
daniel.junkmail at gmail.com
Thu Sep 8 01:27:51 CEST 2005
I'm manually setting Auth-Type to DIGEST on the LDAP Server.
This is all radiusd.conf has to say about digest:
#
# The 'digest' module currently has no configuration.
#
# "Digest" authentication against a Cisco SIP server.
# See 'doc/rfc/draft-sterman-aaa-sip-00.txt' for details
# on performing digest authentication for Cisco SIP servers.
#
digest {
}
and
#
# If you have a Cisco SIP server authenticating against
# FreeRADIUS, uncomment the following line, and the 'digest'
# line in the 'authenticate' section.
digest
Which does not help me much. Both entries aren't commented.
-Daniel
On 9/7/05, Alan DeKok <aland at ox.org> wrote:
> Daniel Corbe <daniel.junkmail at gmail.com> wrote:
> > Since the SIP server requires DIGEST authentication, the Auth-Type
> > attribute is present and it is set to DIGEST which forces FreeRADIUS
> > to attempt a digest authentication. Once this fails an Access-Reject
> > packet is sent back to the RADIUS client
>
> You don't say who's setting Auth-Type. In the example config, the
> "digest" module sets it. If you're setting it yourself, there's a
> high likelihood that something will go wrong.
>
> > Is there a way to configure FreeRADIUS so it first attempts a DIGEST
> > authentication, and when that fails, we go ahead and attempt normal
> > authentication?
>
> No. That doesn't make sense.
>
> There IS a way to configure the server to try digest authentication
> only when the RADIUS packet contains digest attributes. Uncomment the
> lines referring to "digest" in radiusd.conf.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list