How to handle non digest messeg if Auth-Type is set to Digest?

Phil Mayers p.mayers at
Fri Jul 28 10:45:21 CEST 2006

GlobeInPhotos wrote:
> I've commented line in users file
> #DEFAULT Auth-Type := Digest


That line? That *was* you setting Auth-Type to Digest.

> But now I've got following message if non-digest message arrive:
> rad_recv: Access-Request packet from host, id=190,
> length=80
>         User-Name = "3_test001_+48580001 at"
>         Service-Type = SIP-Callee-AVPs
>         NAS-Port = 0
>         NAS-IP-Address =
> [cut]
> auth: type Local
> auth: No User-Password or CHAP-Password attribute in the request

Ok, so for these non-digest requests, you'll have to configure the 
server to authenticate them without a password being present. This is 
one of those rare cases where you *do* set auth-type.

So, something like in radiusd.conf:

authorize {
   # digest will set Auth-Type=Digest IF AND ONLY IF this
   # request is a real digest one
   # maybe other modules

...and in "users":

# Since the Auth-Type = Accept is a conditional set, this
# entry will NOT MATCH if the "digest" module has already
# set Auth-Type=Digest
# Therefore, it should only match your "special" requests
DEFAULT	Service-Type==SIP-Callee-AVPs, Auth-Type = Accept
	VoIP-Attribute-1 = value1,
	Other-Attribute = otherval

That is: If a request comes in with Service-Type == SIP-Callee-AVPs, 
then set Auth-Type to accept IF AND ONLY IF it isn't already set (= is 
conditional set; := which you were using earlier is unconditional set - 
see "man users"). Then set some attributes on the reply.

You didn't show one of your other (the "real" digest) requests so I 
can't be sure what they look like, but something like the above should work.

More information about the Freeradius-Users mailing list