How to handle non digest messeg if Auth-Type is set to Digest?

biuro at globeinphotos.com biuro at globeinphotos.com
Fri Jul 28 11:20:33 CEST 2006


You are absolutly right :) Today in the mornign we set Auth-Type exactly the
same way as you propose :) Now it works.

Thanx

Quoting Phil Mayers <p.mayers at imperial.ac.uk>:

> GlobeInPhotos wrote:
>>
>> I've commented line in users file
>>
>> #DEFAULT Auth-Type := Digest
>
> Finally.
>
> That line? That *was* you setting Auth-Type to Digest.
>
>>
>> But now I've got following message if non-digest message arrive:
>>
>> rad_recv: Access-Request packet from host 153.19.130.250:46963, id=190,
>> length=80
>>         User-Name = "3_test001_+48580001 at server1.test.pl"
>>         Service-Type = SIP-Callee-AVPs
>>         NAS-Port = 0
>>         NAS-IP-Address = 153.19.130.250
>>
>> [cut]
>>
>> auth: type Local
>> auth: No User-Password or CHAP-Password attribute in the request
>
> Ok, so for these non-digest requests, you'll have to configure the 
> server to authenticate them without a password being present. This is 
> one of those rare cases where you *do* set auth-type.
>
> So, something like in radiusd.conf:
>
> authorize {
>   preprocess
>   # digest will set Auth-Type=Digest IF AND ONLY IF this
>   # request is a real digest one
>   digest
>   files
>   # maybe other modules
> }
>
> ...and in "users":
>
> # Since the Auth-Type = Accept is a conditional set, this
> # entry will NOT MATCH if the "digest" module has already
> # set Auth-Type=Digest
> #
> # Therefore, it should only match your "special" requests
> DEFAULT	Service-Type==SIP-Callee-AVPs, Auth-Type = Accept
> 	VoIP-Attribute-1 = value1,
> 	Other-Attribute = otherval
>
> That is: If a request comes in with Service-Type == SIP-Callee-AVPs, 
> then set Auth-Type to accept IF AND ONLY IF it isn't already set (= 
> is conditional set; := which you were using earlier is unconditional 
> set - see "man users"). Then set some attributes on the reply.
>
> You didn't show one of your other (the "real" digest) requests so I 
> can't be sure what they look like, but something like the above 
> should work.
> - List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
>






More information about the Freeradius-Users mailing list