How to handle non digest messeg if Auth-Type is set to Digest?
biuro at globeinphotos.com
biuro at globeinphotos.com
Fri Jul 28 11:20:33 CEST 2006
You are absolutly right :) Today in the mornign we set Auth-Type exactly the
same way as you propose :) Now it works.
Thanx
Quoting Phil Mayers <p.mayers at imperial.ac.uk>:
> GlobeInPhotos wrote:
>>
>> I've commented line in users file
>>
>> #DEFAULT Auth-Type := Digest
>
> Finally.
>
> That line? That *was* you setting Auth-Type to Digest.
>
>>
>> But now I've got following message if non-digest message arrive:
>>
>> rad_recv: Access-Request packet from host 153.19.130.250:46963, id=190,
>> length=80
>> User-Name = "3_test001_+48580001 at server1.test.pl"
>> Service-Type = SIP-Callee-AVPs
>> NAS-Port = 0
>> NAS-IP-Address = 153.19.130.250
>>
>> [cut]
>>
>> auth: type Local
>> auth: No User-Password or CHAP-Password attribute in the request
>
> Ok, so for these non-digest requests, you'll have to configure the
> server to authenticate them without a password being present. This is
> one of those rare cases where you *do* set auth-type.
>
> So, something like in radiusd.conf:
>
> authorize {
> preprocess
> # digest will set Auth-Type=Digest IF AND ONLY IF this
> # request is a real digest one
> digest
> files
> # maybe other modules
> }
>
> ...and in "users":
>
> # Since the Auth-Type = Accept is a conditional set, this
> # entry will NOT MATCH if the "digest" module has already
> # set Auth-Type=Digest
> #
> # Therefore, it should only match your "special" requests
> DEFAULT Service-Type==SIP-Callee-AVPs, Auth-Type = Accept
> VoIP-Attribute-1 = value1,
> Other-Attribute = otherval
>
> That is: If a request comes in with Service-Type == SIP-Callee-AVPs,
> then set Auth-Type to accept IF AND ONLY IF it isn't already set (=
> is conditional set; := which you were using earlier is unconditional
> set - see "man users"). Then set some attributes on the reply.
>
> You didn't show one of your other (the "real" digest) requests so I
> can't be sure what they look like, but something like the above
> should work.
> - List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list