Re Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'

johnson elangbam elangbamjohnson at gmail.com
Sat May 3 18:32:02 CEST 2008


>Your radius client is not sending Digest-Attributes. It's sending Ascend
>VSAs. Read your NAS documentation how to set up digest authentication if
>you want that.

hi Kalik,
            I am really sorry to post again the same question, as per your
instruction I have check all the clients configurations "radiusclient.conf"
as well as SER configuration "ser.cfg", I've uncommented all the modules
that will particularly help to do digest authentication in ser.cfg, but
still the problem of not getting the values of digest attributes exist, I am
using radiusclient 0.5.6 and SER 0.9.6, will it be the problem for
incompatible of versions between the radius server and the radius clients or
SER. Please tell me the possible problems of not getting these values:
'Digest-User-name', 'Digest-Realm',   'Digest-Method', 'Digest-Uri',
'Digest-Nonce',   'Digest-Response'

And please tell me the things that I should change in radius server
configuration to get these digest attributes.

for the information I've mentioning the debug when run in radiusd -X

rad_recv: Access-Request packet from host 192.168.1.227 port 33526, id=92,
length=252
        User-Name = "john at 192.168.1.227"
        X-Ascend-Netware-timeout = 1785686126
        X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
        X-Ascend-Receive-Secret =
0x34383163393137633262316333323731373133343937623838636165613864326437326534653832
        X-Ascend-IP-Pool-Definition = "sip:192.168.1.227"
        X-Ascend-IPX-Peer-Mode = 0x5245474953544552
        Digest-Response = "6d1bf8eacbbddb82a606811f7e5c76ae"
        Service-Type = IAPP-Register
        X-Ascend-PW-Lifetime = 1785686126
        Cisco-AVPair = "call-id=
ef6d9d206ac3449895bba4e95ea6110e at 192.168.1.193"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 5060
+- entering group authorize
++[preprocess] returns ok
perl_pool: item 0x9f48768 asigned new request. Handled so far: 1
found interpetator at address 0x9f48768
rlm_perl: ###############################################################
rlm_perl: RAD_REQUEST: Digest-Response = 6d1bf8eacbbddb82a606811f7e5c76ae
rlm_perl: RAD_REQUEST: X-Ascend-Receive-Secret =
0x34383163393137633262316333323731373133343937623838636165613864326437326534653832
rlm_perl: RAD_REQUEST: X-Ascend-IPX-Peer-Mode = 0x5245474953544552
rlm_perl: RAD_REQUEST: Service-Type = IAPP-Register
rlm_perl: RAD_REQUEST: X-Ascend-Netware-timeout = 1785686126
rlm_perl: RAD_REQUEST: Cisco-AVPair = call-id=
ef6d9d206ac3449895bba4e95ea6110e at 192.168.1.193
rlm_perl: RAD_REQUEST: X-Ascend-IP-Pool-Definition = sip:192.168.1.227
rlm_perl: RAD_REQUEST: User-Name = john at 192.168.1.227
rlm_perl: RAD_REQUEST: X-Ascend-PW-Lifetime = 1785686126
rlm_perl: RAD_REQUEST: NAS-Port = 5060
rlm_perl: RAD_REQUEST: NAS-IP-Address = 127.0.0.1
rlm_perl: RAD_REQUEST: X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
rlm_perl: ###############################################################
rlm_perl: Added pair Digest-Response = 6d1bf8eacbbddb82a606811f7e5c76ae
rlm_perl: Added pair X-Ascend-Receive-Secret =
0x34383163393137633262316333323731373133343937623838636165613864326437326534653832
rlm_perl: Added pair X-Ascend-IPX-Peer-Mode = 0x5245474953544552
rlm_perl: Added pair Service-Type = IAPP-Register
rlm_perl: Added pair X-Ascend-Netware-timeout = 1785686126
rlm_perl: Added pair Cisco-AVPair = call-id=
ef6d9d206ac3449895bba4e95ea6110e at 192.168.1.193
rlm_perl: Added pair X-Ascend-IP-Pool-Definition = sip:192.168.1.227
rlm_perl: Added pair User-Name = john at 192.168.1.227
rlm_perl: Added pair X-Ascend-PW-Lifetime = 1785686126
rlm_perl: Added pair NAS-Port = 5060
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
rlm_perl: Added pair Reply-Message = Incorrect Password
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x9f48768
++[perl] returns reject
Invalid user: [john at 192.168.1.227/<no User-Password attribute>] (from client
192.168.1.227 port 5060)
  Found Post-Auth-Type Reject
+- entering group REJECT
        expand: %{User-Name} -> john at 192.168.1.227
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.227 port 33528, id=93,
length=252
        User-Name = "john at 192.168.1.227"
        X-Ascend-Netware-timeout = 1785686126
        X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
        X-Ascend-Receive-Secret =
0x34383163393137633262316333323731373133343937623838636165613864326437326534653832
        X-Ascend-IP-Pool-Definition = "sip:192.168.1.227"
        X-Ascend-IPX-Peer-Mode = 0x5245474953544552
        Digest-Response = "6d1bf8eacbbddb82a606811f7e5c76ae"
        Service-Type = IAPP-Register
        X-Ascend-PW-Lifetime = 1785686126
        Cisco-AVPair = "call-id=
ef6d9d206ac3449895bba4e95ea6110e at 192.168.1.193"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 5060
+- entering group authorize
++[preprocess] returns ok
perl_pool: item 0xa183d50 asigned new request. Handled so far: 1
found interpetator at address 0xa183d50
rlm_perl: ###############################################################
rlm_perl: RAD_REQUEST: Digest-Response = 6d1bf8eacbbddb82a606811f7e5c76ae
rlm_perl: RAD_REQUEST: X-Ascend-Receive-Secret =
0x34383163393137633262316333323731373133343937623838636165613864326437326534653832
rlm_perl: RAD_REQUEST: X-Ascend-IPX-Peer-Mode = 0x5245474953544552
rlm_perl: RAD_REQUEST: Service-Type = IAPP-Register
rlm_perl: RAD_REQUEST: X-Ascend-Netware-timeout = 1785686126
rlm_perl: RAD_REQUEST: Cisco-AVPair = call-id=
ef6d9d206ac3449895bba4e95ea6110e at 192.168.1.193
rlm_perl: RAD_REQUEST: X-Ascend-IP-Pool-Definition = sip:192.168.1.227
rlm_perl: RAD_REQUEST: User-Name = john at 192.168.1.227
rlm_perl: RAD_REQUEST: X-Ascend-PW-Lifetime = 1785686126
rlm_perl: RAD_REQUEST: NAS-Port = 5060
rlm_perl: RAD_REQUEST: NAS-IP-Address = 127.0.0.1
rlm_perl: RAD_REQUEST: X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
rlm_perl: ###############################################################
rlm_perl: Added pair Digest-Response = 6d1bf8eacbbddb82a606811f7e5c76ae
rlm_perl: Added pair X-Ascend-Receive-Secret =
0x34383163393137633262316333323731373133343937623838636165613864326437326534653832
rlm_perl: Added pair X-Ascend-IPX-Peer-Mode = 0x5245474953544552
rlm_perl: Added pair Service-Type = IAPP-Register
rlm_perl: Added pair X-Ascend-Netware-timeout = 1785686126
rlm_perl: Added pair Cisco-AVPair = call-id=
ef6d9d206ac3449895bba4e95ea6110e at 192.168.1.193
rlm_perl: Added pair X-Ascend-IP-Pool-Definition = sip:192.168.1.227
rlm_perl: Added pair User-Name = john at 192.168.1.227
rlm_perl: Added pair X-Ascend-PW-Lifetime = 1785686126
rlm_perl: Added pair NAS-Port = 5060
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
rlm_perl: Added pair Reply-Message = Incorrect Password
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0xa183d50
++[perl] returns reject
Invalid user: [john at 192.168.1.227/<no User-Password attribute>] (from client
192.168.1.227 port 5060)
  Found Post-Auth-Type Reject
+- entering group REJECT
        expand: %{User-Name} -> john at 192.168.1.227
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.4 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 92 to 192.168.1.227 port 33526
        Reply-Message = "Incorrect Password"
Waking up in 0.5 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 93 to 192.168.1.227 port 33528
        Reply-Message = "Incorrect Password"
Waking up in 4.4 seconds.
Cleaning up request 0 ID 92 with timestamp +5
Waking up in 0.5 seconds.
Cleaning up request 1 ID 93 with timestamp +5
Ready to process requests.

Thanks and Regards,
Elangbam Johnson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080503/6c381010/attachment.html>


More information about the Freeradius-Users mailing list