Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce'.

johnson elangbam elangbamjohnson at gmail.com
Mon May 12 12:46:44 CEST 2008


>You are (again) sending a request without Digest-Attributes. Try sending
>one with them.

>Ivan Kalik
>Kalik Informatika ISP

hi,
    I check all the clients attributes and start sending the Digest
attributes.. now the problem is I can't get those attributes in my perl code
by accessing using RAD_REQUEST or RAD_CHECK, so that I can calculate my ha1,
ha2 for md5 encryption.

Please help.

Output log file when run in debug mode by using radiusd -X

rad_recv: Access-Request packet from host 192.168.1.227 port 32817, id=222,
length=262
        User-Name = "john at 192.168.1.227"
        Digest-Attributes = "\n\006john"
        Digest-Attributes = "\001\017192.168.1.227"
        Digest-Attributes = "\002*48281f56caacb6aa62fc3bb31ec98146efeaae15"
        Digest-Attributes = "\004\023sip:192.168.1.227"
        Digest-Attributes = "\003\nREGISTER"
        Digest-Response = "9ae01536efc46358e61f2fe362552af4"
        Service-Type = SIP
        Sip-URI-User = "john"
        Cisco-AVPair = "call-id=
8717e9ec07014e138298c43a5dcdd370 at 192.168.1.193"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 5060
+- entering group authorize
++[preprocess] returns ok
perl_pool: item 0x8d08568 asigned new request. Handled so far: 1
found interpetator at address 0x8d08568
rlm_perl: ###############################################################
rlm_perl: RAD_REQUEST: Digest-Response = 9ae01536efc46358e61f2fe362552af4
rlm_perl: RAD_REQUEST: Service-Type = SIP
rlm_perl: RAD_REQUEST: Cisco-AVPair = call-id=
8717e9ec07014e138298c43a5dcdd370 at 192.168.1.193
rlm_perl: RAD_REQUEST: User-Name = john at 192.168.1.227
rlm_perl: RAD_REQUEST: Sip-URI-User = john
rlm_perl: RAD_REQUEST: NAS-IP-Address = 127.0.0.1
rlm_perl: RAD_REQUEST: NAS-Port = 5060
rlm_perl: RAD_REQUEST: Digest-Attributes = ARRAY(0x8df353c)
rlm_perl: ###############################################################
rlm_perl: Added pair Digest-Response = 9ae01536efc46358e61f2fe362552af4
rlm_perl: Added pair Service-Type = SIP
rlm_perl: Added pair Cisco-AVPair = call-id=
8717e9ec07014e138298c43a5dcdd370 at 192.168.1.193
rlm_perl: Added pair User-Name = john at 192.168.1.227
rlm_perl: Added pair Sip-URI-User = john
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair NAS-Port = 5060
rlm_perl: Added pair Digest-Attributes = \n\006john
rlm_perl: Added pair Digest-Attributes = \001\017192.168.1.227
rlm_perl: Added pair Digest-Attributes =
\002*48281f56caacb6aa62fc3bb31ec98146efeaae15
rlm_perl: Added pair Digest-Attributes = \004\023sip:192.168.1.227
rlm_perl: Added pair Digest-Attributes = \003\nREGISTER
rlm_perl: Added pair Reply-Message = Incorrect Password
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x8d08568
++[perl] returns ok
rlm_digest: Adding Auth-Type = DIGEST
++[digest] returns ok
    rlm_realm: Looking up realm "192.168.1.227" for User-Name = "
john at 192.168.1.227"
    rlm_realm: No such realm "192.168.1.227"
++[suffix] returns noop
  rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
  rad_check_password:  Found Auth-Type DIGEST
auth: type "digest"
+- entering group authenticate
rlm_digest: Cleartext-Password or Digest-HA1 is required for authentication.
++[digest] returns invalid
auth: Failed to validate the user.
Login incorrect: [john at 192.168.1.227/<via Auth-Type = DIGEST>] (from client
192.168.1.227 port 5060)
  Found Post-Auth-Type Reject
+- entering group REJECT
        expand: %{User-Name} -> john at 192.168.1.227
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.227 port 32818, id=223,
length=262
        User-Name = "john at 192.168.1.227"
        Digest-Attributes = "\n\006john"
        Digest-Attributes = "\001\017192.168.1.227"
        Digest-Attributes = "\002*48281f56caacb6aa62fc3bb31ec98146efeaae15"
        Digest-Attributes = "\004\023sip:192.168.1.227"
        Digest-Attributes = "\003\nREGISTER"
        Digest-Response = "9ae01536efc46358e61f2fe362552af4"
        Service-Type = SIP
        Sip-URI-User = "john"
        Cisco-AVPair = "call-id=
8717e9ec07014e138298c43a5dcdd370 at 192.168.1.193"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 5060
+- entering group authorize
++[preprocess] returns ok
perl_pool: item 0x8e67348 asigned new request. Handled so far: 1
found interpetator at address 0x8e67348
rlm_perl: ###############################################################
rlm_perl: RAD_REQUEST: Digest-Response = 9ae01536efc46358e61f2fe362552af4
rlm_perl: RAD_REQUEST: Service-Type = SIP
rlm_perl: RAD_REQUEST: Cisco-AVPair = call-id=
8717e9ec07014e138298c43a5dcdd370 at 192.168.1.193
rlm_perl: RAD_REQUEST: User-Name = john at 192.168.1.227
rlm_perl: RAD_REQUEST: Sip-URI-User = john
rlm_perl: RAD_REQUEST: NAS-IP-Address = 127.0.0.1
rlm_perl: RAD_REQUEST: NAS-Port = 5060
rlm_perl: RAD_REQUEST: Digest-Attributes = ARRAY(0x8efce0c)
rlm_perl: ###############################################################
rlm_perl: Added pair Digest-Response = 9ae01536efc46358e61f2fe362552af4
rlm_perl: Added pair Service-Type = SIP
rlm_perl: Added pair Cisco-AVPair = call-id=
8717e9ec07014e138298c43a5dcdd370 at 192.168.1.193
rlm_perl: Added pair User-Name = john at 192.168.1.227
rlm_perl: Added pair Sip-URI-User = john
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair NAS-Port = 5060
rlm_perl: Added pair Digest-Attributes = \n\006john
rlm_perl: Added pair Digest-Attributes = \001\017192.168.1.227
rlm_perl: Added pair Digest-Attributes =
\002*48281f56caacb6aa62fc3bb31ec98146efeaae15
rlm_perl: Added pair Digest-Attributes = \004\023sip:192.168.1.227
rlm_perl: Added pair Digest-Attributes = \003\nREGISTER
rlm_perl: Added pair Reply-Message = Incorrect Password
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x8e67348
++[perl] returns ok
rlm_digest: Adding Auth-Type = DIGEST
++[digest] returns ok
    rlm_realm: Looking up realm "192.168.1.227" for User-Name = "
john at 192.168.1.227"
    rlm_realm: No such realm "192.168.1.227"
++[suffix] returns noop
  rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
  rad_check_password:  Found Auth-Type DIGEST
auth: type "digest"
+- entering group authenticate
rlm_digest: Cleartext-Password or Digest-HA1 is required for authentication.
++[digest] returns invalid
auth: Failed to validate the user.
Login incorrect: [john at 192.168.1.227/<via Auth-Type = DIGEST>] (from client
192.168.1.227 port 5060)
  Found Post-Auth-Type Reject
+- entering group REJECT
        expand: %{User-Name} -> john at 192.168.1.227
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.4 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 222 to 192.168.1.227 port 32817
        Reply-Message = "Incorrect Password"
Waking up in 0.4 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 223 to 192.168.1.227 port 32818
        Reply-Message = "Incorrect Password"
Waking up in 4.5 seconds.
Cleaning up request 0 ID 222 with timestamp +3
Waking up in 0.4 seconds.
Cleaning up request 1 ID 223 with timestamp +3
Ready to process requests.

Thanks and Regards,
Elangbam Johnson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080512/6989732a/attachment.html>


More information about the Freeradius-Users mailing list