Voip database

Fajar A. Nugraha work at fajar.net
Tue Jan 4 09:41:59 CET 2011

On Tue, Jan 4, 2011 at 2:40 PM, miha- <miha_zoubek at hotmail.com> wrote:
> Currently, there is a password matching issue because the User-Password
> encoding is different during the Authentication from the Authorization.
> During the Authentication step, the Centile's radius client send a
> User-Password encrypted with the secret.
> But during the Authorization step, we don't expect the Radius server to
> check again this password (which is sent anyway, I don't know if this is a
> bug or if it is required by Eyebill...).

So they deliberately do NOT encrypt password with the secret? That's
just silly. They need to fix it.

> The Authorization request contains the attribute Acct-Status-Type with the
> value 17 that means "authorize only".

Shouldn't it be RADIUS Attribute 6, Service-Type?

> It also contains the attribute Message-Authenticator with the digest value.
> So Freeradius should use those two attributes to accept or reject the
> request instead of the User-Name and User-Password.

If only "pap" is involved (which, from your debug log seems to be the
case), you might be able to play with unlang and set Auth-Type :=
Accept for certain conditions (e.g. check whether
Message-Authenticator exists, and whether it matches a certain value).


More information about the Freeradius-Users mailing list