Hi Alan, Thank you very much in answering. Since you confirmed it is a bug I'd like to let you know that my tests using MD5-sess algorithm also had failed. This time the error is when calculating the H(A1). Again, using the user 'bob' password 'zanzibar', when i run the following command:
echo ' User-name = "bob", Digest-Response = "e4e4ea61d186d07a92c9e1f6919902e9", Digest-Realm = "biloxi.com", Digest-Nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093", Digest-Method = "INVITE", Digest-URI = "sip:[EMAIL PROTECTED]", Digest-Algorithm = "MD5-sess", Digest-User-Name = "bob", Digest-QOP = "auth", Digest-Nonce-Count = "00000001", Digest-CNonce = "0a4f113b"' | /usr/bin/radclient localhost auth testing123 2>&1 the output of radiusd -X is: rad_recv: Access-Request packet from host 127.0.0.1:32937, id=87, length=194 User-Name = "bob" Digest-Response = "e4e4ea61d186d07a92c9e1f6919902e9" Digest-Attributes = 0x010c62696c6f78692e636f6d Digest-Attributes = 0x022464636439386237313032646432663065386231316430663630306266623063303933 Digest-Attributes = 0x0308494e56495445 Digest-Attributes = 0x04147369703a626f624062696c6f78692e636f6d Digest-Attributes = 0x060a4d44352d73657373 Digest-Attributes = 0x0a05626f62 Digest-Attributes = 0x050661757468 Digest-Attributes = 0x090a3030303030303031 Digest-Attributes = 0x080a3061346631313362 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 15 modcall[authorize]: module "preprocess" returns ok for request 15 modcall[authorize]: module "chap" returns noop for request 15 modcall[authorize]: module "mschap" returns noop for request 15 rlm_digest: Converting Digest-Attributes to something sane... Digest-Realm = "biloxi.com" Digest-Nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093" Digest-Method = "INVITE" Digest-URI = "sip:[EMAIL PROTECTED]" Digest-Algorithm = "MD5-sess" Digest-User-Name = "bob" Digest-QOP = "auth" Digest-Nonce-Count = "00000001" Digest-CNonce = "0a4f113b" rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok for request 15 rlm_realm: No '@' in User-Name = "bob", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 15 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 15 users: Matched entry bob at line 5 modcall[authorize]: module "files" returns ok for request 15 modcall: group authorize returns ok for request 15 rad_check_password: Found Auth-Type Digest auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 15 A1 = bob:biloxi.com:zanzibar A2 = INVITE:sip:[EMAIL PROTECTED] H(A1) = 3fe46a5fca36d79d9b5567e49a5b9fa1 H(A2) = 13a14a3eb5e2c24732a1a04fff543e92 KD = 3fe46a5fca36d79d9b5567e49a5b9fa1:dcd98b7102dd2f0e8b11d0f600bfb0c093:00000001:0a4f113b:auth:13a14a3eb5e2c24732a1a04fff543e92 EXPECTED 9c9e30a46fcc7a25a16cc7c4a1330ef8 RECEIVED e4e4ea61d186d07a92c9e1f6919902e9 rlm_digest: FAILED authentication The correct H(A1) for this case should be: "4f36886771c77832be5c5a8de5a7ec82" instead of "3fe46a5fca36d79d9b5567e49a5b9fa1". If you didn't fix this bug yet, use the examples from the draft http://ftp6.us.freebsd.org/pub/rfc/internet-drafts/draft-smith-sipping-auth-examples-01.txt They certainly will help you. Thank you, bnegrao - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html