Hi Alan, Ok, I did as you instructed, and I admit that I appear to be getting somewhere. The debug log now shows the following:
-------------------------------- SNIP ----------------------------------------- rad_recv: Access-Request packet from host 192.168.2.80:33365, id=47, length=192 User-Name = "[EMAIL PROTECTED]" Digest-Attributes = 0x0a05313031 Digest-Attributes = 0x010d6f70656e7365722e6f7267 Digest-Attributes = 0x022a34363961613063323661386631313165393066336161303533353430393661323631336462343736 Digest-Attributes = 0x04127369703a3139322e3136382e322e3830 Digest-Attributes = 0x030a5245474953544552 Digest-Response = "3f66a7a38c9d6ff05d9d633063085a0c" Service-Type = IAPP-Register X-Ascend-PW-Lifetime = 0x313031 NAS-Port = 5060 NAS-IP-Address = 192.168.2.80 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 17 modcall[authorize]: module "preprocess" returns ok for request 17 radius_xlat: '/usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716' rlm_detail: /usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716 modcall[authorize]: module "auth_log" returns ok for request 17 rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok for request 17 users: Matched entry [EMAIL PROTECTED] at line 54 modcall[authorize]: module "files" returns ok for request 17 modcall: leaving group authorize (returns ok) for request 17 rad_check_password: Found Auth-Type DIGEST auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 17 rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "101" Digest-Realm = "openser.org" Digest-Nonce = "469aa0c26a8f111e90f3aa05354096a2613db476" Digest-URI = "sip:192.168.2.80" Digest-Method = "REGISTER" A1 = 101:openser.org:101 A2 = REGISTER:sip:192.168.2.80 H(A1) = f195c177997cee336c919be9279c5703 H(A2) = 046d0643f281affab19fe62ffc848ab5 KD = f195c177997cee336c919be9279c5703:469aa0c26a8f111e90f3aa05354096a2613db476:046d0643f281affab19fe62ffc848ab5 EXPECTED 3f66a7a38c9d6ff05d9d633063085a0c RECEIVED 3f66a7a38c9d6ff05d9d633063085a0c modcall[authenticate]: module "digest" returns ok for request 17 modcall: leaving group authenticate (returns ok) for request 17 Login OK: [EMAIL PROTECTED]/<no User-Password attribute>] (from client openser-network port 5060) Sending Access-Accept of id 47 to 192.168.2.80 port 33365 Finished request 17 Going to the next request Waking up in 4 seconds... rad_recv: Access-Request packet from host 192.168.2.80:33366, id=48, length=67 User-Name = "[EMAIL PROTECTED]" X-Ascend-PPP-VJ-1172 = 0x73757370656e646564 Service-Type = Voice NAS-Port = 0 NAS-IP-Address = 192.168.2.80 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 18 modcall[authorize]: module "preprocess" returns ok for request 18 radius_xlat: '/usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716' rlm_detail: /usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070716 modcall[authorize]: module "auth_log" returns ok for request 18 modcall[authorize]: module "digest" returns noop for request 18 users: Matched entry [EMAIL PROTECTED] at line 53 modcall[authorize]: module "files" returns ok for request 18 modcall: leaving group authorize (returns ok) for request 18 auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Login incorrect: [EMAIL PROTECTED]/<no User-Password attribute>] (from client openser-network port 0) Delaying request 18 for 1 seconds Finished request 18 Going to the next request Waking up in 4 seconds... -------------------------------- SNIP ----------------------------------------- If you were to examine the log, you would see that request number 17 is receiving the LOGIN OK, while request 18 is rejected. The silly part here is this, there is only a single IP Phone on the network, which is using a single OpenSER server. I'm kind'a struck with a silly question, where is the second request coming from? Z2L ----- Original Message ----- From: "Alan DeKok" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Sent: Wednesday, July 18, 2007 11:24:19 AM (GMT+0200) Asia/Jerusalem Subject: Re: RLM_PERL Integration Issue FreeRadius-ML wrote: > Now, I'm basically re-learning everything, as the world of OpenSER + > FreeRadius is a little new to me, > and sometimes frustrates me. The amount of documentation in the configuration > files is great, but the lack > of updated examples is somewhat annoying. Even Asterisk, which is one of the > most undocumented environments > in the world, has more configuration examples available. The majority of FreeRADIUS installations put users & password into SQL or LDAP, and then don't touch it ever again. For them, the existing examples are mostly OK. For *complex* scenarios, RADIUS quickly gets more complicated than DNS, DHCP, Web servers, and (I suspect) Asterisk. There just isn't enough space in the world to document every configuration that everyone needs. > In any case, lets go back to what we were discussing. If I understand you > correctly, on the FreeRadius side, > I only need to enable digest based authentication and authorization, define > the user in the users file - and that > should be working just fine? Yes. The entire *point* of the default configuration is to have as many authentication protocols as possible work... just by defining a user and password. See: http://deployingradius.com/documents/configuration/pap.html When 2.0 is released, defining a username & password will cause the following authentication methods to work: * PAP * CHAP * MS-CHAP * Digest * EAP-MD5 * EAP-MSCHAPv2 * Cisco LEAP * PEAP-MSCHAPv2 * PEAP-GTC * EAP-TTLS with * PAP * CHAP * MS-CHAP * EAP-MD5 * EAP-MSCHAPv2 Try *that* with any other program: "I added one line in a configuration file, and VOIP works, WiFi works, dial-up works, PPPoE works, VPN's work, for Apple, Windows, and Linux". No fighting, no fuss. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html