>Your radius client is not sending Digest-Attributes. It's sending Ascend
>VSAs. Read your NAS documentation how to set up digest authentication if
>you want that.
hi Kalik,
I am really sorry to post again the same question, as per your
instruction I have check all the clients configurations "radiusclient.conf"
as well as SER configuration "ser.cfg", I've uncommented all the modules
that will particularly help to do digest authentication in ser.cfg, but
still the problem of not getting the values of digest attributes exist, I am
using radiusclient 0.5.6 and SER 0.9.6, will it be the problem for
incompatible of versions between the radius server and the radius clients or
SER. Please tell me the possible problems of not getting these values:
'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri',
'Digest-Nonce', 'Digest-Response'
And please tell me the things that I should change in radius server
configuration to get these digest attributes.
for the information I've mentioning the debug when run in radiusd -X
rad_recv: Access-Request packet from host 192.168.1.227 port 33526, id=92,
length=252
User-Name = "[EMAIL PROTECTED]"
X-Ascend-Netware-timeout = 1785686126
X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
X-Ascend-Receive-Secret =
0x34383163393137633262316333323731373133343937623838636165613864326437326534653832
X-Ascend-IP-Pool-Definition = "sip:192.168.1.227"
X-Ascend-IPX-Peer-Mode = 0x5245474953544552
Digest-Response = "6d1bf8eacbbddb82a606811f7e5c76ae"
Service-Type = IAPP-Register
X-Ascend-PW-Lifetime = 1785686126
Cisco-AVPair = "call-id=
[EMAIL PROTECTED]"
NAS-IP-Address = 127.0.0.1
NAS-Port = 5060
+- entering group authorize
++[preprocess] returns ok
perl_pool: item 0x9f48768 asigned new request. Handled so far: 1
found interpetator at address 0x9f48768
rlm_perl: ###############################################################
rlm_perl: RAD_REQUEST: Digest-Response = 6d1bf8eacbbddb82a606811f7e5c76ae
rlm_perl: RAD_REQUEST: X-Ascend-Receive-Secret =
0x34383163393137633262316333323731373133343937623838636165613864326437326534653832
rlm_perl: RAD_REQUEST: X-Ascend-IPX-Peer-Mode = 0x5245474953544552
rlm_perl: RAD_REQUEST: Service-Type = IAPP-Register
rlm_perl: RAD_REQUEST: X-Ascend-Netware-timeout = 1785686126
rlm_perl: RAD_REQUEST: Cisco-AVPair = call-id=
[EMAIL PROTECTED]
rlm_perl: RAD_REQUEST: X-Ascend-IP-Pool-Definition = sip:192.168.1.227
rlm_perl: RAD_REQUEST: User-Name = [EMAIL PROTECTED]
rlm_perl: RAD_REQUEST: X-Ascend-PW-Lifetime = 1785686126
rlm_perl: RAD_REQUEST: NAS-Port = 5060
rlm_perl: RAD_REQUEST: NAS-IP-Address = 127.0.0.1
rlm_perl: RAD_REQUEST: X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
rlm_perl: ###############################################################
rlm_perl: Added pair Digest-Response = 6d1bf8eacbbddb82a606811f7e5c76ae
rlm_perl: Added pair X-Ascend-Receive-Secret =
0x34383163393137633262316333323731373133343937623838636165613864326437326534653832
rlm_perl: Added pair X-Ascend-IPX-Peer-Mode = 0x5245474953544552
rlm_perl: Added pair Service-Type = IAPP-Register
rlm_perl: Added pair X-Ascend-Netware-timeout = 1785686126
rlm_perl: Added pair Cisco-AVPair = call-id=
[EMAIL PROTECTED]
rlm_perl: Added pair X-Ascend-IP-Pool-Definition = sip:192.168.1.227
rlm_perl: Added pair User-Name = [EMAIL PROTECTED]
rlm_perl: Added pair X-Ascend-PW-Lifetime = 1785686126
rlm_perl: Added pair NAS-Port = 5060
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
rlm_perl: Added pair Reply-Message = Incorrect Password
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x9f48768
++[perl] returns reject
Invalid user: [EMAIL PROTECTED]/<no User-Password attribute>] (from client
192.168.1.227 port 5060)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> [EMAIL PROTECTED]
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.227 port 33528, id=93,
length=252
User-Name = "[EMAIL PROTECTED]"
X-Ascend-Netware-timeout = 1785686126
X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
X-Ascend-Receive-Secret =
0x34383163393137633262316333323731373133343937623838636165613864326437326534653832
X-Ascend-IP-Pool-Definition = "sip:192.168.1.227"
X-Ascend-IPX-Peer-Mode = 0x5245474953544552
Digest-Response = "6d1bf8eacbbddb82a606811f7e5c76ae"
Service-Type = IAPP-Register
X-Ascend-PW-Lifetime = 1785686126
Cisco-AVPair = "call-id=
[EMAIL PROTECTED]"
NAS-IP-Address = 127.0.0.1
NAS-Port = 5060
+- entering group authorize
++[preprocess] returns ok
perl_pool: item 0xa183d50 asigned new request. Handled so far: 1
found interpetator at address 0xa183d50
rlm_perl: ###############################################################
rlm_perl: RAD_REQUEST: Digest-Response = 6d1bf8eacbbddb82a606811f7e5c76ae
rlm_perl: RAD_REQUEST: X-Ascend-Receive-Secret =
0x34383163393137633262316333323731373133343937623838636165613864326437326534653832
rlm_perl: RAD_REQUEST: X-Ascend-IPX-Peer-Mode = 0x5245474953544552
rlm_perl: RAD_REQUEST: Service-Type = IAPP-Register
rlm_perl: RAD_REQUEST: X-Ascend-Netware-timeout = 1785686126
rlm_perl: RAD_REQUEST: Cisco-AVPair = call-id=
[EMAIL PROTECTED]
rlm_perl: RAD_REQUEST: X-Ascend-IP-Pool-Definition = sip:192.168.1.227
rlm_perl: RAD_REQUEST: User-Name = [EMAIL PROTECTED]
rlm_perl: RAD_REQUEST: X-Ascend-PW-Lifetime = 1785686126
rlm_perl: RAD_REQUEST: NAS-Port = 5060
rlm_perl: RAD_REQUEST: NAS-IP-Address = 127.0.0.1
rlm_perl: RAD_REQUEST: X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
rlm_perl: ###############################################################
rlm_perl: Added pair Digest-Response = 6d1bf8eacbbddb82a606811f7e5c76ae
rlm_perl: Added pair X-Ascend-Receive-Secret =
0x34383163393137633262316333323731373133343937623838636165613864326437326534653832
rlm_perl: Added pair X-Ascend-IPX-Peer-Mode = 0x5245474953544552
rlm_perl: Added pair Service-Type = IAPP-Register
rlm_perl: Added pair X-Ascend-Netware-timeout = 1785686126
rlm_perl: Added pair Cisco-AVPair = call-id=
[EMAIL PROTECTED]
rlm_perl: Added pair X-Ascend-IP-Pool-Definition = sip:192.168.1.227
rlm_perl: Added pair User-Name = [EMAIL PROTECTED]
rlm_perl: Added pair X-Ascend-PW-Lifetime = 1785686126
rlm_perl: Added pair NAS-Port = 5060
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
rlm_perl: Added pair Reply-Message = Incorrect Password
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0xa183d50
++[perl] returns reject
Invalid user: [EMAIL PROTECTED]/<no User-Password attribute>] (from client
192.168.1.227 port 5060)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> [EMAIL PROTECTED]
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.4 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 92 to 192.168.1.227 port 33526
Reply-Message = "Incorrect Password"
Waking up in 0.5 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 93 to 192.168.1.227 port 33528
Reply-Message = "Incorrect Password"
Waking up in 4.4 seconds.
Cleaning up request 0 ID 92 with timestamp +5
Waking up in 0.5 seconds.
Cleaning up request 1 ID 93 with timestamp +5
Ready to process requests.
Thanks and Regards,
Elangbam Johnson
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
