Re: [OpenSIPS-Users] Digest Auth with LDAP/RADIUS
Thanks Bogdan that useful to know. Turns out I just typed the password in wrong! > On 8 Jan 2021, at 3:35 am, Bogdan-Andrei Iancu wrote: > > Hi Michael, > > What you can do is to grab some online digest auth calculator and to > doublecheck the auth responses on each side (opensips and radius) > > Regards, > > Bogdan-Andrei Iancu > > OpenSIPS Founder and Developer > https://www.opensips-solutions.com > OpenSIPS Bootcamp 2020 online > https://opensips.org/training/OpenSIPS_eBootcamp_2020/ > > On 1/6/21 6:56 PM, bobsy via Users wrote: >> Hello everyone, >> >> I’m attempting to use digest auth on Freeradius with LDAP and plaintext >> userPassword’s. >> >> When the radius server goes to auth the digest hashes don’t match up. >> >> authenticate { >> (17) digest: A1 = bobsy:opensips.vale.ski:password >> (17) digest: A2 = REGISTER:sip:opensips.vale.ski >> H(A1) = 0342aafbaea975d9fde3c46f3f093993 >> H(A2) = b0605d01a41aac18c7f1a84c8ca1c4f5 >> (17) digest: KD = >> 0342aafbaea975d9fde3c46f3f093993:5ff5eaca15917970591b0edf7c7c6bbd13698c0dd5e6:b0605d01a41aac18c7f1a84c8ca1c4f5 >> EXPECTED a8d6639edfd61ac7b1bb247f7832b8e5 >> RECEIVED a817470a4e1612532d167bed0354a88b >> (17) digest: FAILED authentication >> (17) [digest] = reject >> (17) } # authenticate = reject >> (17) Failed to authenticate the user >> >> I have calculate_ha1 set to 1. >> >> Any insight would be great. >> >> And after this is resolved maybe someone can help me find out why the >> Kerberos module looks for “User-Password”. I believe it should be looking >> for “Cleartext-Password” and that’s why Kerberos won’t work for me. >> >> Regards, >> >> Michael Vale. >> ___ >> Users mailing list >> Users@lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Digest Auth with LDAP/RADIUS
Hi Michael, What you can do is to grab some online digest auth calculator and to doublecheck the auth responses on each side (opensips and radius) Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Bootcamp 2020 online https://opensips.org/training/OpenSIPS_eBootcamp_2020/ On 1/6/21 6:56 PM, bobsy via Users wrote: Hello everyone, I’m attempting to use digest auth on Freeradius with LDAP and plaintext userPassword’s. When the radius server goes to auth the digest hashes don’t match up. authenticate { (17) digest: A1 = bobsy:opensips.vale.ski:password (17) digest: A2 = REGISTER:sip:opensips.vale.ski H(A1) = 0342aafbaea975d9fde3c46f3f093993 H(A2) = b0605d01a41aac18c7f1a84c8ca1c4f5 (17) digest: KD = 0342aafbaea975d9fde3c46f3f093993:5ff5eaca15917970591b0edf7c7c6bbd13698c0dd5e6:b0605d01a41aac18c7f1a84c8ca1c4f5 EXPECTED a8d6639edfd61ac7b1bb247f7832b8e5 RECEIVED a817470a4e1612532d167bed0354a88b (17) digest: FAILED authentication (17) [digest] = reject (17) } # authenticate = reject (17) Failed to authenticate the user I have calculate_ha1 set to 1. Any insight would be great. And after this is resolved maybe someone can help me find out why the Kerberos module looks for “User-Password”. I believe it should be looking for “Cleartext-Password” and that’s why Kerberos won’t work for me. Regards, Michael Vale. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] Digest Auth with LDAP/RADIUS
Hello everyone, I’m attempting to use digest auth on Freeradius with LDAP and plaintext userPassword’s. When the radius server goes to auth the digest hashes don’t match up. authenticate { (17) digest: A1 = bobsy:opensips.vale.ski:password (17) digest: A2 = REGISTER:sip:opensips.vale.ski H(A1) = 0342aafbaea975d9fde3c46f3f093993 H(A2) = b0605d01a41aac18c7f1a84c8ca1c4f5 (17) digest: KD = 0342aafbaea975d9fde3c46f3f093993:5ff5eaca15917970591b0edf7c7c6bbd13698c0dd5e6:b0605d01a41aac18c7f1a84c8ca1c4f5 EXPECTED a8d6639edfd61ac7b1bb247f7832b8e5 RECEIVED a817470a4e1612532d167bed0354a88b (17) digest: FAILED authentication (17) [digest] = reject (17) } # authenticate = reject (17) Failed to authenticate the user I have calculate_ha1 set to 1. Any insight would be great. And after this is resolved maybe someone can help me find out why the Kerberos module looks for “User-Password”. I believe it should be looking for “Cleartext-Password” and that’s why Kerberos won’t work for me. Regards, Michael Vale. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users