Re: Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'

2008-05-07 Thread Phil Mayers 
rad_recv: Access-Request packet from host 192.168.1.227 
 port 33361, id=96, length=252

User-Name = "[EMAIL PROTECTED] "
X-Ascend-Netware-timeout = 1785686126
X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
X-Ascend-Receive-Secret = snip
X-Ascend-IP-Pool-Definition = snip
X-Ascend-IPX-Peer-Mode = 0x5245474953544552
Digest-Response = "7cfeea7f2242db43d8ee8956cf116617"
Service-Type = IAPP-Register
X-Ascend-PW-Lifetime = 1785686126
Cisco-AVPair = snip
NAS-IP-Address = 127.0.0.1 
NAS-Port = 5060
+- entering group authorize
++[preprocess] returns ok
ERROR: Received Digest-Response without Digest-Attributes
++[digest] returns invalid


HOW MANY TIMES must you be told this?!?!

Your CLIENT IS NOT SENDING ALL THE DIGEST ATTRIBUTES!

FIX YOUR CLIENT!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'

2008-05-07 Thread Ivan Kalik 
>rad_recv: Access-Request packet from host 192.168.1.227 port 33360, id=95,
>length=252
>User-Name = "[EMAIL PROTECTED]"
>X-Ascend-Netware-timeout = 1785686126
>X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
>X-Ascend-Receive-Secret =
>0x3438323163336363623962623466396334363964656132376565306534346438373831653830
>X-Ascend-IP-Pool-Definition = "sip:192.168.1.227"
>X-Ascend-IPX-Peer-Mode = 0x5245474953544552
>Digest-Response = "7cfeea7f2242db43d8ee8956cf116617"
>Service-Type = IAPP-Register
>X-Ascend-PW-Lifetime = 1785686126
>Cisco-AVPair = "call-id=
>[EMAIL PROTECTED]"
>NAS-IP-Address = 127.0.0.1
>NAS-Port = 5060

You are (again) sending a request without Digest-Attributes. Try sending
one with them.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'

2008-05-07 Thread johnson elangbam 
hi,
 I am using freeradius 2.0.3 with radiusclient-ng 0.5.6. I need to used
the following attributes
Digest-User-name', 'Digest-Realm',   'Digest-Method', 'Digest-Uri',
'Digest-Nonce',   'Digest-Response' into my perl code, to do my md5
calculation, unfortunately I can't get any of the values except
Digest-Response,
hopefully i've tried all the alternatives that is posted by Ivan Kalik
earlier.

1. I've uncommented all the digest entries in sites-enabled/default file and
I've uncommented out all the perl entries from the
default.
2. I've tried accessing the digest attributes in my perl code by using
RAD_CHECK as well as RAD_CHECK.

But it doesn't work.

can anybody please tell me that is it possible to call the digest attributes
in the perl code. If it is possible, please show me the way how to call
these attributes('Digest-User-name', 'Digest-Realm',   'Digest-Method',
'Digest-Uri', 'Digest-Nonce',   'Digest-Response'.

Or will it be the problem of not getting the digest attributes by the
incompatible dictionaries of radius client and radius server.
Please help,I am really confused where is the problem.

Thanks for your valuable time.

*Here is the output files when running in debug mode before authenticate a
user*

FreeRADIUS Version 2.0.3, for host i686-pc-linux-gnu, built on May  7 2008
at 16:45:53
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/clients.conf
including configuration file /usr/local/etc/raddb/snmp.conf
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = "/usr/local"
localstatedir = "/usr/local/var"
logdir = "/usr/local/var/log/radius"
libdir = "/usr/local/lib"
radacctdir = "/usr/local/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
checkrad = "/usr/local/sbin/checkrad"
debug_level = 0
proxy_requests = yes
 security {
max_attributes = 200
reject_delay = 1
status_server = yes
 }
}
 client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
shortname = "localhost"
nastype = "other"
 }
 client 192.168.1.227 {
require_message_authenticator = no
secret = "johnson"
shortname = "mynetwork"
nastype = "other"
 }
radiusd:  Loading Realms and Home Servers 
radiusd:  Instantiating modules 
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating exec
  exec {
wait = yes
input_pairs = "request"
shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating expr
 Module: Linked to module rlm_expiration
 Module: Instantiating expiration
  expiration {
reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating logintime
  logintime {
reply-message = "You are calling outside your allowed timespan  "
minimum-timeout = 60
  }
 }
radiusd:  Loading Virtual Servers 
server {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_digest
 Module: Instantiating digest
 Module: Linked to module rlm_perl
 Module: Instantiating perl
  perl {
module = "/usr/local/etc/raddb/myperltemp.pl"
func_authorize = "authorize"
func_authenticate = "authenticate"
func_accounting = "accounting"
func_preacct = "preacct"
func_checksimul = "checksimul"
func_detach = "detach"
func_xlat = "xlat"
func_pre_proxy = "pre_proxy"
func_post_proxy = "post_proxy"
func_post_auth = "post_auth"
  }
  perl {
max_clones = 32
start_clones = 32
min_spare_clones = 0
max_spare_clones = 32
cleanup_delay = 5
max_request_per_clone = 0
  }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating preprocess
  preprocess {
huntgroups = "/usr/local/etc/raddb/huntgroups"
hints = "/usr/local/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntd

Re: Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'

2008-05-02 Thread Ivan Kalik 
>May it be the problem from the radius client, or is it the problem in my
>perl code.
>I can't rectify the problem, I am confusing where should I emphasized
>
>Here is the new output when it is run in  radiusd -X after rejecting da
>user.
>
>rad_recv: Access-Request packet from host 192.168.1.227 port 32847, id=182,
>length=252
>User-Name = "[EMAIL PROTECTED]"
>X-Ascend-Netware-timeout = 1785686126
>X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
>X-Ascend-Receive-Secret =
>0x34383161663338653534346236663063383862343865393864346639313036626264363230306536
>X-Ascend-IP-Pool-Definition = "sip:192.168.1.227"
>X-Ascend-IPX-Peer-Mode = 0x5245474953544552
>Digest-Response = "1e926599fa0777bef89010421e3e1c41"
>Service-Type = IAPP-Register
>X-Ascend-PW-Lifetime = 1785686126
>Cisco-AVPair = "call-id=
>[EMAIL PROTECTED]"
>NAS-IP-Address = 127.0.0.1
>NAS-Port = 5060

Your radius client is not sending Digest-Attributes. It's sending Ascend
VSAs. Read your NAS documentation how to set up digest authentication if
you want that.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'

2008-05-02 Thread johnson elangbam 
>Send a request with Digest-Attributes.

hi Kalik,
I've tried to called using Digest-Attributes in my perl code
like this

 $dUserName= $RAD_REQUEST{'Digest-User-Name'};
 $dRealm= $RAD_REQUEST{'Digest-Realm'};
 $dMethod = $RAD_REQUEST{'Digest-Method'};
 $dUri= $RAD_REQUEST{'Digest-URI'};
 $dNonce=$RAD_REQUEST{'Digest-Nonce'};
 $dResponse=$RAD_REQUEST{'Digest-Response'};

but still it doesn't get the values..except 'Digest-Response'
May it be the problem from the radius client, or is it the problem in my
perl code.
I can't rectify the problem, I am confusing where should I emphasized

Here is the new output when it is run in  radiusd -X after rejecting da
user.

rad_recv: Access-Request packet from host 192.168.1.227 port 32847, id=182,
length=252
User-Name = "[EMAIL PROTECTED]"
X-Ascend-Netware-timeout = 1785686126
X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
X-Ascend-Receive-Secret =
0x34383161663338653534346236663063383862343865393864346639313036626264363230306536
X-Ascend-IP-Pool-Definition = "sip:192.168.1.227"
X-Ascend-IPX-Peer-Mode = 0x5245474953544552
Digest-Response = "1e926599fa0777bef89010421e3e1c41"
Service-Type = IAPP-Register
X-Ascend-PW-Lifetime = 1785686126
Cisco-AVPair = "call-id=
[EMAIL PROTECTED]"
NAS-IP-Address = 127.0.0.1
NAS-Port = 5060
+- entering group authorize
++[preprocess] returns ok
perl_pool: item 0x9ede730 asigned new request. Handled so far: 1
found interpetator at address 0x9ede730
rlm_perl: ###
rlm_perl: RAD_REQUEST: Digest-Response = 1e926599fa0777bef89010421e3e1c41
rlm_perl: RAD_REQUEST: X-Ascend-Receive-Secret =
0x34383161663338653534346236663063383862343865393864346639313036626264363230306536
rlm_perl: RAD_REQUEST: X-Ascend-IPX-Peer-Mode = 0x5245474953544552
rlm_perl: RAD_REQUEST: Service-Type = IAPP-Register
rlm_perl: RAD_REQUEST: X-Ascend-Netware-timeout = 1785686126
rlm_perl: RAD_REQUEST: Cisco-AVPair = call-id=
[EMAIL PROTECTED]
rlm_perl: RAD_REQUEST: X-Ascend-IP-Pool-Definition = sip:192.168.1.227
rlm_perl: RAD_REQUEST: User-Name = [EMAIL PROTECTED]
rlm_perl: RAD_REQUEST: X-Ascend-PW-Lifetime = 1785686126
rlm_perl: RAD_REQUEST: NAS-Port = 5060
rlm_perl: RAD_REQUEST: NAS-IP-Address = 127.0.0.1
rlm_perl: RAD_REQUEST: X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
rlm_perl: ###
rlm_perl: Added pair Digest-Response = 1e926599fa0777bef89010421e3e1c41
rlm_perl: Added pair X-Ascend-Receive-Secret =
0x34383161663338653534346236663063383862343865393864346639313036626264363230306536
rlm_perl: Added pair X-Ascend-IPX-Peer-Mode = 0x5245474953544552
rlm_perl: Added pair Service-Type = IAPP-Register
rlm_perl: Added pair X-Ascend-Netware-timeout = 1785686126
rlm_perl: Added pair Cisco-AVPair = call-id=
[EMAIL PROTECTED]
rlm_perl: Added pair X-Ascend-IP-Pool-Definition = sip:192.168.1.227
rlm_perl: Added pair User-Name = [EMAIL PROTECTED]
rlm_perl: Added pair X-Ascend-PW-Lifetime = 1785686126
rlm_perl: Added pair NAS-Port = 5060
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
rlm_perl: Added pair Reply-Message = Incorrect Password
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x9ede730
++[perl] returns reject
Invalid user: [EMAIL PROTECTED]/] (from client
192.168.1.227 port 5060)
  Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> [EMAIL PROTECTED]
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.227 port 32848, id=183,
length=252
User-Name = "[EMAIL PROTECTED]"
X-Ascend-Netware-timeout = 1785686126
X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
X-Ascend-Receive-Secret =
0x34383161663338653534346236663063383862343865393864346639313036626264363230306536
X-Ascend-IP-Pool-Definition = "sip:192.168.1.227"
X-Ascend-IPX-Peer-Mode = 0x5245474953544552
Digest-Response = "1e926599fa0777bef89010421e3e1c41"
Service-Type = IAPP-Register
X-Ascend-PW-Lifetime = 1785686126
Cisco-AVPair = "call-id=
[EMAIL PROTECTED]"
NAS-IP-Address = 127.0.0.1
NAS-Port = 5060
+- entering group authorize
++[preprocess] returns ok
perl_pool: item 0xa119d28 asigned new request. Handled so far: 1
found interpetator at address 0xa119d28
rlm_perl: ###
rlm_perl: RAD_REQUEST: Digest-Response = 1e926599fa0777bef89010421e3e1c41
rlm_perl: RAD_REQUEST: X-Ascend-Receive-Secret =
0x3438316166333865353434623666306338386234386539386434663931303662626436

Re: Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'

2008-05-02 Thread Ivan Kalik 
>  I've tried $RAD_CHECK but still i didn't get the values of
>these attributes
>'Digest-User-name',
>'Digest-Realm',
>'Digest-Method',
>'Digest-Uri',
>'Digest-Nonce',
>'Digest-Response',
>I've found a digest module in radiusd.conf but actually don't have any idea
>how to handle the module. Please tell me how to get the value of these
>attributes.
>

Send a request with Digest-Attributes.

>
>rad_recv: Access-Request packet from host 127.0.0.1 port 32795, id=73,
>length=59
>User-Name = "johnson"
>User-Password = "johnson"
>NAS-IP-Address = 127.0.0.1
>NAS-Port = 0

This is an ordinary pap request. You will never get digest attributes out
of it.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'

2008-05-02 Thread johnson elangbam 
>No, there is a digest module in default radiusd.conf that should decode
>the attributes. Post radiusd -X for request with Digest-Attributes.
>Those attributes you want are not in the request - have you tried
>$RAD_CHECK.


hi Kalik,
  I've tried $RAD_CHECK but still i didn't get the values of
these attributes
'Digest-User-name',
'Digest-Realm',
'Digest-Method',
'Digest-Uri',
'Digest-Nonce',
'Digest-Response',
I've found a digest module in radiusd.conf but actually don't have any idea
how to handle the module. Please tell me how to get the value of these
attributes.

Here is the full output when the radius is run in debugging mode:

[EMAIL PROTECTED] raddb]# radiusd -X
FreeRADIUS Version 2.0.3, for host i686-pc-linux-gnu, built on Apr  9 2008
at 21:42:16
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/clients.conf
including configuration file /usr/local/etc/raddb/snmp.conf
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = "/usr/local"
localstatedir = "/usr/local/var"
logdir = "/usr/local/var/log/radius"
libdir = "/usr/local/lib"
radacctdir = "/usr/local/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
checkrad = "/usr/local/sbin/checkrad"
debug_level = 0
proxy_requests = yes
 security {
max_attributes = 200
reject_delay = 1
status_server = yes
 }
}
 client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
shortname = "localhost"
nastype = "other"
 }
 client 192.168.1.227 {
require_message_authenticator = no
secret = "johnson"
 }
radiusd:  Loading Realms and Home Servers 
radiusd:  Instantiating modules 
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating exec
  exec {
wait = yes
input_pairs = "request"
shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating expr
 Module: Linked to module rlm_expiration
 Module: Instantiating expiration
  expiration {
reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating logintime
  logintime {
reply-message = "You are calling outside your allowed timespan  "
minimum-timeout = 60
  }
 }
radiusd:  Loading Virtual Servers 
server {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_perl
 Module: Instantiating perl
  perl {
module = "/usr/local/etc/raddb/myperltemp.pl"
func_authorize = "authorize"
func_authenticate = "authenticate"
func_accounting = "accounting"
func_preacct = "preacct"
func_checksimul = "checksimul"
func_detach = "detach"
func_xlat = "xlat"
func_pre_proxy = "pre_proxy"
func_post_proxy = "post_proxy"
func_post_auth = "post_auth"
  }
  perl {
max_clones = 32
start_clones = 32
min_spare_clones = 0
max_spare_clones = 32
cleanup_delay = 5
max_request_per_clone = 0
  }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating preprocess
  preprocess {
huntgroups = "/usr/local/etc/raddb/huntgroups"
hints = "/usr/local/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
  }
 Module: Linked to module rlm_realm
 Module: Instantiating suffix
  realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
  }
 Module: Linked to module rlm_eap
 Module: Instantiating eap
  eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating ea

Re: Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'

2008-05-01 Thread Ivan Kalik 
>>No, there is a digest module in default radiusd.conf that should decode
>>the attributes. Post radiusd -X for request with Digest-Attributes.
>>Those attributes you want are not in the request - have you tried
>>$ RAD_CHECK.
>
>
>hi Kalik,
>  I've tried $RAD_CHECK but it doesn't work, I've found a digest
>module in radiusd.conf but actually don't have any idea how to handle the
>module.
>
There is nothing to "handle". digest {} module will decode information
from the Digest-Attributes and produce those attributes you are looking
for.

>rad_recv: Access-Request packet from host 127.0.0.1 port 32795, id=73,
>length=59
>User-Name = "johnson"
>User-Password = "johnson"
>NAS-IP-Address = 127.0.0.1
>NAS-Port = 0

Do you see Digest-Attributes in this request? I don't.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'

2008-05-01 Thread johnson elangbam 
>No, there is a digest module in default radiusd.conf that should decode
>the attributes. Post radiusd -X for request with Digest-Attributes.
>Those attributes you want are not in the request - have you tried
>$RAD_CHECK.


hi Kalik,
  I've tried $RAD_CHECK but it doesn't work, I've found a digest
module in radiusd.conf but actually don't have any idea how to handle the
module.

Here is the full output when the radius is run in debugging mode:

[EMAIL PROTECTED] raddb]# radiusd -X
FreeRADIUS Version 2.0.3, for host i686-pc-linux-gnu, built on Apr  9 2008
at 21:42:16
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/clients.conf
including configuration file /usr/local/etc/raddb/snmp.conf
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = "/usr/local"
localstatedir = "/usr/local/var"
logdir = "/usr/local/var/log/radius"
libdir = "/usr/local/lib"
radacctdir = "/usr/local/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
checkrad = "/usr/local/sbin/checkrad"
debug_level = 0
proxy_requests = yes
 security {
max_attributes = 200
reject_delay = 1
status_server = yes
 }
}
 client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
shortname = "localhost"
nastype = "other"
 }
 client 192.168.1.227 {
require_message_authenticator = no
secret = "johnson"
 }
radiusd:  Loading Realms and Home Servers 
radiusd:  Instantiating modules 
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating exec
  exec {
wait = yes
input_pairs = "request"
shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating expr
 Module: Linked to module rlm_expiration
 Module: Instantiating expiration
  expiration {
reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating logintime
  logintime {
reply-message = "You are calling outside your allowed timespan  "
minimum-timeout = 60
  }
 }
radiusd:  Loading Virtual Servers 
server {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_perl
 Module: Instantiating perl
  perl {
module = "/usr/local/etc/raddb/myperltemp.pl"
func_authorize = "authorize"
func_authenticate = "authenticate"
func_accounting = "accounting"
func_preacct = "preacct"
func_checksimul = "checksimul"
func_detach = "detach"
func_xlat = "xlat"
func_pre_proxy = "pre_proxy"
func_post_proxy = "post_proxy"
func_post_auth = "post_auth"
  }
  perl {
max_clones = 32
start_clones = 32
min_spare_clones = 0
max_spare_clones = 32
cleanup_delay = 5
max_request_per_clone = 0
  }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating preprocess
  preprocess {
huntgroups = "/usr/local/etc/raddb/huntgroups"
hints = "/usr/local/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
  }
 Module: Linked to module rlm_realm
 Module: Instantiating suffix
  realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
  }
 Module: Linked to module rlm_eap
 Module: Instantiating eap
  eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
challenge = "Password: "
auth_type = "PAP"
   }
 Module: Linked to sub-module rlm_eap_t

Re: Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'

2008-05-01 Thread Ivan Kalik 
>As advice by Ivan Kalik, I've tried sending the request with
>Digest-Attributes, unfortunately i didn't get any values from these
>attributes:
>'Digest-User-name', 'Digest-Realm',   'Digest-Method', 'Digest-Uri',
>'Digest-Nonce',   'Digest-Response'.
>
>here is the piece of perl code that i have used to access the values
>
>$dUserName= $RAD_REQUEST{'Digest-User-Name'};
>$dRealm= $RAD_REQUEST{'Digest-Realm'};
>$dMethod = $RAD_REQUEST{'Digest-Method'};
>$dUri= $RAD_REQUEST{'Digest-URI'};
>$dNonce=$RAD_REQUEST{'Digest-Nonce'};
>$dResponse=$RAD_REQUEST{'Digest-Response'};
>
>I've used md5 algorithm in my perl script, is there anything to be done in
>the eap.conf  or in radius.conf ?
>

No, there is a digest module in default radiusd.conf that should decode
the attributes. Post radiusd -X for request with Digest-Attributes.
Those attributes you want are not in the request - have you tried
$RAD_CHECK.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'

2008-05-01 Thread johnson elangbam 
> That's a pap request. Send a request with Digest-Attributes and you will
>get digest attributes.

hi,
As advice by Ivan Kalik, I've tried sending the request with
Digest-Attributes, unfortunately i didn't get any values from these
attributes:
'Digest-User-name', 'Digest-Realm',   'Digest-Method', 'Digest-Uri',
'Digest-Nonce',   'Digest-Response'.

here is the piece of perl code that i have used to access the values

$dUserName= $RAD_REQUEST{'Digest-User-Name'};
$dRealm= $RAD_REQUEST{'Digest-Realm'};
$dMethod = $RAD_REQUEST{'Digest-Method'};
$dUri= $RAD_REQUEST{'Digest-URI'};
$dNonce=$RAD_REQUEST{'Digest-Nonce'};
$dResponse=$RAD_REQUEST{'Digest-Response'};

I've used md5 algorithm in my perl script, is there anything to be done in
the eap.conf  or in radius.conf ?

Regards,
Elangbam Johnson
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'

2008-05-01 Thread Ivan Kalik 
> hi,
>   I am using free Radius 2.0.3. I m configured my AAA through rlm_perl. I
>need to do the authorization by using the following attributes.
>
>Digest-Realm
>Digest-Method
>Digest-Uri
>Digest-Nonce
>Digest-Nonce
>Digest-Response
>
>Unfortunately i did not get any value from these attributes when i called
>using $RAD_REQUEST. Please tell me any idea to get these values.
>
..
>rad_recv: Access-Request packet from host 127.0.0.1 port 32795, id=73,
>length=59
>User-Name = "johnson"
>User-Password = "johnson"
>NAS-IP-Address = 127.0.0.1
>NAS-Port = 0

That's a pap request. Send a request with Digest-Attributes and you will
get digest attributes.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html