[Users] Openser with Radius

Dubromez Matthieu matthieu.dubromez at insa-lyon.fr
Thu Jul 13 16:05:47 CEST 2006


Hi all,

I put this in the users file and it works :

DEFAULT Auth-Type := digest, Digest-HA1 := "mypassword"

But it works logically only if it's my User-Name.
Thats's why I tried to put this and it doesn't work (syntax problem I think) :

DEFAULT Auth-Type := digest, Digest-HA1 := `echo -n
%{Digest-User-Name}:%{Digest-Realm}:%{Digest-User-Password} | md5sum`

Is it possible to do something near like this or it's absolutely crazy ;) ?

Thanks

Matthieu


> Hello,
> 
> Yes I've followed the steps but I don't want to write all of my users in the
> users file. So I must to load the user profiles from LDAP and I don't know
> the
> way to do this :( !!!
> 
> Sincerely,
> 
> Matthieu
> 
> 
> > Hello,
> > 
> > have you followed the steps in 
> > http://www.openser.org/docs/openser-radius-1.0.x.html ? Did you set the 
> > user profile accordingly? Seems that the profile of the SIP user does 
> > not have the User-Password or Digest-HA1 attributes set.
> > 
> > http://www.openser.org/docs/openser-radius-1.0.x.html#freeradius_users
> > 
> > Cheers,
> > Daniel
> > 
> > 
> > 
> > On 07/13/06 12:14, Dubromez Matthieu wrote:
> > > Hi all
> > >
> > > I tried to authenticate the user with rlm_digest but the problem persits
> :
> > > configuration item "User-Password" or Digest-HA1 is required for
> > > authentication. Here is the log :
> > >
> > > rlm_ldap: checking if remote access for A208534 is allowed by uid
> > > rlm_ldap: looking for check items in directory...
> > > rlm_ldap: looking for reply items in directory...
> > > rlm_ldap: user A208534 authorized to use remote access
> > > rlm_ldap: ldap_release_conn: Release Id: 0
> > >   modcall[authorize]: module "ldap" returns ok for request 4
> > > modcall: leaving group authorize (returns ok) for request 4
> > >   rad_check_password:  Found Auth-Type Digest
> > > auth: type "digest"
> > >   Processing the authenticate section of radiusd.conf
> > > modcall: entering group authenticate for request 4
> > > rlm_digest: Configuration item "User-Password" or Digest-HA1 is required
> > for
> > > authentication.
> > >   modcall[authenticate]: module "digest" returns invalid for request 4
> > > modcall: leaving group authenticate (returns invalid) for request 4
> > > auth: Failed to validate the user.
> > >
> > > Nobody has already done an authentication with LDAP?
> > >
> > > I found an article about this, but with Astersik :
> > >
> > >
> >
>
http://www-rocq.inria.fr/who/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html#AEN237
> > >
> > > Is it a good solution? How to do it ;) !!
> > >
> > > Thanks for your help
> > >
> > > Matthieu
> > >
> > > Selon Daniel-Constantin Mierla <daniel at voice-system.ro>:
> > >
> > >   
> > >> Hello,
> > >>
> > >> in SIP you can have only digest authentication as per RFC 2617. 
> > >> Therefore you have to use rlm_digest to authenticate the user. How to 
> > >> make the module to pull the password from the LDAP I cannot say since I
> 
> > >> have no experience with.
> > >>
> > >> Maybe the next link will help you a bit as well.
> > >>
> > >> http://www.openser.org/docs/openser-radius-1.0.x.html
> > >>
> > >> Cheers,
> > >> Daniel
> > >>
> > >>
> > >> On 07/12/06 18:15, Dubromez Matthieu wrote:
> > >>     
> > >>> Hi all,
> > >>>
> > >>> I'm new in OpenSER and I try to authenticate users with my LDAP by a
> > >>>       
> > >> Radius
> > >>     
> > >>> server. My problem is that the attribute User-Password missed in the
> > >>>       
> > >> request I
> > >>     
> > >>> think. I searched a solution but nothing worked! Can someone help me
> > >>>       
> > >> please!
> > >>     
> > >>> Here is the log of radiusd :
> > >>>
> > >>> rlm_ldap: checking if remote access for A208534 is allowed by uid
> > >>> rlm_ldap: looking for check items in directory...
> > >>> rlm_ldap: looking for reply items in directory...
> > >>> rlm_ldap: user A208534 authorized to use remote access
> > >>> rlm_ldap: ldap_release_conn: Release Id: 0
> > >>>   modcall[authorize]: module "ldap" returns ok for request 4
> > >>> modcall: leaving group authorize (returns ok) for request 4
> > >>>   rad_check_password:  Found Auth-Type LDAP
> > >>> auth: type "LDAP"
> > >>>   Processing the authenticate section of radiusd.conf
> > >>> modcall: entering group LDAP for request 4
> > >>> rlm_ldap: - authenticate
> > >>> rlm_ldap: Attribute "User-Password" is required for authentication.
> > >>>   modcall[authenticate]: module "ldap" returns invalid for request 4
> > >>> modcall: leaving group LDAP (returns invalid) for request 4
> > >>> auth: Failed to validate the user.
> > >>>
> > >>>
> > >>> Thanks for help
> > >>>
> > >>> Matthieu
> > >>>
> > >>> PS : Sorry for my english!
> > >>>
> > >>> _______________________________________________
> > >>> Users mailing list
> > >>> Users at openser.org
> > >>> http://openser.org/cgi-bin/mailman/listinfo/users
> > >>>
> > >>>   
> > >>>       
> > >
> > >
> > >
> > >
> > >   
> > 
> 
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
> 







More information about the Users mailing list