[Users] what algorithm does radiusclient-ng+openser use?(md5 or)

Jason Ma realmj at gmail.com
Wed May 30 20:59:11 CEST 2007


Here is the log on my openser.What is the problem?occured on openser or AAA
server?Thanks a lot.
~~~~~~~~~~~~~~~~~~~~

May 30 09:32:15 openser openser[9161]:   [  Method REGISTER from 9.2.243.87
] REGISTER sip:192.168.1.42 SIP/2.0^M Via: SIP/2.0/UDP
9.2.243.87:62670;branch=z9hG4bK-d87543-6e521f158010ff19-1--d87543-;rport^M
Max-Forwards: 70^M Contact:
<sip:21210001 at 9.2.243.87:62670;rinstance=b18b56e9bba1df1e>^M
To: <sip:21210001 at 192.168.1.42>^M From:
<sip:21210001 at 192.168.1.42>;tag=7e7ed574^M
Call-ID: MTJmNmY4MjJlZjdkMzk3ZmMzOWU3MmIyOTg5NTk0ZGM.^M CSeq: 2 REGISTER^M
Expires: 3600^M Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY,
MESSAGE, SUBSCRIBE, INFO^M User-Agent: X-Lite release 1006e stamp 34025^M
Authorization: Digest username="21210001",realm="192.168.1.42
",nonce="465d7e0bc14d2273090b3951280b59a4d2d358dd",uri="sip:192.168.1.42",response="d1d410d0448405e10eb669bd665b2a2d",algorithm=MD5^M
Content-Length: 0^M ^M [  End of Request  ]
May 30 09:32:15 openser openser[9161]: parse_headers: flags=100
May 30 09:32:15 openser openser[9161]: DEBUG:maxfwd:is_maxfwd_present: value
= 70
May 30 09:32:15 openser openser[9161]: parse_headers: flags=200
May 30 09:32:15 openser openser[9161]: DEBUG:parse_to:end of header reached,
state=10
May 30 09:32:15 openser openser[9161]: DBUG:parse_to: display={}, ruri={
sip:21210001 at 192.168.1.42}
May 30 09:32:15 openser openser[9161]: DEBUG: get_hdr_field: <To> [26];
uri=[sip:21210001 at 192.168.1.42]
May 30 09:32:15 openser openser[9161]: DEBUG: to body [<
sip:21210001 at 192.168.1.42>^M ]
May 30 09:32:15 openser openser[9161]: get_hdr_field: cseq <CSeq>: <2>
<REGISTER>
May 30 09:32:15 openser openser[9161]: DEBUG: get_hdr_body :
content_length=0
May 30 09:32:15 openser openser[9161]: found end of header
May 30 09:32:15 openser openser[9161]: find_first_route: No Route headers
found
May 30 09:32:15 openser openser[9161]: loose_route: There is no Route HF
May 30 09:32:15 openser openser[9161]: parse_headers: flags=ffffffffffffffff
May 30 09:32:15 openser openser[9161]: check_via_address(9.2.243.87,
9.2.243.87, 0)
May 30 09:32:15 openser openser[9161]: check_nonce(): comparing
[465d7e0bc14d2273090b3951280b59a4d2d358dd] and
[465d7e0bc14d2273090b3951280b59a4d2d358dd]
May 30 09:32:15 openser openser[9161]:
ERROR:auth_radius:radius_authorize_sterman: rc_auth failed
May 30 09:32:15 openser openser[9161]: DEBUG: add_param: tag=7e7ed574
May 30 09:32:15 openser openser[9161]: DEBUG:parse_to:end of header reached,
state=29
May 30 09:32:15 openser openser[9161]: DBUG:parse_to: display={}, ruri={
sip:21210001 at 192.168.1.42}
May 30 09:32:15 openser openser[9161]: Register authentication failed -
M=REGISTER RURI=sip:192.168.1.42 F=sip:21210001 at 192.168.1.42 T=
sip:21210001 at 192.168.1.42
IP=9.2.243.87ID=MTJmNmY4MjJlZjdkMzk3ZmMzOWU3MmIyOTg5NTk0ZGM.
May 30 09:32:15 openser openser[9161]: build_auth_hf(): 'WWW-Authenticate:
Digest realm="192.168.1.42",
nonce="465d7e0bc14d2273090b3951280b59a4d2d358dd"
May 30 09:32:15 openser openser[9161]: parse_headers: flags=ffffffffffffffff
May 30 09:32:15 openser openser[9161]: check_via_address(9.2.243.87,
9.2.243.87, 0)
May 30 09:32:15 openser openser[9161]: DEBUG:destroy_avp_list: destroying
list (nil)
May 30 09:32:15 openser openser[9161]: receive_msg: cleaning up
"/var/log/openser.log" 81830L,
7470638C
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

On 5/30/07, Jason Ma <realmj at gmail.com> wrote:
>
> Hi Daniel,
> Thanks for your reply,a quick question,how can I trace or check whether my
> radiusclient-ng sent the right information and algorithm to AAA server?Is
> the information below in the log conrrect for radius server to parse?Thanks
> a lot.
>
> On 5/30/07, Daniel-Constantin Mierla < daniel at voice-system.ro> wrote:
> >
> > Hello,
> >
> > the algorithm for authentication is www digest (or http digest --
> > rfc2617). The password has to be stored either plain text or HA1 format
> > (see the rfc for how to get the HA1). This auth algorithm uses md5 to
> > compute the response and decide whether auth was successful or not.
> >
> > Cheers,
> > Daniel
> >
> > On 05/30/07 17:15, Jason Ma wrote:
> > > Hi All,
> > > I'm configuring radius support on openser using
> > > radiusclient-ng-0.5.5.1.tar.gz,and the radius server is Lucent AAA
> > > server,everytime openser sent the request to AAA server,the AAA server
> >
> > > could not parse the request,the logs on AAA server is as below.I
> > > noticed that the the server said it was "Unsupported algorithm",and
> > > the algorithm was null,I'm wandering what kind of algorithm does
> > > radiusclient-ng use?MD5 or HA1......... Please help ! Thanks in
> > advance.
> > >
> > > ~~~~~~~~~~~~~~~~~~~~~~~
> > > 2007/05/29 16:51:45.685 <engine.item.setup> Initializing Radius Item:
> > > 192.168.1.42:33345 ->0.0.0.0:1812(77)
> > >      0  <engine.item.setup> Using dictionary: draft-sterman-aaa-sip-01
> > >      0  <engine.item.setup> Request decode:
> > >         User-Name = " 21230001 at 192.168.1.42 <mailto:
> > 21230001 at 192.168.1.42>"
> > >         Digest-Attributes =
> > >             User-Name = "21230001"
> > >         Digest-Attributes =
> > >             Realm = "192.168.1.42 <http://192.168.1.42>"
> > >         Digest-Attributes =
> > >             Nonce = "465c49b766fa11f4a9db29977bf16857d3372780"
> > >         Digest-Attributes =
> > >             URI = "sip:192.168.1.42 <http://192.168.1.42>"
> > >         Digest-Attributes =
> > >             Method = "REGISTER"
> > >         Digest-Response = "689a0f89cd73751f61b12d04f585a224"
> > >         Service-Type = IAPP-Register
> > >         Anonymous = v0-a208-3231323330303031
> > >         NAS-Port = 5060
> > >         NAS-IP-Address = 192.168.1.42 <http://192.168.1.42>
> > >
> > >      0  <engine.item.setup > User-Name parsed: Base-User-Name =
> > > "21230001", User-Realm = "192.168.1.42 <http://192.168.1.42>"
> > >      0  <engine.item.setup> Item setup complete
> > >      0  <engine.worker.1 >  <setup> ==> ReadUserFile.auth:readUserFile
> > >      0  <plugin.ReadUserFile.auth:readUserFile> searchValue =
> > > ' 21230001 at 192.168.1.42 <mailto:21230001 at 192.168.1.42>'.
> > >      0  <plugin.ReadUserFile.auth:readUserFile > Found entry:
> > > 21230001 at 192.168.1.42 <mailto:21230001 at 192.168.1.42>
> > >      0  <plugin.ReadUserFile.auth:readUserFile> Check items for found
> > > entry:
> > >         User-Password = <hidden>
> > >         Auth-Type = Local
> > >
> > >      0  <plugin.ReadUserFile.auth:readUserFile> Reply items for found
> > > entry:
> > >
> > >      0  <plugin.ReadUserFile.auth:readUserFile> SUCCESS -- Read User
> > > 21230001 at 192.168.1.42 <mailto:21230001 at 192.168.1.42>
> > >      0  <engine.worker.1> ReadUserFile.auth:readUserFile ==>
> > > AuthHttpDigest.auth:checkDigest by SUCCESS -- Read User
> > > 21230001 at 192.168.1.42 <mailto:21230001 at 192.168.1.42>
> > >      0  <plugin.AuthHttpDigest.auth:checkDigest > response =
> > > 689a0f89cd73751f61b12d04f585a224
> > >      0  <plugin.AuthHttpDigest.auth:checkDigest> realm = 192.168.1.42
> > > <http://192.168.1.42>
> > >      0  <plugin.AuthHttpDigest.auth:checkDigest> nonce =
> > > 465c49b766fa11f4a9db29977bf16857d3372780
> > >      0  <plugin.AuthHttpDigest.auth:checkDigest > method = REGISTER
> > >      0  <plugin.AuthHttpDigest.auth:checkDigest> uri =
> > > sip:192.168.1.42 <http://192.168.1.42>
> > >      0  < plugin.AuthHttpDigest.auth:checkDigest > qop =
> > >      0  <plugin.AuthHttpDigest.auth:checkDigest> algorithm =
> > >      0  <plugin.AuthHttpDigest.auth:checkDigest> entityBodyHash =
> > >      0  < plugin.AuthHttpDigest.auth:checkDigest> cNonce =
> > >      0  <plugin.AuthHttpDigest.auth:checkDigest> nonceCount =
> > >      0  <plugin.AuthHttpDigest.auth:checkDigest> username = 21230001
> > >      0  < plugin.AuthHttpDigest.auth:checkDigest> ERROR -- Error
> > > generating HTTP digest: java.io.IOException: Unsupported algorithm: :
> > > java.io.IOException: Unsupported algorithm:
> > >      1  <engine.worker.1 > AuthHttpDigest.auth:checkDigest ==>
> > > End-Of-Methods by ERROR -- Error generating HTTP digest:
> > > java.io.IOException: Unsupported algorithm:
> > >      1  <engine.worker.1> 21230001 at 192.168.1.42
> > > <mailto:21230001 at 192.168.1.42> login discarded due to Error generating
> > > HTTP digest: java.io.IOException: Unsupported algorithm:
> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > >
> > ------------------------------------------------------------------------
> > >
> > > _______________________________________________
> > > Users mailing list
> > > Users at openser.org
> > > http://openser.org/cgi-bin/mailman/listinfo/users
> > >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kamailio.org/pipermail/users/attachments/20070530/d3038dbc/attachment.htm 


More information about the Users mailing list