[OpenSIPS-Users] Digest Auth with LDAP/RADIUS

[bobsy]

Thanks Bogdan that useful to know.   Turns out I just typed the password in wrong!

> On 8 Jan 2021, at 3:35 am, Bogdan-Andrei Iancu <bogdan at opensips.org> wrote:
> 
> Hi Michael,
> 
> What you can do is to grab some online digest auth calculator and to doublecheck the auth responses on each side (opensips and radius)
> 
> Regards,
> 
> Bogdan-Andrei Iancu
> 
> OpenSIPS Founder and Developer
>  https://www.opensips-solutions.com
> OpenSIPS Bootcamp 2020 online
>  https://opensips.org/training/OpenSIPS_eBootcamp_2020/
> 
> On 1/6/21 6:56 PM, bobsy via Users wrote:
>> Hello everyone,
>> 
>> I’m attempting to use digest auth on Freeradius with LDAP and plaintext userPassword’s.
>> 
>> When the radius server goes to auth the digest hashes don’t match up.
>> 
>>   authenticate {
>> (17) digest: A1 = bobsy:opensips.vale.ski:password
>> (17) digest: A2 = REGISTER:sip:opensips.vale.ski
>> H(A1) = 0342aafbaea975d9fde3c46f3f093993
>> H(A2) = b0605d01a41aac18c7f1a84c8ca1c4f5
>> (17) digest: KD = 0342aafbaea975d9fde3c46f3f093993:5ff5eaca000015917970591b0edf7c7c6bbd13698c0dd5e6:b0605d01a41aac18c7f1a84c8ca1c4f5
>> EXPECTED a8d6639edfd61ac7b1bb247f7832b8e5
>> RECEIVED a817470a4e1612532d167bed0354a88b
>> (17) digest: FAILED authentication
>> (17)     [digest] = reject
>> (17)   } # authenticate = reject
>> (17) Failed to authenticate the user
>> 
>> I have calculate_ha1 set to 1.
>> 
>> Any insight would be great.
>> 
>> And after this is resolved maybe someone can help me find out why the Kerberos module looks for “User-Password”.  I believe it should be looking for “Cleartext-Password” and that’s why Kerberos won’t work for me.
>> 
>> Regards,
>> 
>> Michael Vale.
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>