search

tim-donahue / bsdradius

Automatically exported from code.google.com/p/bsdradius
0 stars 1 forks source link

digest authentication with kamailio #5

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
I am trying to authenticate sip user using kamailio & bsdradius. I have 
configured and tested. it is working fine without digest auth & without 
password authentication. Kamailio & bsdRadius is working fine with User-Name 
authentication.

My Problem is related to password authentication bcz without password auth any 
buddy can register account. so please help me where i need to changes in 
bsdradius or kamailio config.

following is my kamailio digest auth log----

 6(28132) DEBUG: tm [t_lookup.c:1081]: DEBUG: t_check_msg: msg id=11 global id=10 T start=(nil)
 6(28132) DEBUG: tm [t_lookup.c:528]: t_lookup_request: start searching: hash=22642, isACK=0
 6(28132) DEBUG: tm [t_lookup.c:485]: DEBUG: RFC3261 transaction matching failed
 6(28132) DEBUG: tm [t_lookup.c:711]: DEBUG: t_lookup_request: no transaction found
 6(28132) DEBUG: tm [t_lookup.c:1150]: DEBUG: t_check_msg: msg id=11 global id=11 T end=(nil)
 6(28132) DEBUG: auth [api.c:95]: auth: digest-algo: MD5 parsed value: 1
 6(28132) ERROR: auth_radius [sterman.c:412]: authorization failed
 6(28132) DEBUG: auth [challenge.c:102]: build_challenge_hf: realm='176.249.2.66'
 6(28132) DEBUG: auth [challenge.c:113]: build_challenge_hf: qop='auth'
 6(28132) DEBUG: auth [challenge.c:236]: auth: 'WWW-Authenticate: Digest realm="176.249.2.66", nonce="Tb7Jg02+yFc7BB9YwpCzKexo3KWLdGP+", qop="auth"
'
 6(28132) DEBUG: auth [challenge.c:102]: build_challenge_hf: realm='176.249.2.66'
 6(28132) DEBUG: auth [challenge.c:113]: build_challenge_hf: qop='auth'
 6(28132) DEBUG: auth [challenge.c:236]: auth: 'WWW-Authenticate: Digest realm="176.249.2.66", nonce="Tb7Jg02+yFc7BB9YwpCzKexo3KWLdGP+", qop="auth"
'
 6(28132) DEBUG: sl [sl.c:278]: reply in stateless mode (sl)

bsdradius log...............

thread "Working thread 0" grabbed a packet for processing
--AuthPacket--------------------------------------------------
'NAS-IP-Address': '127.0.0.1'
'User-Name': '102@176.249.2.66'
'NAS-Port-Id': 5060
'Cisco-AVPair': 
'call-id=b552ba139c0a737aM2Y3NTFkMjE1YTQzOGEyMWU5MDZmMzkxZDFkZTEwNDY.'
'Digest-Attributes': '\n\x05102'
'Digest-Attributes': '\x01\x0e176.249.2.66'
'Digest-Attributes': '\x02"Tb7Jg02+yFc7BB9YwpCzKexo3KWLdGP+'
'Digest-Attributes': '\x04\x12sip:176.249.2.66'
'Digest-Attributes': '\x03\nREGISTER'
'Digest-Attributes': '\x05\x06auth'
'Digest-Attributes': '\t\n00000001'
'Digest-Attributes': '\x08\x12afffa5c7499e64e9'
'Request-Authenticator': '\xd1\xe2\xedMW\n\xaf\xbe"4\xe3\xcbn2\x81{'
'Service-Type': 'Sip-Session'
'Sip-Uri-User': '102'
'Client-IP-Address': '127.0.0.1'
'Acct-Session-Id': 
'b552ba139c0a737aM2Y3NTFkMjE1YTQzOGEyMWU5MDZmMzkxZDFkZTEwNDY.'
'Digest-Response': 'e2ee24e001a9abfb868d27d566daf5fc'

#########################################
### Authorization module "preprocess" ###
#########################################
--- Fixing VSA attributes ---
Fixing attribute: 'Cisco-AVPair'
  [New] 'call-id': 'b552ba139c0a737aM2Y3NTFkMjE1YTQzOGEyMWU5MDZmMzkxZDFkZTEwNDY.'
--- Module preprocess results ---
Status: OK
Check: {'Auth-Type': [None]}
Reply: {}
Return value: True
###################################
### Authorization module "chap" ###
###################################
No CHAP-Password found in request. Doing nothing.
--- Module chap results ---
Status: OK
Check: {'Auth-Type': [None]}
Reply: {}
Return value: True
#####################################
### Authorization module "digest" ###
#####################################
Setting Auth-Type to "digest"
--- Module digest results ---
Status: OK
Check: {'Auth-Type': ['digest']}
Reply: {}
Return value: True
##########################################
### Authorization module "dump_packet" ###
##########################################
Dumping packet to file:
/usr/var/log/radius/127.0.0.1/auth/radius.packet.20110502.dump
--- Module dump_packet results ---
Status: OK
Check: {'Auth-Type': ['digest']}
Reply: {}
Return value: True
###########################################
### Authorization module "dayalbilling" ###
###########################################
Received packet:
{'NAS-IP-Address': ['127.0.0.1'], 'User-Name': ['102@176.249.2.66'], 
'NAS-Port-Id': [5060], 'Cisco-AVPair': 
['call-id=b552ba139c0a737aM2Y3NTFkMjE1YTQzOGEyMWU5MDZmMzkxZDFkZTEwNDY.'], 
'Digest-Attributes': ['\n\x05102', '\x01\x0e176.249.2.66', 
'\x02"Tb7Jg02+yFc7BB9YwpCzKexo3KWLdGP+', '\x04\x12sip:176.249.2.66', 
'\x03\nREGISTER', '\x05\x06auth', '\t\n00000001', '\x08\x12afffa5c7499e64e9'], 
'Request-Authenticator': ['\xd1\xe2\xedMW\n\xaf\xbe"4\xe3\xcbn2\x81{'], 
'Service-Type': ['Sip-Session'], 'Sip-Uri-User': ['102'], 'Client-IP-Address': 
['127.0.0.1'], 'Acct-Session-Id': 
['b552ba139c0a737aM2Y3NTFkMjE1YTQzOGEyMWU5MDZmMzkxZDFkZTEwNDY.'], 'call-id': 
['b552ba139c0a737aM2Y3NTFkMjE1YTQzOGEyMWU5MDZmMzkxZDFkZTEwNDY.'], 
'Digest-Response': ['e2ee24e001a9abfb868d27d566daf5fc']}
db>> Using connection handler "dayalbilling"
db>> QUERY:

select id,username from account where usernale= 102

db>> (2L, '5822495865')

db>> Using connection handler "samplebill"
db>> QUERY: "select * from accounts";

Account found
Looking for username and password
Received packet:
{'NAS-IP-Address': ['127.0.0.1'], 'User-Name': ['102@176.249.2.66'], 
'NAS-Port-Id': [5060], 'Cisco-AVPair': 
['call-id=b552ba139c0a737aM2Y3NTFkMjE1YTQzOGEyMWU5MDZmMzkxZDFkZTEwNDY.'], 
'Digest-Attributes': ['\n\x05102', '\x01\x0e176.249.2.66', 
'\x02"Tb7Jg02+yFc7BB9YwpCzKexo3KWLdGP+', '\x04\x12sip:176.249.2.66', 
'\x03\nREGISTER', '\x05\x06auth', '\t\n00000001', '\x08\x12afffa5c7499e64e9'], 
'Request-Authenticator': ['\xd1\xe2\xedMW\n\xaf\xbe"4\xe3\xcbn2\x81{'], 
'Service-Type': ['Sip-Session'], 'Sip-Uri-User': ['102'], 'Client-IP-Address': 
['127.0.0.1'], 'Acct-Session-Id': 
['b552ba139c0a737aM2Y3NTFkMjE1YTQzOGEyMWU5MDZmMzkxZDFkZTEwNDY.'], 'call-id': 
['b552ba139c0a737aM2Y3NTFkMjE1YTQzOGEyMWU5MDZmMzkxZDFkZTEwNDY.'], 
'Digest-Response': ['e2ee24e001a9abfb868d27d566daf5fc']}
Check data---------------------------------------------------------
{'Auth-Type': ['digest']}
Reply data ---------------------------------------------------------
{}
This is Registration Request Message ---------------------------------
--- Module dayalbilling results ---
Status: OK
Check: {'User-Password': '10212', 'Auth-Type': ['digest'], 'User-Name': '102'}
Reply: {'h323-credit-amount': '9.98', 'h323-return-code': 'h323-return-code=0', 
'h323-billing-model': 'h323-billing-model=1'}
Return value: True
######################################
### Authentication module "digest" ###
######################################
Performing Digest authentication
Password "e2ee24e001a9abfb868d27d566daf5fc" for user "['\n\x05102', 
'\x01\x0e176.249.2.66', '\x02"Tb7Jg02+yFc7BB9YwpCzKexo3KWLdGP+', 
'\x04\x12sip:176.249.2.66', '\x03\nREGISTER', '\x05\x06auth', '\t\n00000001', 
'\x08\x12afffa5c7499e64e9']" not valid
Password "10212" for user "102" not valid
--- Module digest results ---
Status: REJECTED
Check: {'User-Password': ['10212'], 'Auth-Type': ['digest'], 'User-Name': 
['102']}
Reply: {'h323-credit-amount': ['9.98'], 'h323-return-code': 
['h323-return-code=0'], 'h323-billing-model': ['h323-billing-model=1']}
Return value: False
===

Authentication phase failed
Sending Authorization REJECT to localhost (127.0.0.1)
--AuthPacket--------------------------------------------------
'h323-credit-amount': '9.98'
'h323-billing-model': 'h323-billing-model=1'
'h323-return-code': 'h323-return-code=0'

==============================================================

Please help me

Anand

Original issue reported on code.google.com by kanan...@gmail.com on 2 May 2011 at 11:29