[OpenSIPS-Users] Radius auth / opensips last version : not working anymore ?
Samuel Muller
sml at l33.fr
Wed Oct 30 15:25:04 CET 2013
Hello,
I'm trying actually to update OpenSips to the v.1.10-tls, and now
radius auth is not working anymore : radius server is rejecting the
request.
"Auth: [digest] Cleartext-Password or Digest-HA1 is required for
authentication."
environment : new registrar server in a dev environment.
1/ configs are exactly the same (strict copy of everything) - except
necessary changes from opensips 1.8.1 to opensips 1.10 (alphanumerical
flags, and so on)
2/ the os is a new one : updated squeeze to wheezy (so several libs
are updated, like openssl, ...)
3/ libradiusclient-ng is the same version (0.5.6-1.1), dics are identical
4/ the auth is made against the same freeradius server used in the
production (so, same sip accounts, etc ... in the back-end)
==> Radius server logs : <==
Wed Oct 30 13:51:43 2013
Packet-Type = Access-Request
User-Name = "10133 at anydomain.com"
Digest-Attributes = "\n\00710133"
Digest-Attributes = "\001\025anydomain.com"
Digest-Attributes = "\002252710f0c0000000380e712a81e132fb9fb25b6e7079a90ea"
Digest-Attributes = "\004\031sip:anydomain.com"
Digest-Attributes = "\003\nREGISTER"
Digest-Attributes = "\005\006auth"
Digest-Attributes = "\t\n00000001"
Digest-Attributes = "\010\n718b1c07"
Digest-Response = "9c080c96ce9f553af167d96b9045605f"
Service-Type = Sip-Session
Sip-URI-User = "10133"
Acct-Session-Id = "e3d46f526b7a-zfy2ru5j4wxb"
Cisco-AVPair = "call-id=e3d46f526b7a-zfy2ru5j4wxb"
NAS-Port-Id = 5060
NAS-IP-Address = 10.10.10.100
Wed Oct 30 13:51:43 2013 : Auth: [digest] Cleartext-Password or
Digest-HA1 is required for authentication.
Wed Oct 30 13:51:43 2013 : Auth: Login incorrect:
[10133 at anydomain.com/<via Auth-Type = DIGEST>] (from client
registrar.anydomain.com port 5060)
==> Opensips debug logs <==
REGISTER sip:anydomain.com SIP/2.0
Via: SIP/2.0/UDP
10.0.0.10:5060;branch=z9hG4bK42a7.81e32d7403fde0265a279f6f1af9f223.0
v: SIP/2.0/UDP 192.168.1.61:3072;received=172.21.8.126;branch=z9hG4bK-pg3sz33w7irx;rport=19779
f: "Red is Dead" <sip:10133 at anydomain.com>;tag=0vc6kaq7q7
t: "Red is Dead" <sip:10133 at anydomain.com>
i: e3d46f526b7a-zfy2ru5j4wxb
CSeq: 812 REGISTER
Max-Forwards: 32
m: <sip:10133 at 192.168.1.61:3072>;reg-id=1;q=1.0
User-Agent: snom821/8.7.3.19
Allow-Events: dialog
X-Real-IP: 192.168.1.61
Supported: path
Authorization: Digest
username="10133",realm="anydomain.com",nonce="52710e8300000000bf18b8ca585d8021ac4de4bf5c6c5111",uri="sip:anydomain.com",qop=auth,nc=00000001,cnonce="19ec9410",response="89bf7e58d81541ea6d3d4cf643d7d0e1",algorithm=MD5
Expires: 360
l: 0
P-Visited-Network-ID: 5411
Path: <sip:10.0.0.10;lr;received=sip:172.21.8.126:19779>
Oct 30 13:49:25 registrar opensips[17021]: DBG:auth:check_nonce:
comparing [52710e8300000000bf18b8ca585d8021ac4de4bf5c6c5111] and
[52710e8300000000bf18b8ca585d8021ac4de4bf5c6c5111]
Oct 30 13:49:26 registrar opensips[17021]:
DBG:aaa_radius:rad_send_message: rc_auth function succeded with result
REJECT_RC
Oct 30 13:49:26 registrar opensips[17021]:
ERROR:auth_aaa:aaa_authorize_sterman: authorization failed
Oct 30 13:49:26 registrar opensips[17021]:
DBG:auth:reserve_nonce_index: second= 0, sec_monit= -1, index= 1
Oct 30 13:49:26 registrar opensips[17021]: DBG:auth:build_auth_hf:
nonce index= 1
Oct 30 13:49:26 registrar opensips[17021]: DBG:auth:build_auth_hf:
'WWW-Authenticate: Digest realm="anydomain.com",
nonce="52710e840000000161b61dea385526f8bf7ca0e47041e8c6", qop="auth"
If anyone has any idea, thanks a lot !
Samuel MULLER
More information about the Users
mailing list