[OpenSIPS-Users] Digest Auth with LDAP/RADIUS
Bogdan-Andrei Iancu
bogdan at opensips.org
Thu Jan 7 16:35:16 EST 2021
Hi Michael,
What you can do is to grab some online digest auth calculator and to
doublecheck the auth responses on each side (opensips and radius)
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
OpenSIPS Bootcamp 2020 online
https://opensips.org/training/OpenSIPS_eBootcamp_2020/
On 1/6/21 6:56 PM, bobsy via Users wrote:
> Hello everyone,
>
> I’m attempting to use digest auth on Freeradius with LDAP and plaintext userPassword’s.
>
> When the radius server goes to auth the digest hashes don’t match up.
>
> authenticate {
> (17) digest: A1 = bobsy:opensips.vale.ski:password
> (17) digest: A2 = REGISTER:sip:opensips.vale.ski
> H(A1) = 0342aafbaea975d9fde3c46f3f093993
> H(A2) = b0605d01a41aac18c7f1a84c8ca1c4f5
> (17) digest: KD = 0342aafbaea975d9fde3c46f3f093993:5ff5eaca000015917970591b0edf7c7c6bbd13698c0dd5e6:b0605d01a41aac18c7f1a84c8ca1c4f5
> EXPECTED a8d6639edfd61ac7b1bb247f7832b8e5
> RECEIVED a817470a4e1612532d167bed0354a88b
> (17) digest: FAILED authentication
> (17) [digest] = reject
> (17) } # authenticate = reject
> (17) Failed to authenticate the user
>
> I have calculate_ha1 set to 1.
>
> Any insight would be great.
>
> And after this is resolved maybe someone can help me find out why the Kerberos module looks for “User-Password”. I believe it should be looking for “Cleartext-Password” and that’s why Kerberos won’t work for me.
>
> Regards,
>
> Michael Vale.
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
More information about the Users
mailing list