[OpenSIPS-Users] Custom RADIUS authentication

Sebastien CRUAUX scruaux at halys.fr
Fri Jul 20 13:26:03 CEST 2012


Hi,

I was wondering if it was possible to perform RADIUS authentication 
(using custom AVPs) when the REGISTER request (with digest attributes) 
is received BUT without checking anything in the "subscriber" database 
(no user/password checking, only RADIUS server should tell us if we can 
register or not).

To sum up, here is the call flow I would like to get :
- Opensips receives 1st REGISTER from the user
- Opensips challenges the user with a 401 Unauthorized
- user sends a 2nd REGISTER with digest attributes
- Opensips sends an Access-Request with custom AVPs to my external 
RADIUS server (using the "radius_send_auth" function)
- RADIUS server answers Access-Accept (or Access-Reject) and Opensips 
sends 200 OK (or 403 Forbidden) to the user

I do not see how to do that in opensips.cfg since as far as I know, 
"www_challenge" is always associated to either "www_authorize" (which 
will perform a database check of username/password that I do not want) 
or "aaa_www_authorize" (which will send an Access-Request to my RADIUS 
server but without my custom AVPs).

Thank you !

Best regards,
Sebastien



More information about the Users mailing list