[OpenSIPS-Users] Radius authentication issues/questions
Tiberiu Breana
tiberiu.breana at gmail.com
Mon Jun 6 18:34:11 CEST 2011
Hi!
I'm trying to implement authentication via a freeRADIUS server. I have a
couple of questions:
1) I managed to register my UA, but I see the Radius server processing 3 or
more access-request messages (for REGISTER, SUBSCRIBE, PUBLISH, etc), and
accepts them all. Is this normal?
2) Another issue is that the Radius server authenticates me with the
'default' entry in the users file, although I wrote my username and password
in it (which I use in Ekiga to log in).
How should the entries in the freeradius users file look like? Simple "name"
or "name at SIPServerAddress"?
3) Another question I'd like to ask is regarding the authentication script.
These are parts of my config:
[...]
modparam("aaa_radius", "sets", "set1 = (User-Name = $avp(i:85),
Password=$avp(i:84))")
modparam("aaa_radius", "sets", "set2 = (Session-Timeout = $var(time))")
[...]
if (is_method("REGISTER"))
{
#authenticate the REGISTER requests (uncomment to enable auth)
radius_send_auth("set1","set2");
if (!aaa_www_authorize(""))
{
www_challenge("", "1");
exit;
}
if (!db_check_to())
{
sl_send_reply("403","Forbidden auth ID");
exit;
}
if (!save("location"))
sl_reply_error();
exit;
}
The non-REGISTER requests are not authenticated at the moment (commented
out).
Am I doing it right? Do I have to use both aaa_www_authorize("") AND
radius_send_auth or only one? What's the difference?
Any advice is welcome. Thanks for reading!
Tiberiu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20110606/68904708/attachment-0001.htm>
More information about the Users
mailing list