[OpenSIPS-Users] Radius authentication issues/questions

Tiberiu Breana tiberiu.breana at gmail.com
Tue Jun 7 14:25:08 CEST 2011 

I made it work. I commented out radius_send_auth("set1","set2"). I also
activated digest authentication on the freeRADIUS server and now
authentication is working fine (with users defined as user at SIPServerAddress
).

I will now attempt to authenticate the non-register messages.


On 6 June 2011 19:34, Tiberiu Breana <tiberiu.breana at gmail.com> wrote:

> Hi!
>
> I'm trying to implement authentication via a freeRADIUS server. I have a
> couple of questions:
>
> 1) I managed to register my UA, but I see the Radius server processing 3 or
> more access-request messages (for REGISTER, SUBSCRIBE, PUBLISH, etc), and
> accepts them all. Is this normal?
>
> 2) Another issue is that the Radius server authenticates me with the
> 'default' entry in the users file, although I wrote my username and password
> in it (which I use in Ekiga to log in).
> How should the entries in the freeradius users file look like? Simple
> "name" or "name at SIPServerAddress"?
>
> 3) Another question I'd like to ask is regarding the authentication script.
>
> These are parts of my config:
> [...]
> modparam("aaa_radius", "sets", "set1 = (User-Name = $avp(i:85),
> Password=$avp(i:84))")
> modparam("aaa_radius", "sets", "set2 = (Session-Timeout = $var(time))")
> [...]
>
> if (is_method("REGISTER"))
>     {
>          #authenticate the REGISTER requests (uncomment to enable auth)
>
>         radius_send_auth("set1","set2");
>
>         if (!aaa_www_authorize(""))
>         {
>             www_challenge("", "1");
>             exit;
>         }
>
>         if (!db_check_to())
>         {
>             sl_send_reply("403","Forbidden auth ID");
>             exit;
>         }
>
>         if (!save("location"))
>             sl_reply_error();
>
>         exit;
>     }
>
> The non-REGISTER requests are not authenticated at the moment (commented
> out).
> Am I doing it right? Do I have to use both aaa_www_authorize("") AND
> radius_send_auth or only one? What's the difference?
>
> Any advice is welcome. Thanks for reading!
>
> Tiberiu
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20110607/97b42d15/attachment.htm>

More information about the Users mailing list