[OpenSIPS-Users] Custom RADIUS authentication
Sebastien CRUAUX
scruaux at halys.fr
Fri Jul 20 13:26:03 CEST 2012
Hi,
I was wondering if it was possible to perform RADIUS authentication
(using custom AVPs) when the REGISTER request (with digest attributes)
is received BUT without checking anything in the "subscriber" database
(no user/password checking, only RADIUS server should tell us if we can
register or not).
To sum up, here is the call flow I would like to get :
- Opensips receives 1st REGISTER from the user
- Opensips challenges the user with a 401 Unauthorized
- user sends a 2nd REGISTER with digest attributes
- Opensips sends an Access-Request with custom AVPs to my external
RADIUS server (using the "radius_send_auth" function)
- RADIUS server answers Access-Accept (or Access-Reject) and Opensips
sends 200 OK (or 403 Forbidden) to the user
I do not see how to do that in opensips.cfg since as far as I know,
"www_challenge" is always associated to either "www_authorize" (which
will perform a database check of username/password that I do not want)
or "aaa_www_authorize" (which will send an Access-Request to my RADIUS
server but without my custom AVPs).
Thank you !
Best regards,
Sebastien
More information about the Users
mailing list