I made it work. I commented out radius_send_auth("set1","set2"). I also activated digest authentication on the freeRADIUS server and now authentication is working fine (with users defined as user@SIPServerAddress).<br>
<br>I will now attempt to authenticate the non-register messages.<br><br><br><div class="gmail_quote">On 6 June 2011 19:34, Tiberiu Breana <span dir="ltr"><<a href="mailto:tiberiu.breana@gmail.com">tiberiu.breana@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi!<br><br>I'm trying to implement authentication via a freeRADIUS server. I have a couple of questions:<br>
<br>1) I managed to register my UA, but I see the Radius server processing 3 or more access-request messages (for REGISTER, SUBSCRIBE, PUBLISH, etc), and accepts them all. Is this normal?<br>
<br>2) Another issue is that the Radius server authenticates me with the 'default' entry in the users file, although I wrote my username and password in it (which I use in Ekiga to log in).<br>How should the entries in the freeradius users file look like? Simple "name" or "name@SIPServerAddress"?<br>
<br>3) Another question I'd like to ask is regarding the authentication script. <br>These are parts of my config:<br>[...]<br>modparam("aaa_radius", "sets", "set1 = (User-Name = $avp(i:85), Password=$avp(i:84))")<br>
modparam("aaa_radius", "sets", "set2 = (Session-Timeout = $var(time))")<br>[...]<br><br>if (is_method("REGISTER"))<br> {<br> #authenticate the REGISTER requests (uncomment to enable auth)<br>
<br> radius_send_auth("set1","set2");<br><br> if (!aaa_www_authorize(""))<br> {<br> www_challenge("", "1");<br> exit;<br> }<br>
<br> if (!db_check_to()) <br> {<br> sl_send_reply("403","Forbidden auth ID");<br> exit;<br> }<br><br> if (!save("location"))<br> sl_reply_error();<br>
<br> exit;<br> }<br><br>The non-REGISTER requests are not authenticated at the moment (commented out).<br>Am I doing it right? Do I have to use both aaa_www_authorize("") AND radius_send_auth or only one? What's the difference?<br>
<br>Any advice is welcome. Thanks for reading!<br><font color="#888888"><br>Tiberiu<br>
</font></blockquote></div><br>