<div dir="ltr">What did you mean, when you ask for 'backend'?<div>If you meant an storage, so it's not a .txt users file, I'm using db - radcheck table.</div><div><br></div><div>So guys, the I've solved the problem.</div><div>It wasn't consisted of kamailio functions or radius configuration.</div><div><br></div><div>So you're free to use: www_challenge("$fd", "1"), until up radius_www_authorize("$fd","$fU") comes up.</div><div>Qop parameter does what he does and changes nothing within radius authentication process.</div><div><br></div><div><br></div><div>My problem was about username column in radcheck table.</div><div>It's not enough to insert an username, you ought to use full URI, like: username@my.proxy.domain</div><div>Also don't forget about attributes of the row that belongs to a certain user agent.</div><div><br></div><div>So my part of table for one of users looks like that:</div><div>;-------------------------------------------------------------------------------------------------------------------;</div><div>;---id---;---username-------;------attribute---------;------op-------;----------value---------------------;</div><div>;-------------------------------------------------------------------------------------------------------------------;</div><div>;__1__;__ua@dom.com_;__User-Password_;___==_____;_____hereuapassowrd____;</div><div>;__2__;__ua@dom.com_;__Auth-Type_____;___:=______;_____Digest____________;</div><div>;__....</div><div><br></div><div>Actually, I don't know why, but there is just a few articles all over the net, that describes a bit the functionality and processing with auth_radius module.</div><div>I hope my case will be useful for others, who uses kamailio + radius/db</div><div><br></div><div>But I have a problem how to request AVPs for a certain user from RADIUS, I found some solutions with SIP-AVP attribute, but still haven't done it.</div><div>Now I have to databases, one for Kamailio (that contains users AVPs, that Kamailio gets by avp_db_query) and second for users credentials (that are used while authorization on INVITE, REGISTER requests).</div><div><br></div><div>And as for the future, I have a goal to store passwords in ha1, haven't started to discover this.</div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2017-05-18 17:11 GMT+03:00 Donat Zenichev <span dir="ltr"><<a href="mailto:donat.zenichev@gmail.com" target="_blank">donat.zenichev@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi all.<div>Have a problem with radius authorization.</div><div><br></div><div>I'm using auth_radius.so</div><div><br></div><div>modparams, only path to client file:</div><div>modparam("auth_radius", "radius_config", "/etc/radiusclient/<wbr>radiusclient.conf")<br></div><div><br></div><div>Freeradius installed and is working properly, radtest authentication from kamailio host succeed .</div><div><br></div><div>How authorization block looks like:</div><div><br></div><div><div><span class="m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>if (!is_present_hf("<wbr>Authorization")) {</div><div><span class="m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>xlog("L_NOTICE", "----- Athorization HF is not found - passing the challenge -----\n");</div><div><br></div><div><span class="m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>if (nat_uac_test("2")) {</div><div><span class="m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>force_rport();</div><div><span class="m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>}</div><div><br></div><div><span class="m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>www_challenge("$fd", "1");</div><div><span class="m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>exit;</div></div><div><br></div><div><br></div><div><div><span class="m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>if (!radius_www_authorize("$fd","<wbr>$fU")) {</div><div><br></div><div><span class="m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>if (nat_uac_test("2")) {</div><div><span class="m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>force_rport();</div><div><span class="m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>}</div><div><span class="m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>xlog("L_NOTICE", "----- Registeration $au@$ar ($fU) from $si:$sp Rejected. Code: $rc -----\n");</div><div><br></div><div><span class="m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>sl_send_reply("401","<wbr>Unauthorized");</div><div><span class="m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>exit;</div></div><div><br></div><div>Radius log is filled by rows like:</div><div>Auth: [digest] Cleartext-Password or Digest-HA1 is required for authentication.<br></div><div><br></div><div>Tried to use radius_www_authorize without $fU - didn't change anything.</div><div>Tried to use www_challenge without qop - didn't change anything.<br></div><div><br></div><div>So, this solution is quite simple, but I have a fail while digest authentication.</div><div>Any ideas? </div><span class="HOEnZb"><font color="#888888"><div><br clear="all"><div><br></div>-- <br><div class="m_-8491949050999333774gmail_signature"><div dir="ltr"><span>-- <br></span>BR, Donat Zenichev
<br>Wnet VoIP team
<br>Tel: +380(44) 5-900-808
<br><a href="http://wnet.ua" target="_blank">http://wnet.ua</a></div></div>
</div></font></span></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><span>-- <br></span>BR, Donat Zenichev
<br>Wnet VoIP team
<br>Tel: +380(44) 5-900-808
<br><a href="http://wnet.ua" target="_blank">http://wnet.ua</a></div></div>
</div>