<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hello,<br>
</p>
<br>
<div class="moz-cite-prefix">On 22.05.17 16:56, Donat Zenichev
wrote:<br>
</div>
<blockquote
cite="mid:CANLwQCnTPJA3HEWMVTPHFq9y+TJGXc0JnZo7SdP2jSpXq9EmkA@mail.gmail.com"
type="cite">
<div dir="ltr">Well, actually I can try.
<div>What will be the main goal of this edition?</div>
</div>
</blockquote>
to get it updated for latest kamailio stable version, 5.0.x.<br>
<blockquote
cite="mid:CANLwQCnTPJA3HEWMVTPHFq9y+TJGXc0JnZo7SdP2jSpXq9EmkA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Now I'm trying to find all features (about Radius) that
have any influence on authentication process.</div>
<div>And one more question, is it possible to discuss the
refurbish actions of the article not at sr-list, but in
personal mailing?</div>
</div>
</blockquote>
<br>
Discussions on mailing list is better. I don't use RADIUS anymore,
for many years, so I can't really help much on private.<br>
<br>
Moreover, my inbox is not checked very often, it's a lot of
unsolicited mail there. I rarely respond to emails there, unless I
ask explicitly for some sensitive details and then have a filter on
catching such messages. I check always the folders for mailing lists
when I have a bit of time, when it's nothing do respond on mailing
list, nothing to fix from bug tracker or nothing else to spend time
on it, then I may get on the inbox -- in other words, it's very
unlikely, that's why I send from time to time reminders here that
writing private messages regarding kamailio have little chance to be
answered - mailing lists are way better.<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<blockquote
cite="mid:CANLwQCnTPJA3HEWMVTPHFq9y+TJGXc0JnZo7SdP2jSpXq9EmkA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2017-05-22 9:56 GMT+03:00 Donat
Zenichev <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:donat.zenichev@gmail.com" target="_blank">donat.zenichev@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">What did you mean, when you ask for
'backend'?
<div>If you meant an storage, so it's not a .txt users
file, I'm using db - radcheck table.</div>
<div><br>
</div>
<div>So guys, the I've solved the problem.</div>
<div>It wasn't consisted of kamailio functions or radius
configuration.</div>
<div><br>
</div>
<div>So you're free to use: www_challenge("$fd", "1"),
until up radius_www_authorize("$fd",<wbr>"$fU") comes
up.</div>
<div>Qop parameter does what he does and changes nothing
within radius authentication process.</div>
<div><br>
</div>
<div><br>
</div>
<div>My problem was about username column in radcheck
table.</div>
<div>It's not enough to insert an username, you ought to
use full URI, like: <a class="moz-txt-link-abbreviated" href="mailto:username@my.proxy.domain">username@my.proxy.domain</a></div>
<div>Also don't forget about attributes of the row that
belongs to a certain user agent.</div>
<div><br>
</div>
<div>So my part of table for one of users looks like that:</div>
<div>;-----------------------------<wbr>------------------------------<wbr>------------------------------<wbr>--------------------------;</div>
<div>;---id---;---username-------;-<wbr>-----attribute---------;------<wbr>op-------;----------value-----<wbr>----------------;</div>
<div>;-----------------------------<wbr>------------------------------<wbr>------------------------------<wbr>--------------------------;</div>
<div>;__1__;__ua@dom.com_;__User-<wbr>Password_;___==_____;_____<wbr>hereuapassowrd____;</div>
<div>;__2__;__ua@dom.com_;__Auth-<wbr>Type_____;___:=______;_____<wbr>Digest____________;</div>
<div>;__....</div>
<div><br>
</div>
<div>Actually, I don't know why, but there is just a few
articles all over the net, that describes a bit the
functionality and processing with auth_radius module.</div>
<div>I hope my case will be useful for others, who uses
kamailio + radius/db</div>
<div><br>
</div>
<div>But I have a problem how to request AVPs for a
certain user from RADIUS, I found some solutions with
SIP-AVP attribute, but still haven't done it.</div>
<div>Now I have to databases, one for Kamailio (that
contains users AVPs, that Kamailio gets by avp_db_query)
and second for users credentials (that are used while
authorization on INVITE, REGISTER requests).</div>
<div><br>
</div>
<div>And as for the future, I have a goal to store
passwords in ha1, haven't started to discover this.</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">2017-05-18 17:11 GMT+03:00
Donat Zenichev <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:donat.zenichev@gmail.com"
target="_blank">donat.zenichev@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi all.
<div>Have a problem with radius authorization.</div>
<div><br>
</div>
<div>I'm using auth_radius.so</div>
<div><br>
</div>
<div>modparams, only path to client file:</div>
<div>modparam("auth_radius", "radius_config",
"/etc/radiusclient/radiusclien<wbr>t.conf")<br>
</div>
<div><br>
</div>
<div>Freeradius installed and is working
properly, radtest authentication from kamailio
host succeed .</div>
<div><br>
</div>
<div>How authorization block looks like:</div>
<div><br>
</div>
<div>
<div><span class="m_3241262929955839750m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>if
(!is_present_hf("Authorization<wbr>")) {</div>
<div><span class="m_3241262929955839750m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>xlog("L_NOTICE",
"----- Athorization HF is not found -
passing the challenge -----\n");</div>
<div><br>
</div>
<div><span class="m_3241262929955839750m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>if
(nat_uac_test("2")) {</div>
<div><span class="m_3241262929955839750m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>force_rport();</div>
<div><span class="m_3241262929955839750m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>}</div>
<div><br>
</div>
<div><span class="m_3241262929955839750m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>www_challenge("$fd",
"1");</div>
<div><span class="m_3241262929955839750m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>exit;</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div><span class="m_3241262929955839750m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>if
(!radius_www_authorize("$fd","<wbr>$fU")) {</div>
<div><br>
</div>
<div><span class="m_3241262929955839750m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>if
(nat_uac_test("2")) {</div>
<div><span class="m_3241262929955839750m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>force_rport();</div>
<div><span class="m_3241262929955839750m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>}</div>
<div><span class="m_3241262929955839750m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>xlog("L_NOTICE",
"----- Registeration $au@$ar ($fU) from
$si:$sp Rejected. Code: $rc -----\n");</div>
<div><br>
</div>
<div><span class="m_3241262929955839750m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>sl_send_reply("401","Unauthori<wbr>zed");</div>
<div><span class="m_3241262929955839750m_-8491949050999333774gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>exit;</div>
</div>
<div><br>
</div>
<div>Radius log is filled by rows like:</div>
<div>Auth: [digest] Cleartext-Password or
Digest-HA1 is required for authentication.<br>
</div>
<div><br>
</div>
<div>Tried to use radius_www_authorize without
$fU - didn't change anything.</div>
<div>Tried to use www_challenge without qop -
didn't change anything.<br>
</div>
<div><br>
</div>
<div>So, this solution is quite simple, but I
have a fail while digest authentication.</div>
<div>Any ideas? </div>
<span class="m_3241262929955839750HOEnZb"><font
color="#888888">
<div><br clear="all">
<div><br>
</div>
-- <br>
<div
class="m_3241262929955839750m_-8491949050999333774gmail_signature">
<div dir="ltr"><span>-- <br>
</span>BR, Donat Zenichev
<br>
Wnet VoIP team
<br>
Tel: +380(44) 5-900-808
<br>
<a moz-do-not-send="true"
href="http://wnet.ua"
target="_blank">http://wnet.ua</a></div>
</div>
</div>
</font></span></div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="m_3241262929955839750gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr"><span>-- <br>
</span>BR, Donat Zenichev
<br>
Wnet VoIP team
<br>
Tel: +380(44) 5-900-808
<br>
<a moz-do-not-send="true" href="http://wnet.ua"
target="_blank">http://wnet.ua</a></div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr"><span>-- <br>
</span>BR, Donat Zenichev
<br>
Wnet VoIP team
<br>
Tel: +380(44) 5-900-808
<br>
<a moz-do-not-send="true" href="http://wnet.ua"
target="_blank">http://wnet.ua</a></div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Kamailio (SER) - Users Mailing List
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a>
<a class="moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training - <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
Kamailio World Conference - <a class="moz-txt-link-abbreviated" href="http://www.kamailioworld.com">www.kamailioworld.com</a></pre>
</body>
</html>