Hello,

no, those attributes must be sent in the radius server for the user profile. The radius server replies only on/not-ok for authentication. Kamailio is sending only the attributes from the sip message headers, not password in clear text or digest-ha1.

Cheers,
Daniel

On 02/12/15 13:24, Volkan Oransoy wrote:
Hi all,

I try to authenticate my users via mod_radius, but I have problem. 

FreeRadius server gives this error:

Auth: [digest] Cleartext-Password or Digest-HA1 is required for authentication.

I think I need to send those attributes from kamailio but I couldn't figure out how to do it.

Here is diff of my config with default config.

Thanks,

/Volkan

=====================
diff /etc/kamailio/kamailio.cfg /etc/kamailio/kamailio.cfg.original

< #!define WITH_DEBUG
294,297d292
< loadmodule "auth_radius.so"
< modparam("auth_radius", "radius_config", "/etc/radiusclient/radiusclient.conf")
< loadmodule "avpops.so"
<
739,783c734,739
<       if (is_method("REGISTER"))
<       {
<               avp_print();
<               if (!radius_www_authorize("example.com")) {
<                       xlog("SCRIPT: www auth return code: $rc\n");
<                       switch ($rc) {
<                       case -7:
<                               send_reply("500", "Server Internal Error");
<                               exit;
<                       case -1:
<                               send_reply("400", "Bad Request");
<                               exit;
<                       default:
<               };
<               if (defined($avp(digest_challenge)) &&
<                       ($avp(digest_challenge) != "")) {
<                       append_to_reply("$avp(digest_challenge)");
<               };
<               send_reply("401", "Unauthorized");
<               exit;
<               };
<       }
<
<         if (from_uri==myself)
<         {
<                 if (!radius_proxy_authorize("example.com", "$pU")) { # Realm and URI user are taken
<                         switch ($rc) {                           # from P-Preferred-Identity
<                         case -7:                                 # header field
<                                 send_reply("500", "Server Internal Error");
<                                 exit;
<                          case -1:
<                                 send_reply("400", "Bad Request");
<                                 exit;
<                                 default:
<                         };
<                 if (defined($avp(digest_challenge)) &&
<                         ($avp(digest_challenge) != "")) {
<                         append_to_reply("$avp(digest_challenge)");
<                 };
<                 send_reply("407", "Proxy Authentication Required");
<                 exit;
<         };
<
<         }
<
---
> #!ifdef WITH_IPAUTH
>       if((!is_method("REGISTER")) && allow_source_address()) {
>               # source IP allowed
>               return;
>       }
> #!endif
784a741,753
>       if (is_method("REGISTER") || from_uri==myself)
>       {
>               # authenticate requests
>               if (!auth_check("$fd", "subscriber", "1")) {
>                       auth_challenge("$fd", "0");
>                       exit;
>               }
>               # user authenticated - remove auth header
>               if(!is_method("REGISTER|PUBLISH"))
>                       consume_credentials();
>       }
>       # if caller is not local subscriber, then check if it calls
>       # a local destination, otherwise deny, not an open relay here









_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users


-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
http://miconda.eu