22 Sep
2005
22 Sep
'05
9:10 p.m.
I've found a solution to my problem, it was really simple in the end.
Using the freeradius "users" file you can define a "DEFAULT" username
that will match all requests you can also add qualifiers to the
statement (such that, certain additions or changes will be made if AVP
== somthing):
"DEFAULT Service-Type == SIP-Callee-AVPs, Auth-Type := None"
In this case i'm searching for requests that have a service type of "31"
(SIP-Callee-AVPs, default number defined in the ser/openser dictionary
used by the avp_radius module) and changing the "Auth-Type" from
"digest" (which is set prior to this entry in the users file or in sql)
to "none" allowing the request to succeed and the AVPs associated to the
account returned
So now i can authenticate users and also retrieve AVP data using the
avp_radius module
tavis
Tavis P wrote:
I've got authentication working properly (INVITE
proxy-authorize and
REGISTER) with SIP-AVPs being passed back in the Access-Accept reponse.
I'm having issues using avp_radius to load SIP-AVPs for the callee
(which i'm calling later on in the script), i'm uncertain as to how i
can configure my freeradius server to accept this request which does
not contain digest credentials while the account has been configured
with "Auth-Type := digest".
Is there some technique i can employ on the freeradius server to allow
this second transaction? I'm not a freeradius expert and so i have
not yet found a way to do this
thanks!
Tavis
Greger V. Teigre wrote:
Look at the avp_radius README file:
The module assumes that Radius returns the AVPs as values of reply
attribute SIP-AVP. Its value must be a string of form "name:value" or
of form "name#value". In the first case, value is interpreted as
a string and in the second case as an int (second case has not been
implemented yet).
The module prefixes each attribute name as returned from Radius by
string "caller_" or "callee_" depending if caller's or
callee's
attributes are loaded.
g-)
Tavis P wrote:
_______________________________________________
Serusers mailing list
Serusers(a)iptel.org
http://mail.iptel.org/mailman/listinfo/serusers
I'm having some trouble trying to integrate
both Radius authentication
and Radius AVP storage.
I'm using freeradius and there doesn't seem to be much documentation
regarding configuration semantics and such.
Could anyone share some information on how they were able to use a
Radius server to authenticate requests and (with avp_radius) as an AVP
retrieval mechanism?
I'm uncertain as to how I can stack these two uses of data on the
freeradius server
tavis
_______________________________________________
Serusers mailing list
Serusers(a)iptel.org
http://mail.iptel.org/mailman/listinfo/serusers