Hi Andreas,
Maybe the realm you specify in script doesn't match the realm used by the client in credentials. If you are running in debug mode (debug>=6) try to sniff after logs like "pre_auth(): Credentials with given realm not found"
Anyhow, you could use no domain in script, but to set for "auth" module the "realm_prefix" to "sip."
Best regards, Marian
Andres wrote:
Trying to make the auth_radius module to work I ran into a peculiar issue.
For example if our UA were to try to register to server "sip.mydomain.com"
...and our ser.cfg had: if (!radius_www_authorize("mydomain.com")) { www_challenge("mydomain.com", "1"); }
...then the authentication is not even fired off to the radius. SER Debugs indicate the radius message is not even constructed.
If on the other hand our ser.cfg has: if (!radius_www_authorize("")) { www_challenge("", "1"); }
then the authentication is now fired off to the radius server but the REALM is sip.mydomain.com.
Why can't one make this work as it does with mysql authentication where the www_authorize does not need the host part? We need REAM to be simply the domain part.
The auth_radius readme even says that the realm is **usually** just the domain of the host. Does this mean something is broken here? -------------from readme----------------
* realm - Realm is a opaque string that the user agent should present to the user so he can decide what username and password to use. Usually this is domain of the host the server is running on.Example 1-3. radius_www_authorize usage ... if (!radius_www_authorize("iptel.org")) { www_challenge("iptel.org", "1"); };