On (19.04.04 16:59), Klaus Darilion wrote:
As in the tutorial, I used freeradius and put the SIP users into the raddb/users file. Do I have to make this manually for every user or are there any tools do to this? Can radius be used with a backend database for storing user data? If yes, why not directly use the database without radius?
The usual way (as even most ISPs did up to a few years ago) would be to dump customer database into a raddb file regularly via cron. Asnychronous, though, but independent of the availability of your main customer database.
OTOH, there are a few other radius servers out there which can directly fetch user data from e.g. a database server - the most flexible one seems to be Radiator (www.open.com.au): It seems that it could even use a kitchen sink as backend database ;)
It's written in Perl, so adapting ot to a new data source is rather easy. Most data sources you can imagine are already supported:
http://www.open.com.au/radiator/technical.html#auth
It's commercial software, but it's worth every cent - support is excellent, too.
Using mysql for user authentication, adding new user is simple - serctl or serweb. I miss such a simple solution for radius.
Well, you directly modify a raddb file just for hack value. You really wnat to keep you customer's accounts somewhere else, and just regenerate the raddb file from there once you get approx the 100 user barrier. vi'ing raddb files is the hardcore approach (especially if you go without rcs ;)
Can/will radius also be used for location contacts - or is it a must to use mysql(postgres) for persistent user location?
radius was never designed for that. it's not made for updating information, just for looking up and verifying account attributes (hence "Remote Authentication and Dial-In User Service"). There no facility to store or modify any attributes of an user account via radius, so you still have to use one of the supported location storage methods.
Is there any functionality within ser+radius that can't be done with ser+mysql?
Yes. Being able to re-use existing radius servers (e.g. of ISP's and universities [hint!]), and being able to split and proxy authentication requests based on request domain (e.g. handle domainA by ispA's radius server, and handle domainB by ispB's radius server).
Imagine that you want to connect a ISP who has already several thousand subscribers. He has already a radius server in place, because that's how he authenticates dial in / dsl access. If you can reuse that autentication facility for just another service (e.g. SIP), the ISP has no hassle because of managing just another user database. He can continue to use his existing authentication servers for the new protocol, and just opens up access to the radius servers be SER.
Additionally, i doubt he will ever hand you over any of his subscriber's credentials ...
The only point I see for using radius is that many PSTN-gateways support writing CDRs into radius and billing systems will query these CDRs - but why use radius for ser?
well, to put it into one sentence: Because it's the world most popular authentication mechanism for internet-access related authentication and accounting.
cheers
axelm