21 Sep
2005
21 Sep
'05
1:44 a.m.
I'm having some trouble trying to integrate both Radius authentication
and Radius AVP storage.
I'm using freeradius and there doesn't seem to be much documentation
regarding configuration semantics and such.
Could anyone share some information on how they were able to use a
Radius server to authenticate requests and (with avp_radius) as an AVP
retrieval mechanism?
I'm uncertain as to how I can stack these two uses of data on the
freeradius server
tavis
21 Sep
21 Sep
8:14 p.m.
Look at the avp_radius README file:
The module assumes that Radius returns the AVPs as values of reply
attribute SIP-AVP. Its value must be a string of form "name:value" or
of form "name#value". In the first case, value is interpreted as
a string and in the second case as an int (second case has not been
implemented yet).
The module prefixes each attribute name as returned from Radius by
string "caller_" or "callee_" depending if caller's or
callee's
attributes are loaded.
g-)
Tavis P wrote:
I'm having some trouble trying to integrate both
Radius authentication
and Radius AVP storage.
I'm using freeradius and there doesn't seem to be much documentation
regarding configuration semantics and such.
Could anyone share some information on how they were able to use a
Radius server to authenticate requests and (with avp_radius) as an AVP
retrieval mechanism?
I'm uncertain as to how I can stack these two uses of data on the
freeradius server
tavis
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
8:34 p.m.
I've got authentication working properly (INVITE proxy-authorize and
REGISTER) with SIP-AVPs being passed back in the Access-Accept reponse.
I'm having issues using avp_radius to load SIP-AVPs for the callee
(which i'm calling later on in the script), i'm uncertain as to how i
can configure my freeradius server to accept this request which does not
contain digest credentials while the account has been configured with
"Auth-Type := digest".
Is there some technique i can employ on the freeradius server to allow
this second transaction? I'm not a freeradius expert and so i have not
yet found a way to do this
thanks!
Tavis
Greger V. Teigre wrote:
Look at the avp_radius README file:
The module assumes that Radius returns the AVPs as values of reply
attribute SIP-AVP. Its value must be a string of form "name:value" or
of form "name#value". In the first case, value is interpreted as
a string and in the second case as an int (second case has not been
implemented yet).
The module prefixes each attribute name as returned from Radius by
string "caller_" or "callee_" depending if caller's or
callee's
attributes are loaded.
g-)
Tavis P wrote:
I'm having some trouble trying to integrate
both Radius authentication
and Radius AVP storage.
I'm using freeradius and there doesn't seem to be much documentation
regarding configuration semantics and such.
Could anyone share some information on how they were able to use a
Radius server to authenticate requests and (with avp_radius) as an AVP
retrieval mechanism?
I'm uncertain as to how I can stack these two uses of data on the
freeradius server
tavis
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
22 Sep
22 Sep
9:10 p.m.
New subject: [Users] Re: [Serusers] Radius Authorization and AVP Retrieval
I've found a solution to my problem, it was really simple in the end.
Using the freeradius "users" file you can define a "DEFAULT" username
that will match all requests you can also add qualifiers to the
statement (such that, certain additions or changes will be made if AVP
== somthing):
"DEFAULT Service-Type == SIP-Callee-AVPs, Auth-Type := None"
In this case i'm searching for requests that have a service type of "31"
(SIP-Callee-AVPs, default number defined in the ser/openser dictionary
used by the avp_radius module) and changing the "Auth-Type" from
"digest" (which is set prior to this entry in the users file or in sql)
to "none" allowing the request to succeed and the AVPs associated to the
account returned
So now i can authenticate users and also retrieve AVP data using the
avp_radius module
tavis
Tavis P wrote:
I've got authentication working properly (INVITE
proxy-authorize and
REGISTER) with SIP-AVPs being passed back in the Access-Accept reponse.
I'm having issues using avp_radius to load SIP-AVPs for the callee
(which i'm calling later on in the script), i'm uncertain as to how i
can configure my freeradius server to accept this request which does
not contain digest credentials while the account has been configured
with "Auth-Type := digest".
Is there some technique i can employ on the freeradius server to allow
this second transaction? I'm not a freeradius expert and so i have
not yet found a way to do this
thanks!
Tavis
Greger V. Teigre wrote:
Look at the avp_radius README file:
The module assumes that Radius returns the AVPs as values of reply
attribute SIP-AVP. Its value must be a string of form "name:value" or
of form "name#value". In the first case, value is interpreted as
a string and in the second case as an int (second case has not been
implemented yet).
The module prefixes each attribute name as returned from Radius by
string "caller_" or "callee_" depending if caller's or
callee's
attributes are loaded.
g-)
Tavis P wrote:
_______________________________________________
Serusers mailing list
Serusers(a)iptel.org
http://mail.iptel.org/mailman/listinfo/serusers
I'm having some trouble trying to integrate
both Radius authentication
and Radius AVP storage.
I'm using freeradius and there doesn't seem to be much documentation
regarding configuration semantics and such.
Could anyone share some information on how they were able to use a
Radius server to authenticate requests and (with avp_radius) as an AVP
retrieval mechanism?
I'm uncertain as to how I can stack these two uses of data on the
freeradius server
tavis
_______________________________________________
Serusers mailing list
Serusers(a)iptel.org
http://mail.iptel.org/mailman/listinfo/serusers
24 Sep
24 Sep
6:23 p.m.
New subject: [Users] Re: [Serusers] Radius Authorization and AVP Retrieval
Hello,
could you make an entry in the dokuwiki page so others can benefit of
this information? You can add the link to the message on the mailing
list, too. There is a troubleshooting page for radius
(http://openser.org/dokuwiki/doku.php?id=radius).
Cheers,
Daniel
On 09/22/05 22:10, Tavis P wrote:
I've found a solution to my problem, it was really
simple in the end.
Using the freeradius "users" file you can define a "DEFAULT" username
that will match all requests you can also add qualifiers to the
statement (such that, certain additions or changes will be made if AVP
== somthing):
"DEFAULT Service-Type == SIP-Callee-AVPs, Auth-Type := None"
In this case i'm searching for requests that have a service type of
"31" (SIP-Callee-AVPs, default number defined in the ser/openser
dictionary used by the avp_radius module) and changing the "Auth-Type"
from "digest" (which is set prior to this entry in the users file or
in sql) to "none" allowing the request to succeed and the AVPs
associated to the account returned
So now i can authenticate users and also retrieve AVP data using the
avp_radius module
tavis
Tavis P wrote:
I've got authentication working properly
(INVITE proxy-authorize and
REGISTER) with SIP-AVPs being passed back in the Access-Accept reponse.
I'm having issues using avp_radius to load SIP-AVPs for the callee
(which i'm calling later on in the script), i'm uncertain as to how i
can configure my freeradius server to accept this request which does
not contain digest credentials while the account has been configured
with "Auth-Type := digest".
Is there some technique i can employ on the freeradius server to
allow this second transaction? I'm not a freeradius expert and so i
have not yet found a way to do this
thanks!
Tavis
Greger V. Teigre wrote:
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
Look at the avp_radius README file:
The module assumes that Radius returns the AVPs as values of reply
attribute SIP-AVP. Its value must be a string of form "name:value" or
of form "name#value". In the first case, value is interpreted as
a string and in the second case as an int (second case has not been
implemented yet).
The module prefixes each attribute name as returned from Radius by
string "caller_" or "callee_" depending if caller's or
callee's
attributes are loaded.
g-)
Tavis P wrote:
_______________________________________________
Serusers mailing list
Serusers(a)iptel.org
http://mail.iptel.org/mailman/listinfo/serusers
I'm having some trouble trying to integrate
both Radius authentication
and Radius AVP storage.
I'm using freeradius and there doesn't seem to be much documentation
regarding configuration semantics and such.
Could anyone share some information on how they were able to use a
Radius server to authenticate requests and (with avp_radius) as an AVP
retrieval mechanism?
I'm uncertain as to how I can stack these two uses of data on the
freeradius server
tavis
_______________________________________________
Serusers mailing list
Serusers(a)iptel.org
http://mail.iptel.org/mailman/listinfo/serusers
7008
days inactive
7012
days old
4 comments
3 participants
participants (3)
-
Daniel-Constantin Mierla -
Greger V. Teigre -
Tavis P