Hi all,
I try to authenticate my users via mod_radius, but I have problem.
FreeRadius server gives this error:
Auth: [digest] Cleartext-Password or Digest-HA1 is required for authentication.
I think I need to send those attributes from kamailio but I couldn't figure out how to do it.
Here is diff of my config with default config.
Thanks,
/Volkan
===================== diff /etc/kamailio/kamailio.cfg /etc/kamailio/kamailio.cfg.original
< #!define WITH_DEBUG 294,297d292 < loadmodule "auth_radius.so" < modparam("auth_radius", "radius_config", "/etc/radiusclient/radiusclient.conf") < loadmodule "avpops.so" < 739,783c734,739 < if (is_method("REGISTER")) < { < avp_print(); < if (!radius_www_authorize("example.com")) { < xlog("SCRIPT: www auth return code: $rc\n"); < switch ($rc) { < case -7: < send_reply("500", "Server Internal Error"); < exit; < case -1: < send_reply("400", "Bad Request"); < exit; < default: < }; < if (defined($avp(digest_challenge)) && < ($avp(digest_challenge) != "")) { < append_to_reply("$avp(digest_challenge)"); < }; < send_reply("401", "Unauthorized"); < exit; < }; < } < < if (from_uri==myself) < { < if (!radius_proxy_authorize("example.com", "$pU")) { # Realm and URI user are taken < switch ($rc) { # from P-Preferred-Identity < case -7: # header field < send_reply("500", "Server Internal Error"); < exit; < case -1: < send_reply("400", "Bad Request"); < exit; < default: < }; < if (defined($avp(digest_challenge)) && < ($avp(digest_challenge) != "")) { < append_to_reply("$avp(digest_challenge)"); < }; < send_reply("407", "Proxy Authentication Required"); < exit; < }; < < } < ---
#!ifdef WITH_IPAUTH if((!is_method("REGISTER")) && allow_source_address()) { # source IP allowed return; } #!endif
784a741,753
if (is_method("REGISTER") || from_uri==myself) { # authenticate requests if (!auth_check("$fd", "subscriber", "1")) { auth_challenge("$fd", "0"); exit; } # user authenticated - remove auth header if(!is_method("REGISTER|PUBLISH")) consume_credentials(); } # if caller is not local subscriber, then check if it calls # a local destination, otherwise deny, not an open relay here
Hello,
no, those attributes must be sent in the radius server for the user profile. The radius server replies only on/not-ok for authentication. Kamailio is sending only the attributes from the sip message headers, not password in clear text or digest-ha1.
Cheers, Daniel
On 02/12/15 13:24, Volkan Oransoy wrote:
Hi all,
I try to authenticate my users via mod_radius, but I have problem.
FreeRadius server gives this error:
Auth: [digest] Cleartext-Password or Digest-HA1 is required for authentication.I think I need to send those attributes from kamailio but I couldn't figure out how to do it.
Here is diff of my config with default config.
Thanks,
/Volkan
===================== diff /etc/kamailio/kamailio.cfg /etc/kamailio/kamailio.cfg.original
< #!define WITH_DEBUG 294,297d292 < loadmodule "auth_radius.so" < modparam("auth_radius", "radius_config", "/etc/radiusclient/radiusclient.conf") < loadmodule "avpops.so" < 739,783c734,739 < if (is_method("REGISTER")) < { < avp_print(); < if (!radius_www_authorize("example.com http://example.com")) { < xlog("SCRIPT: www auth return code: $rc\n"); < switch ($rc) { < case -7: < send_reply("500", "Server Internal Error"); < exit; < case -1: < send_reply("400", "Bad Request"); < exit; < default: < }; < if (defined($avp(digest_challenge)) && < ($avp(digest_challenge) != "")) { < append_to_reply("$avp(digest_challenge)"); < }; < send_reply("401", "Unauthorized"); < exit; < }; < } < < if (from_uri==myself) < { < if (!radius_proxy_authorize("example.com http://example.com", "$pU")) { # Realm and URI user are taken < switch ($rc) { # from P-Preferred-Identity < case -7: # header field < send_reply("500", "Server Internal Error"); < exit; < case -1: < send_reply("400", "Bad Request"); < exit; < default: < }; < if (defined($avp(digest_challenge)) && < ($avp(digest_challenge) != "")) { < append_to_reply("$avp(digest_challenge)"); < }; < send_reply("407", "Proxy Authentication Required"); < exit; < }; < < }
<
#!ifdef WITH_IPAUTH if((!is_method("REGISTER")) && allow_source_address()) { # source IP allowed return; } #!endif
784a741,753
if (is_method("REGISTER") || from_uri==myself) { # authenticate requests if (!auth_check("$fd", "subscriber", "1")) { auth_challenge("$fd", "0"); exit; } # user authenticated - remove auth header if(!is_method("REGISTER|PUBLISH")) consume_credentials(); } # if caller is not local subscriber, then check if it calls # a local destination, otherwise deny, not an open relay here
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-
Daniel-Constantin Mierla -
Volkan Oransoy