Hello,
no, those attributes must be sent in the radius server for the user
profile. The radius server replies only on/not-ok for authentication.
Kamailio is sending only the attributes from the sip message headers,
not password in clear text or digest-ha1.
Cheers,
Daniel
On 02/12/15 13:24, Volkan Oransoy wrote:
Hi all,
I try to authenticate my users via mod_radius, but I have problem.
FreeRadius server gives this error:
Auth: [digest] Cleartext-Password or Digest-HA1 is required for
authentication.
I think I need to send those attributes from kamailio but I couldn't
figure out how to do it.
Here is diff of my config with default config.
Thanks,
/Volkan
=====================
diff /etc/kamailio/kamailio.cfg /etc/kamailio/kamailio.cfg.original
< #!define WITH_DEBUG
294,297d292
< loadmodule "auth_radius.so"
< modparam("auth_radius", "radius_config",
"/etc/radiusclient/radiusclient.conf")
< loadmodule "avpops.so"
<
739,783c734,739
< if (is_method("REGISTER"))
< {
< avp_print();
< if (!radius_www_authorize("example.com
<http://example.com>")) {
< xlog("SCRIPT: www auth return code: $rc\n");
< switch ($rc) {
< case -7:
< send_reply("500", "Server Internal
Error");
< exit;
< case -1:
< send_reply("400", "Bad Request");
< exit;
< default:
< };
< if (defined($avp(digest_challenge)) &&
< ($avp(digest_challenge) != "")) {
< append_to_reply("$avp(digest_challenge)");
< };
< send_reply("401", "Unauthorized");
< exit;
< };
< }
<
< if (from_uri==myself)
< {
< if (!radius_proxy_authorize("example.com
<http://example.com>", "$pU")) { # Realm and URI user are taken
< switch ($rc) { #
from P-Preferred-Identity
< case -7: #
header field
< send_reply("500", "Server Internal
Error");
< exit;
< case -1:
< send_reply("400", "Bad
Request");
< exit;
< default:
< };
< if (defined($avp(digest_challenge)) &&
< ($avp(digest_challenge) != "")) {
< append_to_reply("$avp(digest_challenge)");
< };
< send_reply("407", "Proxy Authentication
Required");
< exit;
< };
<
< }
<
---
#!ifdef WITH_IPAUTH
if((!is_method("REGISTER")) && allow_source_address()) {
# source IP allowed
return;
}
#!endif
784a741,753
if (is_method("REGISTER") ||
from_uri==myself)
{
# authenticate requests
if (!auth_check("$fd", "subscriber", "1")) {
auth_challenge("$fd", "0");
exit;
}
# user authenticated - remove auth header
if(!is_method("REGISTER|PUBLISH"))
consume_credentials();
}
# if caller is not local subscriber, then check if it calls
# a local destination, otherwise deny, not an open relay here
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users