[Serusers] RADIUS between multiple domains + Fail Over Gateways
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Apr 29 16:35:26 CEST 2004
Are you challenging the INVITE two times (remote and local)? So do you
use the same realm both times or different ones? I think using the same
realm two times will confuse the UAs and the proxies. Iy ou are using
different realms, the UA must support multiple realms/users/passwords.
As your local proxy does authentication using the remote radius server,
it is not necessary to challenge the INVITE at the remote proxy.
klaus
Alan Litster wrote:
> Hello List,
>
> I've been using SER with RADIUS successfully now for a few months and am
> very pleased with the result. It's used for authenticating users accessing
> our gateways.
> I know have a new requirement to extend this to provide authentication for
> remote domains.
> The setup being as follows.
>
> We've got SER running with FreeRADIUS, then at the remote sites we will have
> the same plus Asterisk that is to act as a local gateway.
> I've configured the local FreeRADIUS instance to proxy the requests for the
> remote SIP domains to the remote RADIUS server. Unfortunately this doesn't
> work and I'm not sure why.
> The SUA gets asked by the remote SIP proxy to authenticate, it then forwards
> the INVITE to the local SER instance which then gets the LOCAL RADIUS to do
> another auth. This doesn't work. However if I disable the local auth and
> leave the remote auth enabled it works fine.
>
> Has anyone successfully managed to get proxied radius auth to work?
>
> My other question is to do with getting SER to send the INVITE to a
> different gateway if the primary one is at capacity/out of action? Is there
> an example of this sort of config?
>
> Kind Regards,
>
> Alan
>
>
> -------------------------------------------------------------------------------------------------------
> This email, and any files transmitted with it, is copyright and may contain confidential information.
> The contents are intended for the use of the addressee(s) only.
> Unauthorized use may be unlawful.
> If you receive this email by mistake, please advise sender immediately.
> The views of the author may not necessarily constitute the views of Telco Electronics Limited.
> Nothing in this mail shall bind Telco Electronics Limited in any contract or obligation.
>
> Telco Electronics Limited
> 6-8 Oxford Court
> Brackley
> Northants
> NN13 7XY
>
> Tel 07000 701999
> Fax 07000 701777
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
More information about the sr-users
mailing list