[Serusers] RADIUS between multiple domains + Fail Over Gateways

Klaus Darilion klaus.mailinglists at pernau.at
Thu Apr 29 16:35:26 CEST 2004 

Are you challenging the INVITE two times (remote and local)? So do you 
use the same realm both times or different ones? I think using the same 
realm two times will confuse the UAs and the proxies. Iy ou are using 
different realms, the UA must support multiple realms/users/passwords.

As your local proxy does authentication using the remote radius server, 
it is not necessary to challenge the INVITE at the remote proxy.

klaus

Alan Litster wrote:
> Hello List,
> 
> I've been using SER with RADIUS successfully now for a few months and am
> very pleased with the result. It's used for authenticating users accessing
> our gateways.
> I know have a new requirement to extend this to provide authentication for
> remote domains.
> The setup being as follows.
> 
> We've got SER running with FreeRADIUS, then at the remote sites we will have
> the same plus Asterisk that is to act as a local gateway.
> I've configured the local FreeRADIUS instance to proxy the requests for the
> remote SIP domains to the remote RADIUS server. Unfortunately this doesn't
> work and I'm not sure why.
> The SUA gets asked by the remote SIP proxy to authenticate, it then forwards
> the INVITE to the local SER instance which then gets the LOCAL RADIUS to do
> another auth. This doesn't work. However if I disable the local auth and
> leave the remote auth enabled it works fine.
> 
> Has anyone successfully managed to get proxied radius auth to work?
> 
> My other question is to do with getting SER to send the INVITE to a
> different gateway if the primary one is at capacity/out of action? Is there
> an example of this sort of config?
> 
> Kind Regards,
> 
> Alan
> 
> 
> -------------------------------------------------------------------------------------------------------
> This email, and any files transmitted with it, is copyright and may contain confidential information.
> The contents are intended for the use of the addressee(s) only.
> Unauthorized use may be unlawful.
> If you receive this email by mistake, please advise sender immediately.
> The views of the author may not necessarily constitute the views of Telco Electronics Limited.
> Nothing in this mail shall bind Telco Electronics Limited in any contract or obligation.
> 
> Telco Electronics Limited
> 6-8 Oxford Court
> Brackley
> Northants
> NN13 7XY
> 
> Tel 07000 701999
> Fax 07000 701777
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 
>

More information about the sr-users mailing list