[Serusers] authentication recommnedations
Nils Ohlmeier
nils at iptel.org
Thu Mar 18 16:37:54 CET 2004
On Thursday 18 March 2004 16:32, Ticknor.Scott at ic.gc.ca wrote:
> hey Everyone,
>
> me and my partner in the lab here have set up a very simple SER
> implementation. up to now we have been using digest authentication with
> mysql, and created users with serctl etc.
> it was nice to get it working and place some calls, we have a couple cisco
> 7960 phones as well as X-Lite clients. but in our tests we found that we
> could put *any* user name & password in the X-Lite config--and the calls
> would still succeed! the message console in X-Lite shows the 401
> unautourized response to REGISTER [which is to be expected] but then if we
> go ahead and dial...the other phone will ring.
>
> there must be an explanation. i see some people are using RADIUS for
> authentication; would a RADIUS implementation solve this problem? i cannot
> attach my ser.cfg just now...but it is almost completely stock anyway, the
> changes made were uncommenting the digest auth bits, and setting the domain
> name.
> ideas?
You have to activate authentication for all type message by hand, like you
allready did for REGISTER by uncommenting the lines in the config.
Without seeing your config and watching into my crystal ball i guess you
configuration only authenticates REGSITER messages. RADIUS will help you in
no way, because you also have to place the autentication parts at the right
places of your config.
Nils
More information about the sr-users
mailing list