[Serusers] SER with 3rd party billing
Jan Janak
jan at iptel.org
Fri Feb 11 22:33:05 CET 2005
On 10-02 16:34, Dipole Moment wrote:
> Hi all,
>
> I'm planning to use SER with a 3rd party billing platform that
> understands Cisco VSA as described here
> http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/vapp_dev/vsaig3.pdf.
>
> I've been looking into RADIUS implementation in SER and looks like it
> cannot be used out of the box, there's no support for authorization
> and native RADIUS authentication, only digest. Before I go on and add
> necessary code to auth_radius module, I'd like to know if anyone has
> implemented it and would like to share/sell his code.
I have to admit I do not know exactly how native RADIUS authentication
works, but what you are aiming for will most likely be not psssible.
Virtually all SIP user agent use digest authentication and thus SER
receives digest response hash only.
I suppose that in native radius authentication the client sends the
plaintext password to the RADIUS server for verification, but SER does
not know the password, it only knows the digest response hash.
Thus some RADIUS servers have been extended (or hacked, if you like) to
support digest authentication directly. SER encapsulates all digest
attributes received from the user agent into single RADIUS attribute
and sends it to the RADIUS server, which then verifies the digest
credentials and sends back Authorized/Unauthorized.
Jan.
More information about the sr-users
mailing list