[Serusers] Whats the problem with realm in auth_radius module?

Andres andres at telesip.net
Tue Mar 22 08:29:04 CET 2005


Trying to make the auth_radius module to work I ran into a peculiar issue.

For example if our UA were to try to register to server "sip.mydomain.com"

...and our ser.cfg had:
if (!radius_www_authorize("mydomain.com")) {
    www_challenge("mydomain.com", "1");
}

...then the authentication is not even fired off to the radius.  SER 
Debugs indicate the radius message is not even constructed.

If on the other hand our ser.cfg has:
if (!radius_www_authorize("")) {
    www_challenge("", "1");
}

then the authentication is now fired off to the radius server but the 
REALM is sip.mydomain.com.

Why can't one make this work as it does with mysql authentication where 
the www_authorize does not need the host part?  We need REAM to be 
simply the domain part.

The auth_radius readme even says that the realm is **usually** just the 
domain of the host.  Does this mean something is broken here?
-------------from readme----------------

     * realm - Realm is a opaque string that the user agent
       should present to the user so he can decide what username
       and password to use. Usually this is domain of the host
       the server is running on.

   Example 1-3. radius_www_authorize usage
...
if (!radius_www_authorize("iptel.org")) {
    www_challenge("iptel.org", "1");
};

-- 
Andres
Network Admin
http://www.telesip.net





More information about the sr-users mailing list