[Serusers] Whats the problem with realm in auth_radius module?
Marian Dumitru
marian.dumitru at voice-sistem.ro
Tue Mar 22 19:40:16 CET 2005
Hi Andreas,
Maybe the realm you specify in script doesn't match the realm used by
the client in credentials. If you are running in debug mode (debug>=6)
try to sniff after logs like
"pre_auth(): Credentials with given realm not found"
Anyhow, you could use no domain in script, but to set for "auth" module
the "realm_prefix" to "sip."
Best regards,
Marian
Andres wrote:
> Trying to make the auth_radius module to work I ran into a peculiar issue.
>
> For example if our UA were to try to register to server "sip.mydomain.com"
>
> ...and our ser.cfg had:
> if (!radius_www_authorize("mydomain.com")) {
> www_challenge("mydomain.com", "1");
> }
>
> ...then the authentication is not even fired off to the radius. SER
> Debugs indicate the radius message is not even constructed.
>
> If on the other hand our ser.cfg has:
> if (!radius_www_authorize("")) {
> www_challenge("", "1");
> }
>
> then the authentication is now fired off to the radius server but the
> REALM is sip.mydomain.com.
>
> Why can't one make this work as it does with mysql authentication where
> the www_authorize does not need the host part? We need REAM to be
> simply the domain part.
>
> The auth_radius readme even says that the realm is **usually** just the
> domain of the host. Does this mean something is broken here?
> -------------from readme----------------
>
> * realm - Realm is a opaque string that the user agent
> should present to the user so he can decide what username
> and password to use. Usually this is domain of the host
> the server is running on.
>
> Example 1-3. radius_www_authorize usage
> ...
> if (!radius_www_authorize("iptel.org")) {
> www_challenge("iptel.org", "1");
> };
>
--
Voice System
http://www.voice-system.ro
More information about the sr-users
mailing list