[Serusers] Whats the problem with realm in auth_radius module?

Marian Dumitru marian.dumitru at voice-sistem.ro
Tue Mar 22 22:50:34 CET 2005


Andres wrote:
> 
> Marian Dumitru wrote:
> 
>> Hi Andreas,
>>
>> Maybe the realm you specify in script doesn't match the realm used by 
>> the client in credentials. If you are running in debug mode (debug>=6) 
>> try to sniff after logs like
> 
> 
> It has always been like this with our SER servers.  Client registers to 
> "sip.mydomain.com", but in ser.cfg we have 
> www_authorize("mydomain.com").  It has never posed a problem with MySQL, 
> but it does not work with a Radius Config.  For example on the Sipura 
> devices there is a parameter called PROXY which we fill out with 
> "sip.mydomain.com".  I don't see how that PROXY parameter could be 
> filled with just "mydomain.com", unless we were using SRV records.

I'm not sure about the meaning of the SIPURA configuration parameters. 
What's important for authentication are the username, domain and 
password. Now, if you specify in the script a authentication domain, it 
should be the same as the one configured in the client devices.
Just to doublecheck, look on the network in the authentication reply, 
what realm attribute the client used.

> 
>>     "pre_auth(): Credentials with given realm not found"
>>
>> Anyhow, you could use no domain in script, but to set for "auth" 
>> module the "realm_prefix" to "sip."
> 
> 
> I am not aware of the realm_prefix parameter.  Were can I find a usage 
> description of it?  The auth module readme has noting on it.

The "realm_prefix" parameter exists in 0.8.14, 0.9.0 and CVS head, but 
for all versions, the module documentation is outdated.
Shortly you can define this realm prefix to be ignored (stripped) when 
the authentication is performed.


Best regards,
Marian

-- 
Voice System
http://www.voice-system.ro




More information about the sr-users mailing list