[Serusers] Whats the problem with realm in auth_radius module?
Andres
andres at telesip.net
Wed Mar 23 00:10:11 CET 2005
>
> I'm not sure about the meaning of the SIPURA configuration parameters.
> What's important for authentication are the username, domain and
> password. Now, if you specify in the script a authentication domain,
> it should be the same as the one configured in the client devices.
> Just to doublecheck, look on the network in the authentication reply,
> what realm attribute the client used.
>
The Authentication Reply **always** has the realm that SER tells the
UA. The UA does not have a realm/domain config (this is true for all
Cisco ATAs, Linksys, and Sipura devices we use). The UA only has:
username, password, and proxy. SER extracts the "host.domain" from the
proxy part and sends back the challenge with that as realm. What we
want is to be able to tell SER to send back whatever realm we want,
ie...mydomain.com. NOT sip.mydomain.com.
I tried setting the realm_prefix paramenter like you suggested but still
get in the DEBUGs:
authorize(): Credentials realm and URI host do not match
...and the Radius is never queried.
So I went straight to authorize.c and took out:
/*
if (puri.host.len != cred->digest.realm.len) {
DBG("authorize(): Credentials realm and URI host do not
match\n");
return -1;
}
if (strncasecmp(puri.host.s, cred->digest.realm.s,
puri.host.len) != 0) {
DBG("authorize(): Credentials realm and URI host do not
match\n");
return -1;
}
*/
Now its all working fine.
Thanks Marian.
--
Andres
Network Admin
http://www.telesip.net
More information about the sr-users
mailing list