[Serusers] SER + Windows Domain

Greger V. Teigre greger at teigre.com
Tue Sep 13 21:13:58 CEST 2005


But in order to generate the hash, the radius server needs the clear-text password. That is not possible to get from AD.
g-)
---- Original Message ----
From: Chris St Denis
To: 'Greger V. Teigre' ; 'Jaroslaw Gawron' ; serusers at lists.iptel.org
Sent: Tuesday, September 13, 2005 09:01 PM
Subject: RE: [Serusers] SER + Windows Domain

> I believe the radius server can do the digest work (query for the
> username and password, generate the hash, and compare the digest sent
> from the sip message.  
> 
> 
> 
> 
> From: Greger V. Teigre [mailto:greger at teigre.com]
> Sent: Tuesday, September 13, 2005 11:37 AM
> To: Chris St Denis; 'Jaroslaw Gawron'; serusers at lists.iptel.org
> Subject: Re: [Serusers] SER + Windows Domain
> 
> Are you sure? AD stores hashed passwords and the digest auth method
> must be implemented. Even though the radius server can authenticate
> against AD (normally through the LDAP interface), you probably run
> into problems due to the hash. Another option is using IAS (Internet
> Authentication Server), basically a simple RADIUS server front-end to
> AD. I don't know if IAS supports digest, but I wouldn't bet on it.   
> g-)
> ---- Original Message ----
> From: Chris St Denis
> To: 'Jaroslaw Gawron' ; serusers at lists.iptel.org
> Sent: Tuesday, September 13, 2005 07:09 PM
> Subject: RE: [Serusers] SER + Windows Domain
> 
>> You could do it with SER's radius authentication if you get a radius
>> server that can interface with windows active directory.
>> 
>> I think FreeRadius can, but I've never tried.
>> 
>> 
>> 
>> 
>> From: serusers-bounces at iptel.org [mailto:serusers-bounces at lists.iptel.org]
>> On Behalf Of Jaroslaw Gawron
>> Sent: Tuesday, September 13, 2005 4:33 AM
>> To: serusers at lists.iptel.org
>> Subject: [Serusers] SER + Windows Domain
>> 
>> Hi all
>> 
>> Is there a way to integrate sip authentication with  Windows domain
>> database - to integrate function www_authorize with the Active
>> Directory ?
>> If anyone know how to solve this problem - any suggestions are very
>> welcome.
>> Best regards,
>> 
>> Jaroslaw Gawron
>> 
>> 
>> 
>> _______________________________________________
>> Serusers mailing list
>> serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20050913/3a2287bf/attachment.htm>


More information about the sr-users mailing list