[SR-Users] RADIUS authentication
Daniel-Constantin Mierla
miconda at gmail.com
Thu Dec 20 18:29:55 CET 2012
On 12/20/12 3:58 PM, Moacir Ferreira wrote:
> Yeah... I know it can be a kind of problem. But millions of companies
> are using MS meaning we need to "adapt" if willing to work for the
> enterprise market. If we do not offer some kind of integration with
> AD, then we will end-up having 2 user names and 2 passwords while
> the "good sense" is forwarding everyone to "single sign-on".
There is no need for two usernames, but could be the case for two
passwords...
>
> Anyway, it is tricky but M$ (I liked the $ thing here) can do MD5.
MD5 is just the hashing algorithm, with is used in www-digest
authentication.
The issue here is not that someone hates M$, but it is that SIP phones
implement only www-digest authentication mechanism, which requires to
store the password in clear text or HA1 format (which is md5 over
username, realm and password).
If you try to integrate with an existing system that stored the
passwords in some shadow form, it is not just working. For each account
you need to store the password in what www-digest can use for
authentication.
> I "would love" to see a "#!define WITH_RADIUS" at kakailio.cfg but we
> don't have it. However, as long as I understood, the RADIUS module is
> moving to obsolete as the AUTH module now also includes the RADIUS
> functionalities.
>
> So, can you share any link where I can find some for dummies examples
> of using the current AUTH module to do RADIUS authentication?
As Juha pointed in another reply, you misunderstood, radius
authentication has to be done using auth_radius module (there were two,
only one was removed).
This tutorial is quite old, but still good for starting with:
- http://www.kamailio.org/docs/openser-radius-1.0.x.html
Cheers,
Daniel
>
> Cheers!
>
> Moacir
>
> ------------------------------------------------------------------------
> Date: Wed, 19 Dec 2012 23:18:58 +0100
> From: miconda at gmail.com
> To: sr-users at lists.sip-router.org
> CC: moacirferreira at hotmail.com
> Subject: Re: [SR-Users] RADIUS authentication
>
> Hello,
>
> it might not be possible if you don't have the digest authentication
> module in the radius server. Also, that means the passwords have to be
> stored in plain text or HA1 hash (md5 hash based on digest auth
> algorithm). Do you have these available in the M$ radius server?
>
> Cheers,
> Daniel
>
> On 12/19/12 10:30 PM, Moacir Ferreira wrote:
>
> I am trying to integrate Kamailio as the SIP server
> for an enterprise company. The challenge is to authenticate the
> SIP users using the Microsoft RADIUS/AD so the users can use the
> same Windows user name and password on their PC softphone. As
> Microsoft has its own RADIUS server integrated with its Active
> Directory, has anyone has tried to use this kind of set up? Can
> you share docs, links, examples or whatsoever you think could help
> me? The only thing I am looking for is replacing the
> MySQL Kamailio authentication by RADIUS, nothing else.
>
> Thanks,
>
> Moacir
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org>
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
> --
> Daniel-Constantin Mierla -http://www.asipto.com
> http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> -http://www.linkedin.com/in/miconda
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20121220/d4841e5e/attachment.htm>
More information about the sr-users
mailing list