[SR-Users] RADIUS authentication
Moacir Ferreira
moacirferreira at hotmail.com
Fri Dec 21 19:12:00 CET 2012
Well… Sorry for this long post. I work 100% dedicated to SMB - Small
Medium Business. In this market there is an enormous growth of multiples
devices in all companies. Most of the SMB I work with are looking for:
- Let their employees bring their own device
(BYOD);- Enable chat, voice and video, with presence
information in all devices;- Not have to pay for premium solutions like
sophisticated SBCs to enable the workforce to work either internally (in the
company) or externally (from the Internet);- Have a single number for voice and video in all
devices;- Reduced complexity, setup time and maintenance; With all the above in mind, I believe
Kamailio is just wonderful, why: - It is inexpensive!!!- No limit or licenses for users. In this way any
employee can have their PC, their iPad or Android tablet, their iPhone or
Android phone, their table phone, etc.
- Using the right device or software client (some of them freeware) they
can, once again, reduce cost.
- Very key: Unlike several alternatives on the
market, Kamailio does not interfere with the RTP in between SIP clients, it
does raw media switching using RTPProxy. So, more complex SIP usage like in
video will not be affected by the SIP solution. I know that you can always find
the information to deploy such solution with the specs above. However, the
information is a kind of “scattered” and, unlike the alternatives that would
not address all the exposed issues, it takes quite long to get the server configured
to do what we want. And yes, maybe because I am just a newbie to Kamailio, sorry for that. With the above in mind I would
like to see, and of course contribute for, a “how to” to deploy a Kamailio
server with the following specs: - If you thing about companies with up to 10k
employees, each employee with up to 4 SIP terminals (i.e.: table phone,
cellular phone, PC and tablet), then you would need a solution scalable for 40k
devices.
- All devices from a user should ring when
receiving a call.
- Calling outside (PSTN) should be impersonated so
the user would have a single number seem outside of the company.
- The solution should have an internal interface
(LAN) and an external Interface (WAN/Internet), promoting RTP relay for NATed
devices.
- The solution should not interfere with RTP, meaning
no transcoding. If an end point fulfills the other part RTP offer, they would
connect. If not, it would be just rejected.
- The solution should be able to record calls.
- The solution should be able to use SIP trunk as
the way out to PSTN.
- The solution should be able to integrate, via
RADIUS or LDAP, with the customer existing directory, most of the cases
Microsoft. Now, when look at these specs,
Kamilio does all of this! However, it may take one year before someone “Kamailio
dummy” like myself to get all the knowledge to do it. Of course I know I must
invest on more knowledge but the more companies easily install and start using
Kamailio on the enterprise, the better is my value if I get to know it in depth.
So that is why I would like to see a “working group” within the existing Kamailio
community, with more focus on easing up the deployment of it on the enterprise.
I believe more people had the same problem I am having: it is a lot to study
specially if you are not a programmer; because of it not a lot of SMB companies are using it,
making investing on learning it, in my case, low return. Cheers! Moacir
From: oej at edvina.net
Date: Fri, 21 Dec 2012 16:58:53 +0100
To: miconda at gmail.com; sr-users at lists.sip-router.org
Subject: Re: [SR-Users] RADIUS authentication
21 dec 2012 kl. 16:55 skrev Daniel-Constantin Mierla <miconda at gmail.com>:
Hello,
Kamailio is used a lot in enterprises. Apart of the media processing
services (e.g., voicemail, audio conferencing), kamailio offers all
needed in an enterprise, including instant messaging and presence.
We've done quite a lot of enterprise-style installations and also integrated with LDAP. As Daniel patiently have repeated, there is a problem with the authentication so we can't simply use LDAP authentication, but have successfully implemented LDAP-based authentication in many places.
Do you have any other concerns or ideas on what we can do in the enterprise sector? We're quite open on discussing it.
/O
It still seems to be unclear for you where is the problem with
Kamailio and M$ directory or other existing user authentication
systems. Let me rephrase: the problem is in the specifications of
SIP, respectively in the user authentication mechanism required by
this protocol.
SIP requires www-digest authentication mechanims. www-digest
authentication requires that password is stored in clear text or in
HA1 format. Maybe reading the page at next link puts more light:
- http://en.wikipedia.org/wiki/Digest_access_authentication
Now, the devices are the problem, because they can authenticate to
the server only using www-digest. Kamailio cannot do anything alone.
Alternative to www-digest authentication is to use ssl certificates.
That is fine for Kamailio, but not many sip phones support it.
Hope is more clear now. Kamailio is as friendly to enterprises as it
is for carriers or operators. It is nothing that can be done more to
run in enterprise environment.
Cheers,
Daniel
On 12/21/12 11:20 AM, Moacir Ferreira
wrote:
Don’t get
me wrong… Kamailio is just a great product as it is.
Actually I think it does
much more than it would be necessary as a carrier grade
software. My idea is to
have more people involved discussing the “enterprise”
issues and possible
solutions for problems like the one I described. The
“impression” that I have
is that Kamailio’s community is much more devoted to the
“carrier” side of the
software than to the use of it on enterprises.
Moacir
> Date: Fri, 21 Dec 2012 10:41:25 +0200
> To: sr-users at lists.sip-router.org
> From: jh at tutpro.com
> Subject: Re: [SR-Users] RADIUS authentication
>
> Moacir Ferreira writes:
>
> > So my next question is: is it there on the Kamailio
community anyone
> > willing to work on a “Kamailio Enterprise Edition”?
>
> what do you mean by such an edition? do you want to
integrate asterisk
> like pbx capabilities to k or what? if so, my
understanding is that
> most k folks want to keep them separate and just connect
ip pbxes to k
> like any other sip uas.
>
> -- juha
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) -
sr-users mailing list
> sr-users at lists.sip-router.org
>
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users at lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users at lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users at lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20121221/a84fd708/attachment.htm>
More information about the sr-users
mailing list