[SR-Users] Kamailio radius authentication prolem

Volkan Oransoy voransoy at gmail.com
Wed Dec 2 13:24:39 CET 2015 

Hi all,

I try to authenticate my users via mod_radius, but I have problem.

FreeRadius server gives this error:

Auth: [digest] Cleartext-Password or Digest-HA1 is required for
authentication.


I think I need to send those attributes from kamailio but I couldn't figure
out how to do it.

Here is diff of my config with default config.

Thanks,

/Volkan

=====================
diff /etc/kamailio/kamailio.cfg /etc/kamailio/kamailio.cfg.original

< #!define WITH_DEBUG
294,297d292
< loadmodule "auth_radius.so"
< modparam("auth_radius", "radius_config",
"/etc/radiusclient/radiusclient.conf")
< loadmodule "avpops.so"
<
739,783c734,739
<       if (is_method("REGISTER"))
<       {
<               avp_print();
<               if (!radius_www_authorize("example.com")) {
<                       xlog("SCRIPT: www auth return code: $rc\n");
<                       switch ($rc) {
<                       case -7:
<                               send_reply("500", "Server Internal Error");
<                               exit;
<                       case -1:
<                               send_reply("400", "Bad Request");
<                               exit;
<                       default:
<               };
<               if (defined($avp(digest_challenge)) &&
<                       ($avp(digest_challenge) != "")) {
<                       append_to_reply("$avp(digest_challenge)");
<               };
<               send_reply("401", "Unauthorized");
<               exit;
<               };
<       }
<
<         if (from_uri==myself)
<         {
<                 if (!radius_proxy_authorize("example.com", "$pU")) { #
Realm and URI user are taken
<                         switch ($rc) {                           # from
P-Preferred-Identity
<                         case -7:                                 # header
field
<                                 send_reply("500", "Server Internal
Error");
<                                 exit;
<                          case -1:
<                                 send_reply("400", "Bad Request");
<                                 exit;
<                                 default:
<                         };
<                 if (defined($avp(digest_challenge)) &&
<                         ($avp(digest_challenge) != "")) {
<                         append_to_reply("$avp(digest_challenge)");
<                 };
<                 send_reply("407", "Proxy Authentication Required");
<                 exit;
<         };
<
<         }
<
---
> #!ifdef WITH_IPAUTH
>       if((!is_method("REGISTER")) && allow_source_address()) {
>               # source IP allowed
>               return;
>       }
> #!endif
784a741,753
>       if (is_method("REGISTER") || from_uri==myself)
>       {
>               # authenticate requests
>               if (!auth_check("$fd", "subscriber", "1")) {
>                       auth_challenge("$fd", "0");
>                       exit;
>               }
>               # user authenticated - remove auth header
>               if(!is_method("REGISTER|PUBLISH"))
>                       consume_credentials();
>       }
>       # if caller is not local subscriber, then check if it calls
>       # a local destination, otherwise deny, not an open relay here
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20151202/527f7a65/attachment.html>

More information about the sr-users mailing list