[SR-Users] Kamailio radius authentication prolem
Daniel-Constantin Mierla
miconda at gmail.com
Mon Dec 7 09:00:54 CET 2015
Hello,
no, those attributes must be sent in the radius server for the user
profile. The radius server replies only on/not-ok for authentication.
Kamailio is sending only the attributes from the sip message headers,
not password in clear text or digest-ha1.
Cheers,
Daniel
On 02/12/15 13:24, Volkan Oransoy wrote:
> Hi all,
>
> I try to authenticate my users via mod_radius, but I have problem.
>
> FreeRadius server gives this error:
>
> Auth: [digest] Cleartext-Password or Digest-HA1 is required for
> authentication.
>
>
> I think I need to send those attributes from kamailio but I couldn't
> figure out how to do it.
>
> Here is diff of my config with default config.
>
> Thanks,
>
> /Volkan
>
> =====================
> diff /etc/kamailio/kamailio.cfg /etc/kamailio/kamailio.cfg.original
>
> < #!define WITH_DEBUG
> 294,297d292
> < loadmodule "auth_radius.so"
> < modparam("auth_radius", "radius_config",
> "/etc/radiusclient/radiusclient.conf")
> < loadmodule "avpops.so"
> <
> 739,783c734,739
> < if (is_method("REGISTER"))
> < {
> < avp_print();
> < if (!radius_www_authorize("example.com
> <http://example.com>")) {
> < xlog("SCRIPT: www auth return code: $rc\n");
> < switch ($rc) {
> < case -7:
> < send_reply("500", "Server Internal
> Error");
> < exit;
> < case -1:
> < send_reply("400", "Bad Request");
> < exit;
> < default:
> < };
> < if (defined($avp(digest_challenge)) &&
> < ($avp(digest_challenge) != "")) {
> < append_to_reply("$avp(digest_challenge)");
> < };
> < send_reply("401", "Unauthorized");
> < exit;
> < };
> < }
> <
> < if (from_uri==myself)
> < {
> < if (!radius_proxy_authorize("example.com
> <http://example.com>", "$pU")) { # Realm and URI user are taken
> < switch ($rc) { #
> from P-Preferred-Identity
> < case -7: #
> header field
> < send_reply("500", "Server Internal
> Error");
> < exit;
> < case -1:
> < send_reply("400", "Bad Request");
> < exit;
> < default:
> < };
> < if (defined($avp(digest_challenge)) &&
> < ($avp(digest_challenge) != "")) {
> < append_to_reply("$avp(digest_challenge)");
> < };
> < send_reply("407", "Proxy Authentication Required");
> < exit;
> < };
> <
> < }
> <
> ---
> > #!ifdef WITH_IPAUTH
> > if((!is_method("REGISTER")) && allow_source_address()) {
> > # source IP allowed
> > return;
> > }
> > #!endif
> 784a741,753
> > if (is_method("REGISTER") || from_uri==myself)
> > {
> > # authenticate requests
> > if (!auth_check("$fd", "subscriber", "1")) {
> > auth_challenge("$fd", "0");
> > exit;
> > }
> > # user authenticated - remove auth header
> > if(!is_method("REGISTER|PUBLISH"))
> > consume_credentials();
> > }
> > # if caller is not local subscriber, then check if it calls
> > # a local destination, otherwise deny, not an open relay here
>
>
>
>
>
>
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
http://miconda.eu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20151207/5dfb6b96/attachment.html>
More information about the sr-users
mailing list