[Users] Re: [Serusers] Radius Authorization and AVP Retrieval

[Tavis P]

I've found a solution to my problem, it was really simple in the end.

Using the freeradius "users" file you can define a "DEFAULT" username 
that will match all requests you can also add qualifiers to the 
statement (such that, certain additions or changes will be made if AVP 
== somthing):

"DEFAULT Service-Type == SIP-Callee-AVPs, Auth-Type := None"

In this case i'm searching for requests that have a service type of "31" 
(SIP-Callee-AVPs, default number defined in the ser/openser dictionary 
used by the avp_radius module) and changing the "Auth-Type" from 
"digest" (which is set prior to this entry in the users file or in sql) 
to "none" allowing the request to succeed and the AVPs associated to the 
account returned

So now i can authenticate users and also retrieve AVP data using the 
avp_radius module

tavis

Tavis P wrote:

> I've got authentication working properly (INVITE proxy-authorize and 
> REGISTER) with SIP-AVPs being passed back in the Access-Accept reponse.
>
> I'm having issues using avp_radius to load SIP-AVPs for the callee 
> (which i'm calling later on in the script), i'm uncertain as to how i 
> can configure my freeradius server to accept this request which does 
> not contain digest credentials while the account has been configured 
> with "Auth-Type := digest".
>
> Is there some technique i can employ on the freeradius server to allow 
> this second transaction?  I'm not a freeradius expert and so i have 
> not yet found a way to do this
>
> thanks!
> Tavis
>
> Greger V. Teigre wrote:
>
>> Look at the avp_radius README file:
>>  The module assumes that Radius returns the AVPs as values of reply
>>  attribute SIP-AVP.  Its value must be a string of form "name:value" or
>>  of form "name#value".  In the first case, value is interpreted as
>>  a string and in the second case as an int (second case has not been
>>  implemented yet).
>>
>>  The module prefixes each attribute name as returned from Radius by
>>  string "caller_" or "callee_" depending if caller's or callee's
>>  attributes are loaded.
>>
>> g-)
>> Tavis P wrote:
>>
>>> I'm having some trouble trying to integrate both Radius authentication
>>> and Radius AVP storage.
>>>
>>> I'm using freeradius and there doesn't seem to be much documentation
>>> regarding configuration semantics and such.
>>>
>>> Could anyone share some information on how they were able to use a
>>> Radius server to authenticate requests and (with avp_radius) as an AVP
>>> retrieval mechanism?
>>>
>>> I'm uncertain as to how I can stack these two uses of data on the
>>> freeradius server
>>>
>>>
>>> tavis
>>>
>>> _______________________________________________
>>> Serusers mailing list
>>> Serusers at iptel.org
>>> http://mail.iptel.org/mailman/listinfo/serusers
>>
>>
>>
>>
>
> _______________________________________________
> Serusers mailing list
> Serusers at iptel.org
> http://mail.iptel.org/mailman/listinfo/serusers
>
>