[Users] Re: [Serusers] Radius Authorization and AVP Retrieval
daniel at voice-system.ro
Sat Sep 24 18:23:54 CEST 2005
could you make an entry in the dokuwiki page so others can benefit of
this information? You can add the link to the message on the mailing
list, too. There is a troubleshooting page for radius
On 09/22/05 22:10, Tavis P wrote:
> I've found a solution to my problem, it was really simple in the end.
> Using the freeradius "users" file you can define a "DEFAULT" username
> that will match all requests you can also add qualifiers to the
> statement (such that, certain additions or changes will be made if AVP
> == somthing):
> "DEFAULT Service-Type == SIP-Callee-AVPs, Auth-Type := None"
> In this case i'm searching for requests that have a service type of
> "31" (SIP-Callee-AVPs, default number defined in the ser/openser
> dictionary used by the avp_radius module) and changing the "Auth-Type"
> from "digest" (which is set prior to this entry in the users file or
> in sql) to "none" allowing the request to succeed and the AVPs
> associated to the account returned
> So now i can authenticate users and also retrieve AVP data using the
> avp_radius module
> Tavis P wrote:
>> I've got authentication working properly (INVITE proxy-authorize and
>> REGISTER) with SIP-AVPs being passed back in the Access-Accept reponse.
>> I'm having issues using avp_radius to load SIP-AVPs for the callee
>> (which i'm calling later on in the script), i'm uncertain as to how i
>> can configure my freeradius server to accept this request which does
>> not contain digest credentials while the account has been configured
>> with "Auth-Type := digest".
>> Is there some technique i can employ on the freeradius server to
>> allow this second transaction? I'm not a freeradius expert and so i
>> have not yet found a way to do this
>> Greger V. Teigre wrote:
>>> Look at the avp_radius README file:
>>> The module assumes that Radius returns the AVPs as values of reply
>>> attribute SIP-AVP. Its value must be a string of form "name:value" or
>>> of form "name#value". In the first case, value is interpreted as
>>> a string and in the second case as an int (second case has not been
>>> implemented yet).
>>> The module prefixes each attribute name as returned from Radius by
>>> string "caller_" or "callee_" depending if caller's or callee's
>>> attributes are loaded.
>>> Tavis P wrote:
>>>> I'm having some trouble trying to integrate both Radius authentication
>>>> and Radius AVP storage.
>>>> I'm using freeradius and there doesn't seem to be much documentation
>>>> regarding configuration semantics and such.
>>>> Could anyone share some information on how they were able to use a
>>>> Radius server to authenticate requests and (with avp_radius) as an AVP
>>>> retrieval mechanism?
>>>> I'm uncertain as to how I can stack these two uses of data on the
>>>> freeradius server
>>>> Serusers mailing list
>>>> Serusers at iptel.org
>> Serusers mailing list
>> Serusers at iptel.org
> Users mailing list
> Users at openser.org
More information about the Users