GlobeInPhotos wrote:
I've commented line in users file
#DEFAULT Auth-Type := Digest
Finally.
That line? That *was* you setting Auth-Type to Digest.
But now I've got following message if non-digest message arrive:
rad_recv: Access-Request packet from host 153.19.130.250:46963, id=190,
length=80
User-Name = "[EMAIL PROTECTED]"
Service-Type = SIP-Callee-AVPs
NAS-Port = 0
NAS-IP-Address = 153.19.130.250
[cut]
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
Ok, so for these non-digest requests, you'll have to configure the
server to authenticate them without a password being present. This is
one of those rare cases where you *do* set auth-type.
So, something like in radiusd.conf:
authorize {
preprocess
# digest will set Auth-Type=Digest IF AND ONLY IF this
# request is a real digest one
digest
files
# maybe other modules
}
...and in "users":
# Since the Auth-Type = Accept is a conditional set, this
# entry will NOT MATCH if the "digest" module has already
# set Auth-Type=Digest
#
# Therefore, it should only match your "special" requests
DEFAULT Service-Type==SIP-Callee-AVPs, Auth-Type = Accept
VoIP-Attribute-1 = value1,
Other-Attribute = otherval
That is: If a request comes in with Service-Type == SIP-Callee-AVPs,
then set Auth-Type to accept IF AND ONLY IF it isn't already set (= is
conditional set; := which you were using earlier is unconditional set -
see "man users"). Then set some attributes on the reply.
You didn't show one of your other (the "real" digest) requests so I
can't be sure what they look like, but something like the above should work.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
