On Fri 10 Feb 2006 19:40, Philippe Sultan wrote: > Hi Nate, > > On 2/10/06, Nathan C. Smith <[EMAIL PROTECTED]> wrote: > > We would certainly like to have your radius implementation merged in at > > some point. Is it working well for you? > > It is indeed. Another user tested it succesfully (see Dome C.'s posts). > > However, it currently relies on two RADIUS clients : > - pam_radius : a PAM RADIUS client > - radiusclient-ng : the RADIUS client API used in SER > > The latter can be used *as is* whereas pam_radius needs to be patched. > So I guess it would be better to keep only radiusclient-ng (Dome C > validated his testing using radiusclient-ng). What do you guys think?
Can you elaborate on what features your radius implementation supports? The things (that I can think of) that we need to support for a full implimentation include: * Authentication of VoIP users. * Authorisation of VoIP users. * Authorisation of calls at various points in call flow (dialplan app) * Accounting of call Legs. * Accounting of calls at various points in call flow (dialplan app) * Auditing/Accounting of command line and manager command usage. Possibly the Dial() application should be modified to allow it to dial a route received as Reply Attribute from a RADIUS server, although this may be cleaner to do with a standalone app which simply sets a variable. All of the VoIP channels need to take notice of reply attributes as well. Basically anything that can currently be set in a sip/h323/iax/XXX peer should also be settable with a RADIUS reply attribute. To do this we should come up with an OpenPBX RADIUS dictionary and register a vendor number. (On a related note we should register an IANA Enterprise Number for SNMP support also.) Some of this stuff is easy and some of it is not. I am still of the opinion that OpenPBX needs a centralised user model to do all this properly. This should also trivially allow things like pam authentication also which could be enabled by default so when you install OpenPBX it automatically knows about your system users (Like apache, sendmail, ftp, pop, imap and every other unix service does) I am sure that there are other things we can/could/should do also, but thats all the comes to mind at present. Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
pgpmppXyZGewf.pgp
Description: PGP signature
_______________________________________________ Openpbx-users mailing list [email protected] http://lists.openpbx.org/mailman/listinfo/openpbx-users
