Hello, thanks for sharing back the solution. It will be useful in the future for people facing the same issue.
Probably we should update the very old tutorial for using Radius ( https://www.kamailio.org/docs/openser-radius-1.0.x.html). I can take the time to put it on gihub (probably as markdown file so we can use mkdocs to publish it in nice html output), but I need people using Radius these days to contribute updates, because I don't use Radius anymore for many years. Is anyone interested in helping with it? Cheers, Daniel On Mon, May 22, 2017 at 8:56 AM, Donat Zenichev <[email protected]> wrote: > What did you mean, when you ask for 'backend'? > If you meant an storage, so it's not a .txt users file, I'm using db - > radcheck table. > > So guys, the I've solved the problem. > It wasn't consisted of kamailio functions or radius configuration. > > So you're free to use: www_challenge("$fd", "1"), until > up radius_www_authorize("$fd","$fU") comes up. > Qop parameter does what he does and changes nothing within radius > authentication process. > > > My problem was about username column in radcheck table. > It's not enough to insert an username, you ought to use full URI, like: > [email protected] > Also don't forget about attributes of the row that belongs to a certain > user agent. > > So my part of table for one of users looks like that: > ;----------------------------------------------------------- > --------------------------------------------------------; > ;---id---;---username-------;------attribute---------;------ > op-------;----------value---------------------; > ;----------------------------------------------------------- > --------------------------------------------------------; > ;__1__;[email protected]_;__User-Password_;___==_____;_____hereuapassowrd____; > ;__2__;[email protected]_;__Auth-Type_____;___:=______;_____Digest____________; > ;__.... > > Actually, I don't know why, but there is just a few articles all over the > net, that describes a bit the functionality and processing with auth_radius > module. > I hope my case will be useful for others, who uses kamailio + radius/db > > But I have a problem how to request AVPs for a certain user from RADIUS, I > found some solutions with SIP-AVP attribute, but still haven't done it. > Now I have to databases, one for Kamailio (that contains users AVPs, that > Kamailio gets by avp_db_query) and second for users credentials (that are > used while authorization on INVITE, REGISTER requests). > > And as for the future, I have a goal to store passwords in ha1, haven't > started to discover this. > > > > > 2017-05-18 17:11 GMT+03:00 Donat Zenichev <[email protected]>: > >> Hi all. >> Have a problem with radius authorization. >> >> I'm using auth_radius.so >> >> modparams, only path to client file: >> modparam("auth_radius", "radius_config", "/etc/radiusclient/radiusclien >> t.conf") >> >> Freeradius installed and is working properly, radtest authentication from >> kamailio host succeed . >> >> How authorization block looks like: >> >> if (!is_present_hf("Authorization")) { >> xlog("L_NOTICE", "----- Athorization HF is not found - passing the >> challenge -----\n"); >> >> if (nat_uac_test("2")) { >> force_rport(); >> } >> >> www_challenge("$fd", "1"); >> exit; >> >> >> if (!radius_www_authorize("$fd","$fU")) { >> >> if (nat_uac_test("2")) { >> force_rport(); >> } >> xlog("L_NOTICE", "----- Registeration $au@$ar ($fU) from $si:$sp >> Rejected. Code: $rc -----\n"); >> >> sl_send_reply("401","Unauthorized"); >> exit; >> >> Radius log is filled by rows like: >> Auth: [digest] Cleartext-Password or Digest-HA1 is required for >> authentication. >> >> Tried to use radius_www_authorize without $fU - didn't change anything. >> Tried to use www_challenge without qop - didn't change anything. >> >> So, this solution is quite simple, but I have a fail while digest >> authentication. >> Any ideas? >> >> >> -- >> -- >> BR, Donat Zenichev >> Wnet VoIP team >> Tel: +380(44) 5-900-808 >> http://wnet.ua >> > > > > -- > -- > BR, Donat Zenichev > Wnet VoIP team > Tel: +380(44) 5-900-808 > http://wnet.ua > > _______________________________________________ > Kamailio (SER) - Users Mailing List > [email protected] > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > -- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
