Hello,
On 22.05.17 16:56, Donat Zenichev wrote: > Well, actually I can try. > What will be the main goal of this edition? to get it updated for latest kamailio stable version, 5.0.x. > > Now I'm trying to find all features (about Radius) that have any > influence on authentication process. > And one more question, is it possible to discuss the refurbish actions > of the article not at sr-list, but in personal mailing? Discussions on mailing list is better. I don't use RADIUS anymore, for many years, so I can't really help much on private. Moreover, my inbox is not checked very often, it's a lot of unsolicited mail there. I rarely respond to emails there, unless I ask explicitly for some sensitive details and then have a filter on catching such messages. I check always the folders for mailing lists when I have a bit of time, when it's nothing do respond on mailing list, nothing to fix from bug tracker or nothing else to spend time on it, then I may get on the inbox -- in other words, it's very unlikely, that's why I send from time to time reminders here that writing private messages regarding kamailio have little chance to be answered - mailing lists are way better. Cheers, Daniel > > > > 2017-05-22 9:56 GMT+03:00 Donat Zenichev <donat.zenic...@gmail.com > <mailto:donat.zenic...@gmail.com>>: > > What did you mean, when you ask for 'backend'? > If you meant an storage, so it's not a .txt users file, I'm using > db - radcheck table. > > So guys, the I've solved the problem. > It wasn't consisted of kamailio functions or radius configuration. > > So you're free to use: www_challenge("$fd", "1"), until > up radius_www_authorize("$fd","$fU") comes up. > Qop parameter does what he does and changes nothing within radius > authentication process. > > > My problem was about username column in radcheck table. > It's not enough to insert an username, you ought to use full URI, > like: username@my.proxy.domain > Also don't forget about attributes of the row that belongs to a > certain user agent. > > So my part of table for one of users looks like that: > > ;-------------------------------------------------------------------------------------------------------------------; > > ;---id---;---username-------;------attribute---------;------op-------;----------value---------------------; > > ;-------------------------------------------------------------------------------------------------------------------; > ;__1__;__ua@dom.com_;__User-Password_;___==_____;_____hereuapassowrd____; > ;__2__;__ua@dom.com_;__Auth-Type_____;___:=______;_____Digest____________; > ;__.... > > Actually, I don't know why, but there is just a few articles all > over the net, that describes a bit the functionality and > processing with auth_radius module. > I hope my case will be useful for others, who uses kamailio + > radius/db > > But I have a problem how to request AVPs for a certain user from > RADIUS, I found some solutions with SIP-AVP attribute, but still > haven't done it. > Now I have to databases, one for Kamailio (that contains users > AVPs, that Kamailio gets by avp_db_query) and second for users > credentials (that are used while authorization on INVITE, REGISTER > requests). > > And as for the future, I have a goal to store passwords in ha1, > haven't started to discover this. > > > > > 2017-05-18 17:11 GMT+03:00 Donat Zenichev > <donat.zenic...@gmail.com <mailto:donat.zenic...@gmail.com>>: > > Hi all. > Have a problem with radius authorization. > > I'm using auth_radius.so > > modparams, only path to client file: > modparam("auth_radius", "radius_config", > "/etc/radiusclient/radiusclient.conf") > > Freeradius installed and is working properly, radtest > authentication from kamailio host succeed . > > How authorization block looks like: > > if (!is_present_hf("Authorization")) { > xlog("L_NOTICE", "----- Athorization HF is not found - passing > the challenge -----\n"); > > if (nat_uac_test("2")) { > force_rport(); > } > > www_challenge("$fd", "1"); > exit; > > > if (!radius_www_authorize("$fd","$fU")) { > > if (nat_uac_test("2")) { > force_rport(); > } > xlog("L_NOTICE", "----- Registeration $au@$ar ($fU) from > $si:$sp Rejected. Code: $rc -----\n"); > > sl_send_reply("401","Unauthorized"); > exit; > > Radius log is filled by rows like: > Auth: [digest] Cleartext-Password or Digest-HA1 is required > for authentication. > > Tried to use radius_www_authorize without $fU - didn't change > anything. > Tried to use www_challenge without qop - didn't change anything. > > So, this solution is quite simple, but I have a fail while > digest authentication. > Any ideas? > > > -- > -- > BR, Donat Zenichev > Wnet VoIP team > Tel: +380(44) 5-900-808 > http://wnet.ua > > > > > -- > -- > BR, Donat Zenichev > Wnet VoIP team > Tel: +380(44) 5-900-808 > http://wnet.ua > > > > > -- > -- > BR, Donat Zenichev > Wnet VoIP team > Tel: +380(44) 5-900-808 > http://wnet.ua > > > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users -- Daniel-Constantin Mierla www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training - www.asipto.com Kamailio World Conference - www.kamailioworld.com
_______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users