I made it work. I commented out radius_send_auth("set1","set2"). I also
activated digest authentication on the freeRADIUS server and now
authentication is working fine (with users defined as user@SIPServerAddress
).I will now attempt to authenticate the non-register messages. On 6 June 2011 19:34, Tiberiu Breana <[email protected]> wrote: > Hi! > > I'm trying to implement authentication via a freeRADIUS server. I have a > couple of questions: > > 1) I managed to register my UA, but I see the Radius server processing 3 or > more access-request messages (for REGISTER, SUBSCRIBE, PUBLISH, etc), and > accepts them all. Is this normal? > > 2) Another issue is that the Radius server authenticates me with the > 'default' entry in the users file, although I wrote my username and password > in it (which I use in Ekiga to log in). > How should the entries in the freeradius users file look like? Simple > "name" or "name@SIPServerAddress"? > > 3) Another question I'd like to ask is regarding the authentication script. > > These are parts of my config: > [...] > modparam("aaa_radius", "sets", "set1 = (User-Name = $avp(i:85), > Password=$avp(i:84))") > modparam("aaa_radius", "sets", "set2 = (Session-Timeout = $var(time))") > [...] > > if (is_method("REGISTER")) > { > #authenticate the REGISTER requests (uncomment to enable auth) > > radius_send_auth("set1","set2"); > > if (!aaa_www_authorize("")) > { > www_challenge("", "1"); > exit; > } > > if (!db_check_to()) > { > sl_send_reply("403","Forbidden auth ID"); > exit; > } > > if (!save("location")) > sl_reply_error(); > > exit; > } > > The non-REGISTER requests are not authenticated at the moment (commented > out). > Am I doing it right? Do I have to use both aaa_www_authorize("") AND > radius_send_auth or only one? What's the difference? > > Any advice is welcome. Thanks for reading! > > Tiberiu >
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
