Hello Sebastian,
Aside the standard functionalities (auth and acc), opensips allows you
do whatever custom RADIUS interaction via aaa_radius module.
You can define sets of AVPS to define the RADIUS requests and replies
(see
http://www.opensips.org/html/docs/modules/1.8.x/aaa_radius.html#id249101) and
then, you can push data to RADIUS via radius_send_auth/acc() functions -
http://www.opensips.org/html/docs/modules/1.8.x/aaa_radius.html#id249958
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 07/20/2012 02:26 PM, Sebastien CRUAUX wrote:
Hi,
I was wondering if it was possible to perform RADIUS authentication
(using custom AVPs) when the REGISTER request (with digest attributes)
is received BUT without checking anything in the "subscriber" database
(no user/password checking, only RADIUS server should tell us if we
can register or not).
To sum up, here is the call flow I would like to get :
- Opensips receives 1st REGISTER from the user
- Opensips challenges the user with a 401 Unauthorized
- user sends a 2nd REGISTER with digest attributes
- Opensips sends an Access-Request with custom AVPs to my external
RADIUS server (using the "radius_send_auth" function)
- RADIUS server answers Access-Accept (or Access-Reject) and Opensips
sends 200 OK (or 403 Forbidden) to the user
I do not see how to do that in opensips.cfg since as far as I know,
"www_challenge" is always associated to either "www_authorize" (which
will perform a database check of username/password that I do not want)
or "aaa_www_authorize" (which will send an Access-Request to my RADIUS
server but without my custom AVPs).
Thank you !
Best regards,
Sebastien
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
