Re: [OpenSIPS-Users] Custom RADIUS digest auth. request
Communication problems here. Seems like my mail was cut off to early. Here's
the rest:
realm RealmName { #RealmName is the domain specified in the
>From URI
auth_pool = PoolName
}
One more thing, you need to declare the RADIUS proxy's IP and shared secret
in the "home" RADIUS clients.conf file.
That's it. Enjoy!
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Custom RADIUS digest auth. request
Thanks, I solved it before reading this mail. I just logged in to post the
solution when I saw your reply :)
So, here's the solution for anyone interested in forwarding authentication
requests through freeRADIUS servers:
I used aaa_proxy_authorize (which seems fairly logical, since I am using a
foreign server for authentication) like this:
aaa_proxy_authorize("", "$fu"), where $fu is the URI of the "From" header
(which should contain your home domain).
To allow RADIUS forwarding, the desired realm should be declared in
freeRADIUS' proxy.conf, along with its corresponding IP and shared secret:
home_server HomeServerName {
type = auth
ipaddr =
port = 1812
secret = xxx #shared with the foreign RADIUS
server
}
home_server_pool PoolName {
type = fail-over
home_server = HomeServerName
}
realm RealmName { #RealmName is the domain specified in the
>From URI
auth_pool = PoolName
}
One more thing, you need to declare the RADIUS proxy's IP and shared secret
in the "home" RADIUS clients.conf file.
That's it. Enjoy!
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Custom RADIUS digest auth. request
Salut Tiberiu, Normally, the auth username is taken from TO hdr (for REGISTER) or from FROM hdr (non-REGISTER) - both username and domain part. So probably, in your case, the IP comes from the FROM hdr. Also, opensips allows you to pass a custom SIP URI for auth, as a second optional param to the aaa_proxy_auth() : http://www.opensips.org/html/docs/modules/1.6.x/auth_aaa.html Currently this is not supported for aaa_www_auth() (for REGISTER) can be simply done, if this solves your problem. Regards, Bogdan On 06/24/2011 05:25 PM, Tiberiu Breana wrote: Hello. I'm trying to simulate a mobility situation where a User Agent Client is connecting to a foreign SIP proxy. My setup is something like this: UA ---> F-SIP ---> F-AAA | | H-SIP ---> H-AAA The user is registered on the H-AAA server. I want to authenticate him through H-AAA, but the aaa_www_authorize function sends the username as "user@", regardless of what username I choose in my softphone. So there's no way to detect the user's home domain (that my UAC provides). I know I could make a custom radius_send_auth, but I wanted to follow protocol and keep the digest mechanism for registering. Or is there a way to make a custom digest auth to work with the register process? Any advice is appreciated! Regards, Tiberiu ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users -- Bogdan-Andrei Iancu OpenSIPS solutions and "know-how" ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] Custom RADIUS digest auth. request
Hello. I'm trying to simulate a mobility situation where a User Agent Client is connecting to a foreign SIP proxy. My setup is something like this: UA ---> F-SIP ---> F-AAA | | H-SIP ---> H-AAA The user is registered on the H-AAA server. I want to authenticate him through H-AAA, but the aaa_www_authorize function sends the username as "user@", regardless of what username I choose in my softphone. So there's no way to detect the user's home domain (that my UAC provides). I know I could make a custom radius_send_auth, but I wanted to follow protocol and keep the digest mechanism for registering. Or is there a way to make a custom digest auth to work with the register process? Any advice is appreciated! Regards, Tiberiu ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
