Re: [OpenSIPS-Users] Custom RADIUS digest auth. request
Communication problems here. Seems like my mail was cut off to early. Here's the rest: realm RealmName { #RealmName is the domain specified in the >From URI auth_pool = PoolName } One more thing, you need to declare the RADIUS proxy's IP and shared secret in the "home" RADIUS clients.conf file. That's it. Enjoy! ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Custom RADIUS digest auth. request
Thanks, I solved it before reading this mail. I just logged in to post the solution when I saw your reply :) So, here's the solution for anyone interested in forwarding authentication requests through freeRADIUS servers: I used aaa_proxy_authorize (which seems fairly logical, since I am using a foreign server for authentication) like this: aaa_proxy_authorize("", "$fu"), where $fu is the URI of the "From" header (which should contain your home domain). To allow RADIUS forwarding, the desired realm should be declared in freeRADIUS' proxy.conf, along with its corresponding IP and shared secret: home_server HomeServerName { type = auth ipaddr = port = 1812 secret = xxx #shared with the foreign RADIUS server } home_server_pool PoolName { type = fail-over home_server = HomeServerName } realm RealmName { #RealmName is the domain specified in the >From URI auth_pool = PoolName } One more thing, you need to declare the RADIUS proxy's IP and shared secret in the "home" RADIUS clients.conf file. That's it. Enjoy! ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Custom RADIUS digest auth. request
Salut Tiberiu, Normally, the auth username is taken from TO hdr (for REGISTER) or from FROM hdr (non-REGISTER) - both username and domain part. So probably, in your case, the IP comes from the FROM hdr. Also, opensips allows you to pass a custom SIP URI for auth, as a second optional param to the aaa_proxy_auth() : http://www.opensips.org/html/docs/modules/1.6.x/auth_aaa.html Currently this is not supported for aaa_www_auth() (for REGISTER) can be simply done, if this solves your problem. Regards, Bogdan On 06/24/2011 05:25 PM, Tiberiu Breana wrote: Hello. I'm trying to simulate a mobility situation where a User Agent Client is connecting to a foreign SIP proxy. My setup is something like this: UA ---> F-SIP ---> F-AAA | | H-SIP ---> H-AAA The user is registered on the H-AAA server. I want to authenticate him through H-AAA, but the aaa_www_authorize function sends the username as "user@", regardless of what username I choose in my softphone. So there's no way to detect the user's home domain (that my UAC provides). I know I could make a custom radius_send_auth, but I wanted to follow protocol and keep the digest mechanism for registering. Or is there a way to make a custom digest auth to work with the register process? Any advice is appreciated! Regards, Tiberiu ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users -- Bogdan-Andrei Iancu OpenSIPS solutions and "know-how" ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] Custom RADIUS digest auth. request
Hello. I'm trying to simulate a mobility situation where a User Agent Client is connecting to a foreign SIP proxy. My setup is something like this: UA ---> F-SIP ---> F-AAA | | H-SIP ---> H-AAA The user is registered on the H-AAA server. I want to authenticate him through H-AAA, but the aaa_www_authorize function sends the username as "user@", regardless of what username I choose in my softphone. So there's no way to detect the user's home domain (that my UAC provides). I know I could make a custom radius_send_auth, but I wanted to follow protocol and keep the digest mechanism for registering. Or is there a way to make a custom digest auth to work with the register process? Any advice is appreciated! Regards, Tiberiu ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users