It may be able to just pass on the hash to the AD or something, I’m not really sure. I just work with a database backend.

 

From: Greger V. Teigre [mailto:greger@teigre.com]
Sent: Tuesday, September 13, 2005 12:14 PM
To: Chris St Denis; 'Jaroslaw Gawron'; serusers@lists.iptel.org
Subject: Re: [Serusers] SER + Windows Domain

 

But in order to generate the hash, the radius server needs the clear-text password. That is not possible to get from AD.

g-)

---- Original Message ----
From: Chris St Denis
To: 'Greger V. Teigre' ; 'Jaroslaw Gawron' ; serusers@lists.iptel.org
Sent: Tuesday, September 13, 2005 09:01 PM
Subject: RE: [Serusers] SER + Windows Domain

> I believe the radius server can do the digest work (query for the
> username and password, generate the hash, and compare the digest sent
> from the sip message. 
>
>
>
>
> From: Greger V. Teigre [mailto:greger@teigre.com]
> Sent: Tuesday, September 13, 2005 11:37 AM
> To: Chris St Denis; 'Jaroslaw Gawron'; serusers@lists.iptel.org
> Subject: Re: [Serusers] SER + Windows Domain
>
> Are you sure? AD stores hashed passwords and the digest auth method
> must be implemented. Even though the radius server can authenticate
> against AD (normally through the LDAP interface), you probably run
> into problems due to the hash. Another option is using IAS (Internet
> Authentication Server), basically a simple RADIUS server front-end to
> AD. I don't know if IAS supports digest, but I wouldn't bet on it.  
> g-)
> ---- Original Message ----
> From: Chris St Denis
> To: 'Jaroslaw Gawron' ; serusers@lists.iptel.org
> Sent: Tuesday, September 13, 2005 07:09 PM
> Subject: RE: [Serusers] SER + Windows Domain
>
>> You could do it with SER’s radius authentication if you get a radius
>> server that can interface with windows active directory.
>>
>> I think FreeRadius can, but I’ve never tried.
>>
>>
>>
>>
>> From: serusers-bounces@lists.iptel.org [mailto:serusers-bounces@lists.iptel.org]
>> On Behalf Of Jaroslaw Gawron
>> Sent: Tuesday, September 13, 2005 4:33 AM
>> To: serusers@lists.iptel.org
>> Subject: [Serusers] SER + Windows Domain
>>
>> Hi all
>>
>> Is there a way to integrate sip authentication with  Windows domain
>> database - to integrate function www_authorize with the Active
>> Directory ?
>> If anyone know how to solve this problem – any suggestions are very
>> welcome.
>> Best regards,
>>
>> Jaroslaw Gawron
>>
>>
>>
>> _______________________________________________
>> Serusers mailing list
>> serusers@lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers