Requirement
Authenticating SIP Clients through a SIP proxy via RADIUS with an LDAP Backend using digest mode.
The path is SIP client X -> Ser SIP Proxy -> FreeRadius -> Fedora Directory Server
Issue
Cannot authenticate a SIP client using Freeradius digest mode and LDAP.
After reading through a number of the newslists of all of the projects being used, There is contradictory information about whether this is possible.
One solution described in the FreeRadius mailing list says that the it should be possible by setting up radiusd.conf correctly to return the password field from the LDAP server and then having the digest module decode it.
Another thread in freeradius says that it isn't possible to store the passwords the LDAP server encrypted. That the LDAP server needs to return cleartext passwords over a TLS connection.
Several threads in the SER say that it is possible, but the examples given don't include LDAP in the equation so it is hard to tell.
I have read the Radius Howto on the SER page and the LDAP howto in the freeradius documentation and neither of them authoritatively answer the question.
Environment OS: Fedora 4 Radius Server : FreeRadius 1.0.4 Radius Client : radiusclient-ng 5.2 SIP Proxy : SER 0.9.4 Directory Server: Fedora Directory Server 1.0.1 Directory Server schema: inetOrgPerson Directory Server password encoding: SHA SIP Client : Client X
Network setup ServerA hosts SER, FreeRadius ServerB hosts Directory Server
Both servers are on the same subnet.
thanks, jon
--
"Whereever you go, there you are"