On (28.10.03 10:46), Jiri Kuthan wrote:
Unfortunately, there is now no standard for use of RADIUS along with SIP. SER users leveraging the combination of these two technologies are left with implementation of expired internet drafts. There are some chances that the IETF community revitalizes the document.
Thus, I would appreciate hearing if any of the active RADIUS/SIP/SER users have had any issues with the RADIUS authentication in SER, which is based on draft-sterman-aaa-sip.
Jiri,
as i told you in person on the VON, the module is quite useable at the moment (and in production here), with the following issues:
- the readiusclient library which the module is using does not support vendor-specific attributes, therefore you have to redefine existing attribute space rather than defining new ones (this is what the draft does). A revamp of the module should probably switch to a different backend library (maybe there's something in the freeradius package?) - the module lacks failover to a secondary radius server. failover seems quite straightforward to implement for authentication, which is my major concern, so i'd appreciate seeing that in the module. (We didn't have problems with that yet because of the stability of our radius server, but the day will come for sure ;). It may be more difficult for accounting, but i'm fine with SQL accounting at the moment. - I'd love to see my radius-alias-patch in the upstream sources. That's more of a personal request, because it would save me lot of backporting when switching to a new release. I'd appreciate to hear if someone considers that stuff useful or even dares to use it ;)
I'd volunteer to help on revitalizing the sterman draft. SIP/SER/RADIUS might have become a much more widespread solution over the last few months, so there may be more attention at this time.
cheers
axelm