On 10-02 16:34, Dipole Moment wrote:

Hi all,

I'm planning to use SER with a 3rd party billing platform that understands Cisco VSA as described here http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/vapp_dev/vsa....

I've been looking into RADIUS implementation in SER and looks like it cannot be used out of the box, there's no support for authorization and native RADIUS authentication, only digest. Before I go on and add necessary code to auth_radius module, I'd like to know if anyone has implemented it and would like to share/sell his code.

I have to admit I do not know exactly how native RADIUS authentication works, but what you are aiming for will most likely be not psssible. Virtually all SIP user agent use digest authentication and thus SER receives digest response hash only.

I suppose that in native radius authentication the client sends the plaintext password to the RADIUS server for verification, but SER does not know the password, it only knows the digest response hash.

Thus some RADIUS servers have been extended (or hacked, if you like) to support digest authentication directly. SER encapsulates all digest attributes received from the user agent into single RADIUS attribute and sends it to the RADIUS server, which then verifies the digest credentials and sends back Authorized/Unauthorized.

Jan.