22 Dec
2004
22 Dec
'04
6:37 p.m.
All I did was run FreeRADIUS in debug mode to see what attributes it was
being sent. Sip-Uri-User happened to be one of them which contained the
username. So it's just a case of adding an additional rad check item.
With FreeRADIUS using MySQL as the back end, you would have the following in
the radcheck table
+----+----------------------------+---------------+----+------------+
| id | UserName | Attribute | op | Value |
+----+----------------------------+---------------+----+------------+
| 1 | 01913405062(a)mydomain.com | User-Password | == | testing123 |
| 2 | 01913405062(a)mydomain.com | Sip-Uri-User | == | 01913405062 |
+----+----------------------------+---------------+----+------------+
in a similar way as you would set the Sip-Rpid in the radreply table.
The ser config remains the same as it would for standard authentication,
nothing in that needs to be changed!
-----Original Message-----
From: Bruno Lopes F. Cabral [mailto:bruno@openline.com.br]
Sent: 22 December 2004 15:13
To: hostmaster(a)telcoelectronics.co.uk
Subject: Re: [Serusers] SER + RADIUS
I'd like to see a ser.cfg snippet, if you can of course,
because I could not find how to do this on my tests,
nor get help on this from the list :~)
Thanks for answering, anyway
hostmaster(a)telcoelectronics.co.uk wrote:
With regards to the check_to functionality when using
RADIUS, you can
always
add an additional check constraint for Sip-Uri-User
which does the same
job.
> RADIUS auth works but without check_to and
> check_from (to solve this, use an Exec-Program-Wait
> script to deny the access). Sorry, no SIP
> Session-timeout
-------------------------------------------------------------------------------------------------------
This email, and any files transmitted with it, is copyright and may contain confidential
information.
The contents are intended for the use of the addressee(s) only.
Unauthorized use may be unlawful.
If you receive this email by mistake, please advise sender immediately.
The views of the author may not necessarily constitute the views of Telco Electronics
Limited.
Nothing in this mail shall bind Telco Electronics Limited in any contract or obligation.
Telco Electronics Limited
6-8 Oxford Court
Brackley
Northants
NN13 7XY
Tel 01280 761600
Fax 01280 841174
27 Dec
27 Dec
8:19 p.m.
New subject: [Serusers] SER + RADIUS
I like to make a How to page on ser and freeradius. Can you guys help?
Thanks
&*&*&*&*&*&*&*&*&*&*&*&*&*&*&*&*&*&*&*&*&*&*&*&*&*&*&*&*&*&*
C.M. Rahman Jr.
IT Manager
CCNP, MCSE Security "Secure your self by securing your System"
CompTI Security Plus Certified
CCS Internet
http://www.ccsi.com
13706 Research Blvd. Suite 100
Austin, TX 78750
Tel: 512-257-2274 Ex: 115
-----Original Message-----
From: serusers-bounces(a)iptel.org [mailto:serusers-bounces@lists.iptel.org] On
Behalf Of hostmaster(a)telcoelectronics.co.uk
Sent: Wednesday, December 22, 2004 10:38 AM
To: Bruno Lopes F. Cabral
Cc: SER Mailing List
Subject: RE: [Serusers] SER + RADIUS
All I did was run FreeRADIUS in debug mode to see what attributes it was
being sent. Sip-Uri-User happened to be one of them which contained the
username. So it's just a case of adding an additional rad check item.
With FreeRADIUS using MySQL as the back end, you would have the following in
the radcheck table
+----+----------------------------+---------------+----+------------+
| id | UserName | Attribute | op | Value |
+----+----------------------------+---------------+----+------------+
| 1 | 01913405062(a)mydomain.com | User-Password | == | testing123 |
| 2 | 01913405062(a)mydomain.com | Sip-Uri-User | == | 01913405062 |
+----+----------------------------+---------------+----+------------+
in a similar way as you would set the Sip-Rpid in the radreply table.
The ser config remains the same as it would for standard authentication,
nothing in that needs to be changed!
-----Original Message-----
From: Bruno Lopes F. Cabral [mailto:bruno@openline.com.br]
Sent: 22 December 2004 15:13
To: hostmaster(a)telcoelectronics.co.uk
Subject: Re: [Serusers] SER + RADIUS
I'd like to see a ser.cfg snippet, if you can of course,
because I could not find how to do this on my tests,
nor get help on this from the list :~)
Thanks for answering, anyway
hostmaster(a)telcoelectronics.co.uk wrote:
With regards to the check_to functionality when using
RADIUS, you can
always
add an additional check constraint for Sip-Uri-User
which does the same
job.
> RADIUS auth works but without check_to and
> check_from (to solve this, use an Exec-Program-Wait
> script to deny the access). Sorry, no SIP
> Session-timeout
----------------------------------------------------------------------------
---------------------------
This email, and any files transmitted with it, is copyright and may contain
confidential information.
The contents are intended for the use of the addressee(s) only.
Unauthorized use may be unlawful.
If you receive this email by mistake, please advise sender immediately.
The views of the author may not necessarily constitute the views of Telco
Electronics Limited.
Nothing in this mail shall bind Telco Electronics Limited in any contract or
obligation.
Telco Electronics Limited
6-8 Oxford Court
Brackley
Northants
NN13 7XY
Tel 01280 761600
Fax 01280 841174
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
7274
days inactive
7279
days old
1 comments
2 participants
participants (2)
-
CM Rahman Jr. -
hostmaster@telcoelectronics.co.uk