[Serusers] SER + Windows Domain - sr-users - kamailio.org

List overview All Threads
Download

[Serusers] SER + Windows Domain

[Serusers] append_branch And New...

[Serusers] BAD REQUEST from PSTN...

Jaroslaw Gawron

13 Sep 2005 13 Sep '05

1:32 p.m.

Hi all Is there a way to integrate sip authentication with Windows domain database - to integrate function www_authorize with the Active Directory ? If anyone know how to solve this problem - any suggestions are very welcome. Best regards, Jaroslaw Gawron

Attachments:

attachment.html (text/html — 2.5 KB)

Reply

Show replies by date

Chris St Denis

13 Sep 13 Sep

7:09 p.m.

You could do it with SER's radius authentication if you get a radius server that can interface with windows active directory. I think FreeRadius can, but I've never tried. _____ From: serusers-bounces(a)iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Jaroslaw Gawron Sent: Tuesday, September 13, 2005 4:33 AM To: serusers(a)lists.iptel.org Subject: [Serusers] SER + Windows Domain Hi all Is there a way to integrate sip authentication with Windows domain database - to integrate function www_authorize with the Active Directory ? If anyone know how to solve this problem - any suggestions are very welcome. Best regards, Jaroslaw Gawron

Reply

Greger V. Teigre

8:36 p.m.

Are you sure? AD stores hashed passwords and the digest auth method must be implemented. Even though the radius server can authenticate against AD (normally through the LDAP interface), you probably run into problems due to the hash. Another option is using IAS (Internet Authentication Server), basically a simple RADIUS server front-end to AD. I don't know if IAS supports digest, but I wouldn't bet on it. g-) ---- Original Message ---- From: Chris St Denis To: 'Jaroslaw Gawron' ; serusers(a)lists.iptel.org Sent: Tuesday, September 13, 2005 07:09 PM Subject: RE: [Serusers] SER + Windows Domain

You could do it with SER's radius authentication if you get a radius server that can interface with windows active directory. I think FreeRadius can, but I've never tried. From: serusers-bounces(a)iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Jaroslaw Gawron Sent: Tuesday, September 13, 2005 4:33 AM To: serusers(a)lists.iptel.org Subject: [Serusers] SER + Windows Domain Hi all Is there a way to integrate sip authentication with Windows domain database - to integrate function www_authorize with the Active Directory ? If anyone know how to solve this problem - any suggestions are very welcome. Best regards, Jaroslaw Gawron _______________________________________________ Serusers mailing list serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

Reply

Chris St Denis

9:01 p.m.

I believe the radius server can do the digest work (query for the username and password, generate the hash, and compare the digest sent from the sip message. _____ From: Greger V. Teigre [mailto:greger@teigre.com] Sent: Tuesday, September 13, 2005 11:37 AM To: Chris St Denis; 'Jaroslaw Gawron'; serusers(a)lists.iptel.org Subject: Re: [Serusers] SER + Windows Domain Are you sure? AD stores hashed passwords and the digest auth method must be implemented. Even though the radius server can authenticate against AD (normally through the LDAP interface), you probably run into problems due to the hash. Another option is using IAS (Internet Authentication Server), basically a simple RADIUS server front-end to AD. I don't know if IAS supports digest, but I wouldn't bet on it. g-) ---- Original Message ---- From: Chris St Denis To: 'Jaroslaw Gawron' ; serusers(a)lists.iptel.org Sent: Tuesday, September 13, 2005 07:09 PM Subject: RE: [Serusers] SER + Windows Domain

You could do it with SER's radius authentication if you get a radius server that can interface with windows active directory. I think FreeRadius can, but I've never tried. From: serusers-bounces(a)iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Jaroslaw Gawron Sent: Tuesday, September 13, 2005 4:33 AM To: serusers(a)lists.iptel.org Subject: [Serusers] SER + Windows Domain Hi all Is there a way to integrate sip authentication with Windows domain database - to integrate function www_authorize with the Active Directory ? If anyone know how to solve this problem - any suggestions are very welcome. Best regards, Jaroslaw Gawron _______________________________________________ Serusers mailing list serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

Reply

Greger V. Teigre

9:13 p.m.

But in order to generate the hash, the radius server needs the clear-text password. That is not possible to get from AD. g-) ---- Original Message ---- From: Chris St Denis To: 'Greger V. Teigre' ; 'Jaroslaw Gawron' ; serusers(a)lists.iptel.org Sent: Tuesday, September 13, 2005 09:01 PM Subject: RE: [Serusers] SER + Windows Domain

I believe the radius server can do the digest work (query for the username and password, generate the hash, and compare the digest sent from the sip message. From: Greger V. Teigre [mailto:greger@teigre.com] Sent: Tuesday, September 13, 2005 11:37 AM To: Chris St Denis; 'Jaroslaw Gawron'; serusers(a)lists.iptel.org Subject: Re: [Serusers] SER + Windows Domain Are you sure? AD stores hashed passwords and the digest auth method must be implemented. Even though the radius server can authenticate against AD (normally through the LDAP interface), you probably run into problems due to the hash. Another option is using IAS (Internet Authentication Server), basically a simple RADIUS server front-end to AD. I don't know if IAS supports digest, but I wouldn't bet on it. g-) ---- Original Message ---- From: Chris St Denis To: 'Jaroslaw Gawron' ; serusers(a)lists.iptel.org Sent: Tuesday, September 13, 2005 07:09 PM Subject: RE: [Serusers] SER + Windows Domain > You could do it with SER's radius authentication if you get a radius > server that can interface with windows active directory. > > I think FreeRadius can, but I've never tried. > > > > > From: serusers-bounces(a)iptel.org [mailto:serusers-bounces@lists.iptel.org] > On Behalf Of Jaroslaw Gawron > Sent: Tuesday, September 13, 2005 4:33 AM > To: serusers(a)lists.iptel.org > Subject: [Serusers] SER + Windows Domain > > Hi all > > Is there a way to integrate sip authentication with Windows domain > database - to integrate function www_authorize with the Active > Directory ? > If anyone know how to solve this problem - any suggestions are very > welcome. > Best regards, > > Jaroslaw Gawron > > > > _______________________________________________ > Serusers mailing list > serusers(a)lists.iptel.org > http://lists.iptel.org/mailman/listinfo/serusers

Reply

Chris St Denis

9:16 p.m.

It may be able to just pass on the hash to the AD or something, I'm not really sure. I just work with a database backend. _____ From: Greger V. Teigre [mailto:greger@teigre.com] Sent: Tuesday, September 13, 2005 12:14 PM To: Chris St Denis; 'Jaroslaw Gawron'; serusers(a)lists.iptel.org Subject: Re: [Serusers] SER + Windows Domain But in order to generate the hash, the radius server needs the clear-text password. That is not possible to get from AD. g-) ---- Original Message ---- From: Chris St Denis To: 'Greger V. Teigre' ; 'Jaroslaw Gawron' ; serusers(a)lists.iptel.org Sent: Tuesday, September 13, 2005 09:01 PM Subject: RE: [Serusers] SER + Windows Domain

I believe the radius server can do the digest work (query for the username and password, generate the hash, and compare the digest sent from the sip message. From: Greger V. Teigre [mailto:greger@teigre.com] Sent: Tuesday, September 13, 2005 11:37 AM To: Chris St Denis; 'Jaroslaw Gawron'; serusers(a)lists.iptel.org Subject: Re: [Serusers] SER + Windows Domain Are you sure? AD stores hashed passwords and the digest auth method must be implemented. Even though the radius server can authenticate against AD (normally through the LDAP interface), you probably run into problems due to the hash. Another option is using IAS (Internet Authentication Server), basically a simple RADIUS server front-end to AD. I don't know if IAS supports digest, but I wouldn't bet on it. g-) ---- Original Message ---- From: Chris St Denis To: 'Jaroslaw Gawron' ; serusers(a)lists.iptel.org Sent: Tuesday, September 13, 2005 07:09 PM Subject: RE: [Serusers] SER + Windows Domain > You could do it with SER's radius authentication if you get a radius > server that can interface with windows active directory. > > I think FreeRadius can, but I've never tried. > > > > > From: serusers-bounces(a)iptel.org [mailto:serusers-bounces@lists.iptel.org] > On Behalf Of Jaroslaw Gawron > Sent: Tuesday, September 13, 2005 4:33 AM > To: serusers(a)lists.iptel.org > Subject: [Serusers] SER + Windows Domain > > Hi all > > Is there a way to integrate sip authentication with Windows domain > database - to integrate function www_authorize with the Active > Directory ? > If anyone know how to solve this problem - any suggestions are very > welcome. > Best regards, > > Jaroslaw Gawron > > > > _______________________________________________ > Serusers mailing list > serusers(a)lists.iptel.org > http://lists.iptel.org/mailman/listinfo/serusers

Reply

7019

days inactive

7019

days old

sr-users@lists.kamailio.org

Manage subscription

5 comments

3 participants

tags (0)

participants (3)

Chris St Denis
Greger V. Teigre
Jaroslaw Gawron