Hiya,
I'm trying to use RADIUS server to authorize (authenticate) SIP users. I'm using auth_radius module.
My radius server is the same machine, FreeRadius wich is configured to use LDAP as DB.
Whe I try to authenticate a SIP user I've got a problem, SIP SER sends a radius request with digest method, but my Radius needs a User-Password suplied in order to bind in LDAP.
How can intruct SIP SER in order to pass auth password as User-Password althout Digest???
Thanks in advance.
-- ------------------------------------- Aquel que planta árboles bajo los que sabe muy bien que nunca se sentara, ha descubierto el auténtico significado de la vida.
This is not possible. RADIUS based digest authentication encodes all the data needed to verify digest credentials in a single RADIUS attribute. Freeradius expects data for digest authentication in this format.
User-Password attribute is supposed to contain the password in clear-text, but the proxy does not know the password and thus cannot send it to the RADIUS server.
Jan.
On 09-12-2005 13:15, Paco Orozco wrote:
Hiya,
I'm trying to use RADIUS server to authorize (authenticate) SIP users. I'm using auth_radius module.
My radius server is the same machine, FreeRadius wich is configured to use LDAP as DB.
Whe I try to authenticate a SIP user I've got a problem, SIP SER sends a radius request with digest method, but my Radius needs a User-Password suplied in order to bind in LDAP.
How can intruct SIP SER in order to pass auth password as User-Password althout Digest???
Thanks in advance.
--
Aquel que planta árboles bajo los que sabe muy bien que nunca se sentara, ha descubierto el auténtico significado de la vida.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hi Jan,
This is not possible. RADIUS based digest authentication encodes all the
data needed to verify digest credentials in a single RADIUS attribute. Freeradius expects data for digest authentication in this format.
OK I know this, If I configure digest authentication it works well. But I need to validate users to a LDAP server (We've more than 10.000 posible users)
User-Password attribute is supposed to contain the password in
clear-text, but the proxy does not know the password and thus cannot send it to the RADIUS server.
But, Does SER known password supplied by user (in his/her phone settings)? How can I validate to a LDAP server? Is It not possible?
Thanks in advance
-- ------------------------------------- Aquel que planta árboles bajo los que sabe muy bien que nunca se sentara, ha descubierto el auténtico significado de la vida.
-
Jan Janak -
Paco Orozco