<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>
<font size="3" face="Times New Roman">
</font><font size="3"><font face="Calibri">I thanks for the responses. However, I still don’t have a “vision”
on how I can address my problem. My key points here are:</font></font><BR> <BR><font size="3"><font face="Calibri">- </font><font face="Calibri">Most of the enterprise companies have a directory service
implemented already. So it does not make sense to create and maintain a second
one just for SIP clients. With this in mind, we may use LDAP or RADIUS to prevent
introducing a new directory just for SIP.</font></font><BR> <BR><font size="3"><font face="Calibri">- </font><font face="Calibri">As long as I understood from my readings (sorry if I am wrong),
Kamailio LDAP will require a change on the customer’s LDAP schema, what most of
the times is “undesirable” on large enterprise. So the way out is to use the native operation
system RADIUS services from the customer’s environment, most of the time M$.</font></font><BR> <BR><font size="3"><font face="Calibri">Sorry if I am bugging the community of a “carrier product”
trying to adapt it to the enterprise environment. But why not? Kamailio is very
stable, very low foot print, very scalable and it is a product that could
become the “de facto” standard for “the SIP server” like we have a “de facto”
standard for DNS, DHCP, SQL, HTTP, etc. in most of Linux distro. By other hand, most (or all) SIP-PBX servers out there will solve the SIP issues but will also interfere on the RTP, what Kamailio does not do...</font></font><BR> <BR><font size="3"><font face="Calibri">So my next question is: is it there on the Kamailio
community anyone willing to work on a “Kamailio Enterprise Edition”? I believe the
enterprise market is just thousands times larger than the carrier one. So, does
it worth to create a thread just to discuss using Kamailio on the enterprise? </font></font><font size="3"><font face="Calibri">As </font><font face="Calibri">the last question, am I on the right forum? I mean, am I
asking the right thing on the wrong place?</font></font><BR> <BR><font size="3"><font face="Calibri">Think about it: thousands and thousands of enterprise
companies using Kamailio! Why not?</font></font><BR> <BR><font size="3"><font face="Calibri">Cheers!</font></font><BR> <BR><font size="3"><font face="Calibri"><font size="3"><font face="Calibri">Moacir</font></font></font></font><BR><font size="3" face="Calibri"></font> <BR><div><hr id="stopSpelling">Date: Thu, 20 Dec 2012 18:29:55 +0100<br>From: miconda@gmail.com<br>To: moacirferreira@hotmail.com<br>CC: sr-users@lists.sip-router.org<br>Subject: Re: [SR-Users] RADIUS authentication<br><br>
<br>
<div class="ecxmoz-cite-prefix">On 12/20/12 3:58 PM, Moacir Ferreira
wrote:<br>
</div>
<blockquote cite="mid:COL125-W776D33F9A4C45AB92F35BC8370@phx.gbl">
<style><!--
.ExternalClass .ecxhmmessage P
{padding:0px;}
.ExternalClass body.ecxhmmessage
{font-size:10pt;font-family:Tahoma;}
--></style>
<div dir="ltr">
Yeah... I know it can be a kind of problem. But millions of
companies are using MS meaning we need to "adapt" if willing to
work for the enterprise market. If we do not offer some kind of
integration with AD, then we will end-up having 2 user names and
2 passwords while the "good sense" is forwarding everyone to
"single sign-on".<br>
</div>
</blockquote>
There is no need for two usernames, but could be the case for two
passwords...<br>
<blockquote cite="mid:COL125-W776D33F9A4C45AB92F35BC8370@phx.gbl">
<div dir="ltr"> <br>
Anyway, it is tricky but M$ (I liked the $ thing here) can do
MD5.</div>
</blockquote>
<br>
MD5 is just the hashing algorithm, with is used in www-digest
authentication.<br>
<br>
The issue here is not that someone hates M$, but it is that SIP
phones implement only www-digest authentication mechanism, which
requires to store the password in clear text or HA1 format (which is
md5 over username, realm and password).<br>
<br>
If you try to integrate with an existing system that stored the
passwords in some shadow form, it is not just working. For each
account you need to store the password in what www-digest can use
for authentication.<br>
<br>
<blockquote cite="mid:COL125-W776D33F9A4C45AB92F35BC8370@phx.gbl">
<div dir="ltr"> I "would love" to see a "#!define WITH_RADIUS" at
kakailio.cfg but we don't have it. However, as long as I
understood, the RADIUS module is moving to obsolete as the AUTH
module now also includes the RADIUS functionalities.<br>
<br>
So, can you share any link where I can find some for dummies
examples of using the current AUTH module to do RADIUS
authentication?<br>
</div>
</blockquote>
As Juha pointed in another reply, you misunderstood, radius
authentication has to be done using auth_radius module (there were
two, only one was removed).<br>
<br>
This tutorial is quite old, but still good for starting with:<br>
- <a class="ecxmoz-txt-link-freetext" href="http://www.kamailio.org/docs/openser-radius-1.0.x.html" target="_blank">http://www.kamailio.org/docs/openser-radius-1.0.x.html</a><br>
<br>
Cheers,<br>
Daniel<br>
<br>
<blockquote cite="mid:COL125-W776D33F9A4C45AB92F35BC8370@phx.gbl">
<div dir="ltr"> <br>
Cheers!<br>
<br>
Moacir<br>
<br>
<div>
<hr id="ecxstopSpelling">Date: Wed, 19 Dec 2012 23:18:58 +0100<br>
From: <a class="ecxmoz-txt-link-abbreviated" href="mailto:miconda@gmail.com">miconda@gmail.com</a><br>
To: <a class="ecxmoz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br>
CC: <a class="ecxmoz-txt-link-abbreviated" href="mailto:moacirferreira@hotmail.com">moacirferreira@hotmail.com</a><br>
Subject: Re: [SR-Users] RADIUS authentication<br>
<br>
Hello,<br>
<br>
it might not be possible if you don't have the digest
authentication module in the radius server. Also, that means
the passwords have to be stored in plain text or HA1 hash (md5
hash based on digest auth algorithm). Do you have these
available in the M$ radius server?<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<div class="ecxmoz-cite-prefix">On 12/19/12 10:30 PM, Moacir
Ferreira wrote:<br>
</div>
<blockquote cite="mid:COL125-W47926B773BF4D8B244B310C8300@phx.gbl">
<style><!--
.ExternalClass .ecxhmmessage P
{padding:0px;}
.ExternalClass body.ecxhmmessage
{font-size:10pt;font-family:Tahoma;}
--></style>
<div dir="ltr"> I am trying to integrate Kamailio as the SIP
server for an enterprise company. The challenge is to
authenticate the SIP users using the Microsoft RADIUS/AD
so the users can use the same Windows user name and
password on their PC softphone. As Microsoft has its own
RADIUS server integrated with its Active Directory, has
anyone has tried to use this kind of set up? Can you share
docs, links, examples or whatsoever you think could help
me? The only thing I am looking for is replacing the
MySQL Kamailio authentication by RADIUS, nothing else.<br>
<br>
Thanks,<br>
<br>
Moacir<br>
<br>
</div>
<br>
<fieldset class="ecxmimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a class="ecxmoz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<a class="ecxmoz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
<pre class="ecxmoz-signature">--
Daniel-Constantin Mierla - <a class="ecxmoz-txt-link-freetext" href="http://www.asipto.com" target="_blank">http://www.asipto.com</a>
<a class="ecxmoz-txt-link-freetext" href="http://twitter.com/#%21/miconda" target="_blank">http://twitter.com/#!/miconda</a> - <a class="ecxmoz-txt-link-freetext" href="http://www.linkedin.com/in/miconda" target="_blank">http://www.linkedin.com/in/miconda</a></pre>
</div>
</div>
</blockquote>
<br>
<pre class="ecxmoz-signature">--
Daniel-Constantin Mierla - <a class="ecxmoz-txt-link-freetext" href="http://www.asipto.com" target="_blank">http://www.asipto.com</a>
<a class="ecxmoz-txt-link-freetext" href="http://twitter.com/#%21/miconda" target="_blank">http://twitter.com/#!/miconda</a> - <a class="ecxmoz-txt-link-freetext" href="http://www.linkedin.com/in/miconda" target="_blank">http://www.linkedin.com/in/miconda</a></pre></div> </div></body>
</html>