<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
no, those attributes must be sent in the radius server for the user
profile. The radius server replies only on/not-ok for
authentication. Kamailio is sending only the attributes from the sip
message headers, not password in clear text or digest-ha1.<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<div class="moz-cite-prefix">On 02/12/15 13:24, Volkan Oransoy
wrote:<br>
</div>
<blockquote
cite="mid:CAM_EGOHc8TG_nm8tMRSZS=yN14Z6ge3N95NEO9i5Q8FxbyyRQw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Hi all,</div>
<div><br>
</div>
<div>I try to authenticate my users via mod_radius, but I have
problem. </div>
<div><br>
</div>
<div>FreeRadius server gives this error:</div>
<div><br>
</div>
<blockquote style="margin:0px 0px 0px
40px;border:none;padding:0px">
<div>Auth: [digest] Cleartext-Password or Digest-HA1 is
required for authentication.</div>
</blockquote>
<div><br>
</div>
<div>
<div>I think I need to send those attributes from kamailio but
I couldn't figure out how to do it.</div>
<div><br>
</div>
<div>Here is diff of my config with default config.</div>
</div>
<div><br>
</div>
<div>Thanks,</div>
<div><br>
</div>
<div>/Volkan</div>
<div><br>
</div>
<div>=====================</div>
<div>diff /etc/kamailio/kamailio.cfg
/etc/kamailio/kamailio.cfg.original<br>
</div>
<div><br>
</div>
<div>
<div>< #!define WITH_DEBUG</div>
<div>294,297d292</div>
<div>< loadmodule "auth_radius.so"</div>
<div>< modparam("auth_radius", "radius_config",
"/etc/radiusclient/radiusclient.conf")</div>
<div>< loadmodule "avpops.so"</div>
<div><</div>
<div>739,783c734,739</div>
<div>< if (is_method("REGISTER"))</div>
<div>< {</div>
<div>< avp_print();</div>
<div>< if (!radius_www_authorize("<a
moz-do-not-send="true" href="http://example.com">example.com</a>"))
{</div>
<div>< xlog("SCRIPT: www auth return
code: $rc\n");</div>
<div>< switch ($rc) {</div>
<div>< case -7:</div>
<div>< send_reply("500",
"Server Internal Error");</div>
<div>< exit;</div>
<div>< case -1:</div>
<div>< send_reply("400", "Bad
Request");</div>
<div>< exit;</div>
<div>< default:</div>
<div>< };</div>
<div>< if (defined($avp(digest_challenge))
&&</div>
<div>< ($avp(digest_challenge) !=
"")) {</div>
<div><
append_to_reply("$avp(digest_challenge)");</div>
<div>< };</div>
<div>< send_reply("401", "Unauthorized");</div>
<div>< exit;</div>
<div>< };</div>
<div>< }</div>
<div><</div>
<div>< if (from_uri==myself)</div>
<div>< {</div>
<div>< if (!radius_proxy_authorize("<a
moz-do-not-send="true" href="http://example.com">example.com</a>",
"$pU")) { # Realm and URI user are taken</div>
<div>< switch ($rc) {
# from P-Preferred-Identity</div>
<div>< case -7:
# header field</div>
<div>< send_reply("500",
"Server Internal Error");</div>
<div>< exit;</div>
<div>< case -1:</div>
<div>< send_reply("400",
"Bad Request");</div>
<div>< exit;</div>
<div>< default:</div>
<div>< };</div>
<div>< if (defined($avp(digest_challenge))
&&</div>
<div>< ($avp(digest_challenge) !=
"")) {</div>
<div><
append_to_reply("$avp(digest_challenge)");</div>
<div>< };</div>
<div>< send_reply("407", "Proxy
Authentication Required");</div>
<div>< exit;</div>
<div>< };</div>
<div><</div>
<div>< }</div>
<div><</div>
<div>---</div>
<div>> #!ifdef WITH_IPAUTH</div>
<div>> if((!is_method("REGISTER")) &&
allow_source_address()) {</div>
<div>> # source IP allowed</div>
<div>> return;</div>
<div>> }</div>
<div>> #!endif</div>
<div>784a741,753</div>
<div>> if (is_method("REGISTER") || from_uri==myself)</div>
<div>> {</div>
<div>> # authenticate requests</div>
<div>> if (!auth_check("$fd", "subscriber",
"1")) {</div>
<div>> auth_challenge("$fd", "0");</div>
<div>> exit;</div>
<div>> }</div>
<div>> # user authenticated - remove auth
header</div>
<div>> if(!is_method("REGISTER|PUBLISH"))</div>
<div>> consume_credentials();</div>
<div>> }</div>
<div>> # if caller is not local subscriber, then
check if it calls</div>
<div>> # a local destination, otherwise deny, not an
open relay here</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla
<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a>
Book: SIP Routing With Kamailio - <a class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>
<a class="moz-txt-link-freetext" href="http://miconda.eu">http://miconda.eu</a></pre>
</body>
</html>