Hi Michal, it's very simple and ol' clear when you know how to configure it. I'm still strugling with some thing in there. A few people (from this list inluding) have helped me alot to move ahead. I got working mysql autorization through clear text pass and CHAP pass (I still don't know all these terms. I read them from docs and radiusd -X. Here I mean UserName/Password and Username/h235Password authorization). There is also a simple question I have - I can send my password in md5 (h235 pass), but my login alias comes in clear text - is it possible to send both alias and pass in h235 token? and if it's possible how than I can authenticate them in radius if there is no clear alias to match against from db??? The only solution then seems to be is storing hashed usernames in db - am I on the right way? (I haven't tried to include more than one parametr in h235 pass - is it possible? From what I read it seems to be possible) Ok... to many unrelated questions, sorry... ;) With radius I need to do the following: On ARQ gnugk sends UserName/pass/dialedDigits to radius, where radius should calculate SessionTimeout according to stored ballance of the UserName (for PREPAID) and dialing plan of the user (to find the price for the destinationDigits and apply to the ballance) Very simple... Some people suggested me to use Program_Exec_wait (to use an external program that would return session timeout) there was also another solution - to use perl module - which seems to be a better solution, even though it's experimental. There is a small problem - I don't know perl - dont kick me here, please ;)), don't think it's a big problem there... Why is it better?? I'd rather avoid using radius and put all the autorization/accounting directly into gnugk code (which I had already started to do, when I was completely messed up with radius configs) than adding a new part in the already too long chain. However, the idea of using radius is of course a better solution as far as one has any plans to use other software/equipement that talks radius. sooo... Does anybody have any experience using the perl module, is it recommended? or maybe I should try another radius? For example, in gnu radius I found a Rewrite section that seems to be suitable for my case. (if someone interested here is the explanation of that Rewrite: http://www.gnu.org/software/radius/manual/html_chapter/radius_11.html#SEC171) If anybody had simmilar problem to solve, please post possible way to go. Any suggestons are HIGHLY APPRECIATED!!! Thank you. -----Original Message----- From: "Zygmuntowicz Michal" <m.zygmuntowicz@onet.pl> To: <openh323gk-users@lists.sourceforge.net> Date: Sun, 4 Jan 2004 13:31:50 +0100 Subject: Re: Re[2]: openh323gk + Netmeeting + password auth > > What is so difficult in freeradius configuration? > You just need to setup: > 1. clients.conf to include gnugk ip/shared secret, > 2. radiusd.conf to exclude unneecessary stuff and edit the following sections: > modules {}, authorize {}, authenticate {}, accounting {} to include the desired sql module (postgresql, for > example:): > modules { > pap { > encryption_scheme = crypt > } > chap { > authtype = CHAP > } > realm suffix { > format = suffix > delimiter = "@" > } > realm realmslash { > format = prefix > delimiter = "/" > } > realm realmpercent { > format = suffix > delimiter = "%" > } > preprocess { > huntgroups = ${confdir}/huntgroups > hints = ${confdir}/hints > with_ascend_hack = no > ascend_channels_per_line = 23 > with_ntdomain_hack = no > with_specialix_jetstream_hack = no > with_cisco_vsa_hack = yes > } > acct_unique { > key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id" > } > > $INCLUDE ${confdir}/postgresql.conf > > attr_filter { > attrsfile = ${confdir}/attrs > } > always fail { > rcode = fail > } > always reject { > rcode = reject > } > always ok { > rcode = ok > simulcount = 0 > mpp = no > } > expr { > } > } > authorize { > > preprocess > > > chap > > suffix > > sql > > } > > authenticate { > > authtype PAP { > > pap > > } > > authtype CHAP { > > chap > > } > > } > > preacct { > > preprocess > > suffix > > } > > accounting { > > acct_unique > > sql > > } > > session { > > } > > post-auth { > > } > > 3. edit sql configuration to include approtiate queries that will > extract user password, check/reply attributes and store accounting > data. This depends on your database schema. Personally, for > check/reply attributes I am using stored procedures to return > dynamic sets of attributes for check/reply attributes and simple > INSERT/UPDATE queries for accounting. > > ----- Original Message ----- > From: "P. P." <block111@mail.ru> > Sent: Sunday, January 04, 2004 2:39 AM > > > > For me, this aprouch is much easier - I'M STILL STRUGLING WITH RADIUS - I don't know how to configure it. > > > > ------------------------------------------------------- > This SF.net email is sponsored by: IBM Linux Tutorials. > Become an expert in LINUX or just sharpen your skills. Sign up for IBM's > Free Linux Tutorials. Learn everything from the bash shell to sys admin. > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click > _______________________________________________ > List: Openh323gk-users@lists.sourceforge.net > Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 > Homepage: http://www.gnugk.org/ > ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ List: Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
