Re: authentication options

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Try to enable pap instead of chap in FreeRADIUS.

----- Original Message ----- From: "Chetan Sarva" <asterisk@xxxxxxx>
Sent: Saturday, April 02, 2005 3:23 AM



I'm trying to authorize a gateway based on its IP address. Setup is as follows:

gw -> mygnugk (proxy mode) -> ....

I do not want to register the gw in my gk (out of my control). My understanding is that my options are as follows:

1) set AcceptUnregisteredCalls=1

All calls from unregistered gateways will be accepted in this case.

2) RadAliasAuth

I'm trying to get this to work but I'm having problems on the freeradius side. In the radcheck table I added a username as follows:
UserName: gwid
Attribute: Framed-IP-Address
op: ==
Value: ip


I saw in the list archives that it may be possible to pass the Framed-IP-Address as the UserName but I can't figure out how to do this. Is it possible without patching?

gk settings:

[Gatekeeper::Auth]
RadAliasAuth=required;Setup

[RadAliasAuth]
Servers=x.x.x.x:1814:1814:secret
RequestTimeout=2000
IdCacheTimeout=9000
SocketDeleteTimeout=60000
RequestRetransmissions=2
RoundRobinServers=1
AppendCiscoAttributes=1
IncludeTerminalAliases=0
FixedUsername=
FixedPassword=
UseDialedNumber=0

The request is hitting freeradius but it won't validate the user

modcall[authorize]: module "sql" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type CHAP
auth: type "CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_chap: Attribute "CHAP-Password" is required for authentication. Cannot use "User-Password".
modcall[authenticate]: module "chap" returns invalid for request 0
modcall: group Auth-Type returns invalid for request 0
auth: Failed to validate the user.


also set Auth-Type := Local in radgroupcheck

 modcall[authorize]: module "sql" returns ok for request 4
modcall: group authorize returns ok for request 4
 rad_check_password:  Found Auth-Type Local
auth: type Local
auth: No password configured for the user
auth: Failed to validate the user.



------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

_______________________________________________________

List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/

[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux