Try to enable pap instead of chap in FreeRADIUS.
----- Original Message ----- From: "Chetan Sarva" <asterisk@xxxxxxx>
Sent: Saturday, April 02, 2005 3:23 AM
I'm trying to authorize a gateway based on its IP address. Setup is as follows:
gw -> mygnugk (proxy mode) -> ....
I do not want to register the gw in my gk (out of my control). My understanding is that my options are as follows:
1) set AcceptUnregisteredCalls=1
All calls from unregistered gateways will be accepted in this case.
2) RadAliasAuth
I'm trying to get this to work but I'm having problems on the freeradius side. In the radcheck table I added a username as follows:
UserName: gwid
Attribute: Framed-IP-Address
op: ==
Value: ip
I saw in the list archives that it may be possible to pass the Framed-IP-Address as the UserName but I can't figure out how to do this. Is it possible without patching?
gk settings:
[Gatekeeper::Auth] RadAliasAuth=required;Setup
[RadAliasAuth] Servers=x.x.x.x:1814:1814:secret RequestTimeout=2000 IdCacheTimeout=9000 SocketDeleteTimeout=60000 RequestRetransmissions=2 RoundRobinServers=1 AppendCiscoAttributes=1 IncludeTerminalAliases=0 FixedUsername= FixedPassword= UseDialedNumber=0
The request is hitting freeradius but it won't validate the user
modcall[authorize]: module "sql" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type CHAP
auth: type "CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_chap: Attribute "CHAP-Password" is required for authentication. Cannot use "User-Password".
modcall[authenticate]: module "chap" returns invalid for request 0
modcall: group Auth-Type returns invalid for request 0
auth: Failed to validate the user.
also set Auth-Type := Local in radgroupcheck
modcall[authorize]: module "sql" returns ok for request 4 modcall: group authorize returns ok for request 4 rad_check_password: Found Auth-Type Local auth: type Local auth: No password configured for the user auth: Failed to validate the user.
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/