[asterisk-bugs] [JIRA] (ASTERISK-5278) [patch] SIP peer authentication on an external database (RADIUS - LDAP)

muhammad hasan (JIRA) noreply at issues.asterisk.org
Thu Sep 4 04:58:28 CDT 2014


    [ https://issues.asterisk.org/jira/browse/ASTERISK-5278?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=222538#comment-222538 ] 

muhammad hasan commented on ASTERISK-5278:
------------------------------------------

how can i use this patch? because i want to try sip peer auth based on this guide?

thank you

> [patch] SIP peer authentication on an external database (RADIUS - LDAP)
> -----------------------------------------------------------------------
>
>                 Key: ASTERISK-5278
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-5278
>             Project: Asterisk
>          Issue Type: New Feature
>            Reporter: phsultan
>         Attachments: auth.conf, dictionary.cisco, radius-dictionary, radius.patch, radius-v1.0a.patch, res_auth-auth_secret.patch, res_auth-radiuscfg.patch, res_auth-update.2.patch
>
>
> We have been working on integrating an existing authentication database to our Asterisk server, for a remote access telephony solution.
> We focused on RADIUS and patched Asterisk to have it working. We are planning to have a backend LDAP server accessed through RADIUS for authentication in a near future.
> The sip.conf file does not contain any secret (clear or hashed), and we added an attribute 'auth_type' that specifies the type of authentication, set to PAM in the following example :
> 	[username]
> 	type=friend
> 	context=from-sip-remote-clients
> 	fromdomain=inria.fr
> 	auth_type=pam
> 	host=dynamic
> We patched the chan_sip.c file, $Revision: 1.872$. We actually brought the RADIUS client functionnality for authentication (triggered on registration) using a PAM module : pam_radius. This is because we expect that other PAM authentication modules than pam_radius could be used for the same purpose.
> The pam_radius module needed also some slight modifications in order to handle the digest authentication mechanism :
> http://bugs.freeradius.org/show_bug.cgi?id=259
> We would like to have some feedback about this, thank you in advance.
> Best regards, happy Astricon to those concerned!
> Philippe Sultan
> INRIA
> PS : Disclaimer sent on 2005-09-30
> ****** ADDITIONAL INFORMATION ******
> Detailed information about how we set up external authentication on registration with Asterisk, RADIUS and LDAP, and more generally about the conflicts between digest auth and LDAP can be found here :
> http://www-rocq.inria.fr/who/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html
> The branch with the latest code is located at:
> http://svn.digium.com/view/asterisk/team/oej/res_auth/
> Latest modification now allows AMI users to rely on res_auth for authentication.
> -------- Configuration help ---------
> The secret line in a configuration file is processed this way :
> secret = <auth_proxy>:[auth-db:[password]]
> examples :
> secret = local:file:mypassword ; Authenticate on Asterisk, password in string
> secret = radius: ; Proxy authentication to an external RADIUS server
> secret = local:ldap: ; Authenticate on Asterisk, retrieve password from an LDAP server
> In the latter case, the configuration information must be set in the /etc/asterisk/auth.conf file (attached). Example :
> [ldap]
> dbhost=ldapserver.example.com ; LDAP host(s)
> dbbasedn=dc=inria,dc=fr ; Base DN
> dbuser=uid=Manager,ou=people,dc=example,dc=com ; Bind DN
> dbpass=password ; Bind password
> user_name_attribute=login ; The LDAP login attribute
> user_password_attribute=userPassword ; The LDAP password attribute



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list