[asterisk-users] Asterisk with Radius users authentication

yusuf yusuf at ecntelecoms.com
Tue Feb 20 00:27:55 MST 2007 

Ricardo Carvalho wrote:
> Dear all,
> 
> I've searched the web about Asterisk with Radius integration for user 
> authentication, and got a bit confused...
> I see that there have been some work around it, there is PortaOne's 
> Radius client patch, an still open branch of Digium Issue Tracker "SIP 
> peer authentication on an external database (RADIUS - LDAP)", etc. 
> Although, none of these seems to give me the confidence to implement it 
> in a production environment...
> 
> What do you people recommend me? Which Asterisk+Radius solution should 
> in your opinion be the best choice? Does Asterisk 1.4 already implement 
> it properly?
> 
> 
> Thanks in advance,
> Ricardo.


Here is a mock-up of what I used to hook-up to a Radius Server, with Porta's patch.  It worked quite 
well for us.  I have'nt used it in 2 years or so, cant remember much  :)  .  I thin we got it to 
work by seeing the debug (set it in /etc/asterisk/logger.conf) and seeing what values were getting 
sent and recieved.


;exten => _X.,1,SetVar(RADIUS_Server=x.x.x.x)
exten => _X.,2,SetVar(RADIUS_Secret=secret)
exten => _X.,3,SetVar(NAS_IP_Address=x.x.x.x)
exten => _X.,4,SetVar(CALLERID=${CALLERIDNUM})
exten => _X.,5,SetVar(DNID=${EXTEN})
;
; Set account to authorize by
; It can be a prepaid calling card PIN, ANI, or SIP ID depending on your application
;
;exten => _X.,6,SetAccount(${CALLERIDNUM})
exten => _X.,6,SetAccount(${CALLERIDNAME})
;
; RADIUS Authorize
; Called as:  agi-rad-auth.pl|parametr1=value1&parametr2=value2&parametr3=value3
; Possible parametrs:
; Routing=XXX will will send h323-ivr-out = 'PortaBilling_Routing:XXX' attribure (XXX is usually SIP)
; AuthorizeBy=SIP requires SIPGetHeader(SIP_Authorization=Proxy-Authorization) first + 
externalauth=yes in sip.conf
; AuthorizeBy=Account requires SetAccount(<username>) first
; Password=Password optional and may be used together with AuthorizeBy=Account
; IfFailed=DoNotHangup optional, used for custome authentication error processing i.e. IVR
;
;
exten => _X.,7,agi,agi-rad-auth.pl|AuthorizeBy=Account&Password=${CALLERIDNUM}&IfFailed=DoNotHangup
;exten => _X.,7,agi,agi-rad-auth.pl|AuthorizeBy=Account&Password=Account&IfFailed=DoNotHangup
;exten => _X.,7,agi,agi-rad-auth.pl|AuthorizeBy=Account&IfFailed=DoNotHangup
;
exten => _X.,8,NoOp(${h323-credit-time})
exten => _X.,9, Set(TIMEOUT(absolute)=${h323-credit-time:17})
;exten => _X.,10, AbsoluteTimeout(${h323-credit-time})
exten => _X.,10,Goto(sip-calls,${EXTEN},1)
exten => _X.,11,Hangup
exten => T,1,NoOp(timeout)

-- 
thanks,
Yusuf

More information about the asterisk-users mailing list