[ previous ] [ next ] [ threads ]
 To :  yate@v...
 From :  Paul Chitescu <paulc@v...>
 Subject :  Re: [yate] radius integration
 Date :  Tue, 1 Jun 2010 11:17:51 +0300
Hi there!

What are you trying to accomplish with RADIUS?

For VoIP applications standard RADIUS doesn't need to return any attribute. 
The simple execution of accounting request and success/failure of 
authentication requests is enough. Admittedly, RADIUS is not quite adequate 
for VoIP, it was designed for something else.

Note that Yate performs SIP digest authentication according to draft-sterman-
aaa-sip-00.txt which allows Yate to create and check the nonce (so RADIUS only 
needs to check the response).

The only case where returned attributes are used is when PortaBilling support 
is enabled. This uses custom Cisco-AVPair fields to perform SIP routing during 
authentication:
  h323-ivr-in=DURATION:maximum-call-duration-in-seconds
  h323-ivr-in=PortaBilling_Routing:sip-user-part@sip-host[:port]
  h323-ivr-in=PortaBilling_CLI:enforced-caller-id
  h323-ivr-in=PortaBilling_CompleteNumber:enforced-called-party-number

In authentication answers you can return any RADIUS attributes that Yate 
understands (standard+Cisco) and add them back to the user.auth (and then to 
the routing) message using the ret: prefix. Of course this works only if 
authentication succeeds.

Please see the comments in yradius.conf.sample for more info and some 
examples.

Regards,

Paul


On Tuesday 01 June 2010 10:24:00 am Shashi Dahal wrote:
> Hi,
> 
> My first post.
> 
> I am looking forward to integrate yate wtih radius.
> I did not found any documentation regarding the attributes that yate expects
> in return.
> 
> Where can I find a list of such radius attributes?
> 
> 
> Thanks