RLM_PERL Integration Issue

Wed Jul 18 15:04:43 CEST 2007

Ok,

  I should really kick myself in the head for this one. First off, I would like to thank you for your 
assistance, sorry for being a little bit of a pest. Here is what happened:

1. I compiled OpenSER 1.2.1 with TLS support, while the IP phones that I used don't support TLS,
   this apparently caused various authorization issues.
2. I didn't edit the ACC module Makefile, which cause half of the configuration example not to work,
   which needs to be better documented.

  So, now I have the stations registering and authentication via Radius Digest to my OpenSER, which 
is good. Now, it's time to start thinking about the rlm_perl thingy ;-)

Cheers,
  Z2L

----- Original Message -----
From: "Alan DeKok" <aland at deployingradius.com>
To: freeradius at zap2link.com
Cc: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Wednesday, July 18, 2007 11:24:19 AM (GMT+0200) Asia/Jerusalem
Subject: Re: RLM_PERL Integration Issue

FreeRadius-ML wrote:
>   Now, I'm basically re-learning everything, as the world of OpenSER + FreeRadius is a little new to me,
> and sometimes frustrates me. The amount of documentation in the configuration files is great, but the lack
> of updated examples is somewhat annoying. Even Asterisk, which is one of the most undocumented environments
> in the world, has more configuration examples available.

  The majority of FreeRADIUS installations put users & password into SQL
or LDAP, and then don't touch it ever again.  For them, the existing
examples are mostly OK.

  For *complex* scenarios, RADIUS quickly gets more complicated than
DNS, DHCP, Web servers, and (I suspect) Asterisk.  There just isn't
enough space in the world to document every configuration that everyone
needs.

>   In any case, lets go back to what we were discussing. If I understand you correctly, on the FreeRadius side,
> I only need to enable digest based authentication and authorization, define the user in the users file - and that 
> should be working just fine? 

  Yes.  The entire *point* of the default configuration is to have as
many authentication protocols as possible work... just by defining a
user and password.  See:

http://deployingradius.com/documents/configuration/pap.html

  When 2.0 is released, defining a username & password will cause the
following authentication methods to work:

    * PAP
    * CHAP
    * MS-CHAP
    * Digest
    * EAP-MD5
    * EAP-MSCHAPv2
    * Cisco LEAP
    * PEAP-MSCHAPv2
    * PEAP-GTC
    * EAP-TTLS with
       * PAP
       * CHAP
       * MS-CHAP
       * EAP-MD5
       * EAP-MSCHAPv2

  Try *that* with any other program: "I added one line in a
configuration file, and VOIP works, WiFi works, dial-up works, PPPoE
works, VPN's work, for Apple, Windows, and Linux".  No fighting, no fuss.

  Alan DeKok.