You are absolutly right :) Today in the mornign we set Auth-Type exactly the same way as you propose :) Now it works. Thanx Quoting Phil Mayers <p.mayers@imperial.ac.uk>:
GlobeInPhotos wrote:
I've commented line in users file
#DEFAULT Auth-Type := Digest
Finally.
That line? That *was* you setting Auth-Type to Digest.
But now I've got following message if non-digest message arrive:
rad_recv: Access-Request packet from host 153.19.130.250:46963, id=190, length=80 User-Name = "3_test001_+48580001@server1.test.pl" Service-Type = SIP-Callee-AVPs NAS-Port = 0 NAS-IP-Address = 153.19.130.250
[cut]
auth: type Local auth: No User-Password or CHAP-Password attribute in the request
Ok, so for these non-digest requests, you'll have to configure the server to authenticate them without a password being present. This is one of those rare cases where you *do* set auth-type.
So, something like in radiusd.conf:
authorize { preprocess # digest will set Auth-Type=Digest IF AND ONLY IF this # request is a real digest one digest files # maybe other modules }
...and in "users":
# Since the Auth-Type = Accept is a conditional set, this # entry will NOT MATCH if the "digest" module has already # set Auth-Type=Digest # # Therefore, it should only match your "special" requests DEFAULT Service-Type==SIP-Callee-AVPs, Auth-Type = Accept VoIP-Attribute-1 = value1, Other-Attribute = otherval
That is: If a request comes in with Service-Type == SIP-Callee-AVPs, then set Auth-Type to accept IF AND ONLY IF it isn't already set (= is conditional set; := which you were using earlier is unconditional set - see "man users"). Then set some attributes on the reply.
You didn't show one of your other (the "real" digest) requests so I can't be sure what they look like, but something like the above should work. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html