Type: New Feature
Affects Version/s: None
Target Release Version/s: None
SVN Revision Number:54702
We have been working on integrating an existing authentication database to our Asterisk server, for a remote access telephony solution.
We focused on RADIUS and patched Asterisk to have it working. We are planning to have a backend LDAP server accessed through RADIUS for authentication in a near future.
The sip.conf file does not contain any secret (clear or hashed), and we added an attribute 'auth_type' that specifies the type of authentication, set to PAM in the following example :
We patched the chan_sip.c file, $Revision: 1.872$. We actually brought the RADIUS client functionnality for authentication (triggered on registration) using a PAM module : pam_radius. This is because we expect that other PAM authentication modules than pam_radius could be used for the same purpose.
The pam_radius module needed also some slight modifications in order to handle the digest authentication mechanism :
We would like to have some feedback about this, thank you in advance.
Best regards, happy Astricon to those concerned!
PS : Disclaimer sent on 2005-09-30
- ADDITIONAL INFORMATION ******
Detailed information about how we set up external authentication on registration with Asterisk, RADIUS and LDAP, and more generally about the conflicts between digest auth and LDAP can be found here :
The branch with the latest code is located at:
Latest modification now allows AMI users to rely on res_auth for authentication.
-------- Configuration help ---------
The secret line in a configuration file is processed this way :
secret = <auth_proxy>:[auth-db:[password]]
secret = local:file:mypassword ; Authenticate on Asterisk, password in string
secret = radius: ; Proxy authentication to an external RADIUS server
secret = local:ldap: ; Authenticate on Asterisk, retrieve password from an LDAP server
In the latter case, the configuration information must be set in the /etc/asterisk/auth.conf file (attached). Example :
dbhost=ldapserver.example.com ; LDAP host(s)
dbbasedn=dc=inria,dc=fr ; Base DN
dbuser=uid=Manager,ou=people,dc=example,dc=com ; Bind DN
dbpass=password ; Bind password
user_name_attribute=login ; The LDAP login attribute
user_password_attribute=userPassword ; The LDAP password attribute