Radius Authentication Plug-in README (C) 2002-2007, Brekeke Software, Inc. All rights reserved. Date: April 20th, 2007 1. Introduction ~~~~~~~~~~~~~~~~~~~~~~ This Radius authentication plug-in is a sample program for learning how to develop an authentication plug-in for Brekeke SIP Server. You can use it as it is, also you can modify the plug-in as you like. This authentication is based on draft-sterman-aaa-sip-00.txt. 2. Contents ~~~~~~~~~~~~~~~~~~~~~~ radius_sip_authXXXXXXXX.zip includes the following contents. README_en.txt ...README (English) README_ja.txt ...README (Japanese) radius-sip-auth.jar ... plug-in package (Compiled) com (directory) ... Source files of Radius Authentication plug-in net (directory) ... Source file of Java Radius Client obtained from http://jradius-client 3. Installation example ~~~~~~~~~~~~~~~~~~~~~~ 3.1 Radius Authentication Plug-in installation 1)Place the file radius-sip-auth.jar into the following directory Brekeke_install_dir\webapps\proxy\WEB-INF\lib 2)Set parameters in the property file sv.properties. The file is in Brekeke_install_dir\webapps\proxy (or pbx)\WEB-INF\work\sv\sv.properties Add the following lines. radius.authport = 1812 radius.acctport = 1813 radius.radiushost = Put_radius_server_IP_address radius.sharedsecret = Put_shared_secret net.usrdir.plugins=com.sample.radius.proxy.RadiusAuth When you need to check DEBUG log for this plug-in, please set net.userdir.loglevel.file = 255 If realm is not necessary for the Radius Attribute User-Name, please add the following property. radius.addrealmtouser=false 3)Restart Brekeke SIP Server's machine 3.2 Test with FreeRadius Server 1)Download the latest FreeRadius from http://www.freeradius.org/getting.html. freeradius-1.0.1.tar.gz is the current latest file. 2)Extract the file and execute the followings. ./configure make make install 3)Open the file /usr/local/etc/raddb/clients.conf and add a radius client info, i.e. Brekeke SIP Server's information. Example: client 192.168.0.100 { secret = shortname = 192.168.0.100 } should be the same string text as the string you set for the property net.usrdir.plugins.sharedsecret in the sv.properties. 4)Open the file /usr/local/etc/raddb/radiusd.conf. Find the line that includes "digest" in authorize and authenticate sections. Uncomment the lines. 5) Open the file /usr/local/etc/raddb/users. Add each user's information. Example: (User name = test, password = test) test@oss_realm Auth-Type := Digest, Digest-Method == "REGISTER", User-Password := "test" Reply-Message = "Authenticated REGISTER request for Brekeke SIP Server" 6)Start the radius server. /usr/local/sbin/radiusd -X 7)Enable REGISTER authentication at Brekeke SIP Server and test from SIP-UA.