FreeRADIUS
Abstract
This manual describes the quick setup of FreeRadius Server 2.1.10 to work with Brekeke SIP Server (Advanced edition) Authentication and Accounting. If you have more questions about detailed configurations about FreeRadius, please contact FreeRadius website: http://freeradius.org/
Set up and Configure FreeRadius
1. Build and install FreeRadius
Download FreeRadius fromhttp://freeradius.org/download.html
$ tar zxvf freeradius-[version].tar.gz
$ ./configure
$ make
$ su - root
$ make install
2. Configure FreeRadius
Define radius client – Brekeke SIP Server at FreeRadius server
$vi /usr/local/etc/raddb/clients.conf
add the following lines at the beginning of the file
client 192.168.0.10{
secret = testing123
shortname = 192.168.0.10
}
The above setting sample defined radius clients (Brekeke SIP Server) is at IP 192.168.0.10
and set “secret” as “testing123”
The same secret string should be set at Brekeke SIP Server side, check below.
Define authentication type
$more /usr/local/etc/raddb/sites-available/default
check if the line include “digest” in authorize is uncommended.
if not, edit file to uncomment the line with “digest”
Add User Authentication Accounts
$vi /usr/local/etc/raddb/users
add the following line of text at the top, before anything else.
100 Cleartext-Password := "test"
Reply-Message = "Authenticated REGISTER request for Brekeke SIP Server"
200 Cleartext-Password := "test"
Reply-Message = "Authenticated REGISTER request for Brekeke SIP Server"
With the above sample, user 100 and 200 has been added and their authenticaiton password is “test”
3. Run FreeRadius server as debug
$ radiusd -X
Brekeke SIP Server Setup
In this example, we use Brekeke SIP Server advanced edition, which already includes the radius setup in the admintool
1. At Brekeke SIP Server admintool, [Configuration] > [SIP] >[Authentication]
Set ON at authentication for both [REGISTER] and [INVITE]
Save the setting
2. At Brekeke SIP Server admintool, [Configuration] > [Database/Radius] > [Radius],
set up Radius as below, and save settings
[On/Off (Authentication)]: on [Port Number(Authentication)]: 1812 [Port Number(Accounting)]: 1813 [Server IP Address]: 192.168.0.10 (set in step2 "Define radius client"at freeRadius setup) [Shared Secret]: testing123 (set in step2 "Define radius client" at freeRadius setup)
3. Add the following dial plan to use Radius account plugin for each call
------------------------------- [Matching Patterns] $request = ^INVITE [Deploy Patterns] $session = RadiusAcct $continue = true ----------------------------------
For Brekeke SIP Server v2, set Deploy Patterns as following:
[Deploy Patterns]
$session = plugin.radius.RadiusAcct
$continue = true
Click [Apply Rules] button after adding the dial plan
4. If realm is not necessary for the Radius Attribute User-Name,
please add the following parameter at Brekeke SIP Server admintool > [Configuration] > [Advanced]
------------------------------
radius.addrealmtouser = false
------------------------------
5. Restart Brekeke SIP Server from admintool when finishing above setup
User Agent Setup
At phone side, set Brekeke SIP Server IP as registar/proxy server
Set each phone userID, Authentication ID and password the same value as what are set when configuring FreeRadius step2 “Add User Authentication Accounts”