VoIP Mailing List Archives
Mailing list archives for the VoIP community |
|
| View previous topic :: View next topic |
| Author |
Message |
linus.luessing at web.de
Guest
|
 Posted: Fri Jun 20, 2014 7:29 am Post subject: [asterisk-users] Asterisk and LDAP |
 |
|
Hi,
I'm trying to get Asterisk running with LDAP to be able to
authenticate sip user registrations. I'm using Asterisk
(1.8.13.1~dfsg1-3+deb7u3) on a Debian server.
Unfortunately I wasn't successful so far.
My res_ldap.conf looks like this (so pretty minimal):
---
[_general]
;url=ldaps://ldap.chaotikum.org
url=ldap://ldap.chaotikum.org
protocol=3
basedn=dc=chaotikum,dc=org
[sip]
name = uid
---
I've also added "alwaysauthreject=no" to sip.conf/[general]
to easily check whether it's the user or password the LDAP
doesn't accept.
The LDAP connection seems to work, there are packets going back
and forth. Nevertheless I get a:
---
"handle_request_register: Registration from
'<sip:tux@chaotikum.org>' failed for '95.211.148.154:5060' - No
matching peer found"
---
Here's a tcpdump of the LDAP communication:
https://metameute.de/~tux/asterisk/ldap-asterisk.cap
So it seems like it is able to get the user "tux" successfully. At
least on second try.
Does anybody know why there are two requests anway? Also, what
might be my issue of this user not being registered?
Also, I've read about schema files for ldap. Is it mandatory to
change things on the LDAP server to get Asterisk to work with
LDAP? Or is it enough to simply have the right variable mappings?
Thirdly, is it possible to authorize against an LDAP server
without exposing the (hashed) user password to the requesting LDAP
client / asterisk server? This article made me wonder whether this
might not that easily possible with LDAP due to the nature of the
SIP protocol (i.e. it's challenge-response handshake) and that
I'd need to use RADIUS instead:
https://who.rocq.inria.fr/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html
Cheers, Linus
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
 |
patrick at laimbock.com
Guest
|
| Posted: Fri Jun 20, 2014 7:46 am Post subject: [asterisk-users] Asterisk and LDAP |
|
|
On 18-06-14 23:06, Linus Lüssing wrote:
| Quote: | Hi,
I'm trying to get Asterisk running with LDAP to be able to
authenticate sip user registrations. I'm using Asterisk
(1.8.13.1~dfsg1-3+deb7u3) on a Debian server.
Unfortunately I wasn't successful so far.
My res_ldap.conf looks like this (so pretty minimal):
---
[_general]
;url=ldaps://ldap.chaotikum.org
url=ldap://ldap.chaotikum.org
protocol=3
basedn=dc=chaotikum,dc=org
[sip]
name = uid
|
IIRC the recommendation in the latest Asterisk book is to use only a-z,
numerics (0-9) and underscore. So if you have [tux@chaotikum.org] in
sip.conf then that might not work because of the '@'.
You can easily test this by adding a peer [test_1234] (so with the
recommended syntax) and add it to your LDAP server with a password and
then check if it registers.
HTH,
Patrick
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
linus.luessing at web.de
Guest
|
| Posted: Fri Jun 20, 2014 8:06 am Post subject: [asterisk-users] Asterisk and LDAP |
|
|
Hi Patrick,
On Fri, Jun 20, 2014 at 02:46:06PM +0200, Patrick Laimbock wrote:
| Quote: | IIRC the recommendation in the latest Asterisk book is to use only a-z,
numerics (0-9) and underscore. So if you have [tux@chaotikum.org] in
sip.conf then that might not work because of the '@'.
|
I don't have the user "[tux]" or [tux@chaotikum.org] in my sip.conf.
I wanted to try having it just through LDAP so that I wouldn't
need to add/duplicate every user in LDAP to sip.conf.
| Quote: |
You can easily test this by adding a peer [test_1234] (so with the
recommended syntax) and add it to your LDAP server with a password and then
check if it registers.
|
having "[test_phone_120d]" in my sip.conf works fine. Ah wait - do
I need to have a user both in LDAP and sip.conf and the only
thing LDAP can do for me is the authentication/password checking?
Cheers, Linus
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
patrick at laimbock.com
Guest
|
| Posted: Fri Jun 20, 2014 8:22 am Post subject: [asterisk-users] Asterisk and LDAP |
|
|
On 20-06-14 15:05, Linus Lüssing wrote:
[snip]
| Quote: | having "[test_phone_120d]" in my sip.conf works fine. Ah wait - do
I need to have a user both in LDAP and sip.conf and the only
thing LDAP can do for me is the authentication/password checking?
|
As far as I know, yes 
Cheers,
Patrick
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
linus.luessing at web.de
Guest
|
| Posted: Sun Jun 22, 2014 1:14 pm Post subject: [asterisk-users] Asterisk and LDAP |
|
|
Hi Patrick,
On Fri, Jun 20, 2014 at 03:22:04PM +0200, Patrick Laimbock wrote:
| Quote: | On 20-06-14 15:05, Linus Lüssing wrote:
[snip]
| Quote: | having "[test_phone_120d]" in my sip.conf works fine. Ah wait - do
I need to have a user both in LDAP and sip.conf and the only
thing LDAP can do for me is the authentication/password checking?
|
As far as I know, yes
|
Hm, having this user [tux] with no "secret=$pass" option, the user
gets registered with no LDAP communication at all (checked with
tcpdump), even with setting "allowguest=no".
Are you sure that a user should be added to sip.conf if I want to
use LDAP with asterisk?
Cheers, Linus
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Search
