Lee,<br><br>By your config, openser requires the authentication for REGISTER method<br><div>-----------------------------------<br> if (method=="REGISTER") {</div> <div> # Uncomment this if you want to use digest authentication
<br> if (!www_authorize("localhost", "subscriber")) {<br> www_challenge("localhost", "0");<br>
exit;<br> };</div> <div> save("location");<br> exit;<br> };</div> -----------------------------------<br><br>You should insert the same verification for INVITE, CANCEL, BYE methods also.
<br>example is below:<br><pre>------------------------------</pre><pre> if (is_method("INVITE") || is_method("CANCEL") || is_method("BYE")) {<br> if (!www_authorize("XXXXXX", "subscriber")) {
<br> www_challenge("XXXXXX", "0");<br> exit;<br> };<br></pre>------------------------------
<br><br>- Kirill<br>
<br><div><span class="gmail_quote">On 4/12/07,
<b class="gmail_sendername">Mike Lee</b> <<a href="mailto:gs.mike@yahoo.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">gs.mike@yahoo.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>Dear friends:</div> <div> </div> <div>I have installed openser-1.1.0-tls version, and it works fine with mysql, the sip flow is below:</div> <div>UA OpenSER</div> <div>invite---------------->
</div>
<div> <----------------100 trying</div> <div> <----------------101 dialog establishement</div> <div> <----------------180 ringing</div> <div>.....</div> <div>My question is, why not have the 407 Proxy Authentication Required in the per call, see my
openser.cfg file:</div> <div>#<br># $Id: openser.cfg,v 1.6 2006/02/15 18:23:46 bogdan_iancu Exp $<br>#<br># simple quick-start config script<br>#</div> <div># ----------- global configuration parameters ------------------------
</div>
<div>debug=3 # debug level (cmd line: -dddddddddd)<br>fork=yes<br>log_stderror=no # (cmd line: -E)</div> <div>/* Uncomment these lines to enter debugging mode<br>fork=no<br>log_stderror=yes<br>*/</div> <div>
check_via=no # (cmd. line: -v)<br>dns=no # (cmd. line: -r)<br>rev_dns=no # (cmd. line: -R)<br>port=5060<br>children=4<br>fifo="/tmp/openser_fifo"</div> <div>#<br># uncomment the following lines for TLS support
<br>#disable_tls = 0<br>#listen = tls:your_IP:5061<br>#tls_verify = 1<br>#tls_require_certificate = 0<br>#tls_method = TLSv1<br>#tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"<br>#tls_private_key = "/usr/local/etc/openser/tls/user/user-
privkey.pem"<br>#tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"</div> <div># ------------------ module
loading ----------------------------------</div> <div># Uncomment this if you want to use SQL database<br>loadmodule "/usr/local/lib/openser/modules/mysql.so"</div> <div>loadmodule "/usr/local/lib/openser/modules/sl.so"
<br>loadmodule "/usr/local/lib/openser/modules/tm.so"<br>loadmodule "/usr/local/lib/openser/modules/rr.so"<br>loadmodule "/usr/local/lib/openser/modules/maxfwd.so"<br>loadmodule "/usr/local/lib/openser/modules/usrloc.so"
<br>loadmodule "/usr/local/lib/openser/modules/registrar.so"<br>loadmodule "/usr/local/lib/openser/modules/textops.so"</div> <div># Uncomment this if you want digest authentication<br># mysql.so must be loaded !
<br>loadmodule "/usr/local/lib/openser/modules/auth.so"<br>loadmodule "/usr/local/lib/openser/modules/auth_db.so"</div> <div># ----------------- setting module-specific parameters ---------------</div>
<div># -- usrloc params --</div> <div>modparam("usrloc", "db_mode", 0)</div> <div># Uncomment this if you want to
use SQL database<br># for persistent storage and comment the previous line<br>modparam("usrloc", "db_mode", 2)</div> <div># -- auth params --<br># Uncomment if you are using auth module<br>#<br>modparam("auth_db", "calculate_ha1", yes)
<br>#<br># If you set "calculate_ha1" parameter to yes (which true in this config),<br># uncomment also the following parameter)<br>#<br>modparam("auth_db", "password_column", "password")
</div> <div># -- rr params --<br># add value to ;lr param to make some broken UAs happy<br>modparam("rr", "enable_full_lr", 1)</div> <div># ------------------------- request routing logic -------------------
</div> <div># main routing logic</div> <div>route{</div> <div> # initial sanity checks -- messages with<br> # max_forwards==0, or excessively long requests<br> if (!mf_process_maxfwd_header("10"))
{<br> sl_send_reply("483","Too Many Hops");<br> exit;<br> };</div> <div> if (msg:len >= 2048 ) {<br> sl_send_reply("513", "Message too big");
<br> exit;<br> };</div> <div> # we record-route all messages -- to make sure that<br> # subsequent messages will go through our proxy; that's<br> # particularly good if upstream and downstream
entities<br> # use different transport protocol<br> if (!method=="REGISTER")<br> record_route();</div> <div> # subsequent messages withing a dialog should take the<br> # path determined by record-routing
<br> if (loose_route()) {<br> # mark routing logic in request<br> append_hf("P-hint: rr-enforced\r\n");<br> route(1);<br> };</div>
<div> if (!uri==myself) {<br> # mark routing logic in request<br> append_hf("P-hint: outbound\r\n");<br> # if you have some interdomain connections via TLS<br>
#if(uri=~"@tls_domain1.net") {<br> # t_relay("tls:<a href="http://domain1.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">domain1.net</a>");
<br> # exit;<br> #}
else if(uri=~"@tls_domain2.net") {<br> # t_relay("tls:<a href="http://domain2.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">domain2.net</a>");<br> # exit;
<br> #}<br> route(1);<br> };</div> <div> # if the request is for other domain use UsrLoc<br> # (in case, it does not work, use the following command<br> # with proper names and addresses in it)
<br> if (uri==myself) {</div>
<div> if (method=="REGISTER") {</div> <div> # Uncomment this if you want to use digest authentication<br> if (!www_authorize("localhost", "subscriber")) {
<br> www_challenge("localhost", "0");<br>
exit;<br> };</div> <div> save("location");<br> exit;<br> };</div> <div> lookup("aliases");<br> if (!uri==myself) {
<br> append_hf("P-hint: outbound
alias\r\n");<br> route(1);<br> };</div> <div> # native SIP destinations are handled using our USRLOC DB<br> if (!lookup("location")) {<br>
sl_send_reply("404", "Not Found");<br> exit;<br>
};<br> append_hf("P-hint: usrloc applied\r\n");<br> };</div> <div> route(1);<br>}</div> <div><br>route[1] {<br> # send it out now; use stateful forwarding as it works reliably
<br> # even for UDP2TCP<br> if (!t_relay()) {<br> sl_reply_error();<br> };<br> exit;<br>}<br>============================</div> <div> </div> <div>thanks.</div><span>
<div> </div> <div> </div> <div> </div> <div>Mike</div></span><span><p>
</p><hr size="1">Ahhh...imagining that irresistible "new car" smell?<br> Check out
<a href="http://us.rd.yahoo.com/evt=48245/*http://autos.yahoo.com/new_cars.html;_ylc=X3oDMTE1YW1jcXJ2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDbmV3LWNhcnM-" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
new cars at Yahoo! Autos.</a>
<p></p></span><br>_______________________________________________<br>Users mailing list<br><a href="mailto:Users@openser.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">Users@openser.org</a><br>
<a href="http://openser.org/cgi-bin/mailman/listinfo/users" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://openser.org/cgi-bin/mailman/listinfo/users</a><br><br></blockquote></div><br>