Hi All,
I'm trying to implement SER into an existing system, and having problems
with radius authentication. RTFM and lots of google hasnt helped!
The existing working freeradius server uses Unix (/etc/passwd) file (on
FreeBSD) to authenticate users who dial into a modem server. I'd like to use
the same accounts and passwords for SIP users, using the same radius server.
I'm using the default modparam values for module auth_radius.
However, the doco suggests to me that I have to use Digest authentication
when I call radius_www_authorize. But the cleartext password is not
available to the Radius server(ie I'm not using entries in the radius
"users" file) so I cant see how it could do Digest authentication at its
end. The existing authentication uses Auth Type := System.
So, can I get SER to do cleartext auth to the radius server (both are on the
same, isolated subnet, so I'm not worried about traffic being captured) Is
there a service_type or something else?
Any advice appreciated
Steve
Hello:
I'm interested in how this community is providing voicemail service
to IP phone users registered to a SER proxy. If you can speak to this
point I'd appreciate any feedback you can provide. Specifically I'm
interested in:
1) What product is providing voice mail service?
2) With this system can users manipulate messages via the
telephone set?
3) If the answer to #2 is yes then how is this functionality
implemented. Do you provision a lead number for users
to call into voicemail?
Thanks,Steve
--
ISC Network Engineering
The University of Pennsylvania
3401 Walnut Street, Suite 221A
Philadelphia, PA 19104
voice: 215-573-8396
215-746-7903
fax: 215-898-9348
sip:blairs@upenn.edu
Hi,
I already know why there have new branch ID in the response ACK ( as Jiri explained, it's belongs to a new session so SIPURA and SER use different branch ID ), we double checked with terminaiton gateway side, they said because the response branch ID isn't same to the value in 200 OK so their gateway refuse the message, we will push them to do a trouble-shooting on their sip firmware, any way, thank you guys, have a nice weekend.
----- Original Message -----
From: Jiri Kuthan <jiri(a)iptel.org>
Date: Sat, 17 Jul 2004 11:47:04 +0200
To: Andrei Pelinescu-Onciul <pelinescu-onciul(a)fokus.fraunhofer.de>,ks lf <ksabc(a)lycos.com>
Subject: Re: [Serusers] ACK message Via field branch=0 problem
> At 09:58 AM 7/17/2004, Andrei Pelinescu-Onciul wrote:
> >On Jul 16, 2004 at 19:09, ks lf <ksabc(a)lycos.com> wrote:
> >> Use SER 0.8.12 stable release, enabled nathelper+rtpproxy for NAT traversal, forward 1(xxx)xxx-xxxx to SIp termiantion gateway, when the call was connected, PSTN gateway send 200 OK back, sip client ( behind NAT ) response with ACK ( which has branch value in Via head ), but when SER forward the ACK back to PSTN gateway, in Via header it includes branch=0, PSTN gateway refuse this ACk because it think the branch id is invalid,
>
> I don't know if this is the reason why the gateway denies the ACK, but if so,
> you should submit a trouble ticket to the gateway vendor. According to RFC3261,
> ACK for positive replies is a separate transaction and there is no guarantee
> that it would have the same branch id. People who have difficults to understand
> that typically get the "aha" effect when they see a scenario with multiple proxy
> servers as follows:
>
>
> UAC PROXY1 PROXY2 UAS
> (record-routing) (no rr-ing)
>
> INVITE -----------------> ----------------> -------------->
> ACK -----------------> ------------------------------------->
>
> in this scenario, only proxy 1 record routes, i.e., subsequent requests such
> as ACK will not visit proxy2. Consequently, proxy2 cannot generate the same
> branch ID as it did for proxy1. UAS will thus see proxy1's branch in the ACK,
> which is different from proxy2's branch in the original INVITE.
>
> Tell the vendor to match ACKs _DIALOG-WISE_.
>
> -jiri
>
--
_______________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.as…
Thank you Andrei and Jiri for your quick response on this issue, I really like SER project, not only its apache like functions as a sip system, but also you always can get help from so many good heart experts all over the world;
We tried the first suggestion from Andrei by adding syn_branch=no to ser.cfg, it did work - adds the branch id into ACK Via header, but strange thing is it inserted an unknown branch Id which is still not recognized by the termination gateway, and call disconnected after "Recover on Timer Expiry" occur; here is the branch ID I captured ( this time I use SIPURA 2000 as the UA ):
SIPURA -> SER INVITE branch=z9hG4bK-d5f36318
SIPURA <- SER 100 trying branch=z9hG4bK-d5f36318
SER -> TermGW INVITE branch=z9hG4bK193b.e50217463437115c3052e9a41f0a84b7.0 ( public IP )
branch=z9hG4bK-d5f36318 ( private IP )
SER <- TermGW 100 trying branch=z9hG4bK193b.e50217463437115c3052e9a41f0a84b7.0
SER <- TermGW 183 Session Pro branch=z9hG4bK193b.e50217463437115c3052e9a41f0a84b7.0
SIPURA <- SER 183 Session Pro branch=z9hG4bK-d5f36318
SER <- TermGW 200 OK branch=z9hG4bK193b.e50217463437115c3052e9a41f0a84b7.0
SIPURA <- SER 200 OK branch=z9hG4bK-d5f36318
SIPURA -> SER ACK branch=z9hG4bK-3207bbd5 (why new branch id value here ???)
SER -> TermGW ACK branch=z9hG4bK193b.47867d49d7e7231dfc249720f8269f5d.0 ( public IP ) (where new branch id value here ???)
branch=z9hG4bK-3207bbd5 ( private IP )
We don't know what brand name of the SIP Gateway it's, but will notice the termination partner ( a big carrier ) the valued suggestions all of you contribute, thanks.
Regards,
----- Original Message -----
From: Jiri Kuthan <jiri(a)iptel.org>
Date: Sat, 17 Jul 2004 11:47:04 +0200
To: Andrei Pelinescu-Onciul <pelinescu-onciul(a)fokus.fraunhofer.de>,ks lf <ksabc(a)lycos.com>
Subject: Re: [Serusers] ACK message Via field branch=0 problem
> At 09:58 AM 7/17/2004, Andrei Pelinescu-Onciul wrote:
> >On Jul 16, 2004 at 19:09, ks lf <ksabc(a)lycos.com> wrote:
> >> Use SER 0.8.12 stable release, enabled nathelper+rtpproxy for NAT traversal, forward 1(xxx)xxx-xxxx to SIp termiantion gateway, when the call was connected, PSTN gateway send 200 OK back, sip client ( behind NAT ) response with ACK ( which has branch value in Via head ), but when SER forward the ACK back to PSTN gateway, in Via header it includes branch=0, PSTN gateway refuse this ACk because it think the branch id is invalid,
>
> I don't know if this is the reason why the gateway denies the ACK, but if so,
> you should submit a trouble ticket to the gateway vendor. According to RFC3261,
> ACK for positive replies is a separate transaction and there is no guarantee
> that it would have the same branch id. People who have difficults to understand
> that typically get the "aha" effect when they see a scenario with multiple proxy
> servers as follows:
>
>
> UAC PROXY1 PROXY2 UAS
> (record-routing) (no rr-ing)
>
> INVITE -----------------> ----------------> -------------->
> ACK -----------------> ------------------------------------->
>
> in this scenario, only proxy 1 record routes, i.e., subsequent requests such
> as ACK will not visit proxy2. Consequently, proxy2 cannot generate the same
> branch ID as it did for proxy1. UAS will thus see proxy1's branch in the ACK,
> which is different from proxy2's branch in the original INVITE.
>
> Tell the vendor to match ACKs _DIALOG-WISE_.
>
> -jiri
>
--
_______________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.as…
Any idea which .c file support the append_rpid_hf()?
-----Original Message-----
From: serusers-bounces(a)iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Charles Galea
Sent: July 12, 2004 6:55 AM
To: serusers(a)lists.iptel.org
Cc: 'Andrew Caruana'
Subject: [Serusers] Remote Party ID
We have downloaded the latest ser software from cvs in order to support appending of remote party id while using mysql as the ser database.
After compiling and installing the ser software we included the auth and auth_db parameters and also the append_rpid_hf() function in our ser.cfg file as shown below.
SER server starts and registration is successfull however when forwarding to the pstn gateway, ser will not append the remote party id header, even if the rpid and uri columns in mysql database are populated accordingly using the serctl add rpid command. Calls are also successfull however the
gateway will not include the calling party number in the setup message because the rpid header is missing.
Any ideas please?
Thanks
Charles and Andrew
# ----------- global configuration parameters ------------------------
#debug=3 # debug level (cmd line: -dddddddddd)
#fork=yes
#log_stderror=no # (cmd line: -E)
/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
#port=5060
#children=4
fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
loadmodule "/our_downloads/sip_router/modules/mysql/mysql.so"
#loadmodule "//lib/ser/modules/mysql.so"
loadmodule "//lib/ser/modules/sl.so"
loadmodule "//lib/ser/modules/tm.so"
loadmodule "//lib/ser/modules/rr.so"
loadmodule "//lib/ser/modules/maxfwd.so"
loadmodule "//lib/ser/modules/usrloc.so"
loadmodule "//lib/ser/modules/registrar.so"
loadmodule "//lib/ser/modules/textops.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "//lib/ser/modules/auth.so"
loadmodule "//lib/ser/modules/auth_db.so"
#loadmodule "//lib/ser/modules/acc.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 1)
# -- auth params --
modparam("auth_db", "use_rpid", 1)
modparam("auth_db", "rpid_column", "rpid")
modparam("auth", "rpid_prefix", "<sip:")
modparam("auth", "rpid_suffix", "@testphone.com>:party=calling;screen=no;privacy=off")
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri=~"testphone.com") {
lookup("aliases");
if (method=="REGISTER") {
#Uncomment this if you want to use digest authentication
if (!www_authorize("testphone.com", "subscriber")) {
www_challenge("testphone.com", "0");
append_rpid_hf();
break;
};
save("location");
break;
};
if (uri=~"^sip:21") {
append_rpid_hf();
forward(a valid ip address for the gateway was inserted here);
break;
}
if (uri=~"^sip:123") {
forward(a valid ip address for the gareway was inserted here);
break;
}
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
Hi all,
What route management facilities exist for ser besides what we can put
in ser.cfg?
Is there any existing facilities of using metrics based on Quality and
Cost, and also allowing for route failover? Also, if we have new (for
example) pstn gateways coming on to our network, how can we add these
routes without restarting ser?
Where is the appropriate place for this type of functionality to live?
In a ser module, pulling routes (with cost/quality metrics) from a DB?
Thnx!
-Jev
Hey!
Does anyone know how to do the following (if it can be done at all)?
In the ser.cfg, I would like to use a return value from a module's
function as a prefix to a URI.
....
VALUE=function_a( ); <-- exported from a module
prefix( "$VALUE" ); <-- URI prefix'ing of user routine
....
I do not want to use the exec module, (the admin module shows nice
examples), as the processing expense is too high.
Thanks ahead of time.
Chris
Daniel,
many thanks for swift response!. If I set fork=yes I get the same error.
If I set listen=<ip> then strange things break.. calls are no longer
connected properly, and UAs cant log in.
Any more suggestions?!
D
-----Original Message-----
From: Daniel-Constantin Mierla [mailto:daniel@iptel.org]
Sent: 16 July 2004 22:34
To: Dave Bath
Cc: serusers(a)lists.iptel.org
Subject: Re: [Serusers] Problem with messages + msilo
Do you have fork=yes in your config file? If no, then either set
fork=yes or set the public ip explicitly to listen to with:
listen=ip_address.
Daniel
On 07/16/04 23:22, Dave Bath wrote:
>I don't know! I have perhaps misunderstood... it is not explicitly
>bound to anything. It is a single machine with a single network card
>with a single external Ip address?
>
>D
>
>-----Original Message-----
>From: Daniel-Constantin Mierla [mailto:daniel@iptel.org]
>Sent: 16 July 2004 22:16
>To: Dave Bath
>Cc: serusers(a)lists.iptel.org
>Subject: Re: [Serusers] Problem with messages + msilo
>
>Hello,
>there is a self explanatory error message -- is it the case?
>
>On 07/16/04 18:26, Dave Bath wrote:
>
>
>
>>Hey guys,
>>
>>I have been battling with msilo, and the routing logic. It finally
>>looks like it might be beginning to get there, (ser actually restarts
>>now!) lol, but I have a problem when I try and send a message.
>>
>>I am using the serweb utility to try and send to "sip:admin@<ip>" and
>>it reports "message accepted for delivery"... but I don't receive it.
>>Checking the log shows;
>>
>>Jul 16 17:20:01 sip /usr/sbin/ser[20227]: MSILO: the downstream UA
>>does not support MESSAGE requests ...
>>
>>Jul 16 17:20:01 sip /usr/sbin/ser[20227]: ACC: transaction answered:
>>method=MESSAGE, i-uri=sip:admin@161.30.94.68,
>>o-uri=sip:admin@81.86.136.86:5060, call_id=7971f97d-0(a)127.0.0.1,
>>
>>
>>
>from=sip:admin@sip.dev.inmarsat.com;tag=533cb9e91f4b999cf76861cbb9ed54e
d
>-79e5,
>
>
>>code=202
>>
>>Jul 16 17:20:01 sip /usr/sbin/ser[20187]: ERROR: udp_send:
>>sendto(sock,0xbd70f700,671,0,0xbd70e1dc,16): Invalid argument(22)
>>
>>Jul 16 17:20:01 sip /usr/sbin/ser[20187]: CRITICAL: invalid
>>sendtoparameters one possible reason is the server is bound to
>>localhost and attempts to send to the net
>>
>>
>>
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>Daniel
>
>
>
>>Jul 16 17:20:01 sip /usr/sbin/ser[20187]: msg_send: ERROR: udp_send
>>
>>
>failed
>
>
>>Jul 16 17:20:01 sip /usr/sbin/ser[20187]: ERROR: t_forward_nonack:
>>sending request failed
>>
>>Jul 16 17:20:01 sip /usr/sbin/ser[20187]: ACC: transaction answered:
>>method=MESSAGE, i-uri=sip:admin@161.30.94.68,
>>o-uri=sip:admin@81.86.136.86:5060, call_id=7971f97d-0(a)161.30.94.68,
>>
>>
>>
>from=sip:sip_registrar@161.30.94.68;tag=533cb9e91f4b999cf76861cbb9ed54e
d
>-8a85,
>
>
>>code=477
>>
>>Any ideas?
>>
>>Many thanks again, and thanks for a brilliant list!
>>
>>Dave
>>
>>----------------------------------------------------------------------
-
>>
>>
>-
>
>
>>_______________________________________________
>>Serusers mailing list
>>serusers(a)lists.iptel.org
>>http://lists.iptel.org/mailman/listinfo/serusers
>>
>>
>>
>>
>
>
>
>
>_______________________________________________
>Serusers mailing list
>serusers(a)lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
>
>
>
I don't know! I have perhaps misunderstood... it is not explicitly
bound to anything. It is a single machine with a single network card
with a single external Ip address?
D
-----Original Message-----
From: Daniel-Constantin Mierla [mailto:daniel@iptel.org]
Sent: 16 July 2004 22:16
To: Dave Bath
Cc: serusers(a)lists.iptel.org
Subject: Re: [Serusers] Problem with messages + msilo
Hello,
there is a self explanatory error message -- is it the case?
On 07/16/04 18:26, Dave Bath wrote:
> Hey guys,
>
> I have been battling with msilo, and the routing logic. It finally
> looks like it might be beginning to get there, (ser actually restarts
> now!) lol, but I have a problem when I try and send a message.
>
> I am using the serweb utility to try and send to "sip:admin@<ip>" and
> it reports "message accepted for delivery"... but I don't receive it.
> Checking the log shows;
>
> Jul 16 17:20:01 sip /usr/sbin/ser[20227]: MSILO: the downstream UA
> does not support MESSAGE requests ...
>
> Jul 16 17:20:01 sip /usr/sbin/ser[20227]: ACC: transaction answered:
> method=MESSAGE, i-uri=sip:admin@161.30.94.68,
> o-uri=sip:admin@81.86.136.86:5060, call_id=7971f97d-0(a)127.0.0.1,
>
from=sip:admin@sip.dev.inmarsat.com;tag=533cb9e91f4b999cf76861cbb9ed54ed
-79e5,
> code=202
>
> Jul 16 17:20:01 sip /usr/sbin/ser[20187]: ERROR: udp_send:
> sendto(sock,0xbd70f700,671,0,0xbd70e1dc,16): Invalid argument(22)
>
> Jul 16 17:20:01 sip /usr/sbin/ser[20187]: CRITICAL: invalid
> sendtoparameters one possible reason is the server is bound to
> localhost and attempts to send to the net
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Daniel
> Jul 16 17:20:01 sip /usr/sbin/ser[20187]: msg_send: ERROR: udp_send
failed
>
> Jul 16 17:20:01 sip /usr/sbin/ser[20187]: ERROR: t_forward_nonack:
> sending request failed
>
> Jul 16 17:20:01 sip /usr/sbin/ser[20187]: ACC: transaction answered:
> method=MESSAGE, i-uri=sip:admin@161.30.94.68,
> o-uri=sip:admin@81.86.136.86:5060, call_id=7971f97d-0(a)161.30.94.68,
>
from=sip:sip_registrar@161.30.94.68;tag=533cb9e91f4b999cf76861cbb9ed54ed
-8a85,
> code=477
>
> Any ideas?
>
> Many thanks again, and thanks for a brilliant list!
>
> Dave
>
>-----------------------------------------------------------------------
-
>
>_______________________________________________
>Serusers mailing list
>serusers(a)lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
>
>
