27 Mar
2004
27 Mar
'04
6:37 a.m.
Is there anyway to authenticate just the sip username in the from header?
-----Original Message-----
From: Jiri Kuthan [mailto:jiri@iptel.org]
Sent: Saturday, March 27, 2004 7:05 AM
To: daniel(a)iptel.org; Raymond Chen
Cc: serdev(a)lists.iptel.org; serusers(a)lists.iptel.org
Subject: Re: [Serusers] RE: [Serdev] check_from
the problem is the cisco gateway is not capable of supporting digest authetnication.
(not ver good indeed). You are left with authentication by source IP address.
-jiri
At 04:56 PM 3/26/2004, Daniel-Constantin Mierla wrote:
No idea about it. You can watch the network traffic
(using ngrep on ser
machine: ngrep port 5060) and see if the realm from a 401/407 reply
matches with the one from next request.
.Daniel
On 03/26/04 16:46, Raymond Chen wrote:
--
Jiri Kuthan http://iptel.org/~jiri/
I use AS5300 as UA.
-----Original Message-----
From: Daniel-Constantin Mierla [mailto:daniel@iptel.org]
Sent: Friday, March 26, 2004 11:04 PM
To: Raymond Chen
Cc: serdev(a)lists.iptel.org; serusers(a)lists.iptel.org
Subject: Re: [Serusers] RE: [Serdev] check_from
What client do you use? It does not use the realm from challenge -- it
is a MSN Messenger specific bug, but it might be present in other sip
clients. You must set the realm from challenge as the host part of the
sip id.
.Daniel
On 03/26/04 15:46, Raymond Chen wrote:
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers Danial,
www_authorize fail to authorize without password
0(3283) lookup(): '85234230599(a)218.20.229.53' Not found in usrloc
0(3283) parse_headers: flags=4096
0(3283) pre_auth(): Credentials with given realm not found
0(3283) build_auth_hf(): 'WWW-Authenticate: Digest realm="xxx.org",
nonce="40644192d74bf39b0ebb5d141cb2073a6c09daf8"
'
Regards
Raymond
-----Original Message-----
From: Daniel-Constantin Mierla [mailto:daniel@iptel.org]
Sent: Friday, March 26, 2004 8:04 PM
To: Raymond Chen
Subject: Re: [Serusers] RE: [Serdev] check_from
Try something like this:
if (method=="INVITE")
{
if (!www_authorize("xxx.org", "subscriber")) {
www_challenge("xxx.org", "0");
break;
};
if (!check_from()) {
sl_send_reply("403", "Only registered users are allowed");
break;
};
};
.Daniel
On 03/26/04 12:48, Raymond Chen wrote:
>Now we understand what the what the message means after reading the
>
>
message
a few
times. We are trying to do PSTN(as5300) ---> ser -----> pstn
(AS5300), and to authorize the calling number (callerid) in the INVITE
message against URI table. But check_from command needs to call
proxy_authorize, which it requires username and password. we setup the
configuration like this
if (method=="INVITE" & proxy_authorize("xxx.org",
"subscriber")
if (!check_from()) {
sl_send_reply("403", "Only registered users are
allowed");
break;
}
}
Because cisco does not have sip password setting, so we have
0(3173) check_username(): No authorized credentials found (error in
scripts)
0(3173) check_username(): Call
{www,proxy}_authorize before calling
check_*
function !
Does anyone has a solution?
Regards
-----Original Message-----
From: Daniel-Constantin Mierla [mailto:daniel@iptel.org]
Sent: Friday, March 26, 2004 6:18 PM
To: Raymond Chen
Cc: serdev(a)lists.iptel.org
Subject: Re: [Serdev] check_from
Hello,
the last error message is self explanatory. You need to call either
www_authorize() or proxy_authorize() before calling check_from() because
this method compares the data from From header with what is in
credentials (response to a authentication challenge).
.Daniel
On 03/26/04 04:35, Raymond Chen wrote:
>Dear all,
>
>We have configured Ser to check from username field to authorize user
>¡°unknown¡±
>
>if (!check_from()) {
>
>sl_send_reply("403", "Only registered users are allowed");
>
>break;
>
>};
>
>We have error message
>
>0(2568) check_username(): No authorized credentials found (error in
>scripts)
>
>0(2568) check_username(): Call {www,proxy}_authorize before calling
>check_* function !
>
>We have ¡°unknown¡± username entry in uri table.
>
>Regards
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Serdev mailing list
>serdev(a)lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serdev
>
>
>
>
>
>
>
>
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serdev mailing list
serdev(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serdev