Hi,
The 403 is sent by your script - you just need to debug your script (use xlog() to print messages) and to see how the request is processed through your script.
Regards, Bogdan
luzango mfupe wrote:
Hi mates, I still need your pointers regarding my problem in this post, today i have attached the routes suspected to be involved in this saga. From my config file plz see below.
#
# Unauthorized relay #
if (!is_uri_host_local()) { if (is_from_local()) { # We preventunauthorised relays "clever guys we got u" append_hf("P-hint: outbound\r\n");
route(10); # need to be authenticated } else { sl_send_reply("403", "Forbidden"); }; return; };route[10] { #------------------------------------------------------------- # Default Message Handler with Proxy Authentication #
if(method=="ACK") { #these you never proxy authenticate route(1); return; }; if(method=="BYE" || method=="CANCEL") { #these you neverproxy authenticate route(1); return; };
xlog("L_INFO", "Proxy auth $fd $dP destination:$du $dd $ds");# if (!route(7)) { #verify the user return(0); };if (!is_user_in("From", "noauth")) { #no authentication required if (!proxy_authorize("","subscriber")) { proxy_challenge("","0"); return; } else if (!check_from()) { sl_send_reply("403", "Use From=ID"); return; }; # consume_credentials();
};# if (is_user_in("Credentials", "local")) { # Uncomment to use the group options route(1); # }else{ # sl_send_reply("403", "Busted!!!, you are not allowed this route"); # };
return; }
With Best Regards, LU.
Message: 3 Date: Tue, 20 May 2008 17:38:50 +0200 From: "luzango mfupe" <luzango.mfupe@gmail.com <mailto:luzango.mfupe@gmail.com>> Subject: [OpenSER-Users] Call failed 403 Forbiden To: users@lists.openser.org <mailto:users@lists.openser.org> Message-ID: <9cdd611a0805200838oc11cfedg9762b7451bf543c4@mail.gmail.com <mailto:9cdd611a0805200838oc11cfedg9762b7451bf543c4@mail.gmail.com>> Content-Type: text/plain; charset="iso-8859-1" Hi mates, Everytime i do try to make my 2 xlite clients talk (which i correctly added them into the database), i encountered with the same problm, Openser perfoms authentication and return call failed 403 forbiden signal. My setup comprise of the first box with openser 1.3 and mediaproxy the second box with Mysql and two Xlite clients in two other boxes all are in an internal network, as far as am concerned my NetAdmin have already opened ports 5060 and 3306 for me. I need your right direction on this probm. below is my ngrep snapshot mzee:/# ngrep -d eth1 -W byline port 5060 interface: eth1 (168.172.200.0/255.255.255.0 <http://168.172.200.0/255.255.255.0>) filter: (ip or ip6) and ( port 5060 ) # U 168.172.200.70:1824 <http://168.172.200.70:1824> -> 168.172.200.87:5060 <http://168.172.200.87:5060> INVITE sip:musketeerm@168.172.200.87 <mailto:sip%3Amusketeerm@168.172.200.87> <sip%3Amusketeerm@168.172.200.87 <mailto:sip%253Amusketeerm@168.172.200.87>>SIP/2.0. Via: SIP/2.0/UDP 168.172.200.70:1824 <http://168.172.200.70:1824> ;branch=z9hG4bK-d87543-ef08fb62b30f1a54-1--d87543-. Max-Forwards: 70. Contact: <sip:dreamteam@168.172.200.70:1824 <http://sip:dreamteam@168.172.200.70:1824>>. To: "musk"<sip:musketeerm@168.172.200.87 <mailto:sip%3Amusketeerm@168.172.200.87> <sip%3Amusketeerm@168.172.200.87 <mailto:sip%253Amusketeerm@168.172.200.87>>>. From: "dream"<sip:dreamteam@168.172.200.87 <mailto:sip%3Adreamteam@168.172.200.87> <sip%3Adreamteam@168.172.200.87 <mailto:sip%253Adreamteam@168.172.200.87>> >;tag=af4bd714. Call-ID: OTAyNWJhOTdiZjBlNmUwNDYyZWI0YzdkM2JhZTUxMTU.. CSeq: 1 INVITE. Session-Expires: 95. Min-SE: 90. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO. Content-Type: application/sdp. Supported: timer. User-Agent: X-Lite release 1011s stamp 41150. Content-Length: 426. . v=0. o=- 9 2 IN IP4 168.172.200.70 <http://168.172.200.70>. s=CounterPath X-Lite 3.0. c=IN IP4 168.172.200.70 <http://168.172.200.70>. t=0 0. m=audio 52166 RTP/AVP 107 119 100 106 0 105 98 8 101. a=alt:1 1 : uZB2dYm+ NKBRK8Ep 168.172.200.70 <http://168.172.200.70> 52166. a=fmtp:101 0-15. a=rtpmap:107 BV32/16000. a=rtpmap:119 BV32-FEC/16000. a=rtpmap:100 SPEEX/16000. a=rtpmap:106 SPEEX-FEC/16000. a=rtpmap:105 SPEEX-FEC/8000. a=rtpmap:98 iLBC/8000. a=rtpmap:101 telephone-event/8000. a=sendrecv. # U 168.172.200.87:5060 <http://168.172.200.87:5060> -> 168.172.200.70:1824 <http://168.172.200.70:1824> SIP/2.0 403 Forbidden. Via: SIP/2.0/UDP 168.172.200.70:1824 <http://168.172.200.70:1824> ;branch=z9hG4bK-d87543-ef08fb62b30f1a54-1--d87543-. To: "musk"<sip:musketeerm@168.172.200.87 <mailto:sip%3Amusketeerm@168.172.200.87> <sip%3Amusketeerm@168.172.200.87 <mailto:sip%253Amusketeerm@168.172.200.87>> >;tag=9a17bd4180f96d7136f8b30b25c6947e.d7e9. From: "dream"<sip:dreamteam@168.172.200.87 <mailto:sip%3Adreamteam@168.172.200.87> <sip%3Adreamteam@168.172.200.87 <mailto:sip%253Adreamteam@168.172.200.87>> >;tag=af4bd714. Call-ID: OTAyNWJhOTdiZjBlNmUwNDYyZWI0YzdkM2JhZTUxMTU.. CSeq: 1 INVITE. Server: OpenSER (1.3.0-notls (i386/linux)). Content-Length: 0. . # U 168.172.200.70:1824 <http://168.172.200.70:1824> -> 168.172.200.87:5060 <http://168.172.200.87:5060> ACK sip:musketeerm@168.172.200.87 <mailto:sip%3Amusketeerm@168.172.200.87> <sip%3Amusketeerm@168.172.200.87 <mailto:sip%253Amusketeerm@168.172.200.87>> SIP/2.0. Via: SIP/2.0/UDP 168.172.200.70:1824 <http://168.172.200.70:1824> ;branch=z9hG4bK-d87543-ef08fb62b30f1a54-1--d87543-. To: "musk"<sip:musketeerm@168.172.200.87 <mailto:sip%3Amusketeerm@168.172.200.87> <sip%3Amusketeerm@168.172.200.87 <mailto:sip%253Amusketeerm@168.172.200.87>> >;tag=9a17bd4180f96d7136f8b30b25c6947e.d7e9. From: "dream"<sip:dreamteam@168.172.200.87 <mailto:sip%3Adreamteam@168.172.200.87> <sip%3Adreamteam@168.172.200.87 <mailto:sip%253Adreamteam@168.172.200.87>> >;tag=af4bd714. Call-ID: OTAyNWJhOTdiZjBlNmUwNDYyZWI0YzdkM2JhZTUxMTU.. CSeq: 1 ACK. Content-Length: 0. WBR, LU.
Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users