24 Jan
2005
24 Jan
'05
9:52 p.m.
Hi Ashling,
If you want to auth with ser your ser.cfg must be like the above ... with the auth and
auth.so modules umcommented. Take a Look and see if it helps you ... be in touch if
anything goes wrong.
----------------------- ser.cfg -------------------------
#
# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
# Uncomment these lines to enter debugging mode
debug=9
fork=yes
log_stderror=no
listen=192.168.4.10
port=5060
# hostname matching an alias will satisfy the condition "uri==myself".
alias="mundivox.com"
alias="sipserver.com"
# sip_warning - Should replies include extensive warnings? By default
# yes, it is good for trouble-shooting
#sip_warnings=yes
# server_signature - Should locally-generated messages include server's
# signature? By default yes, it is good for trouble-shooting.
# server_signature=yes
# reply_to_via - A hint reply modules whether they should send reply
# to IP advertised in Via. Turned off by default, which means that
# replies are sent to IP address from which requests came.
# reply_to_via=no
# mhomed -- enable calculation of outbound interface; useful on
# multihomed servers.
# mhomed=0
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
children=4
fifo_mode=0666
fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/domain.so"
loadmodule "/usr/local/lib/ser/modules/acc.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
loadmodule "/usr/local/lib/ser/modules/uri.so"
loadmodule "/usr/local/lib/ser/modules/group.so"
loadmodule "/usr/local/lib/ser/modules/msilo.so"
loadmodule "/usr/local/lib/ser/modules/enum.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
# 0 = disable
# 1 = write-through
# 2 = write-back
# MySQL Based User Authentication
modparam("auth_db", "db_url",
"sql://ser:heslo@localhost/ser")
# Checking for Username Column
#modparam("auth_db", "user_column", "username")
# Checking for Domain Column
#modparam("auth_db", "domain_column", "domain")
# Checking for Password Column
modparam("auth_db", "password_column", "password")
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
modparam("usrloc", "timer_interval", 60)
modparam("usrloc", "desc_time_order", 1)
# ----- Acc Params ------
modparam("acc", "log_level", 1)
modparam("acc", "log_flag", 1)
# ----- auth params -----
# Uncomment if you are using auth module
# Permite tambem clear text passwords no mysql
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
# ------ rr params ------
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route {
# ----------------------------------------------------------------------------
# Sanity Checks -- messages with max_forwards==0, or excessively long requests
#-----------------------------------------------------------------------------
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# ------------------------------------------------------------
# OPTIONS Section
#
# This is used by sipsak to monitor the heath of our sip proxy
#-------------------------------------------------------------
# if (search("^From: sip:sipsak@") &&
# (method=="OPTIONS") && (!uri=~"sip:.*[@]+.*")) {
# options_reply();
# break;
# };
# ------------------------------------------------------------
# Registration Section
# ------------------------------------------------------------
# if (method=="REGISTER") {
#
# if (!is_from_local()) {
#
# sl_send_reply("403", "Unknown Domain");
# break;
# };
#
# if (is_user_in("Request-URI", "disabled")) {
#
# sl_send_reply("403", "Your evaluation period has
expired");
# break;
# };
#
# if (!www_authorize("", "subscriber")) {
#
# www_challeng("", "0");
# break;
# };
#
# if (!check_to()) {
#
# sl_send_reply("401", "Unauthorized");
# break;
# };
#
# if (!save("location")) {
#
# sl_reply_error();
# };
#
# break;
#
# };
# -----------------------------------------------------------------
# Open Relay Section
# -----------------------------------------------------------------
# if (method=="INVITE") {
#
# if (!(is_from_local() || is_uri_host_local())) {
# sl_send_reply("403", "Please register to use our
service");
# break;
# };
# };
# -----------------------------------------------------------------
# Accounting Section
# -----------------------------------------------------------------
# if (method=="INVITE" || method=="BYE") {
# setflag(1);
# };
# -----------------------------------------------------------------
# Record Route Section
#
# we record-route all messages -- to make sure that subsequent messages
# will go through our proxy; that's particularly good if upstream and
# donwstream entities use different transport protocol
# -----------------------------------------------------------------
# if (method=="INVITE") record_route();
# -----------------------------------------------------------------
# Loose Route Section
#
# Grant route routing if route headers present
# -----------------------------------------------------------------
if (loose_route()) {
route(2);
break;
};
# -----------------------------------------------------------------
# Alias Routing Section
# -----------------------------------------------------------------
lookup("aliases");
if (!uri==myself) {
route(2);
break;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
# Rota usada para guardar Logs no CDRTool - Billing
# if (method=="REGISTER" || method=="INVITE" ||
method=="BYE" || method=="CANCEL") {
# # Salvar mensagens no myslq para o CDRTool
# exec_msg("/var/www/html/serweb/sertrace.py; exit 1");
# };
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
# uri==myself retorna true se o nome de dominio URI for igual ao nome do
# host ao qual SER esta rodando. Para configurar quais domain names o ser
# aceita, deve-se configurar os ALIASES do sistema para tais nomes.
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!www_authorize("192.168.4.10",
"subscriber")) {
www_challenge("192.168.4.10", "0");
break;
};
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
-------------------------------- EOF ----------------------------------
On Mon, 24 Jan 2005 19:26:13 -0000
"Ashling O'Driscoll" <ashling.odriscoll(a)cit.ie> wrote:
Hi all,
Hope somebody can help-I really am stumped as to why this won't work
and would really appreciate if someone could shed some light on the
problem....
I currently have SER set up and clients are registering successfully.
However I want clients to authenticate before they can register.
Howevere when I uncomment the relevant lines in the ser.cfg file, my
clients can't register. The only thing I can think of is that SER is
behind NAT and my clients may/may not be behind NAT....I have
included my ser.cfg file below...I have spent along time trying to
understand why this is happening so any help will be appreciated!
Thanks,
Aisling.
#
# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
#debug=3 # debug level (cmd line: -dddddddddd)
#fork=yes
#log_stderror=no # (cmd line: -E)
/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
#children=4
fifo="/tmp/ser_fifo"
alias=84.203.148.14
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
#loadmodule "/usr/lib/ser/modules/mysql.so"
loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/nathelper.so"
#loadmodule "/usr/lib/ser/modules/mediaproxy.so"
loadmodule "/usr/lib/ser/modules/textops.so"
#loadmodule "/usr/lib/ser/modules/maxfwd.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
#loadmodule "/usr/lib/ser/modules/auth.so"
#loadmodule "/usr/lib/ser/modules/auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
#modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
#modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this
config),
# uncomment also the following parameter)
#
#modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
#!!Nathelper
#modparam("registrar","nat_flag",6)
#modparam("nathelper","natping_interval",30) #Ping intervals 30
seconds
#modparam("nathelper","ping_nated_only",1) #Ping only clinets
behind NAT
# -------------------------request routing logic-------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
#############Aisling Insert################
# #!Nat Insert
# #the below line tests if the IP of the received packet is different
from the IP in the via header and also
# #sees if the IP address in the contact header is private
# if (nat_uac_test("3")){
# if (method == "REGISTER" || ! search("^Record-Route:")){
# log("Log: Someone trying to register from private
IP,rewriting\n");
# # fixed_nated_contact(); #Rewrite contact with source IP
# if (method == "INVITE"){
# fix_nated_sdp("1"); #Add direction=active to SDP
# };
# force_rport(); # Add rport parameter to topmost Via
# setflag(6); # Mark as Nated
# };
# };
###################End#####################
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method == "REGISTER") record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
# if (!www_authorize("84.203.148.14", "subscriber")) {
# www_challenge("84.203.148.14", "0");
# break;
# };
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
#inserted by klaus
if (method == "INVITE"){
record_route();
force_rtp_proxy();
/* set up reply processing*/
t_on_reply("1");
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
#insert by klaus
onreply_route[1]{
if (status=~"[12][0-9][0-9]")
force_rtp_proxy();
}
#route[1]
#{
#if client or server know to be behind NAT, enable relay
# if (isflagset(6)){
# force_rtp_proxy();
# };
#
# #NAT processing of replies; apply to all transaction (for example,
# #reinvites from public to private UA are hard to identify as
# #Nated at the moment of request processing); look at replies
# t_on_reply("1");
#
# #send it out now; use stateful forwarding as it works reliably
# #even for UDP2TCP
# if(!t_relay()){
# sl_reply_error();
# };
#}
#!!NatHelper
#onreply_route[1]{
#Nated Transaction??
#if (isflagset(6) && status =~ "(183)\2[0-9][0-9]"){
# #fixed_nated_contact();
# force_rtp_proxy();
# }
#else if (nat_uac_test("1")){
# fix_nated_contact();
# };
#}
-------------------Legal Disclaimer---------------------------------------
The above electronic mail transmission is confidential and intended only for the person
to whom it is addressed. Its contents may be protected by legal and/or professional
privilege. Should it be received by you in error please contact the sender at the above
quoted email address. Any unauthorised form of reproduction of this message is strictly
prohibited. The Institute does not guarantee the security of any information
electronically transmitted and is not liable if the information contained in this
communication is not a proper and complete record of the message as transmitted by the
sender nor for any delay in its receipt.
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
--
Felipe Martins
Linux System Administrator
Tep Solution Provider
Mundivox Communications
Rua Lauro Muller, 116/Sala 505
RJ - Brasil - 22290-906
Tel.: 55 21 3820-8839
Fax.: 55 21 3820-8844