Hi All
I made an entry "10.25.119.156, any, ^sip:.*$" into trusted table so that any packet sent from 10.25.119.156 would be trusted by SER and don't ask for its credentials. But SER is replying 407- proxy auth needed!! After this I tried with permissions.allow file:
"ALL : "sip:mann@imsfw.de$"" but still no progress same response from SER.
My ser.cfg entries:
modparam("permissions", "db_mode", 1)
modparam("permissions", "trusted_table", "trusted")
modparam("permissions", "source_col", "src_ip")
modparam("permissions", "proto_col", "proto")
modparam("permissions", "from_col", "from_pattern")
modparam("permissions", "default_deny_file","/usr/lib/ser/modules/permissions.deny")
modparam("permissions", "default_allow_file","/usr/lib/ser/modules/permissions.allow")
Is it correct? Please give your suggestions for the same.
Thanks in anticipation
Kamal Mann
Hi,
Did you add an additional "if" clause like below??
if(!allow_trusted()) { #!!! like this one !!! if (!proxy_authorize("","subscriber")) { proxy_challenge("","0"); break; } else if (!check_from()) { sl_send_reply("403", "Forbidden"); break; };
consume_credentials(); };
Regards,
Andrey.
On 11/1/06, Kamal.Mann@t-systems.com Kamal.Mann@t-systems.com wrote:
Hi All
I made an entry "10.25.119.156, any, ^sip:.*$" into trusted table so that any packet sent from 10.25.119.156 would be trusted by SER and don't ask for its credentials. But SER is replying 407- proxy auth needed!! After this I tried with permissions.allow file:
"ALL : "sip:mann@imsfw.de$"" but still no progress same response from SER.
My ser.cfg entries:
modparam("permissions", "db_mode", 1)
modparam("permissions", "trusted_table", "trusted")
modparam("permissions", "source_col", "src_ip")
modparam("permissions", "proto_col", "proto")
modparam("permissions", "from_col", "from_pattern")
modparam("permissions", "default_deny_file","/usr/lib/ser/modules/permissions.deny")
modparam("permissions", "default_allow_file","/usr/lib/ser/modules/permissions.allow")
Is it correct? Please give your suggestions for the same.
Thanks in anticipation
Kamal Mann _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Yes it is these. This is the block which send 407.
Regards Kamal Mann
-----Original Message----- From: Andrey Kuprianov [mailto:andrey.kouprianov@gmail.com] Sent: Wednesday, November 01, 2006 1:35 PM To: serusers@iptel.org Subject: Re: [serusers]: trusted table(permissions module)
Hi,
Did you add an additional "if" clause like below??
if(!allow_trusted()) { #!!! like this one !!! if (!proxy_authorize("","subscriber")) { proxy_challenge("","0"); break; } else if (!check_from()) { sl_send_reply("403", "Forbidden"); break; };
consume_credentials(); };
Regards,
Andrey.
On 11/1/06, Kamal.Mann@t-systems.com Kamal.Mann@t-systems.com wrote:
Hi All
I made an entry "10.25.119.156, any, ^sip:.*$" into trusted table so
that
any packet sent from 10.25.119.156 would be trusted by SER and don't
ask for
its credentials. But SER is replying 407- proxy auth needed!! After
this I
tried with permissions.allow file:
"ALL : "sip:mann@imsfw.de$"" but still no progress same response from
SER.
My ser.cfg entries:
modparam("permissions", "db_mode", 1)
modparam("permissions", "trusted_table", "trusted")
modparam("permissions", "source_col", "src_ip")
modparam("permissions", "proto_col", "proto")
modparam("permissions", "from_col", "from_pattern")
modparam("permissions", "default_deny_file","/usr/lib/ser/modules/permissions.deny")
modparam("permissions", "default_allow_file","/usr/lib/ser/modules/permissions.allow")
Is it correct? Please give your suggestions for the same.
Thanks in anticipation
Kamal Mann _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Kamal.Mann@t-systems.com wrote:
Hi All
I made an entry /“10.25.119.156, any, ^sip:.*$”/ into trusted table so that any packet sent from 10.25.119.156 would be trusted by SER and don’t ask for its credentials. But SER is replying *407- proxy* auth needed!! After this I tried with permissions.allow file:
Hi, I had the same issue while interconnecting SER and Asterisk. It turned out to be an issue on Asterisk side (I had the same user added for SER and Asterisk, so the poor thing couldn't authorize either :)) So you could check if the 407 you're getting is from SER or from the remote host.
Regards, Maciej Zwirski
---------------------------------------------------------------------- Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e
Strange... My setup (including Asterisk btw) is working just fine using trusted table. Never, had a problem. So, either like Maciej said, you should check the remote site (i.e. recepient) settings or check the format of your record in the trusted table again.
Btw, does message log say anything interesting?
Andrey.
On 11/1/06, Maciej Żwirski mzwirek@poczta.fm wrote:
Kamal.Mann@t-systems.com wrote:
Hi All
I made an entry /"10.25.119.156, any, ^sip:.*$"/ into trusted table so that any packet sent from 10.25.119.156 would be trusted by SER and don't ask for its credentials. But SER is replying *407- proxy* auth needed!! After this I tried with permissions.allow file:
Hi, I had the same issue while interconnecting SER and Asterisk. It turned out to be an issue on Asterisk side (I had the same user added for SER and Asterisk, so the poor thing couldn't authorize either :)) So you could check if the 407 you're getting is from SER or from the remote host.
Regards, Maciej Zwirski
Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hi All In my scenario I need ser to communicate with my SIP-AS. This SIP-AS is having an application xyz running on it. This XYZ sends an invite to URI "A@xcv.de" which is a subscriber in SER and this is in TO header of Invite msg & FROM header contains another URI test@xcv.de but this URI (test@xcv.de) isn't registered / subscribed to SER. I need SER trust all packets from SIP-AS ip. BUT SER is sending 407 reply of INVITE to XYZ application! IP in trusted table is of SIP-AS on top of which XYZ application is running.
Thanks in anticipation Kamal Mann
-----Original Message----- From: Maciej Żwirski [mailto:mzwirek@poczta.fm] Sent: Wednesday, November 01, 2006 3:20 PM To: serusers@lists.iptel.org Subject: Re: [serusers]: trusted table(permissions module)
Kamal.Mann@t-systems.com wrote:
Hi All
I made an entry /"10.25.119.156, any, ^sip:.*$"/ into trusted table so that any packet sent from 10.25.119.156 would be trusted by SER and don't ask for its credentials. But SER is replying *407- proxy* auth needed!! After this I tried with permissions.allow file:
Hi, I had the same issue while interconnecting SER and Asterisk. It turned out to be an issue on Asterisk side (I had the same user added for SER and Asterisk, so the poor thing couldn't authorize either :)) So you could check if the 407 you're getting is from SER or from the remote host.
Regards, Maciej Zwirski
---------------------------------------------------------------------- Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e
_______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hi Kamal,
I understand your setup. Nevertheless, it will be difficult to figure out your problem, w/o your ser.cfg file at hand. Also, send a trusted table query result (i.e. that row which contains entry for your SIP-AS).
Regards,
Andrey.
On 11/1/06, Kamal.Mann@t-systems.com Kamal.Mann@t-systems.com wrote:
Hi All In my scenario I need ser to communicate with my SIP-AS. This SIP-AS is having an application xyz running on it. This XYZ sends an invite to URI "A@xcv.de" which is a subscriber in SER and this is in TO header of Invite msg & FROM header contains another URI test@xcv.de but this URI (test@xcv.de) isn't registered / subscribed to SER. I need SER trust all packets from SIP-AS ip. BUT SER is sending 407 reply of INVITE to XYZ application! IP in trusted table is of SIP-AS on top of which XYZ application is running.
Thanks in anticipation Kamal Mann
-----Original Message----- From: Maciej Żwirski [mailto:mzwirek@poczta.fm] Sent: Wednesday, November 01, 2006 3:20 PM To: serusers@lists.iptel.org Subject: Re: [serusers]: trusted table(permissions module)
Kamal.Mann@t-systems.com wrote:
Hi All
I made an entry /"10.25.119.156, any, ^sip:.*$"/ into trusted table so that any packet sent from 10.25.119.156 would be trusted by SER and don't ask for its credentials. But SER is replying *407- proxy* auth needed!! After this I tried with permissions.allow file:
Hi, I had the same issue while interconnecting SER and Asterisk. It turned out to be an issue on Asterisk side (I had the same user added for SER and Asterisk, so the poor thing couldn't authorize either :)) So you could check if the 407 you're getting is from SER or from the remote host.
Regards, Maciej Zwirski
Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hi Please find ser.cfg enclosed.
Trusted table entry: +---------------+-------+--------------+ | src_ip | proto | from_pattern | +---------------+-------+--------------+ | 10.25.119.156 | any | ^sip:.*$ | +---------------+-------+--------------+ 1 row in set (0.00 sec)
Thanks in anticipation Kamal Mann -----Original Message----- From: serusers-bounces@lists.iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Andrey Kuprianov Sent: Wednesday, November 01, 2006 7:03 PM To: serusers@iptel.org Subject: Re: [serusers]: trusted table(permissions module)
Hi Kamal,
I understand your setup. Nevertheless, it will be difficult to figure out your problem, w/o your ser.cfg file at hand. Also, send a trusted table query result (i.e. that row which contains entry for your SIP-AS).
Regards,
Andrey.
On 11/1/06, Kamal.Mann@t-systems.com Kamal.Mann@t-systems.com wrote:
Hi All In my scenario I need ser to communicate with my SIP-AS. This SIP-AS is having an application xyz running on it. This XYZ sends an invite to URI "A@xcv.de" which is a subscriber in SER and this is in TO header of Invite msg & FROM header contains another URI test@xcv.de but this URI (test@xcv.de) isn't registered / subscribed to SER. I need SER trust all packets from SIP-AS ip. BUT SER is sending 407 reply of INVITE to XYZ application! IP in trusted table is of SIP-AS on top of which XYZ application is running.
Thanks in anticipation Kamal Mann
-----Original Message----- From: Maciej Żwirski [mailto:mzwirek@poczta.fm] Sent: Wednesday, November 01, 2006 3:20 PM To: serusers@lists.iptel.org Subject: Re: [serusers]: trusted table(permissions module)
Kamal.Mann@t-systems.com wrote:
Hi All
I made an entry /"10.25.119.156, any, ^sip:.*$"/ into trusted table so that any packet sent from 10.25.119.156 would be trusted by SER and don't ask for its credentials. But SER is replying *407- proxy* auth needed!! After this I tried with permissions.allow file:
Hi, I had the same issue while interconnecting SER and Asterisk. It turned out to be an issue on Asterisk side (I had the same user added for SER and Asterisk, so the poor thing couldn't authorize either :)) So you could check if the 407 you're getting is from SER or from the remote host.
Regards, Maciej Zwirski
Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hi Kamal,
Whenever you modified your ser.cfg did you restart SER after? Did you check your ser.cfg for errors using "ser -c" command? I found some errors in your ser.cfg code. For instance, inside the main route block, your "if", which processes INVITEs, is missing a semicolon at the end of the block.
if (method=="INVITE") { # sl_send_reply("404", "INVITE "); route(3); break; } <----- missing semicolon here
If you are comfortable with your current ser.cfg, that's ok, but I'd suggest you start with a fresh one, make your trusted table work, and then add a "REFER" processing, like in your currect ser.cfg. Just download one fresh ser.cfg from iptel.org site and add your allow_trusted() "if" clause there.
Regards,
Andrey.
On 11/2/06, Kamal.Mann@t-systems.com Kamal.Mann@t-systems.com wrote:
Hi Please find ser.cfg enclosed.
Trusted table entry: +---------------+-------+--------------+ | src_ip | proto | from_pattern | +---------------+-------+--------------+ | 10.25.119.156 | any | ^sip:.*$ | +---------------+-------+--------------+ 1 row in set (0.00 sec)
Thanks in anticipation Kamal Mann -----Original Message----- From: serusers-bounces@lists.iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Andrey Kuprianov Sent: Wednesday, November 01, 2006 7:03 PM To: serusers@iptel.org Subject: Re: [serusers]: trusted table(permissions module)
Hi Kamal,
I understand your setup. Nevertheless, it will be difficult to figure out your problem, w/o your ser.cfg file at hand. Also, send a trusted table query result (i.e. that row which contains entry for your SIP-AS).
Regards,
Andrey.On 11/1/06, Kamal.Mann@t-systems.com Kamal.Mann@t-systems.com wrote:
Hi All In my scenario I need ser to communicate with my SIP-AS. This SIP-AS is having an application xyz running on it. This XYZ sends an invite to URI "A@xcv.de" which is a subscriber in SER and this is in TO header of Invite msg & FROM header contains another URI test@xcv.de but this URI (test@xcv.de) isn't registered / subscribed to SER. I need SER trust all packets from SIP-AS ip. BUT SER is sending 407 reply of INVITE to XYZ application! IP in trusted table is of SIP-AS on top of which XYZ application is running.
Thanks in anticipation Kamal Mann
-----Original Message----- From: Maciej Żwirski [mailto:mzwirek@poczta.fm] Sent: Wednesday, November 01, 2006 3:20 PM To: serusers@lists.iptel.org Subject: Re: [serusers]: trusted table(permissions module)
Kamal.Mann@t-systems.com wrote:
Hi All
I made an entry /"10.25.119.156, any, ^sip:.*$"/ into trusted table so that any packet sent from 10.25.119.156 would be trusted by SER and don't ask for its credentials. But SER is replying *407- proxy* auth needed!! After this I tried with permissions.allow file:
Hi, I had the same issue while interconnecting SER and Asterisk. It turned out to be an issue on Asterisk side (I had the same user added for SER and Asterisk, so the poor thing couldn't authorize either :)) So you could check if the 407 you're getting is from SER or from the remote host.
Regards, Maciej Zwirski
Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Andrey Kuprianov -
Kamal.Mann@t-systems.com -
Maciej Żwirski