[OpenSER-Users-ES] autenticacion

Saúl Ibarra saghul at gmail.com
Sat Oct 27 18:28:33 CEST 2007


Necesitas un bloque para gestionar el NAT. Lo primero es documentarse
al respecto, para ello Iñaki escribió un post muy interesante en
blog.aliax.net , y luego puedes utilizar el generador de cfgs de
sipwise como guia, por ejemplo.

2007/10/27, Arturo Miranda Vera <mv.arturo at hotmail.com>:
>
> Como estan todos, espero bien. Disculpen que haga preguntan muy sencillas pero se me hace necesario , espero no causar alguna molestia. Bueno lo que pasa es que soy nuevo con OpenSER y tengo conocimiento internmedia en Linux SUSE, la version que utilizo es 10.2.  he estado probando openser y nada me sale, la verdad he leido bastante del mensaje SIP, de los problemas que existe cuando hay NAT y cual es la solucion. pero a la hora de empezar a probar nisiquiera puedo registrar un usuario. espero me ayuden, ya no se donde esta mi error.
>
> la configuracion de mi openser.cfg es:
>
> #
> # $Id: openser.cfg 1827 2007-03-12 15:22:53Z bogdan_iancu $
> #
> # simple quick-start config script
> # Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php
> # for a explanation of possible statements, functions and parameters.
> #
>
> # ----------- global configuration parameters ------------------------
>
> debug=3            # debug level (cmd line: -dddddddddd)
> fork=no
> log_stderror=yes    # (cmd line: -E)
> listen=udp:192.168.22.117
> port=5060
> children=4
> dns=no
> rev_dns=no
>
> # Uncomment these lines to enter debugging mode
> #fork=no
> #log_stderror=yes
> #
>
> # uncomment the following lines for TLS support
> #disable_tls = 0
> #listen = tls:your_IP:5061
> #tls_verify_server = 1
> #tls_verify_client = 1
> #tls_require_client_certificate = 0
> #tls_method = TLSv1
> #tls_certificate = "//etc/openser/tls/user/user-cert.pem"
> #tls_private_key = "//etc/openser/tls/user/user-privkey.pem"
> #tls_ca_list = "//etc/openser/tls/user/user-calist.pem"
>
> # ------------------ module loading ----------------------------------
>
> #set module path
> mpath="//lib/openser/modules/"
>
> # Uncomment this if you want to use SQL database
> #loadmodule "mysql.so"
>
> loadmodule "mysql.so"
> loadmodule "sl.so"
> loadmodule "tm.so"
> loadmodule "rr.so"
> loadmodule "maxfwd.so"
> loadmodule "usrloc.so"
> loadmodule "registrar.so"
> loadmodule "mi_fifo.so"
> loadmodule "textops.so"
> loadmodule "xlog.so"
> loadmodule "auth.so"
> loadmodule "auth_db.so"
> loadmodule "uri.so"
> loadmodule "uri_db.so"
> loadmodule "domain.so"
> loadmodule "presence.so"
>
>
> # Uncomment this if you want digest authentication
> # mysql.so must be loaded !
> #loadmodule "auth.so"
> #loadmodule "auth_db.so"
>
> # ----------------- setting module-specific parameters ---------------
>
> # -- mi_fifo params --
>
> #modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
>
> # -- usrloc params --
>
> #modparam("usrloc", "db_mode",   0)
>
> # Uncomment this if you want to use SQL database
> # for persistent storage and comment the previous line
> #modparam("usrloc", "db_mode", 2)
>
> # -- auth params --
> # Uncomment if you are using auth module
> #
> #modparam("auth_db", "calculate_ha1", yes)
> #
> # If you set "calculate_ha1" parameter to yes (which true in this config),
> # uncomment also the following parameter)
> #
> #modparam("auth_db", "password_column", "password")
>
> # -- rr params --
> # add value to ;lr param to make some broken UAs happy
> #modparam("rr", "enable_full_lr", 1)
>
> # -------------------------  request routing logic -------------------
>
> # main routing logic
>
> modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
> modparam("auth_db|uri_db|usrloc", "db_url", "mysql://openser:openserrw@localhost/openser")
> modparam("auth_db", "calculate_ha1", no)
> modparam("auth_db", "password_column", "password")
> #modparam("auth_db", "password_column_2", "ha1b")
> modparam("usrloc", "db_mode", 2)
> modparam("rr", "enable_full_lr", 1)
> ## Tiempo para la llamada
> modparam("tm", "fr_inv_timer", 45)
> modparam("domain", "db_url", "mysql://openser:openserrw@localhost/openser")
> modparam("domain", "db_mode", 1) ## Habilitamos la cache se la tabla domain
> modparam("presence", "db_url", "mysql://openser:openserrw@localhost/openser")
> modparam("presence", "max_expires", 3600)
> modparam("presence", "force_active", 1)
> modparam("presence", "server_address", "sip:192.168.22.117:5060")
>
> route{
>         if(!mf_process_maxfwd_header("10"))
>         {
>                 sl_send_reply("483","Too Many Hops");
>                 exit;
>         };
>         if(msg:len> max_len) {
>                 sl_send_reply("513","Message Overflow");
>                 exit;
>         }
>
>         if (method!="REGISTER") {
>                 record_route();
>         };
>
>         if (loose_route()) {
>                 route(1);
>                 exit;
>         };
>
>         if (!is_uri_host_local()) {
>                 if (is_from_local()) {
>                         route(4);
>                 } else {
>                         sl_send_reply("403", "Forbidden");
>                 };
>                 exit;
>         }
>
>         if (method=="ACK") {
>                 route(1);
>                 exit;
>         }
>         else if (method=="CANCEL") {
>                 route(1);
>                 exit;
>         }
>
>         else if (method=="REGISTER") {
>                 route(2);
>                 exit;
>         }
>
>         else if (method=="INVITE") {
>                 route(3);
>                 exit;
>         }
>
>         else if (method=="PUBLISH" || method=="SUBSCRIBE") {
>                 route(5);
>                 exit;
>         }
>
>         else {
>                 lookup("aliases");
>                 if (!is_uri_host_local()) {
>                         route(4);
>                         exit;
>                 };
>
>                 if (!lookup("location")) {
>                         sl_send_reply("404", "Not Found");
>                         exit;
>                 };
>                 route(1);
>                 exit;
>         };
> }
>
>
> route[1] {
>         # send it out now; use stateful forwarding as it works reliably
>         # even for UDP2TCP
>         if (!t_relay()) {
>                 sl_reply_error();
>         };
>         exit;
> }
>
> route[2]
> {
>         sl_send_reply("100", "Trying");
>         if (!www_authorize("","subscriber")) {
>                 www_challenge("","0");
>                 exit;
>         }
>         else if (!check_to()) {
>                 sl_send_reply("401", "Unauthorized");
>                 exit;
>         };
>
>         consume_credentials();
>
>         if ($hdr(contact)=~";expires=0") || ($hdr(expires)=="0") {
>                 xlog("L_INFO","$Cbx*** UNREGISTER ***$Cxx\n");
>         }
>
>         ## Guardamos la localización en la tabla "location".
>         if (!save("location")) {
>                 sl_reply_error();
>         };
> }
>
> # #
> route[3]
> {
>         ## Es necesario autenticarse para poder llamar
>         if (!proxy_authorize("","subscriber")) {
>                 proxy_challenge("","0");
>                 exit;
>         }
>         else if (!check_from()) {
>                 sl_send_reply("403", "Use From=ID");
>                 exit;
>         };
>
>         consume_credentials();
>         lookup("aliases");
>         if (!is_uri_host_local()) {
>                 route(4);
>                 exit;
>         };
>
>         if (!lookup("location")) {
>                 sl_send_reply("404", "User Not Found");
>                 exit;
>         };
>
>         route(1);
> }
>
> route[4]
> {
>         route(1);
>         exit;
> }
>
> route[5]
> {
>
>         if (method=="PUBLISH") {
>                 handle_publish();
>                 t_release();
>         }
>         else if (method=="SUBSCRIBE") {
>                 handle_subscribe();
>                 t_release();
>         }
> }
>
> onreply_route[1]
> {
>         xlog("L_INFO","\n\n$Cbc[Respuesta][ $rs ($rr) desde $si:$sp Peticion: ($rm) ] $Cxx\n");
> }
>
>
> el archivo de configuracion openserctlrc es como sigue
>
> # $Id: openserctlrc 1827 2007-03-12 15:22:53Z bogdan_iancu $
> #
> # openser control tool resource file
> #
> # here you can set variables used in the openserctl
>
> ## your SIP domain
> SIP_DOMAIN=192.168.22.117
>
> ## database type: MYSQL or PGSQL, by defaulte none is loaded
> DBENGINE=MYSQL
>
> ## database host
> DBHOST=localhost
>
> ## database name
> DBNAME=openser
>
> ## database read/write user
> DBRWUSER=openser
>
> ## database read only user
> DBROUSER=openserro
>
> ## password for database read only user
> DBROPW=openserro
>
> ## database super user
> DBROOTUSER="root"
>
> ## type of aliases used: DB - database aliases; UL - usrloc aliases
> ## - default: none
> ALIASES_TYPE="DB"
>
> ## control engine: FIFO or UNIXSOCK
> ## - default FIFO
> CTLENGINE="FIFO"
>
> ## path to FIFO file
> # OSER_FIFO="FIFO"
>
> ## check ACL names; default on (1); off (0)
> # VERIFY_ACL=1
>
> ## ACL names - if VERIFY_ACL is set, only the ACL names from below list
> ## are accepted
> # ACL_GROUPS="local ld int voicemail free-pstn"
>
> ## presence of serweb tables - default "no"
> # HAS_SERWEB="yes"
>
> ## verbose - debug purposes - default '0'
> # VERBOSE=1
>
> ## do (1) or don't (0) store plaintext passwords
> ## in the subscriber table - default '1'
> STORE_PLAINTEXT_PW=0
>
>  cuando empiezo correr mi servidor estas son los mensajes:
>
>
> voip:/home/artu # openser
>  0(3924) INFO:xl_parse_name: using hdr type (7) instead of
>  0(3924) INFO:xl_parse_name: using hdr type (15) instead of
> """"""""Listening on
>              udp: 192.168.22.117 [192.168.22.117]:5060
> Aliases:
>              udp: voip:5060
>              udp: voip.site:5060
>
> WARNING: no fork mode
>  0(3924) init_tcp: using epoll_lt as the io watch method (auto detected)
>  0(0) INFO: statistics manager successfully initialized
>  0(0) StateLess module - initializing
>  0(0) TM - initializing...
>  0(0) Maxfwd module- initializing
>  0(0) INFO:ul_init_locks: locks array size 512
>  0(0) TextOPS - initializing
>  0(0) AUTH module - initializing
>  0(0) AUTH_DB module - initializing
>  0(0) INFO: udp_init: SO_RCVBUF is initially 109568
>  0(0) INFO: udp_init: SO_RCVBUF is finally 219136
>  0(3924) INFO:mi_fifo:mi_child_init(1): extra fifo listener processes created
>
>
>
> cuando registro un usuario que ya existe en mi base de datos con X-lite me sale este mensaje Registration error: 408 - Request Timeout ese mensaje sale en el X-lite
> y cuando monitoreo con el NGREP mi servidor los mensajes es esta:
>
> #
> U 2007/10/27 10:59:59.084240 192.168.22.116:37284 -> 192.168.22.117:5060
> REGISTER sip:192.168.22.117 SIP/2.0
> Via: SIP/2.0/UDP 192.168.22.116:37284;branch=z9hG4bK-d87543-1b6fa5019f43b778-1--d87543-;rport
> Max-Forwards: 70
> Contact:
> To: "arturo"
> From: "arturo";tag=a95d120b
> Call-ID: ZTJlZjUzZjcyNGRhMzUwYjJiN2NiMGM1YjZlNWMyYTQ.
> CSeq: 1 REGISTER
> Expires: 3600
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
> User-Agent: X-Lite release 1011s stamp 41150
> Content-Length: 0
>
> no se lo que pasa que no registra,
>
> si podria monitorear el openser.cfg de que forma lo hago, donde me salen los errores con el modulo XLOG en tiempo real, para ver verdaderamente lo que sucede paso a paso , espero me ayuden. los usuarios que tengo estan registrados en la tabla SUBSCRIBER como esta:
>
> mysql> select id,username,domain,password,first_name,email_address from subscriber;
> +----+----------+----------------+-----------+------------+--------------------------+
> | id | username | domain         | password  | first_name | email_address            |
> +----+----------+----------------+-----------+------------+--------------------------+
> |  1 | admin    | 192.168.22.117 | openserrw | Initial    | root at localhost           |
> |  2 | 100      |                | 101       | arturo     | arturo-mv at hotmail.com    |
> |  3 | 200      |                | 201       | romulo     | romulo_bb at hotmail.com    |
> |  4 | 300      |                | 301       | arturo     | arturitomvb at hotmail.com  |
> |  5 | 400      |                | 401       | arturo     | amirandavera at hotmail.com |
> +----+----------+----------------+-----------+------------+--------------------------+
> 5 rows in set (0.00 sec)
>
> en la tabla domain, tengo registrado el IP de mi servidor
>
> mysql> select * from domain;
> +----+----------------+---------------------+
> | id | domain         | last_modified       |
> +----+----------------+---------------------+
> |  1 | 192.168.22.117 | 0000-00-00 00:00:00 |
> +----+----------------+---------------------+
> 1 row in set (0.00 sec)
>
> espero me den algunos alcances de como ordenar, quiza en la compilacion este un poco mal, he seguido los HOWTO de Saghul y tambien la ayuda en el paquete de instalacion,  y nada. el MySQL que utilizo ya biene por defecto en SUSE y esta corriendo
>
> Muchas Gracias un abrazo a todos
>
> Arturo
> _________________________________________________________________
> News, entertainment and everything you care about at Live.com. Get it now!
> http://www.live.com/getstarted.aspx
> _______________________________________________
> Users-es mailing list
> Users-es at lists.openser.org
> http://lists.openser.org/cgi-bin/mailman/listinfo/users-es
>


-- 
Saúl -- "Nunca subestimes el ancho de banda de un camión lleno de disketes."
----------------------------------------------------------------
http://www.saghul.net/




More information about the Users-es mailing list