[Serusers] Registration - 401 Unauthorized
Anton Yurchenko
phila at dg.net.ua
Mon Mar 17 13:02:12 CET 2003
Jan Janak wrote:
>Hello,
>
>according to your config file, auth_realm1 should be set to phila.dg and
>not to dg, try to change it.
>
>
I changed this, as you may see from dump of mysql db, I have a row in
subscriber table that has user phila1 and realm phila.dg, but this
produces the same results. I turned on the logging for mysql queries but
I see no request made to the database. tha database is up of course, and
the logging is functioning properly.
Is the 401 reply a valid one? should the phone reply to is in the normal
circumstanses? And the request to ser from phone does not carry any
username/passwd info. Is this normal?
I tried using sipsak for this:
sipsak -a phila1 -s sip:phila1 at phila.dg
but that produces the same responce.
> Jan.
>
>On 14-03 10:28, Anton Yurchenko wrote:
>
>
>>Jan Janak wrote:
>>
>>
>>
>>>Hello,
>>>
>>>first check that you have configured your phone with correct username
>>>and password. Also uncomment all the modparams in the default config
>>>script that are related to auth module.
>>>
>>>If still doesn't work, make sure that requests comming from your phone
>>>contain digest credentials. If still doesn't work and you are sure that
>>>you have configured your phone properly, create message dumps using
>>>ngrep utility and send them to us along with your configuration script
>>>and ser log files.
>>>
>>>
>>>
>>>
>>>The SUBSCRIBE is probably an attempt of your phone to subscribe to
>>>presence of some user, but I cannot say that for sure without seeing the
>>>whole SUBSCRIBE message.
>>>
>>>
>>>
>>>
>>you are right this is for mailbox :)
>>
>>here is my setup:
>>
>>
>>on the phone I have set up:
>>
>>user_name1: phila
>>
>>auth_realm1: dg
>>auth_user1: phila
>>auth_pass1: phila
>>
>>
>>host 172.20.0.50 is runn9ing ser. Phone is 172.20.0.199
>>
>>also attached is the dump in tcpdump binary format of the registration
>>proccess( sorry I dont have ngrep)
>>and I dont see anything in ser logfile( it writes to /var/log/messages).
>>
>>
>>-----------------------------------------------------------------------------
>>ser.cfg
>>-----------------------------------------------------------------------------
>>
>>#
>># $Id: ser.cfg,v 1.12 2002/10/21 02:40:06 jiri Exp $
>>#
>># simple quick-start config script
>>#
>>
>># ----------- global configuration parameters ------------------------
>>
>>debug=9 # debug level (cmd line: -dddddddddd)
>>fork=yes
>>log_stderror=no # (cmd line: -E)
>>check_via=no # (cmd. line: -v)
>>dns=no # (cmd. line: -r)
>>rev_dns=no # (cmd. line: -R)
>>port=5060
>>children=1
>>fifo="/tmp/ser_fifo"
>>sip_warning=yes
>>
>># ------------------ module loading ----------------------------------
>>
>># Uncomment this if you want to use SQL database
>>loadmodule "/usr/lib/ser/modules/mysql.so"
>>
>>loadmodule "/usr/lib/ser/modules/sl.so"
>>loadmodule "/usr/lib/ser/modules/tm.so"
>>loadmodule "/usr/lib/ser/modules/rr.so"
>>loadmodule "/usr/lib/ser/modules/maxfwd.so"
>>loadmodule "/usr/lib/ser/modules/usrloc.so"
>>loadmodule "/usr/lib/ser/modules/registrar.so"
>>
>># Uncomment this if you want digest authentication
>># mysql.so must be loaded !
>>
>>loadmodule "/usr/lib/ser/modules/auth.so"
>>loadmodule "/usr/lib/ser/modules/auth_db.so"
>>
>># ----------------- setting module-specific parameters ---------------
>>
>># -- usrloc params --
>>
>># modparam("usrloc", "db_mode", 0)
>>
>># Uncomment this if you want to use SQL database
>># for persistent storage and comment the previous line
>>
>>modparam("usrloc", "db_mode", 2)
>>
>>modparam("usrloc", "db_url", "sql://serro:47serro11@localhost/ser")
>>
>># -- auth params --
>># Uncomment if you are using auth module
>>#
>># modparam("auth", "secret", "12036dabde659847dd9e")
>>modparam("auth_db", "calculate_ha1", true)
>>#
>># If you set "calculate_ha1" parameter to yes (which true in this config),
>># uncomment also the following parameter)
>>#
>>modparam("auth_db", "password_column", "password")
>>
>>modparam("auth_db", "db_url", "sql://ser:heslo@localhost/ser")
>>
>>
>># ------------------------- request routing logic -------------------
>>
>># main routing logic
>>
>>alias="dg"
>>alias="phila.dg"
>>
>>
>>route{
>>
>> # initial sanity checks -- messages with
>> # max_forwars==0, or excessively long requests
>> if (!mf_process_maxfwd_header("10")) {
>> sl_send_reply("483","Too Many Hops");
>> break;
>> };
>> if (len_gt( max_len )) {
>> sl_send_reply("513", "Message too big");
>> break;
>> };
>>
>> # Do strict routing if pre-loaded route headers present
>> # rewriteFromRoute();
>>
>> # if the request is for other domain use UsrLoc
>> # (in case, it does not work, use the following command
>> # with proper names and addresses in it)
>> if (uri==myself) {
>>
>> if (method=="REGISTER") {
>>
>># Uncomment this if you want to use digest authentication
>> if (!www_authorize("phila.dg", "subscriber")) {
>> www_challenge("phila.dg", "0");
>> break;
>> };
>>
>> log("REGISTER");
>> save("location");
>> sl_send_reply("200", "ok");
>> break;
>> };
>>
>> # native SIP destinations are handled using our USRLOC DB
>> if (!lookup("location")) {
>> sl_send_reply("404", "Not Found");
>> break;
>> };
>> };
>> if (uri=~"^sip:9[0-9]*@dg") {
>> strip(1);
>> t_relay_to( "172.20.0.50", "5080" );
>> };
>>
>> # forward to current uri now
>> if (!t_relay()) {
>> sl_reply_error();
>> };
>>
>>}
>>
>>
>>
>>-----------------------------------------------------------------------------
>>
>>
>>-----------------------------------------------------------------------------
>>Here is the dump from mysql table subscriber
>>-----------------------------------------------------------------------------
>>
>>+----------------------------------+---------+----------+------------+----------
>>-+-------+----------------+---------------------+---------------------+---------
>>---------------------------------+------+------------------+----------+---------
>>-------------------------+-----------+----------------------------------+-------
>>+------------+----------+
>>| phplib_id | USER_ID | PASSWORD | FIRST_NAME |
>>LAST_NAME
>>| PHONE | EMAIL_ADDRESS | DATETIME_CREATED | DATETIME_MODIFIED |
>>confirma
>>tion | flag | SendNotification | Greeting | HA1
>> | REALM | ha1b |
>> perms
>>| allow_find | timezone |
>>+----------------------------------+---------+----------+------------+----------
>>-+-------+----------------+---------------------+---------------------+---------
>>---------------------------------+------+------------------+----------+---------
>>-------------------------+-----------+----------------------------------+-------
>>+------------+----------+
>>| 65e397cda0aa8e3202ea22cbd350e4e9 | admin | heslo | Initial |
>>Admin
>>| 123 | root at localhost | 2002-09-04 19:37:45 | 0000-00-00 00:00:00 |
>>57DaSIPu
>>Cm52UNe54LF545750cfdL48OMZfroM53 | o | | |
>>0239482f
>>19d262f3953186a725a6f53b | iptel.org | a84e8abaa7e83d1b45c75ab15b90c320 |
>>admin
>>| 0 | NULL |
>>| 283c82693efac3f935093920a6516b7a | phila | phila | |
>>| | phila at dg | 2003-03-13 15:36:23 | 0000-00-00 00:00:00 |
>> | o | | |
>> 283c8269
>>3efac3f935093920a6516b7a | dg | 6019db526487612c357fcfc459556875 |
>>NULL
>>| 0 | NULL |
>>| 9c4c3a3872dad018337a7ab9a71c166b | phila1 | phila1 | |
>>| | phila at phila.dg | 2003-03-13 15:39:17 | 0000-00-00 00:00:00 |
>> | o | | |
>> 9c4c3a38
>>72dad018337a7ab9a71c166b | phila.dg | b31cc4b515b1297413463d94f1bd82f4 |
>>NULL
>>| 0 | NULL |
>>+----------------------------------+---------+----------+------------+----------
>>-+-------+----------------+---------------------+---------------------+---------
>>---------------------------------+------+------------------+----------+---------
>>-------------------------+-----------+----------------------------------+-------
>>+------------+----------+
>>
>>
>>-----------------------------------------------------------------------------
>>
>>
>>
>>
>>
>>
>>
>>
>>> Jan.
>>>
>>>On 13-03 18:02, Anton Yurchenko wrote:
>>>
>>>
>>>
>>>
>>>>Hello,
>>>>
>>>>I`ve downloaded todays cvs and installed is, now, I am trying to
>>>>register my SIP phone ( Snom 100 ), with it and authorize it.
>>>>The phone sends a REGISTER and the ser sends it a 401 Unauthorized.
>>>>
>>>>-----------
>>>>0.000000 172.20.0.199 -> 172.20.0.50 SIP Request: SUBSCRIBE
>>>>sip:phila at phila.dg
>>>>0.002626 172.20.0.50 -> 172.20.0.199 SIP Status: 404 Not Found
>>>>0.038876 172.20.0.199 -> 172.20.0.50 SIP Request: REGISTER sip:phila.dg
>>>>0.042129 172.20.0.50 -> 172.20.0.199 SIP Status: 401 Unauthorized
>>>>
>>>>-------------
>>>>
>>>>I`ve added the user to the mysql database and, am using the
>>>>configuration included in the example ser.cfg ( I`ve uncommented the 4
>>>>lines).
>>>>---------------------------
>>>># Uncomment this if you want to use digest authentication
>>>> if (!www_authorize("dg", "subscriber")) {
>>>> www_challenge("dg", "0");
>>>> break;
>>>> };
>>>>---------------------------
>>>>
>>>>it seems that the www_challenge sends this message.
>>>>
>>>>How to fix this? And what is the SUBSCRIBE request?
>>>>
>>>>
>>>>Thanks a lot,
>>>>
>>>>--
>>>>
>>>>Anton Yurchenko<phila at dg.net.ua>
>>>>Digital Generation
>>>>
>>>>_______________________________________________
>>>>Serusers mailing list
>>>>serusers at lists.iptel.org
>>>>http://lists.iptel.org/mailman/listinfo/seruser
>>>>
>>>>
>>>>
>>>s
>>>
>>>
>>>
>>>
>>--
>>
>>Anton Yurchenko<phila at dg.net.ua>
>>Digital Generation
>>
>>
>>
>
>
>
>
--
Anton Yurchenko<phila at dg.net.ua>
Digital Generation
More information about the sr-users
mailing list