[Serusers] Authorization Woes

Steve steve at northnet.net.nz
Fri Nov 14 21:31:06 CET 2003 

Hey There,

Just started out playing with SIP and have ser setup and installed.

With no authorization turned on I can add users who can register and 
exchange SIP messages quite happily.

However, when I turn on Digest Authorization (as per the HowTo at 
http://iptel.org/ser/serhowto.html ) and set up mysql support then 
everything goes west and I get the following with the client unable to 
authenticate.


U 210.48.7.165:5060 -> 210.56.32.70:5060
   REGISTER sip:northnet.net.nz SIP/2.0..Via: SIP/2.0/UDP 
210.48.7.165:5060;rport;branch=z9hG4bKF5
   33461207ED45518BD06CC883DA12B6..From: Steve Phillips 
<sip:steve at northnet.net.nz>..To: Steve Phi
   llips <sip:steve at northnet.net.nz>..Contact: "Steve Phillips" 
<sip:steve at 210.48.7.165:5060>..Cal
   l-ID: CBA1BCA27E6E4FB1A5CD56AEB8AF68E5 at northnet.net.nz..CSeq: 65211 
REGISTER..Expires: 1800..Au
   thorization: Digest 
username="steve at northnet.net.nz",realm="northnet.net.nz",nonce="3fb53a5c784
   daf64daafd882ad51d0667868fcf9",response="4e84bfebe6f61cde314a5c80c8d99152",uri="sip:northnet.ne
   t.nz"..Max-Forwards: 70..User-Agent: X-PRO build 1082..Content-Length: 
0....
#
U 210.56.32.70:5060 -> 210.48.7.165:5060
   SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 
210.48.7.165:5060;rport=5060;branch=z9hG4bKF53346120
   7ED45518BD06CC883DA12B6..From: Steve Phillips 
<sip:steve at northnet.net.nz>..To: Steve Phillips <
   sip:steve at northnet.net.nz>;tag=b27e1a1d33761e85846fc98f5f3a7e58.98f6..Call-ID: 
CBA1BCA27E6E4FB1
   A5CD56AEB8AF68E5 at northnet.net.nz..CSeq: 65211 
REGISTER..WWW-Authenticate: Digest realm="northne
   t.net.nz", nonce="3fb53a5e97447a2dfe64a2c86809f15463256661"..Server: Sip 
EXpress router (0.8.11
    (i386/linux))..Content-Length: 0..Warning: 392 210.56.32.70:5060 "Noisy 
feedback tells:  pid=2
   9724 req_src_ip=210.48.7.165 req_src_port=5060 
in_uri=sip:northnet.net.nz out_uri=sip:northnet.
   net.nz 
via_cnt==1".... 


The relevant line from the database is

| 4a1d150618efa5168610e011e4df6359 | steve | northnet.net.nz | 
MyPass  |            |           |       | steve at northnet.net.nz  | 
2003-11-10 15:59:40 | 2003-11-10 18:30:08 |       | 
o    |                  |          | 4a1d150618efa5168610e011e4df6359 | 
144a40855c0cdf26b25af1562cd337c | admin | 0          | Pacific/Auckland |


Version of ser is 0.8.11

The changes I made to the "REGISTER" section in the config (I am guessing 
this is where the issue is) are as follows..

         if (uri=~"northnet.net.nz") {

                 if (method=="REGISTER") {

# Uncomment this if you want to use digest authentication
                         if (!www_authorize("northnet.net.nz", "subscriber")) {
                                 www_challenge("northnet.net.nz", "0");
                                 break;
                         };

                         save("location");
                         break;
                 };

                 # native SIP destinations are handled using our USRLOC DB
                 if (!lookup("location")) {
                         sl_send_reply("404", "Not Found");
                         break;
                 };
         };

Previous to this I have the auth and auth_db modules uncommented, along 
with the mysql module and  the two "auth_parms" listed in teh the default 
config file uncommented as well. (all as per the HowTo instructions..)

help.. unsure what to try next :-)

-- 
Steve.

More information about the sr-users mailing list