[Serusers] Authentication Problem(s)

Chris Bookholt cgbookho at ncsu.edu
Fri Apr 9 23:25:00 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Greetings,

My goal is to configure MSN clients to login to my SER setup such that
all users are required to enter a password.  I have three computers on
the same LAN: two clients running MSN and a third running SER.

The box running SER is also running a DNS server, defining the
fictitious TLD 'team3.'  In that domain I've defined several hosts, the
SER server being mouse.team3.  DNS appears to be working properly from
all clients on the LAN because I can ping mouse.team3 from anywhere in
the LAN.  I've tried defining the SER domain to be either mouse.team3 or
team3.  (I still don't know which one is correct)

I used serctl to add a few users to the domain.  Then, when I try to
login using said users, MSN gives the following message:

"Signing in to Communications Service failed because the service is
temporarily unavailable.  Please try again later."

However, if I comment out the following lines from ser.cfg, no
authentication is done and all clients can login:

if (method=="REGISTER") {

			# Uncomment this if you want to use digest authentication
			if (!www_authorize("mouse.team3", "subscriber")) {
				www_challenge("mouse.team3", "0");
				break;
			};

			save("location");
			break;
		};

I need authentication to be enabled, so this latter approach will not
work.  I Googled for the MSN message, but that was no help.

I'm at a loss for what's wrong with those few lines.  Any help would be
*greatly* appreciated.

Best Regards
- -Chris


- ----begin ser.cfg----
#
# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
#
# simple quick-start config script
#

# ----------- global configuration parameters ------------------------

#debug=3         # debug level (cmd line: -dddddddddd)
#fork=yes
#log_stderror=no	# (cmd line: -E)

/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/

check_via=no	# (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
#port=5060
#children=4
fifo="/tmp/ser_fifo"
alias="mouse.team3"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database
loadmodule "/usr/lib/ser/modules/mysql.so"

loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/registrar.so"

# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

#modparam("usrloc", "db_mode",   0)

# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)

# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")

# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)

# -------------------------  request routing logic -------------------

# main routing logic

route{

	# initial sanity checks -- messages with
	# max_forwards==0, or excessively long requests
	if (!mf_process_maxfwd_header("10")) {
		sl_send_reply("483","Too Many Hops");
		break;
	};
	if ( msg:len > max_len ) {
		sl_send_reply("513", "Message too big");
		break;
	};

	# we record-route all messages -- to make sure that
	# subsequent messages will go through our proxy; that's
	# particularly good if upstream and downstream entities
	# use different transport protocol
	record_route();
	# loose-route processing
	if (loose_route()) {
		t_relay();
		break;
	};

	# if the request is for other domain use UsrLoc
	# (in case, it does not work, use the following command
	# with proper names and addresses in it)
	if (uri == myself) {

		if (method=="REGISTER") {

			# Uncomment this if you want to use digest authentication
			if (!www_authorize("mouse.team3", "subscriber")) {
				www_challenge("mouse.team3", "0");
				break;
			};

			save("location");
			break;
		};

		# native SIP destinations are handled using our USRLOC DB
		if (!lookup("location")) {
			sl_send_reply("404", "Not Found");
			break;
		};
	};
	# forward to current uri now; use stateful forwarding; that
	# works reliably even if we forward from TCP to UDP
	if (!t_relay()) {
		sl_reply_error();
	};

}
- ----end ser.cfg----


- --
Chris Bookholt
cgbookho at ncsu.edu
PGP Key: http://chris.kavefish.net/pubkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAdxSsaLlODofBji4RAhM0AJ4rEgEgMJtVPoDkb5uCL3SaFsD/fgCgiQLC
tLwnxFz18iYu9Rv6qapnHZs=
=+FMi
-----END PGP SIGNATURE-----




More information about the sr-users mailing list