[Serusers] Authentication Problem(s)

Jan Janak jan at iptel.org
Mon Apr 12 22:15:35 CEST 2004 

Yes, the description below is correct. Windows Messenger requires the
authentication realm to be exactly the same as the domain in SIP URI,
otherwise it does not work (the reason is unknown to me).

Set the first parameter of www_challenge and www_authorize to the domain
part of SIP URI you are using or leave it empty (use just "", in this case
ser will determine proper value from SIP messages).

If it still does not work then make sure that you have the same domain
in subscriber table and send us SIP message dumps.

The reason why you cannot see people on the buddy list online
immediately after they sign in has been discussed many times on the
list, try to search the archives.

   Jan.

On 12-04 00:25, alireza at panaisp.net wrote:
> 1.Did you configure your MSN client to use SER?
> 2.If yes, which domain name did you use to login to it?
> 3.did you enter your signin name like " test at mouse.team3" (if you want to
> use "test at team3" you should change your configuration and replace team3
> instead of mouse.team3 on "www_chalenge " line
> 4. then you shoul enter your username (just username without domain) "test"
> and finally enter your password
> it will work,but when you add nwe person on your friend list you cannot
> see him online,i don't know why. but if you undestand please tell me.
> Alireza
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> > Greetings,
> >
> > My goal is to configure MSN clients to login to my SER setup such that
> > all users are required to enter a password.  I have three computers on
> > the same LAN: two clients running MSN and a third running SER.
> >
> > The box running SER is also running a DNS server, defining the
> > fictitious TLD 'team3.'  In that domain I've defined several hosts, the
> > SER server being mouse.team3.  DNS appears to be working properly from
> > all clients on the LAN because I can ping mouse.team3 from anywhere in
> > the LAN.  I've tried defining the SER domain to be either mouse.team3 or
> > team3.  (I still don't know which one is correct)
> >
> > I used serctl to add a few users to the domain.  Then, when I try to
> > login using said users, MSN gives the following message:
> >
> > "Signing in to Communications Service failed because the service is
> > temporarily unavailable.  Please try again later."
> >
> > However, if I comment out the following lines from ser.cfg, no
> > authentication is done and all clients can login:
> >
> > if (method=="REGISTER") {
> >
> > 			# Uncomment this if you want to use digest authentication
> > 			if (!www_authorize("mouse.team3", "subscriber")) {
> > 				www_challenge("mouse.team3", "0");
> > 				break;
> > 			};
> >
> > 			save("location");
> > 			break;
> > 		};
> >
> > I need authentication to be enabled, so this latter approach will not
> > work.  I Googled for the MSN message, but that was no help.
> >
> > I'm at a loss for what's wrong with those few lines.  Any help would be
> > *greatly* appreciated.
> >
> > Best Regards
> > - -Chris
> >
> >
> > - ----begin ser.cfg----
> > #
> > # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
> > #
> > # simple quick-start config script
> > #
> >
> > # ----------- global configuration parameters ------------------------
> >
> > #debug=3         # debug level (cmd line: -dddddddddd)
> > #fork=yes
> > #log_stderror=no	# (cmd line: -E)
> >
> > /* Uncomment these lines to enter debugging mode
> > debug=7
> > fork=no
> > log_stderror=yes
> > */
> >
> > check_via=no	# (cmd. line: -v)
> > dns=no           # (cmd. line: -r)
> > rev_dns=no      # (cmd. line: -R)
> > #port=5060
> > #children=4
> > fifo="/tmp/ser_fifo"
> > alias="mouse.team3"
> >
> > # ------------------ module loading ----------------------------------
> >
> > # Uncomment this if you want to use SQL database
> > loadmodule "/usr/lib/ser/modules/mysql.so"
> >
> > loadmodule "/usr/lib/ser/modules/sl.so"
> > loadmodule "/usr/lib/ser/modules/tm.so"
> > loadmodule "/usr/lib/ser/modules/rr.so"
> > loadmodule "/usr/lib/ser/modules/maxfwd.so"
> > loadmodule "/usr/lib/ser/modules/usrloc.so"
> > loadmodule "/usr/lib/ser/modules/registrar.so"
> >
> > # Uncomment this if you want digest authentication
> > # mysql.so must be loaded !
> > loadmodule "/usr/lib/ser/modules/auth.so"
> > loadmodule "/usr/lib/ser/modules/auth_db.so"
> >
> > # ----------------- setting module-specific parameters ---------------
> >
> > # -- usrloc params --
> >
> > #modparam("usrloc", "db_mode",   0)
> >
> > # Uncomment this if you want to use SQL database
> > # for persistent storage and comment the previous line
> > modparam("usrloc", "db_mode", 2)
> >
> > # -- auth params --
> > # Uncomment if you are using auth module
> > #
> > modparam("auth_db", "calculate_ha1", yes)
> > #
> > # If you set "calculate_ha1" parameter to yes (which true in this config),
> > # uncomment also the following parameter)
> > #
> > modparam("auth_db", "password_column", "password")
> >
> > # -- rr params --
> > # add value to ;lr param to make some broken UAs happy
> > modparam("rr", "enable_full_lr", 1)
> >
> > # -------------------------  request routing logic -------------------
> >
> > # main routing logic
> >
> > route{
> >
> > 	# initial sanity checks -- messages with
> > 	# max_forwards==0, or excessively long requests
> > 	if (!mf_process_maxfwd_header("10")) {
> > 		sl_send_reply("483","Too Many Hops");
> > 		break;
> > 	};
> > 	if ( msg:len > max_len ) {
> > 		sl_send_reply("513", "Message too big");
> > 		break;
> > 	};
> >
> > 	# we record-route all messages -- to make sure that
> > 	# subsequent messages will go through our proxy; that's
> > 	# particularly good if upstream and downstream entities
> > 	# use different transport protocol
> > 	record_route();
> > 	# loose-route processing
> > 	if (loose_route()) {
> > 		t_relay();
> > 		break;
> > 	};
> >
> > 	# if the request is for other domain use UsrLoc
> > 	# (in case, it does not work, use the following command
> > 	# with proper names and addresses in it)
> > 	if (uri == myself) {
> >
> > 		if (method=="REGISTER") {
> >
> > 			# Uncomment this if you want to use digest authentication
> > 			if (!www_authorize("mouse.team3", "subscriber")) {
> > 				www_challenge("mouse.team3", "0");
> > 				break;
> > 			};
> >
> > 			save("location");
> > 			break;
> > 		};
> >
> > 		# native SIP destinations are handled using our USRLOC DB
> > 		if (!lookup("location")) {
> > 			sl_send_reply("404", "Not Found");
> > 			break;
> > 		};
> > 	};
> > 	# forward to current uri now; use stateful forwarding; that
> > 	# works reliably even if we forward from TCP to UDP
> > 	if (!t_relay()) {
> > 		sl_reply_error();
> > 	};
> >
> > }
> > - ----end ser.cfg----
> >
> >
> > - --
> > Chris Bookholt
> > cgbookho at ncsu.edu
> > PGP Key: http://chris.kavefish.net/pubkey.asc
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.3 (GNU/Linux)
> > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> >
> > iD8DBQFAdxSsaLlODofBji4RAhM0AJ4rEgEgMJtVPoDkb5uCL3SaFsD/fgCgiQLC
> > tLwnxFz18iYu9Rv6qapnHZs=
> > =+FMi
> > -----END PGP SIGNATURE-----
> >
> > _______________________________________________
> > Serusers mailing list
> > serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
> >
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list