[Serusers] DB Authentication Issues (Continued)

Chris Bookholt cgbookho at ncsu.edu
Wed Apr 14 21:17:57 CEST 2004


After much head scratching and experimentation I found a light at the end of the tunnel.  The problem is I'm stuck in the tunnel and don't seem to be getting anywhere near the light.  

I've got SER running on a RH7.3 box (IP 10.3.5.1) with pretty much default config (see ser.cfg below).  There are two clients running MSN Messenger 4.6.  One client is running WinXP (IP 10.3.5.2) and the other is running Win2k (IP 10.3.5.3).  The builds of Messenger are 4.6.0073 (for XP) and 4.6.0083 (for 2k).  Both MSN clients are pointed at 10.3.5.1 for their "Communication Service."  

When logging in, the XP client gets a password prompt as it should and can login using the proper password.  

However, when logging in from the Win2k client, as soon as I click to sign in, an error message appears saying "Signing in to Communications Service failed because the service is temporarily unavailable.  Please try again later."

Here's the ngrep output:
-------------------------
]root at 10.3.5.1]# ngrep -qd eth0 src 10.3.5.1 or src 10.3.5.3 or dst 10.3.5.1 or dst 10.3.5.3 

U 10.3.5.3:1133 -> 10.3.5.1:5060
  REGISTER sip:team3 SIP/2.0..Via: SIP/2.0/UDP 10.3.5.3:10829..Max-Forwards:
  70..From: <sip:admin at team3>;tag=ff832bee93744680bca56666ad7c9e0a;epid=0d50f
  b3ca3..To: <sip:admin at team3>..Call-ID: e85f11868c82477da20e852a4cb223d9 at 10.
  3.5.3..CSeq: 1 REGISTER..Contact: <sip:10.3.5.3:10829>;methods="INVITE, MES
  SAGE, INFO, SUBSCRIBE, OPTIONS, BYE, CANCEL, NOTIFY, ACK, REFER"..User-Agen
  t: RTC/1.2.4949..Event: registration..Allow-Events: presence..Content-Lengt
  h: 0....

U 10.3.5.1:5060 -> 10.3.5.3:10829
  SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 10.3.5.3:10829..From: <sip:admin
  @team3>;tag=ff832bee93744680bca56666ad7c9e0a;epid=0d50fb3ca3..To: <sip:admi
  n at team3>;tag=b27e1a1d33761e85846fc98f5f3a7e58.6d83..Call-ID: e85f11868c8247
  7da20e852a4cb223d9 at 10.3.5.3..CSeq: 1 REGISTER..WWW-Authenticate: Digest rea
  lm="team3", nonce="407d8acfa56dbcb713c69e56e85c6a8280e2d02d"..Server: Sip E
  Xpress router (0.8.12 (i386/linux))..Content-Length: 0..Warning: 392 10.3.5
  .1:5060 "Noisy feedback tells:  pid=15189 req_src_ip=10.3.5.3 req_src_port=
  1133 in_uri=sip:team3 out_uri=sip:team3 via_cnt==1"....
-------------------------

My interpretation is that SER is just saying "Access denied," but I never got a chance to input a password.  

The real mystery is that it works properly from my WinXP client.  I've matched all the settings that I can find.  I even tried changing the IP address of the Win2k client to that of the WinXP client and trying to login with the same username that worked on the XP client.  Still I get the same service temp. unavailable message.  I've also tried uninstalling/reinstalling Messenger 4.6 on the Win2k clients, but that didn't change anything either.  

Am I doing something obviously wrong?  I would *really* appreciate any guidance or ideas.  I'm pretty much at wits end.  

Best Regards
-Chris

Here's my ser.cfg for good measure...
-------------------------
#
# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
#
# simple quick-start config script
#

# ----------- global configuration parameters ------------------------

#debug=3         # debug level (cmd line: -dddddddddd)
#fork=yes
#log_stderror=no	# (cmd line: -E)

/* Uncomment these lines to enter debugging mode 
debug=7
fork=no
log_stderror=yes
*/

check_via=no	# (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
#port=5060
#children=4
fifo="/tmp/ser_fifo"
alias="team3"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database
loadmodule "/usr/lib/ser/modules/mysql.so"

loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/registrar.so"

# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

#modparam("usrloc", "db_mode",   0)

# Uncomment this if you want to use SQL database 
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)

# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config), 
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")

# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)

# -------------------------  request routing logic -------------------

# main routing logic

route{

	# initial sanity checks -- messages with
	# max_forwards==0, or excessively long requests
	if (!mf_process_maxfwd_header("10")) {
		sl_send_reply("483","Too Many Hops");
		break;
	};
	if ( msg:len > max_len ) {
		sl_send_reply("513", "Message too big");
		break;
	};

	# we record-route all messages -- to make sure that
	# subsequent messages will go through our proxy; that's
	# particularly good if upstream and downstream entities
	# use different transport protocol
	record_route();	
	# loose-route processing
	if (loose_route()) {
		t_relay();
		break;
	};

	# if the request is for other domain use UsrLoc
	# (in case, it does not work, use the following command
	# with proper names and addresses in it)
	if (uri == myself) {

		if (method=="REGISTER") {

			# Uncomment this if you want to use digest authentication
			if (!www_authorize("team3", "subscriber")) {
				www_challenge("team3", "0");
				break;
			};

			save("location");
			break;
		};

		# native SIP destinations are handled using our USRLOC DB
		if (!lookup("location")) {
			sl_send_reply("404", "Not Found");
			break;
		};
	};
	# forward to current uri now; use stateful forwarding; that
	# works reliably even if we forward from TCP to UDP
	if (!t_relay()) {
		sl_reply_error();
	};

}




More information about the sr-users mailing list