[Serusers] The digest authentication and registar problem

jht2 hackglacier at 163.com
Tue Apr 20 08:25:30 CEST 2004 

Hi, ALL:
     I have established a server with SER on the Internat with the IP:194.165.196.72,And we also have our own hardware phone developed. I am using MySQL and the nathelper modules & RTPproxy with NAT,but I run accross 2 problems with the digest authenticaiton:
1,Some UA cann't log on the server: I tested K-phone,X-Lite,WM5 and our own hardware phone,but with the digest authentication mode only the K-phone and X-lite can log in ,our own hardware phone and WM5 cann't register on it. The K-phone log on it with challenge form and password,fill in the password then log on.but the WM5 even haven't the challenge form to fill in the password.our own hardware phone also cann't log on the server.
2,Also the WM log in status problem: Under non-digest authentication mode,the WM can log on but while 2 WM log on it only can see one is online.
3,Our own hardware phone problem: Our own phone supports SIP/MGCP/H.323/Net2phoen protocals ,like Cisco ATA and 7960 products and have more features.But Also under non-digest authentication mode,It can regist and log on  normally but while make a call behind NAT with RTPs,between X-lite,cann't hear the voice on the PC,but all can speak on the hardware phoen while X-LITE call to the phone.When Phone call to X-lite,it just the same,cann't hear anythink on the PC but other works normally.(Two UAs are all behind NAT).
   I open a account on our server:
Address:194.165.196.72
 Username: white
password:white
    My x-lite number is 8888,If I am online it is also online.Please use WM and other UA have a try and let me know how to solve.
the ser.cfg:
#
# $Id: ser.cfg,v 1.21.2.1 2003/07/30 16:46:18 andrei Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
#debug=3         # debug level (cmd line: -dddddddddd)
#fork=yes
#log_stderror=no # (cmd line: -E)
/* Uncomment these lines to enter debugging mode 
debug=7
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
listen=194.165.196.72
listen=127.0.0.1
alias=194.165.196.72
alias=podiumvision.com
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/acc.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/mysql.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"
loadmodule "/usr/lib/ser/modules/textops.so"
loadmodule "/usr/lib/ser/modules/uri.so"
loadmodule "/usr/lib/ser/modules/group.so"
loadmodule "/usr/lib/ser/modules/msilo.so"
loadmodule "/usr/lib/ser/modules/nathelper.so"
loadmodule "/usr/lib/ser/modules/enum.so"
loadmodule "/usr/lib/ser/modules/domain.so"
# ----------------- setting module-specific parameters ---------------
# ------------- tm parameters
modparam("tm", "fr_timer", 12)
modparam("tm", "fr_inv_timer", 24)
# ------------- accounting parameters
modparam("acc", "log_missed_flag", 3)
modparam("acc", "log_level", 1)
modparam("acc", "log_flag", 1)
# -- usrloc params --
#modparam("usrloc", "db_mode",   0)
# Uncomment this if you want to use SQL database 
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
modparam("auth_db", "password_column", "password")
#modparam("usrloc|auth_db|group|msilo", "db_url", "sql://ser:heslo@localhost/ser")
# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config), 
# uncomment also the following parameter)
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
#modparam("registrar", "nat_flag", 6)
modparam("nathelper", "natping_interval", 30) # Ping interval 30 s
#modparam("nathelper", "ping_nated_only", 1)   # Ping only clients behind NAT
# -------------------------  request routing logic -------------------
# main routing logic
route{
 # initial sanity checks -- messages with
 # max_forwards==0, or excessively long requests
 if (!mf_process_maxfwd_header("10")) {
  sl_send_reply("483","Too Many Hops");
  break;
 };
 if (msg:len >=  max_len ) {
  sl_send_reply("513", "Message too big");
  break;
 };
 # !! Nathelper
 # Special handling for NATed clients; first, NAT test is
 # executed: it looks for via!=received and RFC1918 addresses
 # in Contact (may fail if line-folding is used); also,
 # the received test should, if completed, should check all
 # vias for rpesence of received
 
  # Allow RR-ed requests, as these may indicate that
  # a NAT-enabled proxy takes care of it; unless it is
  # a REGISTER
 # we record-route all messages -- to make sure that
 # subsequent messages will go through our proxy; that's
 # particularly good if upstream and downstream entities
 # use different transport protocol
 #record_route(); 
 # loose-route processing
 if (loose_route()) {
  append_hf("P-hint: rr-enforced\r\n"); 
  #route(1);
  t_relay();
  break;
 };
 # if the request is for other domain use UsrLoc
 # (in case, it does not work, use the following command
 # with proper names and addresses in it)
 if (uri==myself) {
  if (method=="REGISTER" ) {
               #         save("location");
# Uncomment this if you want to use digest authentication
   if (!www_authorize("194.165.196.72", "subscriber")) {
    www_challenge("194.165.196.72", "1");
    break;
   };
                    log("LOG: Someone trying to register from private IP, rewriting\n");
                    fix_nated_contact(); # Rewrite contact with source IP of signalling
      if (method == "INVITE") {
          fix_nated_sdp("1"); # Add direction=active to SDP
      };
      force_rport(); # Add rport parameter to topmost Via
      setflag(6);    # Mark as NATed
  
          save("location");
   break;
  };
  # native SIP destinations are handled using our USRLOC DB
  if (!lookup("location")) {
   sl_send_reply("404", "Not Found");
   break;
  };
 };
 # forward to current uri now; use stateful forwarding; that
 # works reliably even if we forward from TCP to UDP
 if (!t_relay()) {
  sl_reply_error();
 };
}

   
祝                                              
                                                    商祺!
Michael Shi( Shi Jia Lu石佳璐)
 Director
Podium Vision Ltd (Shanghai,China Branch)

Tel:     +86 (0)21 63296364
Mobile:+86 13311713825,+86 13916750280
Fax:    +86 (0)21 63296364
MSN:glacier_shi @ hotmail.com
Email: michael at podiumvision.co.uk
This communication contains confidential information intended solely for the use of the individual/s and/or entity or entities to whom it was intended to be addressed. If you are not the intended recipient, be aware that any disclosure, copying, distribution, or use of the contents of this transmission is prohibited. If you have received this communication in error, please contact the sender immediately, delete this communication from your system, and do not disclose its contents to any third party, or use its contents. Any opinions expressed are solely those of the author.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20040420/95bc448d/attachment.htm>

More information about the sr-users mailing list