[Serusers] I'm not able to connect to SER (problem with digest auth)
Jiri Kuthan
jiri at iptel.org
Thu Feb 12 16:57:27 CET 2004
At 04:45 PM 2/12/2004, Miroslav Sycha wrote:
>Thanks for answer,
>I have repaired my configuration and now I can connect to SER server.
>But I have problem with digest authentication. I have created test domain "ipt",
>SIP_DOMAIN variable is set to "debtest.ipt". When I try to login as my
>test user "abc at debtest.ipt" with passwd "abc" I got 401 Unauthorized.
>(I'm using Windows messenger 4.6)
I don't see any obvious failure on the part of call flows or script
configuration. The call flow did not include subsequent REGISTER with
resubmitted credentials -- maybe that would help more.
(Typical call flow is REG->, 407<--, REG/with/credentials-->,200<--,
out of which you included only the initial REG/407 exchange.)
-jiri
>Here is my ser.cfg file:
>--------------------------------------------------------------------
>log_stderror=no # (cmd line: -E)
>
>debug=3
>fork=yes
>
>listen=10.1.22.237
>listen=127.0.0.1
>
>check_via=no # (cmd. line: -v)
>dns=no # (cmd. line: -r)
>rev_dns=no # (cmd. line: -R)
>
>fifo="/tmp/ser_fifo"
>
>loadmodule "/usr/lib/ser/modules/mysql.so"
>
>loadmodule "/usr/lib/ser/modules/sl.so"
>loadmodule "/usr/lib/ser/modules/tm.so"
>loadmodule "/usr/lib/ser/modules/rr.so"
>loadmodule "/usr/lib/ser/modules/maxfwd.so"
>loadmodule "/usr/lib/ser/modules/usrloc.so"
>loadmodule "/usr/lib/ser/modules/registrar.so"
>
>loadmodule "/usr/lib/ser/modules/auth.so"
>loadmodule "/usr/lib/ser/modules/auth_db.so"
>
>
>modparam("usrloc", "db_mode", 2)
>
>modparam("auth_db", "calculate_ha1", yes)
>modparam("auth_db", "password_column", "password")
>
>modparam("rr", "enable_full_lr", 1)
>
># main routing logic
>
>route{
>
> # initial sanity checks -- messages with
> # max_forwards==0, or excessively long requests
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> break;
> };
> if ( msg:len > max_len ) {
> sl_send_reply("513", "Message too big");
> break;
> };
>
>
> record_route();
> # loose-route processing
> if (loose_route()) {
> t_relay();
> break;
> };
>
> if (uri==myself) {
>
> if (method=="REGISTER") {
> if (!www_authorize("debtest.ipt", "subscriber")) {
> www_challenge("debtest.ipt", "0");
> break;
> };
>
> save("location");
> break;
> };
>
> # native SIP destinations are handled using our USRLOC DB
> if (!lookup("location")) {
> sl_send_reply("404", "Not Found");
> break;
> };
> };
>
> if (!t_relay()) {
> sl_reply_error();
> };
>
>}
>
>--------------------------------------------------------------------
>
>And here is output from ngrep:
>--------------------------------------------------------------------
>#
>U 10.1.22.235:1603 -> 10.1.22.237:5060
> REGISTER sip:debtest.ipt SIP/2.0..Via: SIP/2.0/UDP 10.1.22.235:7455..Max-Fo
> rwards: 70..From: <sip:abc at debtest.ipt>;tag=dcdbd44febe84f4696edd53145a3d53
> 9;epid=0f021563db..To: <sip:abc at debtest.ipt>..Call-ID: 6236b0275a2940cc8ce3
> a1001f3bdf3a at 10.1.22.235..CSeq: 1 REGISTER..Contact: <sip:10.1.22.235:7455>
> ;methods="INVITE, MESSAGE, INFO, SUBSCRIBE, OPTIONS, BYE, CANCEL, NOTIFY, A
> CK, REFER"..User-Agent: RTC/1.2.4949..Event: registration..Allow-Events: pr
> esence..Content-Length: 0....
>#
>U 10.1.22.237:5060 -> 10.1.22.235:7455
> SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 10.1.22.235:7455..From: <sip:abc
> @debtest.ipt>;tag=dcdbd44febe84f4696edd53145a3d539;epid=0f021563db..To: <si
> p:abc at debtest.ipt>;tag=33a7c77b78ad137e35158c65143a88ce.c46c..Call-ID: 6236
> b0275a2940cc8ce3a1001f3bdf3a at 10.1.22.235..CSeq: 1 REGISTER..WWW-Authenticat
> e: Digest realm="debtest.ipt", nonce="402b702efe807eba708cf8f1cc71dd66b35ec
> 80e"..Server: Sip EXpress router (0.8.12 (i386/linux))..Content-Length: 0..
> Warning: 392 10.1.22.237:5060 "Noisy feedback tells: pid=1598 req_src_ip=1
> 0.1.22.235 req_src_port=1603 in_uri=sip:debtest.ipt out_uri=sip:debtest.ipt
> via_cnt==1"....
>exit
>2 received, 0 dropped
>
>--------------------------------------------------------------------
>
>I have been trying all this day to configure it but I'm not able to solve it...
>
>
>Thanks
>
>Mirek
>
>________________________________________________________________________________
>OBCHODNÍ-DÙM.cz: domácí spotøebièe a elektronika za nízké ceny, s pohodlnou dopravou a¾ do domu, klidnì i veèer. Objednávky i telefonicky.
>www.OBCHODNI-DUM.cz
>
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
--
Jiri Kuthan http://iptel.org/~jiri/
More information about the sr-users
mailing list