[Serusers] I'm not able to connect to SER (problem with digest auth)

Jiri Kuthan jiri at iptel.org
Thu Feb 12 16:57:27 CET 2004 

At 04:45 PM 2/12/2004, Miroslav Sycha wrote:
>Thanks for answer,
>I have repaired my configuration and now I can connect to SER server.
>But I have problem with digest authentication. I have created test domain "ipt",
>SIP_DOMAIN variable is set to "debtest.ipt". When I try to login as my
>test user "abc at debtest.ipt" with passwd "abc" I got 401 Unauthorized.
>(I'm using Windows messenger 4.6)

I don't see any obvious failure on the part of call flows or script 
configuration. The call flow did not include subsequent REGISTER with 
resubmitted credentials -- maybe that would help more. 
(Typical call flow is REG->, 407<--, REG/with/credentials-->,200<--,
 out of which you included only the initial REG/407 exchange.)

-jiri


>Here is my ser.cfg file:
>--------------------------------------------------------------------
>log_stderror=no # (cmd line: -E)
>
>debug=3
>fork=yes
>
>listen=10.1.22.237
>listen=127.0.0.1
>
>check_via=no    # (cmd. line: -v)
>dns=no           # (cmd. line: -r)
>rev_dns=no      # (cmd. line: -R)
>
>fifo="/tmp/ser_fifo"
>
>loadmodule "/usr/lib/ser/modules/mysql.so"
>
>loadmodule "/usr/lib/ser/modules/sl.so"
>loadmodule "/usr/lib/ser/modules/tm.so"
>loadmodule "/usr/lib/ser/modules/rr.so"
>loadmodule "/usr/lib/ser/modules/maxfwd.so"
>loadmodule "/usr/lib/ser/modules/usrloc.so"
>loadmodule "/usr/lib/ser/modules/registrar.so"
>
>loadmodule "/usr/lib/ser/modules/auth.so"
>loadmodule "/usr/lib/ser/modules/auth_db.so"
>
>
>modparam("usrloc", "db_mode", 2)
>
>modparam("auth_db", "calculate_ha1", yes)
>modparam("auth_db", "password_column", "password")
>
>modparam("rr", "enable_full_lr", 1)
>
># main routing logic
>
>route{
>
>        # initial sanity checks -- messages with
>        # max_forwards==0, or excessively long requests
>        if (!mf_process_maxfwd_header("10")) {
>                sl_send_reply("483","Too Many Hops");
>                break;
>        };
>        if ( msg:len > max_len ) {
>                sl_send_reply("513", "Message too big");
>                break;
>        };
>
>
>        record_route(); 
>        # loose-route processing
>        if (loose_route()) {
>                t_relay();
>                break;
>        };
>
>        if (uri==myself) {
>
>                if (method=="REGISTER") {
>                        if (!www_authorize("debtest.ipt", "subscriber")) {
>                                www_challenge("debtest.ipt", "0");
>                                break;
>                        };
>
>                        save("location");
>                        break;
>                };
>
>                # native SIP destinations are handled using our USRLOC DB
>                if (!lookup("location")) {
>                        sl_send_reply("404", "Not Found");
>                        break;
>                };
>        };
>
>        if (!t_relay()) {
>                sl_reply_error();
>        };
>
>}
>
>--------------------------------------------------------------------
>
>And here is output from ngrep:
>--------------------------------------------------------------------
>#
>U 10.1.22.235:1603 -> 10.1.22.237:5060
>  REGISTER sip:debtest.ipt SIP/2.0..Via: SIP/2.0/UDP 10.1.22.235:7455..Max-Fo
>  rwards: 70..From: <sip:abc at debtest.ipt>;tag=dcdbd44febe84f4696edd53145a3d53
>  9;epid=0f021563db..To: <sip:abc at debtest.ipt>..Call-ID: 6236b0275a2940cc8ce3
>  a1001f3bdf3a at 10.1.22.235..CSeq: 1 REGISTER..Contact: <sip:10.1.22.235:7455>
>  ;methods="INVITE, MESSAGE, INFO, SUBSCRIBE, OPTIONS, BYE, CANCEL, NOTIFY, A
>  CK, REFER"..User-Agent: RTC/1.2.4949..Event: registration..Allow-Events: pr
>  esence..Content-Length: 0....                                              
>#
>U 10.1.22.237:5060 -> 10.1.22.235:7455
>  SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 10.1.22.235:7455..From: <sip:abc
>  @debtest.ipt>;tag=dcdbd44febe84f4696edd53145a3d539;epid=0f021563db..To: <si
>  p:abc at debtest.ipt>;tag=33a7c77b78ad137e35158c65143a88ce.c46c..Call-ID: 6236
>  b0275a2940cc8ce3a1001f3bdf3a at 10.1.22.235..CSeq: 1 REGISTER..WWW-Authenticat
>  e: Digest realm="debtest.ipt", nonce="402b702efe807eba708cf8f1cc71dd66b35ec
>  80e"..Server: Sip EXpress router (0.8.12 (i386/linux))..Content-Length: 0..
>  Warning: 392 10.1.22.237:5060 "Noisy feedback tells:  pid=1598 req_src_ip=1
>  0.1.22.235 req_src_port=1603 in_uri=sip:debtest.ipt out_uri=sip:debtest.ipt
>   via_cnt==1"....                                                           
>exit
>2 received, 0 dropped
>
>--------------------------------------------------------------------
>
>I have been trying all this day to configure it but I'm not able to solve it...
>
>
>Thanks
>
>Mirek
>
>________________________________________________________________________________
>OBCHODNÍ-DÙM.cz: domácí spotøebièe a elektronika za nízké ceny, s pohodlnou dopravou a¾ do domu, klidnì i veèer. Objednávky i telefonicky.
>www.OBCHODNI-DUM.cz
>
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers

--
Jiri Kuthan            http://iptel.org/~jiri/

More information about the sr-users mailing list