[Serusers] About the configure problem of SER Authentication and NAT
jht2
hackglacier at 163.com
Sat Mar 6 16:42:57 CET 2004
Dear serusers
Need your help:We installed SER successfully with serctl moni & MySQL working normally.Our server haven't any domain name just IP address with: 194.165.196.72.
There are two problem with the registration problem:
1,Authenticaiton problem: Be able to log on the server without username and password by SIP and working normally,but if use the digest authentication mode by uncomment of the code of :
# if (!www_authorize("194.165.196.72", "subscriber")) {
# www_challenge("194.165.196.72", "0");
# break;
# };,
the authentication cann't work with the subscribers in the list in MySQL database "ser".
2,NAT problem:While we log on the server with Windows Messager or other UA software with Public IP address,it works normally.But if we use the UA software behind the router(ADSL router) ,cann't log on the SER server,and the "serctl moni"will appear the UA software(behind router) log in location(LAN address as 192.168.1.2) and record it to the MySQL "location" table of database "ser".
How to solve the problem above? thanks very much.
It's our configuration file below down:
#
# $Id: ser.cfg,v 1.21.2.1 2003/07/30 16:46:18 andrei Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
#debug=3 # debug level (cmd line: -dddddddddd)
#fork=yes
#log_stderror=no # (cmd line: -E)
/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
listen=194.165.196.72
listen=127.0.0.1
alias=194.165.196.72
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/lib/ser/modules/mysql.so"
loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/registrar.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"
loadmodule "/usr/lib/ser/modules/acc.so"
loadmodule "/usr/lib/ser/modules/exec.so"
loadmodule "/usr/lib/ser/modules/group.so"
loadmodule "/usr/lib/ser/modules/print.so"
loadmodule "/usr/lib/ser/modules/textops.so"
loadmodule "/usr/lib/ser/modules/uri.so"
loadmodule "/usr/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters ---------------
# ------------- tm parameters
modparam("tm", "fr_timer", 12)
modparam("tm", "fr_inv_timer", 24)
# ------------- accounting parameters
modparam("acc", "log_missed_flag", 3)
modparam("acc", "log_level", 1)
modparam("acc", "log_flag", 1)
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
modparam("auth_db", "password_column", "password")
modparam("usrloc", "db_url", "sql://ser:heslo@localhost/ser")
modparam("auth_db", "db_url", "sql://ser:heslo@localhost/ser")
# -- auth params --
# Uncomment if you are using auth module
#
#modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
#modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if (len_gt( max_len )) {
sl_send_reply("513", "Message too big");
break;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# save("location");
# Uncomment this if you want to use digest authentication
# if (!www_authorize("194.165.196.72", "subscriber")) {
# www_challenge("194.165.196.72", "0");
# break;
# };
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
祝
商祺!
Michael Shi( Shi Jia Lu石佳璐)
Director
Podium Vision Ltd (Shanghai,China Branch)
Tel: +86 (0)21 63296364
Mobile:+86 13311713825,+86 13916750280
Fax: +86 (0)21 63296364
MSN:glacier_shi @ hotmail.com
Email: michael at podiumvision.co.uk
This communication contains confidential information intended solely for the use of the individual/s and/or entity or entities to whom it was intended to be addressed. If you are not the intended recipient, be aware that any disclosure, copying, distribution, or use of the contents of this transmission is prohibited. If you have received this communication in error, please contact the sender immediately, delete this communication from your system, and do not disclose its contents to any third party, or use its contents. Any opinions expressed are solely those of the author.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20040306/107b999b/attachment.htm>
More information about the sr-users
mailing list