[Serusers] RE: [Serdev] check_from

Daniel-Constantin Mierla daniel at iptel.org
Fri Mar 26 16:56:30 CET 2004 

No idea about it. You can watch the network traffic (using ngrep on ser
machine: ngrep port 5060) and see if the realm from a 401/407 reply
matches with the one from next request.

.Daniel

On 03/26/04 16:46, Raymond Chen wrote:

>I use AS5300 as UA.
>
>
>
>-----Original Message-----
>From: Daniel-Constantin Mierla [mailto:daniel at iptel.org] 
>Sent: Friday, March 26, 2004 11:04 PM
>To: Raymond Chen
>Cc: serdev at lists.iptel.org; serusers at lists.iptel.org
>Subject: Re: [Serusers] RE: [Serdev] check_from
>
>What client do you use? It does not use the realm from challenge -- it
>is a MSN Messenger specific bug, but it might be present in other sip
>clients. You must set the realm from challenge as the host part of the
>sip id.
>
>.Daniel
>
>On 03/26/04 15:46, Raymond Chen wrote:
>
>  
>
>>Danial,
>>
>>www_authorize fail to authorize without password
>>
>>0(3283) lookup(): '85234230599 at 218.20.229.53' Not found in usrloc
>>0(3283) parse_headers: flags=4096
>>0(3283) pre_auth(): Credentials with given realm not found
>>0(3283) build_auth_hf(): 'WWW-Authenticate: Digest realm="xxx.org",
>>nonce="40644192d74bf39b0ebb5d141cb2073a6c09daf8"
>>'
>>
>>Regards
>>
>>Raymond
>>
>>-----Original Message-----
>>From: Daniel-Constantin Mierla [mailto:daniel at iptel.org] 
>>Sent: Friday, March 26, 2004 8:04 PM
>>To: Raymond Chen
>>Subject: Re: [Serusers] RE: [Serdev] check_from
>>
>>
>>Try something like this:
>>
>>if (method=="INVITE")
>>{
>>  if (!www_authorize("xxx.org", "subscriber")) {
>>      www_challenge("xxx.org", "0");
>>      break;
>>  };
>>  if (!check_from()) {
>>	sl_send_reply("403", "Only registered users are allowed");
>>    	break;
>>  };
>>
>>};
>>
>>.Daniel
>>
>>On 03/26/04 12:48, Raymond Chen wrote:
>>
>> 
>>
>>    
>>
>>>Now we understand what the what the message means after reading the
>>>      
>>>
>message
>  
>
>>>a few times.  We are trying to do PSTN(as5300)  ---> ser  -----> pstn
>>>(AS5300),  and to authorize the calling number (callerid) in the INVITE
>>>message against URI table.  But check_from command needs to call
>>>proxy_authorize, which it requires username and password. we setup the
>>>configuration like this
>>>
>>>if (method=="INVITE" & proxy_authorize("xxx.org", "subscriber")
>>>	if (!check_from()) {
>>>		sl_send_reply("403", "Only registered users are allowed");
>>>   	break;
>>>	}
>>>}
>>>
>>>Because cisco does not have sip password setting, so we have 
>>>
>>>0(3173) check_username(): No authorized credentials found (error in
>>>   
>>>
>>>      
>>>
>>scripts)
>> 
>>
>>    
>>
>>>0(3173) check_username(): Call {www,proxy}_authorize before calling
>>>   
>>>
>>>      
>>>
>>check_*
>> 
>>
>>    
>>
>>>function !
>>>
>>>Does anyone has a solution?
>>>
>>>Regards 
>>>
>>>
>>>-----Original Message-----
>>>From: Daniel-Constantin Mierla [mailto:daniel at iptel.org] 
>>>Sent: Friday, March 26, 2004 6:18 PM
>>>To: Raymond Chen
>>>Cc: serdev at lists.iptel.org
>>>Subject: Re: [Serdev] check_from
>>>
>>>Hello,
>>>the last error message is self explanatory. You need to call either
>>>www_authorize() or proxy_authorize() before calling check_from() because
>>>this method compares the data from From header with what is in
>>>credentials (response to a authentication challenge).
>>>
>>>.Daniel
>>>
>>>On 03/26/04 04:35, Raymond Chen wrote:
>>>
>>>
>>>
>>>   
>>>
>>>      
>>>
>>>>Dear all,
>>>>
>>>>We have configured Ser to check from username field to authorize user
>>>>“unknown”
>>>>
>>>>if (!check_from()) {
>>>>
>>>>sl_send_reply("403", "Only registered users are allowed");
>>>>
>>>>break;
>>>>
>>>>};
>>>>
>>>>We have error message
>>>>
>>>>0(2568) check_username(): No authorized credentials found (error in
>>>>scripts)
>>>>
>>>>0(2568) check_username(): Call {www,proxy}_authorize before calling
>>>>check_* function !
>>>>
>>>>We have “unknown” username entry in uri table.
>>>>
>>>>Regards
>>>>
>>>>------------------------------------------------------------------------
>>>>
>>>>_______________________________________________
>>>>Serdev mailing list
>>>>serdev at lists.iptel.org
>>>>http://lists.iptel.org/mailman/listinfo/serdev
>>>>
>>>>
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>_______________________________________________
>>>Serusers mailing list
>>>serusers at lists.iptel.org
>>>http://lists.iptel.org/mailman/listinfo/serusers
>>>
>>>
>>>
>>>   
>>>
>>>      
>>>
>>_______________________________________________
>>Serdev mailing list
>>serdev at lists.iptel.org
>>http://lists.iptel.org/mailman/listinfo/serdev
>>
>> 
>>
>>    
>>
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
>
>
>  
>

More information about the sr-users mailing list