[Serusers] RE: [Serdev] check_from

Jiri Kuthan jiri at iptel.org
Sat Mar 27 00:05:24 CET 2004 

the problem is the cisco gateway is not capable of supporting digest authetnication.
(not ver good indeed). You are left with authentication by source IP address.

-jiri

At 04:56 PM 3/26/2004, Daniel-Constantin Mierla wrote:
>No idea about it. You can watch the network traffic (using ngrep on ser
>machine: ngrep port 5060) and see if the realm from a 401/407 reply
>matches with the one from next request.
>
>.Daniel
>
>On 03/26/04 16:46, Raymond Chen wrote:
>
>>I use AS5300 as UA.
>>
>>
>>
>>-----Original Message-----
>>From: Daniel-Constantin Mierla [mailto:daniel at iptel.org] 
>>Sent: Friday, March 26, 2004 11:04 PM
>>To: Raymond Chen
>>Cc: serdev at lists.iptel.org; serusers at lists.iptel.org
>>Subject: Re: [Serusers] RE: [Serdev] check_from
>>
>>What client do you use? It does not use the realm from challenge -- it
>>is a MSN Messenger specific bug, but it might be present in other sip
>>clients. You must set the realm from challenge as the host part of the
>>sip id.
>>
>>.Daniel
>>
>>On 03/26/04 15:46, Raymond Chen wrote:
>>
>>  
>>
>>>Danial,
>>>
>>>www_authorize fail to authorize without password
>>>
>>>0(3283) lookup(): '85234230599 at 218.20.229.53' Not found in usrloc
>>>0(3283) parse_headers: flags=4096
>>>0(3283) pre_auth(): Credentials with given realm not found
>>>0(3283) build_auth_hf(): 'WWW-Authenticate: Digest realm="xxx.org",
>>>nonce="40644192d74bf39b0ebb5d141cb2073a6c09daf8"
>>>'
>>>
>>>Regards
>>>
>>>Raymond
>>>
>>>-----Original Message-----
>>>From: Daniel-Constantin Mierla [mailto:daniel at iptel.org] 
>>>Sent: Friday, March 26, 2004 8:04 PM
>>>To: Raymond Chen
>>>Subject: Re: [Serusers] RE: [Serdev] check_from
>>>
>>>
>>>Try something like this:
>>>
>>>if (method=="INVITE")
>>>{
>>>  if (!www_authorize("xxx.org", "subscriber")) {
>>>      www_challenge("xxx.org", "0");
>>>      break;
>>>  };
>>>  if (!check_from()) {
>>>      sl_send_reply("403", "Only registered users are allowed");
>>>      break;
>>>  };
>>>
>>>};
>>>
>>>.Daniel
>>>
>>>On 03/26/04 12:48, Raymond Chen wrote:
>>>
>>> 
>>>
>>>    
>>>
>>>>Now we understand what the what the message means after reading the
>>>>      
>>>>
>>message
>>  
>>
>>>>a few times.  We are trying to do PSTN(as5300)  ---> ser  -----> pstn
>>>>(AS5300),  and to authorize the calling number (callerid) in the INVITE
>>>>message against URI table.  But check_from command needs to call
>>>>proxy_authorize, which it requires username and password. we setup the
>>>>configuration like this
>>>>
>>>>if (method=="INVITE" & proxy_authorize("xxx.org", "subscriber")
>>>>     if (!check_from()) {
>>>>             sl_send_reply("403", "Only registered users are allowed");
>>>>     break;
>>>>     }
>>>>}
>>>>
>>>>Because cisco does not have sip password setting, so we have 
>>>>
>>>>0(3173) check_username(): No authorized credentials found (error in
>>>>   
>>>>
>>>>      
>>>>
>>>scripts)
>>> 
>>>
>>>    
>>>
>>>>0(3173) check_username(): Call {www,proxy}_authorize before calling
>>>>   
>>>>
>>>>      
>>>>
>>>check_*
>>> 
>>>
>>>    
>>>
>>>>function !
>>>>
>>>>Does anyone has a solution?
>>>>
>>>>Regards 
>>>>
>>>>
>>>>-----Original Message-----
>>>>From: Daniel-Constantin Mierla [mailto:daniel at iptel.org] 
>>>>Sent: Friday, March 26, 2004 6:18 PM
>>>>To: Raymond Chen
>>>>Cc: serdev at lists.iptel.org
>>>>Subject: Re: [Serdev] check_from
>>>>
>>>>Hello,
>>>>the last error message is self explanatory. You need to call either
>>>>www_authorize() or proxy_authorize() before calling check_from() because
>>>>this method compares the data from From header with what is in
>>>>credentials (response to a authentication challenge).
>>>>
>>>>.Daniel
>>>>
>>>>On 03/26/04 04:35, Raymond Chen wrote:
>>>>
>>>>
>>>>
>>>>   
>>>>
>>>>      
>>>>
>>>>>Dear all,
>>>>>
>>>>>We have configured Ser to check from username field to authorize user
>>>>>¡°unknown¡±
>>>>>
>>>>>if (!check_from()) {
>>>>>
>>>>>sl_send_reply("403", "Only registered users are allowed");
>>>>>
>>>>>break;
>>>>>
>>>>>};
>>>>>
>>>>>We have error message
>>>>>
>>>>>0(2568) check_username(): No authorized credentials found (error in
>>>>>scripts)
>>>>>
>>>>>0(2568) check_username(): Call {www,proxy}_authorize before calling
>>>>>check_* function !
>>>>>
>>>>>We have ¡°unknown¡± username entry in uri table.
>>>>>
>>>>>Regards
>>>>>
>>>>>------------------------------------------------------------------------
>>>>>
>>>>>_______________________________________________
>>>>>Serdev mailing list
>>>>>serdev at lists.iptel.org
>>>>>http://lists.iptel.org/mailman/listinfo/serdev
>>>>>
>>>>>
>>>>>  
>>>>>
>>>>>     
>>>>>
>>>>>        
>>>>>
>>>>_______________________________________________
>>>>Serusers mailing list
>>>>serusers at lists.iptel.org
>>>>http://lists.iptel.org/mailman/listinfo/serusers
>>>>
>>>>
>>>>
>>>>   
>>>>
>>>>      
>>>>
>>>_______________________________________________
>>>Serdev mailing list
>>>serdev at lists.iptel.org
>>>http://lists.iptel.org/mailman/listinfo/serdev
>>>
>>> 
>>>
>>>    
>>>
>>
>>_______________________________________________
>>Serusers mailing list
>>serusers at lists.iptel.org
>>http://lists.iptel.org/mailman/listinfo/serusers
>>
>>
>>  
>>
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers

--
Jiri Kuthan            http://iptel.org/~jiri/

More information about the sr-users mailing list