[Serusers]: Problems with authentication
Jan Janak
jan at iptel.org
Sun May 9 19:03:10 CEST 2004
Change realm (the first parameter of www_authorize and www_challenge in
the configuration file) from localdomain.com to 192.168.2.16. That's
what you have configured in the subscriber table.
Jan.
On 08-05 12:29, Sara Allton wrote:
>
> Hi,
>
> I've installed SER on Redhat 9 but am having problems with getting a
> Cisco ATA registered. The server replies with message "401
> Unauthorized". Below is the ser.cfg file, together with ngrep output
> and mysql subscriber table.
>
> What could the problem be? i've tried modifying the ser.cfg file in
> order to try and get this to work but without luck. I'm not too sure
> regarding the "realm" parameter being passed int the www-authenticate
> message.
>
> TIA
>
> Sara
>
>
> U 192.168.2.100:5060 -> 192.168.2.16:5060
>
> REGISTER sip:192.168.2.16 SIP/2.0..Via: SIP/2.0/UDP
> 192.168.2.100:5060..From: sip:ciscoata at 192.168.2.16..To:
> sip:ciscoata at 192.168.2.16..Call-ID:
>
> 3435349313 at 192.168.2.100..CSeq: 2 REGISTER..Contact:
> <sip:ciscoata at 192.168.2.100:5060;transport=udp>;expires=3500..User-Age
> nt: Cisco ATA v2.15 a
>
> ta18x (020927a)..Authorization: Digest
> username="ciscoata",realm="localdomain.com",nonce="409e41b0801685a46a7
> 9d41e81d85c5adc6bca39",uri="sip:192.168.2.16",response="b878eb13908b9a
> 8251571111eb001acf"..Content-Length: 0....
>
> #
>
> U 192.168.2.16:5060 -> 192.168.2.100:5060
>
> SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 192.168.2.100:5060..From:
> sipciscoata at 192.168.2.16..To:
> sip:ciscoata at 192.168.2.16;tag=b27e1a1d33761e
>
> 85846fc98f5f3a7e58.8272..Call-ID: 3435349313 at 192.168.2.100..CSeq: 2
> REGISTER..WWW-Authenticate: Digest realm="localdomain.com",
> nonce="409e41b1bc69e5210563de14a3dbfbb25941602e"..Server: Sip EXpress
> router (0.8.12 (i386/linux)
>
> )..Content-Length: 0..Warning: 392 192.168.2.16:5060 "Noisy feedback
> tells:pid=1631 req_src_ip=192.168.2.100 req_src_port=5060
> in_uri=sip:192.168.2.16 out_uri=sip:192.168.2.16 via_cnt==1"....
>
>
> mysql> select * from subscriber;
>
> +----------------------------------+-------------+--------------+-----
> -----+------------+-----------+-------+-------------------------------
> --+---------------------+---------------------+-----------------------
> -------------------+------+------------------+----------+-------------
> ---------------------+----------------------------------+-------+-----
> -------+----------+
>
> | phplib_id | username | domain |
> password | first_name | last_name | phone |
> email_address | datetime_created |
> datetime_modified | confirmation & nbsp; |
> flag | sendnotification | greeting | ha1
> | ha1b | perms | allow_find | timezone |
>
> +----------------------------------+-------------+--------------+-----
> -----+------------+-----------+-------+-------------------------------
> --+---------------------+---------------------+-----------------------
> -------------------+------+------------------+----------+-------------
> ---------------------+----------------------------------+-------+-----
> -------+----------+
>
> | 65e397cda0aa8e3202ea22cbd350e4e9 | admin | 192.168.2.16 |
> heslo | Initial | Admin | 123 |
> root at localhost | 2002-09-04 19:37:45 | 0000-00-00
> 00:00:00 | 57DaSIPuCm52UNe54 LF545750cfdL48OMZfroM53 | o
>
> | | | 2ff35d1f6572c03ae736bd567a46a30b |
> b4c79738fe441c8c26ebc11545423d23 | admin | 0
>
> | NULL |
>
> | NULL |
>
> | 1fb8e96684801eb7bc53e44d68a18cca | ser | 192.168.2.16 |
> heslo | | | | ser at localhost |
> 2004-05-05 07:47:30 | 0000-00-00 00:00:00 | &
> nbsp; | o
>
> | | | 1fb8e96684801eb7bc53e44d68a18cca |
> 5023bfc28eff0b9fc0f48e22b14f5e2b | admin | 0
>
> | NULL |
>
>
> | f3dbccc505c3611dd538857bbfa8a2b2 | test123 | 192.168.2.16 |
> test | | | |
> test123 at 192.168.2.16 | 2004-05-05 09:40:50 | 0000-00-00
> 00:00:00 | &nbs p; | o
>
> | | | f3dbccc505c3611dd538857bbfa8a2b2 |
> 39e3709b96459dd7f5090277aaf988f4 | NULL | 0
>
> | NULL |
>
>
> | b800b1c879ccf7bccfa1d0fffd6ac28a | ciscoata | 192.168.2.16 |
> qwerty | | | | ciscoata at mail.com |
> 2004-05-09 12:22:22 | 0000-00-00 00:00:00 |
> | o
>
> | | | b800b1c879ccf7bccfa1d0fffd6ac28a |
> bd81df065d2931e0048989a9fa94e6d5 | NULL | 0
>
> | NULL |
>
> +----------------------------------+-------------+--------------+-----
> -----+------------+-----------+-------+-------------------------------
> --+---------------------+---------------------+-----------------------
> -------------------+------+------------------+----------+-------------
> ---------------------+----------------------------------+-------+-----
> -------+----------+
>
> 4 rows in set (0.00 sec)
>
>
> #
>
> # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
>
> #
>
> # simple quick-start config script
>
> #
>
>
>
> # ----------- global configuration parameters ------------------------
>
>
>
> #debug=3 # debug level (cmd line: -dddddddddd)
>
> #fork=yes
>
> #log_stderror=no # (cmd line: -E)
>
>
>
>
>
>
>
> /* Uncomment these lines to enter debugging mode
>
> debug=7
>
> fork=no
>
> log_stderror=yes
>
> */
>
> check_via=no # (cmd. line: -v)
>
> dns=no # (cmd. line: -r)
>
> rev_dns=no # (cmd. line: -R)
>
> #port=5060
>
> #children=4
>
> fifo="/tmp/ser_fifo"
>
>
> # ------------------ module loading ----------------------------------
>
>
>
> # Uncomment this if you want to use SQL database
>
> loadmodule "/usr/lib/ser/modules/mysql.so"
>
>
>
> loadmodule "/usr/lib/ser/modules/sl.so"
>
> loadmodule "/usr/lib/ser/modules/tm.so"
>
> loadmodule "/usr/lib/ser/modules/rr.so"
>
> loadmodule "/usr/lib/ser/modules/maxfwd.so"
>
> loadmodule "/usr/lib/ser/modules/usrloc.so"
>
> loadmodule "/usr/lib/ser/modules/registrar.so"
>
>
>
> # Uncomment this if you want digest authentication
>
> # mysql.so must be loaded !
>
> loadmodule "/usr/lib/ser/modules/auth.so"
>
> loadmodule "/usr/lib/ser/modules/auth_db.so"
>
> # ----------------- setting module-specific parameters ---------------
>
>
>
> # -- usrloc params --
>
> modparam("usrloc", "db_url", "sql://ser:heslo@192.168.2.16/ser")
>
>
>
> #modparam("usrloc", "db_mode", 0)
>
>
>
> # Uncomment this if you want to use SQL database
>
> # for persistent storage and comment the previous line
>
> modparam("usrloc", "db_mode", 2)
>
>
>
> # -- auth params --
>
> modparam("auth_db", "db_url", "sql://ser:heslo@192.168.2.16/ser")
>
> # Uncomment if you are using auth module
>
> #
>
> modparam("auth_db", "calculate_ha1", yes)
>
> #
>
> # If you set "calculate_ha1" parameter to yes (which true in this
> config),
>
> # uncomment also the following parameter)
>
> #
>
> modparam("auth_db", "password_column", "password")
>
>
>
> # -- rr params --
>
> # add value to ;lr param to make some broken UAs happy
>
> modparam("rr", "enable_full_lr", 1)
>
>
>
> # ------------------------- request routing logic -------------------
>
>
>
> # main routing logic
>
>
>
> route{
>
>
>
> # initial sanity checks -- messages with
>
> # max_forwards==0, or excessively long requests
>
> if (!mf_process_maxfwd_header("10")) {
>
> sl_send_reply("483","Too Many Hops");
>
> break;
>
> };
>
> if ( msg:len > max_len ) {
>
> sl_send_reply("513", "Message too big");
>
> break;
>
> };
>
>
>
> # we record-route all messages -- to make sure that
>
> # subsequent messages will go through our proxy; that's
>
> # particularly good if upstream and downstream entities
>
> # use different transport protocol
>
> record_route();
>
> # loose-route processing
>
> if (loose_route()) {
>
> t_relay();
>
> break;
>
> };
>
>
>
> # if the request is for other domain use UsrLoc
>
> # (in case, it does not work, use the following command
>
> # with proper names and addresses in it)
>
> # if (uri==myself) {
>
> if (uri=~"^sip:(.+@)?(192\.168\.2\.16)([:;\?].*)?$") {
>
>
>
> if (method=="REGISTER") {
>
>
>
> # Uncomment this if you want to use digest authentication
>
> if (!www_authorize("", "subscriber")) {
>
> www_challenge("", "0");
>
> break;
>
> };
>
>
>
> save("location");
>
> break;
>
> };
>
>
>
> # native SIP destinations are handled using our USRLOC
> DB
>
> if (!lookup("location")) {
>
> sl_send_reply("404", "Not Found");
>
> break;
>
> };
>
> };
>
> # forward to current uri now; use stateful forwarding; that
>
> # works reliably even if we forward from TCP to UDP
>
> if (!t_relay()) {
>
> sl_reply_error();
>
> };
>
>
>
> }
>
>
>
>
>
> --
>
> ___________________________________________________________
> Sign-up for Ads Free at Mail.com
> [1]http://www.mail.com/?sr=signup
>
> References
>
> 1. http://mail01.mail.com/scripts/payment/adtracking.cgi?bannercode=adsfreejump01
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list