[Serusers]: Problems with authentication

Klaus Darilion klaus.mailinglists at pernau.at
Thu May 13 12:34:01 CEST 2004 

I suggest you to never mix ser rpms and source code installations.

If you need accounting, remove all ser rpms from your system and use CVS 
versions only.

Klaus

Sara Allton wrote:

> Thanks - it worked.
> 
> One other question please.
> 
> I've had to recompile ser from source since I need to log CDRs to Mysql 
> rather than to syslog. However when i try to re-intsall the ser-mysl RPM 
> package, I get a failed dependencies error. Its as if ser is not 
> installed at all. Is there something I'm missing out?
> 
> Thanks
> 
> Sara
> 
> ----- Original Message -----
> From: Jan Janak
> Date: Sun, 9 May 2004 19:03:10 +0200
> To: Sara Allton
> Subject: Re: [Serusers]: Problems with authentication
> 
>  > Change realm (the first parameter of www_authorize and www_challenge in
>  > the configuration file) from localdomain.com to 192.168.2.16. That's
>  > what you have configured in the subscriber table.
>  >
>  > Jan.
>  >
>  > On 08-05 12:29, Sara Allton wrote:
>  > >
>  > > Hi,
>  > >
>  > > I've installed SER on Redhat 9 but am having problems with getting a
>  > > Cisco ATA registered. The server replies with message "401
>  > > Unauthorized". Below is the ser.cfg file, together with ngrep output
>  > > and mysql subscriber table.
>  > >
>  > > What could the problem be? i've tried modifying the ser.cfg file in
>  > > order to try and get this to work but without luck. I'm not too sure
>  > > regarding the "realm" parameter being passed int the www-authenticate
>  > > message.
>  > >
>  > > TIA
>  > >
>  > > Sara
>  > >
>  > >
>  > > U 192.168.2.100:5060 -> 192.168.2.16:5060
>  > >
>  > > REGISTER sip:192.168.2.16 SIP/2.0..Via: SIP/2.0/UDP
>  > > 192.168.2.100:5060..From: sip:ciscoata at 192.168.2.16..To:
>  > > sip:ciscoata at 192.168.2.16..Call-ID:
>  > >
>  > > 3435349313 at 192.168.2.100..CSeq: 2 REGISTER..Contact:
>  > > ;expires=3500..User-Age
>  > > nt: Cisco ATA v2.15 a
>  > >
>  > > ta18x (020927a)..Authorization: Digest
>  > > username="ciscoata",realm="localdomain.com",nonce="409e41b0801685a46a7
>  > > 9d41e81d85c5adc6bca39",uri="sip:192.168.2.16",response="b878eb13908b9a
>  > > 8251571111eb001acf"..Content-Length: 0.... < BR>> >
>  > > #
>  > >
>  > > U 192.168.2.16:5060 -> 192.168.2.100:5060
>  > >
>  > > SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 192.168.2.100:5060..From:
>  > > sipciscoata at 192.168.2.16..To:
>  > > sip:ciscoata at 192.168.2.16;tag=b27e1a1d33761e
>  > >
>  > > 85846fc98f5f3a7e58.8272..Call-ID: 3435349313 at 192.168.2.100..CSeq: 2
>  > > REGISTER..WWW-Authenticate: Digest realm="localdomain.com",
>  > > nonce="409e41b1bc69e5210563de14a3dbfbb25941602e"..Server: Sip EXpress
>  > > router (0.8.12 (i386/linux)
>  > >
>  > > )..Content-Length: 0..Warning: 392 192.168.2.16:5060 "Noisy feedback
>  > > tells:pid=1631 req_src_ip=192.168.2.100 req_src_port=5060
>  > > in_uri=sip:192.168.2.16 out_uri=sip:192.168.2.16 via_cnt==1"....
>  > >
>  > >
>  > > mysql> select * from subscriber;
>  > >
>  > > +----------------------------------+- 
> ------------+--------------+-----
>  > > -----+------------+-----------+-------+-------------------------------
>  > > --+---------------------+---------------------+-----------------------
>  > > -------------------+------+------------------+----------+-------------
>  > > ---------------------+----------------------------------+-------+-----
>  > > -------+----------+
>  > >
>  > > | phplib_id | username | domain |
>  > > password | first_name | last_name | phone |
>  > > email_address | datetime_created |
>  > > datetime_modified | confirmation & nbsp; |
>  > > flag | sendnotification | greeting | ha1
>  > > | ha1b | perms | allow_find | timezone |
>  > >
>  > > +----------------------------------+-------------+--------------+-----
>  > > -----+------------+-----------+-------+-------------------------------
>  > > --+---------------------+------------------ 
> ---+-----------------------
>  > > -------------------+------+------------------+----------+-------------
>  > > ---------------------+----------------------------------+-------+-----
>  > > -------+----------+
>  > >
>  > > | 65e397cda0aa8e3202ea22cbd350e4e9 | admin | 192.168.2.16 |
>  > > heslo | Initial | Admin | 123 |
>  > > root at localhost | 2002-09-04 19:37:45 | 0000-00-00
>  > > 00:00:00 | 57DaSIPuCm52UNe54 LF545750cfdL48OMZfroM53 | o
>  > >
>  > > | | | 2ff35d1f6572c03ae736bd567a46a30b |
>  > > b4c79738fe441c8c26ebc11545423d23 | admin | 0
>  > >
>  > > | NULL |
>  > >
>  > > | NULL |
>  > >
>  > > | 1fb8e96684801eb7bc53e44d68a18cca | ser | 192.168.2.16 |
>  > > heslo | | | | ser at localhost |
>  > > 2004-05-05 07:47:30 | 0000-00-00 00:00:00 | &
>  > > nbsp; | o
>  > >
>  > > | | | 1fb8e96684801eb7bc53e44d68a18cca |
>  > > 5023bfc28eff0b9fc0f48e22b14f5e2b | admin | 0
>  > >
>  > > | NULL |
>  > >
>  > >
>  > > | f3dbccc505c3611dd538857bbfa8a2b2 | test123 | 192.168.2.16 |
>  > > test | | | |
>  > > test123 at 192.168.2.16 | 2004-05-05 09:40:50 | 0000-00-00
>  > > 00:00:00 | &nbs p; | o
>  > >
>  > > | | | f3dbccc505c3611dd538857bbfa8a2b2 |
>  > > 39e3709b96459dd7f5090277aaf988f4 | NULL | 0
>  > >
>  > > | NULL |
>  > >
>  > >
>  > > | b800b1c879ccf7bccfa1d0fffd6ac28a | ciscoata | 192.168.2.16 |
>  > > qwerty | | | | ciscoata at mail.com |
>  > > 2004-05-09 12:22:22 | 0000-00-00 00:00:00 |
>  > > | o
>  > >
>  > > | | | b800b1c879ccf7bccfa1d0fffd6ac28a |
>  > > bd81df065d2931e0048989a9fa94e6d5 | NULL | 0
>  > >
>  > > | NULL |
>  > >
>  > > +----------------------------------+-------------+-------------- 
> +-----
>  > > -----+------------+-----------+-------+-------------------------------
>  > > --+---------------------+---------------------+-----------------------
>  > > -------------------+------+------------------+----------+-------------
>  > > ---------------------+----------------------------------+-------+-----
>  > > -------+----------+
>  > >
>  > > 4 rows in set (0.00 sec)
>  > >
>  > >
>  > > #
>  > >
>  > > # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
>  > >
>  > > #
>  > >
>  > > # simple quick-start config script
>  > >
>  > > #
>  > >
>  > >
>  > >
>  > > # ----------- global configuration parameters ------------------------
>  > >
>  > >
>  > >
>  > > #debug=3 # debug level (cmd line: -dddddddddd)
>  > >
>  > > #fork=yes
>  > >
>  > > #log_ stderror=no # (cmd line: -E)
>  > >
>  > >
>  > >
>  > >
>  > >
>  > >
>  > >
>  > > /* Uncomment these lines to enter debugging mode
>  > >
>  > > debug=7
>  > >
>  > > fork=no
>  > >
>  > > log_stderror=yes
>  > >
>  > > */
>  > >
>  > > check_via=no # (cmd. line: -v)
>  > >
>  > > dns=no # (cmd. line: -r)
>  > >
>  > > rev_dns=no # (cmd. line: -R)
>  > >
>  > > #port=5060
>  > >
>  > > #children=4
>  > >
>  > > fifo="/tmp/ser_fifo"
>  > >
>  > >
>  > > # ------------------ module loading ----------------------------------
>  > >
>  > >
>  > >
>  > > # Uncomment this if you want to use SQL database
>  > >
>  > > loadmodule "/usr/lib/ser/modules/mysql.so"
>  > >
>  > >
>  > >
>  > > loadmodul e "/usr/lib/ser/modules/sl.so"
>  > >
>  > > loadmodule "/usr/lib/ser/modules/tm.so"
>  > >
>  > > loadmodule "/usr/lib/ser/modules/rr.so"
>  > >
>  > > loadmodule "/usr/lib/ser/modules/maxfwd.so"
>  > >
>  > > loadmodule "/usr/lib/ser/modules/usrloc.so"
>  > >
>  > > loadmodule "/usr/lib/ser/modules/registrar.so"
>  > >
>  > >
>  > >
>  > > # Uncomment this if you want digest authentication
>  > >
>  > > # mysql.so must be loaded !
>  > >
>  > > loadmodule "/usr/lib/ser/modules/auth.so"
>  > >
>  > > loadmodule "/usr/lib/ser/modules/auth_db.so"
>  > >
>  > > # ----------------- setting module-specific parameters ---------------
>  > >
>  > >
>  > >
>  > > # -- usrloc params --
>  > >
>  > > modparam("usrloc", "db_url", "sql://ser:heslo@192.168.2.16/ser")
>  > >
>  > >
>  > >
>  > > #modparam("usrloc", "db_mode", 0)
>  > >
>  > >
>  > >
>  > > # Uncomment this if you want to use SQL database
>  > >
>  > > # for persistent storage and comment the previous line
>  > >
>  > > modparam("usrloc", "db_mode", 2)
>  > >
>  > >
>  > >
>  > > # -- auth params --
>  > >
>  > > modparam("auth_db", "db_url", "sql://ser:heslo@192.168.2.16/ser")
>  > >
>  > > # Uncomment if you are using auth module
>  > >
>  > > #
>  > >
>  > > modparam("auth_db", "calculate_ha1", yes)
>  > >
>  > > #
>  > >
>  > > # If you set "calculate_ha1" parameter to yes (which true in this
>  > > config),
>  > >
>  > > # uncomment also the following parameter)
>  > >
>  > > #
>  > >
>  > > modparam("auth_db", "password_column", "password")
>  > > ;
>  > >
>  > >
>  > > # -- rr params --
>  > >
>  > > # add value to ;lr param to make some broken UAs happy
>  > >
>  > > modparam("rr", "enable_full_lr", 1)
>  > >
>  > >
>  > >
>  > > # ------------------------- request routing logic -------------------
>  > >
>  > >
>  > >
>  > > # main routing logic
>  > >
>  > >
>  > >
>  > > route{
>  > >
>  > >
>  > >
>  > > # initial sanity checks -- messages with
>  > >
>  > > # max_forwards==0, or excessively long requests
>  > >
>  > > if (!mf_process_maxfwd_header("10")) {
>  > >
>  > > sl_send_reply("483","Too Many Hops");
>  > >
>  > > break;
>  > >
>  > > };
>  > >
>  > > if ( msg:len > max_len ) {
>  > >
>  > > sl_send_reply("513", "Message too big");
>  > > < BR>> > break;
>  > >
>  > > };
>  > >
>  > >
>  > >
>  > > # we record-route all messages -- to make sure that
>  > >
>  > > # subsequent messages will go through our proxy; that's
>  > >
>  > > # particularly good if upstream and downstream entities
>  > >
>  > > # use different transport protocol
>  > >
>  > > record_route();
>  > >
>  > > # loose-route processing
>  > >
>  > > if (loose_route()) {
>  > >
>  > > t_relay();
>  > >
>  > > break;
>  > >
>  > > };
>  > >
>  > >
>  > >
>  > > # if the request is for other domain use UsrLoc
>  > >
>  > > # (in case, it does not work, use the following command
>  > >
>  > > # with proper names and addresses in it)
>  > >
>  > > # if (uri==myself) {
>  > >
>  > > if (uri=~"^sip :(.+@)?(192\.168\.2\.16)([:;\?].*)?$") {
>  > >
>  > >
>  > >
>  > > if (method=="REGISTER") {
>  > >
>  > >
>  > >
>  > > # Uncomment this if you want to use digest authentication
>  > >
>  > > if (!www_authorize("", "subscriber")) {
>  > >
>  > > www_challenge("", "0");
>  > >
>  > > break;
>  > >
>  > > };
>  > >
>  > >
>  > >
>  > > save("location");
>  > >
>  > > break;
>  > >
>  > > };
>  > >
>  > >
>  > >
>  > > # native SIP destinations are handled using our USRLOC
>  > > DB
>  > >
>  > > if (!lookup("location")) {
>  > >
>  > > sl_send_reply("404", "Not Found");
>  > >
>  > > break;
>  > >
>  > > };
>  > >
>  > > };
>  > >
>  > > # forward to current uri now; use stateful forwarding; that
>  > >
>  > > # works reliably even if we forward from TCP to UDP
>  > >
>  > > if (!t_relay()) {
>  > >
>  > > sl_reply_error();
>  > >
>  > > };
>  > >
>  > >
>  > >
>  > > }
>  > >
>  > >
>  > >
>  > >
>  > >
>  > > --
>  > >
>  > > ___________________________________________________________
>  > > Sign-up for Ads Free at Mail.com
>  > > [1]http://www.mail.com/?sr=signup
>  > >
>  > > References
>  > >
>  > > 1. 
> http://mail01.mail.com/scripts/payment/adtracking.cgi?bannercode=adsfreejump01 
> 
>  >
>  > > _______________________________________________
>  > > Serusers mailing list
>  > > serusers at lists.iptel.org
>  > > http://lists.iptel.org/mailman/listinfo/serusers
>  >
> 
> 
> -- 
> 
> ___________________________________________________________
> Sign-up for Ads Free at Mail.com
> http://www.mail.com/?sr=signup 
> <http://mail01.mail.com/scripts/payment/adtracking.cgi?bannercode=adsfreejump01>
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list