[Serusers]: Problems with authentication
Klaus Darilion
klaus.mailinglists at pernau.at
Thu May 13 14:47:46 CEST 2004
I've always done it this way:
----
checkout from cvs
in the directory: /root/software/ser
# cvs -d:pserver:anonymous at cvs.ser.berlios.de:/cvsroot/ser login
password: just press enter - no password
checkout stable (0.8.12) release:
# cvs -z3 -d:pserver:anonymous at cvs.ser.berlios.de:/cvsroot/ser co -r
rel_0_8_12 sip_router
(the last command without line-break)
-----
But there was a thread recently discussing cvs problems. So if the
commands above doesn't work, check this thread.
klaus
Sara Allton wrote:
> Thanks - I'm trying to download CVS versions as instructed in "direct
> CVS Access" - however i'm getting a 'BAD CVSROOT' error. I've also tried
> using the cvs -d option to specify the CVSROOT however it seems i'm not
> getting anywhere.
>
> would appreciate further help on this as this is all new to me.
>
> TIA
>
> S
>
> ----- Original Message -----
> From: Klaus Darilion
> Date: Thu, 13 May 2004 12:34:01 +0200
> To: Sara Allton
> Subject: Re: [Serusers]: Problems with authentication
>
> > I suggest you to never mix ser rpms and source code installations.
> >
> > If you need accounting, remove all ser rpms from your system and use CVS
> > versions only.
> >
> > Klaus
> >
> > Sara Allton wrote:
> >
> > > Thanks - it worked.
> > >
> > > One other question please.
> > >
> > > I've had to recompile ser from source since I need to log CDRs to
> Mysql
> > > rather than to syslog. However when i try to re-intsall the
> ser-mysl RPM
> > > package, I get a failed dependencies error. Its as if ser is not
> > > installed at all. Is there something I'm missing out?
> > >
> > > Thanks
> > >
> > > Sar a
> > >
> > > ----- Original Message -----
> > > From: Jan Janak
> > > Date: Sun, 9 May 2004 19:03:10 +0200
> > > To: Sara Allton
> > > Subject: Re: [Serusers]: Problems with authentication
> > >
> > > > Change realm (the first parameter of www_authorize and
> www_challenge in
> > > > the configuration file) from localdomain.com to 192.168.2.16. That's
> > > > what you have configured in the subscriber table.
> > > >
> > > > Jan.
> > > >
> > > > On 08-05 12:29, Sara Allton wrote:
> > > > >
> > > > > Hi,
> > > > >
> > > > > I've installed SER on Redhat 9 but am having problems with
> getting a
> > > > > Cisco ATA registered. The server replies with message "401
> > > > > Unauthorized". Below is the ser.cfg file, together with ngrep
> output
> > > > > and mysql subscriber table.
> > > > >
> > > > > What could the problem be? i've tried modifying the ser.cfg
> file in
> > > > > order to try and get this to work but without luck. I'm not too
> sure
> > > > > regarding the "realm" parameter being passed int the
> www-authenticate
> > > > > message.
> > > > >
> > > > > TIA
> > > > >
> > > > > Sara
> > > > >
> > > > >
> > > > > U 192.168.2.100:5060 -> 192.168.2.16:5060
> > > > >
> > > > > REGISTER sip:192.168.2.16 SIP/2.0..Via: SIP/2.0/UDP
> > > > > 192.168.2.100:5060..From: sip:ciscoata at 192.168.2.16..To:
> > > > > sip:ciscoata at 192.168.2.16..Call-ID:
> > > > >
> > > > > 3435349313 at 192.168.2.100..CSeq: 2 REGISTER..Contact:
> > > > > ;expires=3500..User-Age
> > > > ; > nt: Cisco ATA v2.15 a
> > > > >
> > > > > ta18x (020927a)..Authorization: Digest
> > > > >
> username="ciscoata",realm="localdomain.com",nonce="409e41b0801685a46a7
> > > > >
> 9d41e81d85c5adc6bca39",uri="sip:192.168.2.16",response="b878eb13908b9a
> > > > > 8251571111eb001acf"..Content-Length: 0.... < BR>> >
> > > > > #
> > > > >
> > > > > U 192.168.2.16:5060 -> 192.168.2.100:5060
> > > > >
> > > > > SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
> 192.168.2.100:5060..From:
> > > > > sipciscoata at 192.168.2.16..To:
> > > > > sip:ciscoata at 192.168.2.16;tag=b27e1a1d33761e
> > > > >
> > > > > 85846fc98f5f3a7e58.8272..Call-ID:
> 3435349313 at 192.168.2.100..CSeq: 2
> > > > > REGISTER..WWW-Authenticate: Digest realm="localdomain.com",
> > > > > nonce="409e4 1b1bc69e5210563de14a3dbfbb25941602e"..Server: Sip
> EXpress
> > > > > router (0.8.12 (i386/linux)
> > > > >
> > > > > )..Content-Length: 0..Warning: 392 192.168.2.16:5060 "Noisy
> feedback
> > > > > tells:pid=1631 req_src_ip=192.168.2.100 req_src_port=5060
> > > > > in_uri=sip:192.168.2.16 out_uri=sip:192.168.2.16 via_cnt==1"....
> > > > >
> > > > >
> > > > > mysql> select * from subscriber;
> > > > >
> > > > > +----------------------------------+-
> > > ------------+--------------+-----
> > > > >
> -----+------------+-----------+-------+-------------------------------
> > > > >
> --+---------------------+---------------------+-----------------------
> > > > >
> -------------------+------+------------------+----------+-------------
> > > > > ---------------------+------------------
> ----------------+-------+-----
> > > > > -------+----------+
> > > > >
> > > > > | phplib_id | username | domain |
> > > > > password | first_name | last_name | phone |
> > > > > email_address | datetime_created |
> > > > > datetime_modified | confirmation & nbsp; |
> > > > > flag | sendnotification | greeting | ha1
> > > > > | ha1b | perms | allow_find | timezone |
> > > > >
> > > > >
> +----------------------------------+-------------+--------------+-----
> > > > >
> -----+------------+-----------+-------+-------------------------------
> > > > > --+---------------------+------------------
> > > ---+-----------------------
> > > > >
> -------------------+------+------------------+----------+-------------
> > > > > ---------------------+----------------------------------+----
> ---+-----
> > > > > -------+----------+
> > > > >
> > > > > | 65e397cda0aa8e3202ea22cbd350e4e9 | admin | 192.168.2.16 |
> > > > > heslo | Initial | Admin | 123 |
> > > > > root at localhost | 2002-09-04 19:37:45 | 0000-00-00
> > > > > 00:00:00 | 57DaSIPuCm52UNe54 LF545750cfdL48OMZfroM53 | o
> > > > >
> > > > > | | | 2ff35d1f6572c03ae736bd567a46a30b |
> > > > > b4c79738fe441c8c26ebc11545423d23 | admin | 0
> > > > >
> > > > > | NULL |
> > > > >
> > > > > | NULL |
> > > > >
> > > > > | 1fb8e96684801eb7bc53e44d68a18cca | ser | 192.168.2.16 |
> > > > > heslo | | | | ser at localhost |
> > > > > 2004-05-05 07:47:30 | 0000-00-00 00:00:00 | &
> > > > > nbsp; | o
> > > > >
> > > > > | | | 1fb8e96684801eb7bc53e4 4d68a18cca |
> > > > > 5023bfc28eff0b9fc0f48e22b14f5e2b | admin | 0
> > > > >
> > > > > | NULL |
> > > > >
> > > > >
> > > > > | f3dbccc505c3611dd538857bbfa8a2b2 | test123 | 192.168.2.16 |
> > > > > test | | | |
> > > > > test123 at 192.168.2.16 | 2004-05-05 09:40:50 | 0000-00-00
> > > > > 00:00:00 | &nbs p; | o
> > > > >
> > > > > | | | f3dbccc505c3611dd538857bbfa8a2b2 |
> > > > > 39e3709b96459dd7f5090277aaf988f4 | NULL | 0
> > > > >
> > > > > | NULL |
> > > > >
> > > > >
> > > > > | b800b1c879ccf7bccfa1d0fffd6ac28a | ciscoata | 192.168.2.16 |
> > > > > qwerty | | | | ciscoata at mail.com |
> > > > > 2004-05-09 12:22:22 | 0000-00-00 00:00:00 |
> > > > > | o
> > > > >
> > > > & gt; | | | b800b1c879ccf7bccfa1d0fffd6ac28a |
> > > > > bd81df065d2931e0048989a9fa94e6d5 | NULL | 0
> > > > >
> > > > > | NULL |
> > > > >
> > > > > +----------------------------------+-------------+--------------
> > > +-----
> > > > >
> -----+------------+-----------+-------+-------------------------------
> > > > >
> --+---------------------+---------------------+-----------------------
> > > > >
> -------------------+------+------------------+----------+-------------
> > > > >
> ---------------------+----------------------------------+-------+-----
> > > > > -------+----------+
> > > > >
> > > > > 4 rows in set (0.00 sec)
> > > > >
> > > > >
> > > > > #
> > > > >
> > > > > # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
> > ; > > >
> > > > > #
> > > > >
> > > > > # simple quick-start config script
> > > > >
> > > > > #
> > > > >
> > > > >
> > > > >
> > > > > # ----------- global configuration parameters
> ------------------------
> > > > >
> > > > >
> > > > >
> > > > > #debug=3 # debug level (cmd line: -dddddddddd)
> > > > >
> > > > > #fork=yes
> > > > >
> > > > > #log_ stderror=no # (cmd line: -E)
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > /* Uncomment these lines to enter debugging mode
> > > > >
> > > > > debug=7
> > > > >
> > > > > fork=no
> > > > >
> > > > > log_stderror=yes
> > > > >
> > > > > */
> > > > >
> > > > > check_via=no # (cmd. line: -v)
> > > > >
> > > > > dns=no # (cmd. line: -r)
> > > > >
> > > > > rev_dns=no # (cmd. line: -R)
> > > > >
> > > > > #port=5060
> > > > >
> > > > > #children=4
> > > > >
> > > > > fifo="/tmp/ser_fifo"
> > > > >
> > > > >
> > > > > # ------------------ module loading
> ----------------------------------
> > > > >
> > > > >
> > > > >
> > > > > # Uncomment this if you want to use SQL database
> > > > >
> > > > > loadmodule "/usr/lib/ser/modules/mysql.so"
> > > > >
> > > > >
> > > > >
> > > > > loadmodul e "/usr/lib/ser/modules/sl.so"
> > > > >
> > > > > loadmodule "/usr/lib/ser/modules/tm.so"
> > > > >
> > > > > loadmodule "/usr/lib/ser/modules/rr.so"
> > > > >
> > > > > loadmodule "/usr/lib/ser/modules/maxfwd.so"
> > > > >
> > > > > loadmodule "/usr/lib/ser/modules/usrloc.so"
> > > > >
> > > > > loadmodule "/usr/lib/ser/modules/registrar.so"
> > > > >
> > > > >
> > > > >
> > > > > # Uncomment this if you want digest authentication
> > > > >
> > > > > # mysql.so must be loaded !
> > > > >
> > > > > loadmodule "/usr/lib/ser/modules/auth.so"
> > > > >
> > > > > loadmodule "/usr/lib/ser/modules/auth_db.so"
> > > > >
> > > > > # ----------------- setting m odule-specific parameters
> ---------------
> > > > >
> > > > >
> > > > >
> > > > > # -- usrloc params --
> > > > >
> > > > > modparam("usrloc", "db_url", "sql://ser:heslo@192.168.2.16/ser")
> > > > >
> > > > >
> > > > >
> > > > > #modparam("usrloc", "db_mode", 0)
> > > > >
> > > > >
> > > > >
> > > > > # Uncomment this if you want to use SQL database
> > > > >
> > > > > # for persistent storage and comment the previous line
> > > > >
> > > > > modparam("usrloc", "db_mode", 2)
> > > > >
> > > > >
> > > > >
> > > > > # -- auth params --
> > > > >
> > > > > modparam("auth_db", "db_url", "sql://ser:heslo@192.168.2.16/ser")
> > > > >
> > > > > # Uncomment if you are using auth module
> > > > >
> > > > > #
> > > > >
> > > > > modparam("auth_db", "calculate_ha1", yes)
> > > > >
> > > > > #
> > > > >
> > > > > # If you set "calculate_ha1" parameter to yes (which true in this
> > > > > config),
> > > > >
> > > > > # uncomment also the following parameter)
> > > > >
> > > > > #
> > > > >
> > > > > modparam("auth_db", "password_column", "password")
> > > > > ;
> > > > >
> > > > >
> > > > > # -- rr params --
> > > > >
> > > > > # add value to ;lr param to make some broken UAs happy
> > > > >
> > > > > modparam("rr", "enable_full_lr", 1)
> > > > >
> > > > >
> > > > >
> > > > > # ------------------------- request routing logic
> -------------------
> > > > >
> > > > >
> > > > >
> > > > > # main routing logic
> > > > >
> > > > >
> > > > >
> > > > > route{
> > > > >
> > > > >
> > > > >
> > > > > # initial sanity checks -- messages with
> > > > >
> > > > > # max_forwards==0, or excessively long requests
> > > > >
> > > > > if (!mf_process_maxfwd_header("10")) {
> > > > >
> > > > > sl_send_reply("483","Too Many Hops");
> > > > >
> > > > > break;
> > > > >
> > > > > };
> > > > >
> > > > > if ( msg:len > max_len ) {
> > > > >
> > > > > sl_send_reply ("513", "Message too big");
> > > > > < BR>> > break;
> > > > >
> > > > > };
> > > > >
> > > > >
> > > > >
> > > > > # we record-route all messages -- to make sure that
> > > > >
> > > > > # subsequent messages will go through our proxy; that's
> > > > >
> > > > > # particularly good if upstream and downstream entities
> > > > >
> > > > > # use different transport protocol
> > > > >
> > > > > record_route();
> > > > >
> > > > > # loose-route processing
> > > > >
> > > > > if (loose_route()) {
> > > > >
> > > > > t_relay();
> > > > >
> > > > > break;
> > > > >
> > > > > };
> > > > >
> > > > >
> > > > >
> > > > > # if the request is for other domain use UsrLoc
> > > > >
> > > > > # (in case, it does not work, use the following command
> > > > >
> > > > > # with proper names and addresses in it)
> > > > >
> > > > > # if (uri==myself) {
> > > > >
> > > > > if (uri=~"^sip :(.+@)?(192\.168\.2\.16)([:;\?].*)?$") {
> > > > >
> > > > >
> > > > >
> > > > > if (method=="REGISTER") {
> > > > >
> > > > >
> > > > >
> > > > > # Uncomment this if you want to use digest authentication
> > > > >
> > > > > if (!www_authorize("", "subscriber")) {
> > > > >
> > > > > www_challenge("", "0");
> > > > >
> > > > > break;
> > > > >
> > > ; > > };
> > > > >
> > > > >
> > > > >
> > > > > save("location");
> > > > >
> > > > > break;
> > > > >
> > > > > };
> > > > >
> > > > >
> > > > >
> > > > > # native SIP destinations are handled using our USRLOC
> > > > > DB
> > > > >
> > > > > if (!lookup("location")) {
> > > > >
> > > > > sl_send_reply("404", "Not Found");
> > > > >
> > > > > break;
> > > > >
> > > > > };
> > > > >
> > > > > };
> > > > >
> > > > > # forward to current uri now; use stateful forwarding; that
> > > > >
> > > > > # works reliably even if we forward from TCP to UDP
> > > > >
> > > > > if (! t_relay()) {
> > > > >
> > > > > sl_reply_error();
> > > > >
> > > > > };
> > > > >
> > > > >
> > > > >
> > > > > }
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > >
> > > > > ___________________________________________________________
> > > > > Sign-up for Ads Free at Mail.com
> > > > > [1]http://www.mail.com/?sr=signup
> > > > >
> > > > > References
> > > > >
> > > > > 1.
> > >
> http://mail01.mail.com/scripts/payment/adtracking.cgi?bannercode=adsfreejump01
>
> > >
> > > >
> > > > > _______________________________________________
> > > > > Serusers mailing list
> > > > > Serusers at ipte l.org
> > > > > http://lists.iptel.org/mailman/listinfo/serusers
> > > >
> > >
> > >
> > > --
> > >
> > > ___________________________________________________________
> > > Sign-up for Ads Free at Mail.com
> > > http://www.mail.com/?sr=signup
> > >
> > >
> > >
> > >
> ------------------------------------------------------------------------
> > >
> > > _______________________________________________
> > > Serusers mailing list
> > > serusers at lists.iptel.org
> > > http://lists.iptel.org/mailman/listinfo/serusers
>
>
> --
>
> ___________________________________________________________
> Sign-up for Ads Free at Mail.com
> http://www.mail.com/?sr=signup
> <http://mail01.mail.com/scripts/payment/adtracking.cgi?bannercode=adsfreejump01>
>
More information about the sr-users
mailing list