[Users] Problems with digest authentication
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Tue Aug 2 14:15:03 CEST 2005
Hi Aimable,
have you tried with
www_authorize("talk.artel.rw","subscriber")
in the REGISTER block? just asking because I don't see this in your cfg.
if your did, but still doesn't work, please send the net traffic capture
and the OpenSER log (in full debug mode) for the failed REGISTER. For
sure, there is a config problem somewhere....
regards,
bogdan
aimable wrote:
>I tried both of these configurations and none of them worked .
>Here below is my configuration
>
>debug=7
>fork=yes
>log_stderror=yes
>listen=193.XXX.XX4.XXX
>port=5060
>children=4
>
>alias=193.XXX.XX4.XXX
>alias=sip.mydomain.tld
>
>dns=yes
>rev_dns=no
>
>fifo="/tmp/openser_fifo"
>fifo_db_url="mysql://USER:PASSWORD@localhost/openser"
>
>loadmodule "/usr/local/lib/openser/modules/mysql.so"
>loadmodule "/usr/local/lib/openser/modules/sl.so"
>loadmodule "/usr/local/lib/openser/modules/tm.so"
>loadmodule "/usr/local/lib/openser/modules/rr.so"
>loadmodule "/usr/local/lib/openser/modules/maxfwd.so"
>loadmodule "/usr/local/lib/openser/modules/usrloc.so"
>loadmodule "/usr/local/lib/openser/modules/registrar.so"
>loadmodule "/usr/local/lib/openser/modules/auth.so"
>loadmodule "/usr/local/lib/openser/modules/auth_db.so"
>loadmodule "/usr/local/lib/openser/modules/uri.so"
>loadmodule "/usr/local/lib/openser/modules/uri_db.so"
>loadmodule "/usr/local/lib/openser/modules/mediaproxy.so"
>loadmodule "/usr/local/lib/openser/modules/nathelper.so"
>loadmodule "/usr/local/lib/openser/modules/textops.so"
>loadmodule "/usr/local/lib/openser/modules/domain.so"
>loadmodule "/usr/local/lib/openser/modules/acc.so"
>
>modparam("auth_db", "calculate_ha1", 1)
>modparam("auth_db", "password_column", "password")
>modparam("auth_db", "use_domain", 1)
>
>modparam("domain", "db_mode", 1)
>
>modparam("nathelper", "rtpproxy_disable", 1)
>modparam("nathelper", "natping_interval", 180)
>
>modparam("mediaproxy","natping_interval", 30)
>modparam("mediaproxy","mediaproxy_socket", "/var/run/mediaproxy.sock")
>modparam("mediaproxy","sip_asymmetrics","/usr/local/etc/openser/sip-asymmetr
>ic-clients")
>modparam("mediaproxy","rtp_asymmetrics","/usr/local/etc/openser/rtp-asymmetr
>ic-clients")
>
>modparam("usrloc", "db_mode", 2)
>modparam("usrloc", "use_domain", 1)
>
>modparam("registrar", "default_expires", 60)
>modparam("registrar", "min_expires", 30)
>modparam("registrar", "nat_flag", 6)
>modparam("registrar", "use_domain", 1)
>
>modparam("rr", "enable_full_lr", 1)
>
>modparam("auth_db|uri_db|usrloc", "db_url",
>"mysql://USER:PASSWORD@localhost/openser")
>modparam("acc", "db_url", "mysql://USER:PASSWORD@localhost/openser")
>modparam("acc", "failed_transactions", 1)
>modparam("acc", "log_level", 1)
>modparam("acc", "log_flag", 1)
>modparam("acc", "db_flag", 1)
>
>route {
>
> # -----------------------------------------------------------------
> # Sanity Check Section
> # -----------------------------------------------------------------
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483", "Too Many Hops");
> break;
> };
>
> if (msg:len > max_len) {
> sl_send_reply("513", "Message Overflow");
> break;
> };
>
> # -----------------------------------------------------------------
> # Record Route Section and Acc section
> # -----------------------------------------------------------------
> if (method=="INVITE" && client_nat_test("3")) {
> record_route_preset("193.XXX.XX4.XXX:5060;nat=yes");
> } else if (method!="REGISTER") {
> if!(uri=~"^sip:833[0-9]*@") {
> record_route();
> setflag(1);
> }
> };
>
> # -----------------------------------------------------------------
> # Call Tear Down Section
> # -----------------------------------------------------------------
> if (method=="BYE" || method=="CANCEL") {
> end_media_session();
> };
>
> # -----------------------------------------------------------------
> # Loose Route Section
> # -----------------------------------------------------------------
> if (loose_route()) {
>
> if (has_totag() && (method=="INVITE" || method=="ACK")) {
>
> if (client_nat_test("3") ||
>search("^Route:.*;nat=yes")) {
> setflag(6);
> use_media_proxy();
> };
> };
>
> route(1);
> break;
> };
>
> # -----------------------------------------------------------------
> # Call Type Processing Section
> # -----------------------------------------------------------------
>
> if (uri!=myself) {
> route(1);
> break;
> };
>
> if (uri==myself) {
>
> if (method=="CANCEL") {
> route(3);
> break;
> } else if (method=="INVITE") {
> route(3);
> break;
> } else if (method=="REGISTER") {
> route(2);
> break;
> };
>
> lookup("aliases");
> if (uri!=myself) {
> route(1);
> break;
> };
>
> if (!lookup("location")) {
> sl_send_reply("404", "User Not Found");
> break;
> };
> };
>
> route(1);
>}
>
>route[1] {
>
> # -----------------------------------------------------------------
> # Default Message Handler
> # -----------------------------------------------------------------
>
> t_on_reply("1");
>
> if (!t_relay()) {
>
> if (method=="INVITE" || method=="ACK") {
> end_media_session();
> };
>
> sl_reply_error();
> };
>}
>
>route[2] {
>
> # -----------------------------------------------------------------
> # REGISTER Message Handler
> # ----------------------------------------------------------------
>
> if (!search("^Contact:\ +\*") && client_nat_test("7")) {
> setflag(6);
> fix_nated_register();
> force_rport();
> };
>
> sl_send_reply("100", "Trying");
>
> if (!www_authorize("","subscriber")) {
> www_challenge("","0");
> break;
> };
>
> if (!check_to()) {
> sl_send_reply("401", "Unauthorized");
> break;
> };
>
> consume_credentials();
>
> if (!save("location")) {
> sl_reply_error();
> };
>}
>
>route[3] {
>
> # -----------------------------------------------------------------
> # CANCEL and INVITE Message Handler
> # -----------------------------------------------------------------
>
> if (client_nat_test("3")) {
> setflag(7);
> force_rport();
> fix_nated_contact();
> };
>
> lookup("aliases");
> if (uri!=myself) {
> route(1);
> break;
> };
>
>
> if (!lookup("location")) {
> sl_send_reply("404", "User Not Found");
> break;
> };
>
> if (method=="CANCEL") {
> route(1);
> break;
> };
>
> if (!proxy_authorize("","subscriber")) {
> proxy_challenge("","0");
> break;
> } else if (!check_from()) {
> sl_send_reply("403", "Use From=ID");
> break;
> };
>
> consume_credentials();
>
> if (isflagset(6) || isflagset(7)) {
> use_media_proxy();
> };
>
> route(1);
>}
>
>onreply_route[1] {
>
> if ((isflagset(6) || isflagset(7)) &&
>(status=~"(180)|(183)|2[0-9][0-9]")) {
>
> if (!search("^Content-Length:\ +0")) {
> use_media_proxy();
> };
> };
>
> if (client_nat_test("1")) {
> fix_nated_contact();
> };
>}
>
>
>
More information about the sr-users
mailing list