[Serusers] t_replicate and 'Credentials with given realm not found'

Greger V. Teigre greger at teigre.com
Thu Jul 21 07:31:19 CEST 2005 

Zen Kato wrote:
> Another questions are
> (1)What purpose do we need 'modparam("auth","secret","abcdef")' on
>   each ser.cfg? This is written on p.51,iptel.org SIP Express Router
>   v0.11.0-- Admin's Guide.

AFAIK and without looking at the code, I would say it's used for seeding the 
http-digest algorithm.

> (2)Can we replicate REGISTER to asterisk after we succeeded register
>   on serA?
>   ex.   UA1-serA --> serA -->serB
>                       |
>                       +----->asteriskX

I don't know. There is no t_replicate specifically for asterisk, but you can 
use t_replicate to send to asterisk and then handle it there as you wish. 
However, see previous posts on this list regarding several t_replicates (not 
straight-forward).
g-)

> Regards,
>
> Zen Kato
>
>> You want to check on src_ip==peer and then skip authentication.
>> g-)
>>
>> Zen Kato wrote:
>>> Hi,
>>>
>>>
>>> I have been testing 't_replicate' between two sers.
>>> serA: 192.168.0.3
>>> serB: 192.168.0.12
>>>
>>> serA's 'ser.cfg':
>>> .....(snip).....
>>> modparam("auth_db|auth_diameter|group|uri_db|usrloc|registrar",
>>> "use_domain", 1)
>>> modparam("auth","secret","abcdef")
>>>
>>> ......(snip).....
>>>
>>> if (method=="REGISTER") {
>>>
>>> # Uncomment this if you want to use digest authentication
>>> if (!www_authorize("192.168.0.3", "subscriber")) {
>>> www_challenge("192.168.0.3", "0");
>>> break;
>>> };
>>>
>>> save("location");
>>> # replicate to the backup server
>>> if(!src_ip==192.168.0.12){
>>> log(1,"*** REPLICATE REGISTER REQUEST ****\n");
>>> t_replicate("192.168.0.12","5060");
>>> };
>>> break;
>>> };
>>>
>>> serB's 'ser.cfg':
>>> .....(snip)....
>>> modparam("auth_db|auth_diameter|group|uri_db|usrloc|registrar",
>>> "use_domain", 1)
>>> modparam("auth","secret","abcdef")
>>> modparam("usrloc","db_mode",1)
>>>
>>> ....(snip).....
>>>
>>> if (method=="REGISTER") {
>>>
>>> # Uncomment this if you want to use digest authentication
>>> if (!www_authorize("192.168.0.12", "subscriber")) {
>>> www_challenge("192.168.0.12", "0");
>>> break;
>>> };
>>>
>>> save("location");
>>> break;
>>> };
>>>
>>>
>>> serA could send  "Request: REGISTER sip:192.168.0.3" from
>>> 192.168.0.3 to
>>> serB(192.168.0.12) by 't_replicate', but serB says: pre_auth():
>>> Credentials
>>> with given realm not found as follows;
>>>
>>> ....(snip).....
>>> 2(9571) SIP Request:
>>> 2(9571)  method:  <REGISTER>
>>> 2(9571)  uri:     <sip:192.168.0.3>
>>> 2(9571)  version: <SIP/2.0>
>>> 2(9571) parse_headers: flags=1
>>> 2(9571) Found param type 232, <branch> = <z9hG4bK3dbc.a52cfe51.0>;
>>> state=16 2(9571) end of header reached, state=5
>>> 2(9571) parse_headers: Via found, flags=1
>>> 2(9571) parse_headers: this is the first via
>>> 2(9571) After parse_msg...
>>> 2(9571) preparing to run routing scripts...
>>> 2(9571) parse_headers: flags=128
>>> 2(9571) Found param type 232, <branch> = <z9hG4bKd686d524a54b3ed8>;
>>> state=16 2(9571) end of header reached, state=5
>>> 2(9571) parse_headers: Via found, flags=128
>>> 2(9571) parse_headers: this is the second via
>>> 2(9571) end of header reached, state=9
>>> 2(9571) DEBUG: get_hdr_field: <To> [23]; uri=[sip:114 at 192.168.0.3]
>>> 2(9571) DEBUG: to body [<sip:114 at 192.168.0.3>
>>> ]
>>> 2(9571) get_hdr_field: cseq <CSeq>: <101> <REGISTER>
>>> 2(9571) DEBUG:maxfwd:is_maxfwd_present: value = 16
>>> 2(9571) parse_headers: flags=256
>>> 2(9571) DEBUG: get_hdr_body : content_length=0
>>> 2(9571) found end of header
>>> 2(9571) find_first_route: No Route headers found
>>> 2(9571) loose_route: There is no Route HF
>>> 2(9571) grep_sock_info - checking if host==us: 11==12 &&
>>> [192.168.0.3] == [192.168.0.12] 2(9571) grep_sock_info - checking if
>>> port 5060 matches port 5060 2(9571) grep_sock_info - checking if
>>> host==us: 11==12 &&  [192.168.0.3] == [192.168.0.12] 2(9571)
>>> grep_sock_info - checking if port 5060 matches port 5060 2(9571)
>>> grep_sock_info - checking if host==us: 11==12 &&  [192.168.0.3] ==
>>> [192.168.0.12] 2(9571) grep_sock_info - checking if port 5060
>>> matches port 5060 2(9571) grep_sock_info - checking if host==us:
>>> 11==12 && [192.168.0.3] == [192.168.0.12] 2(9571) grep_sock_info -
>>> checking if port 5060 matches port 5060 2(9571) parse_headers:
>>> flags=4096 2(9571) found end of header 2(9571) pre_auth():
>>> Credentials with given realm not found 2(9571) build_auth_hf():
>>> 'WWW-Authenticate: Digest realm="192.168.0.12",
>>> nonce="42dc3cad3841a0086c78df73d97f1671b9054aab" ' 2(9571)
>>> parse_headers: flags=-1 2(9571) check_via_address(192.168.0.3,
>>> 192.168.0.3, 0) 2(9571) DEBUG:destroy_avp_list: destroying list
>>> (nil) 2(9571) receive_msg: cleaning up
>>> --------
>>> I cannot replicate serA's UA to serB. How should I do ?
>>>
>>> Regards,
>>>
>>> Zen
>>>
>>>
>>>
>>> _______________________________________________
>>> Serusers mailing list
>>> serusers at lists.iptel.org
>>> http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list