[Serusers] multi-domain support with one SER-2
Alberto
alberto.ipt at telefonica.net
Thu Sep 29 15:50:08 CEST 2005
Hi,
I am new user too.
Have you add twos domains into "domain" table?
Regards
--
Alberto
----- Original Message -----
From: "Lambert, Micheline (Satnet)" <Lambert.M at emssatnet.com>
To: <serusers at lists.iptel.org>
Sent: Thursday, September 29, 2005 3:21 PM
Subject: [Serusers] multi-domain support with one SER-2
> Hi,
>
>
> I'm new with SER since August 2005.
>
>
> I'm using ser v0.9.3 and mysql v4.1.13.
>
>
> I use SER with two domains: 192.168.20.55 and 192.168.20.155.
>
> Some users are configured in subscribe table of SER database with domain
> 192.168.20.55 and
>
> other users are configured in the same subscribe table of SER database
> with
> domain 192.168.20.155.
>
>
>
> I understand that user from domain 192.168.20.55 can not talk to users in
> domain 192.168.20.155. Is it right?
>
>
>
> I have the following problem:
>
> Users from domain 192.168.20.55 can make calls to PBX/PSTN but users from
> domain 192.168.20.155 can not,
>
> There is the message 403 Forbidden sent to the users.
>
>
>
> Here is the sequence:
>
> <- INVITE
>
> -> 407 Proxy Authentication Required
>
> <-ACK
>
> <-INVITE
>
> ->100 Trying
>
> ->403 Forbidden
>
> <-ACK
>
> ->403 Forbidden
>
> <-ACK
>
> ->403 Forbidden
>
> <-ACK
>
>
>
> I would like to know if there is a need to have two databases for the
> multi-domain support with one SER?
>
>
> Micheline Lambert
>
> I included a part of my ser.cfg file
>
>
>
> #
>
> # $Id: ser.cfg,v 1.25.2.1 2005/02/18 14:30:44 andrei Exp $
>
> #
>
> # simple quick-start config script
>
> #
>
>
>
> ...
>
>
>
> listen=192.168.20.55
>
> listen=192.168.20.155 # support multi-domains
>
>
>
>
>
> # ------------------ module loading ----------------------------------
>
>
>
> # Uncomment this if you want to use SQL database
>
> loadmodule "/usr/local/lib/ser/modules/mysql.so"
>
>
>
> loadmodule "/usr/local/lib/ser/modules/sl.so"
>
> loadmodule "/usr/local/lib/ser/modules/tm.so"
>
> loadmodule "/usr/local/lib/ser/modules/rr.so"
>
> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
>
> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
>
> loadmodule "/usr/local/lib/ser/modules/registrar.so"
>
> loadmodule "/usr/local/lib/ser/modules/textops.so"
>
>
>
> # Uncomment this if you want digest authentication
>
> # mysql.so must be loaded !
>
> loadmodule "/usr/local/lib/ser/modules/auth.so"
>
> loadmodule "/usr/local/lib/ser/modules/auth_db.so"
>
> loadmodule "/usr/local/lib/ser/modules/uri_db.so"
>
>
>
> # load the group module to use : is_useer_in() function
>
> loadmodule "/usr/local/lib/ser/modules/group.so"
>
>
>
> # load the acc module ffor accounting
>
> loadmodule "/usr/local/lib/ser/modules/acc.so"
>
>
>
> #new module for multi-domain support
>
> loadmodule "/usr/local/lib/ser/modules/domain.so"
>
>
>
> # ----------------- setting module-specific parameters ---------------
>
>
>
> # -- usrloc params --
>
>
>
>
>
> modparam("auth_db|uri_db|usrloc", "db_url",
> "mysql://ser:heslo@localhost/ser")
>
>
>
> modparam("acc", "db_url", "mysql://ser:heslo@localhost/ser")
>
>
>
> modparam("usrloc|registrar", "use_domain", 1)
>
>
>
> # -- auth params --
>
> # Uncomment if you are using auth module
>
> #
>
> modparam("auth_db", "calculate_ha1", 1)
>
> #
>
> # If you set "calculate_ha1" parameter to yes (which true in this config),
>
> # uncomment also the following parameter)
>
> #
>
> modparam("auth_db", "password_column", "password")
>
>
>
>
>
> #modparam("usrloc", "db_mode", 0)
>
> # Uncomment this if you want to use SQL database
>
> # for persistent storage and comment the previous line
>
> modparam("usrloc", "db_mode", 2)
>
>
>
>
>
> # -- rr params --
>
> # add value to ;lr param to make some broken UAs happy
>
> modparam("rr", "enable_full_lr", 1)
>
>
>
>
>
> # -- acc params --
>
> # set the reporting log level
>
> modparam("acc", "log_level", 1)
>
> # number of fflag which will be used fffor accounting; if a message
>
> # is labeled with this flag, its completion status will be reported
>
> modparam("acc", "log_flag", 1)
>
>
>
> modparam("acc", "db_flag", 1)
>
> modparam("acc", "report_cancels", 1)
>
>
>
> # ------------------------- request routing logic -------------------
>
>
>
> # main routing logic
>
>
>
> route{
>
>
>
> # ------------------------------------------------------------------
>
> # Sanity Check Section
>
> #
> ------------------------------------------------------------------
>
> # initial sanity checks -- messages with
>
> # max_forwards==0, or excessively long requests
>
> if (!mf_process_maxfwd_header("10")) {
>
> sl_send_reply("483","Too Many Hops");
>
> break;
>
> };
>
> if (msg:len >= 2048 ) {
>
> sl_send_reply("513", "Message too big");
>
> break;
>
> };
>
>
>
>
>
> # ------------------------------------------------------------------
>
> # labeled all transactions for accounting
>
> #
> ------------------------------------------------------------------
>
> log(1, "++++ labeled all transactions for accounting\n");
>
> setflag(1);
>
>
>
> # ------------------------------------------------------------------
>
> # Record Route Section
>
> #
> ------------------------------------------------------------------
>
> # we record-route all messages -- to make sure that
>
> # subsequent messages will go through our proxy; that's
>
> # particularly good if upstream and downstream entities
>
> # use different transport protocol
>
> if (!method=="REGISTER") record_route();
>
>
>
> # ------------------------------------------------------------------
>
> # Loose Route Section
>
> #
> ------------------------------------------------------------------
>
> # subsequent messages withing a dialog should take the
>
> # path determined by record-routing
>
> if (loose_route()) {
>
> # mark routing logic in request
>
> append_hf("P-hint: rr-enforced\r\n");
>
> route(1);
>
> break;
>
> };
>
>
>
> # ------------------------------------------------------------------
>
> # Call Type Processing
>
> #
> ------------------------------------------------------------------
>
> if (!uri==myself) {
>
> # mark routing logic in request
>
> append_hf("P-hint: outbound uri!=myself\r\n");
>
> route(1);
>
> break;
>
> };
>
>
>
> # if the request is for other domain use UsrLoc
>
> # (in case, it does not work, use the following command
>
> # with proper names and addresses in it)
>
> if (uri==myself) {
>
>
>
> if (method=="INVITE") {
>
> route(3);
>
> break;
>
> } else if (method=="REGISTER") {
>
> route(2);
>
> break;
>
> };
>
>
>
> lookup("aliases");
>
> if (!uri==myself) { /* myself = my IP address */
>
> append_hf("P-hint: outbound alias -
> uri!=myself\r\n");
>
> route(1); /* relay the message */
>
> break;
>
> };
>
>
>
> log(1, "++++ route other SIP
> messages???????????????\n");
>
> route(1);
>
> };
>
> }
>
>
>
> route[1]
>
> {
>
> if (!t_relay()) {
>
> sl_reply_error();
>
> };
>
> }
>
>
>
>
>
> route[2]
>
> {
>
> sl_send_reply("100", "Trying");
>
>
>
> log(1, "==== www_authorize\n");
>
> # validate the authentication of the user
>
> if (!www_authorize("", "subscriber")) {
>
> log(1, "==== send 401 Unauthorized\n");
>
> www_challenge("", "0"); # send back 401
> Unauthorized message
>
> break; # ask for another
> registration with auth.
>
> };
>
>
>
> if (!check_to()) {
>
> sl_send_reply("401", "Unauthorized 2");
>
> break;
>
> };
>
>
>
> log(1, "==== remove Authorization line\n");
>
> consume_credentials(); # remove Authorization digest info from
> message
>
>
>
> # save the user in the location table
>
> log(1, "==== save location and send Ok\n");
>
> if (!save("location")) { # save the user in the location table,
> send Ok message
>
> sl_reply_error();
>
> };
>
>
>
> }
>
>
>
>
>
> route[3]
>
> {
>
> if (!uri=~"sip:\+?[0-9]+ at .*") {
>
> log(1, "---- call cannot be serverd here - not
> numeric uri\n");
>
> sl_send_reply("403", "Call cannot be served here");
>
> break;
>
> }
>
>
>
> #
>
> # validate if Incoming call
>
> #
>
> if (src_ip==192.168.20.105) { # address of VoIP Gateway
>
> #
>
> # INCOMING call from VoIP Gateway
>
> #
>
> log(1, "---- Incoming calls from VoIP
> Gateway\n");
>
> if (lookup("location")) {
>
> #
>
> # dest user registered !
>
> #
>
> log(1, "---- dest user registered -
> relay the message\n");
>
> route(1);
>
> break;
>
> } else {
>
> #
>
> # dest user not registered (not part of
> location table)
>
> #
>
> log(1, "---- dest user NOT
> registered
> \n");
>
> sl_send_reply("403", "User not Found");
>
> break;
>
> };
>
> };
>
>
>
> #
>
> # Calls received from ATA
>
> #
>
> log(1, "---- call received from ATA\n");
>
>
>
> #
>
> # validate the authentication of dest user
>
> #
>
> log(1, "---- proxy_authorize()\n");
>
> if (!proxy_authorize("", "subscriber")) {
>
> log(1, "---- src user NOT authenticated\n");
>
> proxy_challenge("", "0");
>
> break;
>
> } else if (!check_from()) {
>
> sl_send_reply("403", "Use From=ID");
>
> break;
>
> };
>
> log(1, "---- src user authenticated\n");
>
> #
>
> # remove Authorization line if necessary
>
> #
>
> log(1, "---- remove proxy-authorization line\n");
>
> consume_credentials();
>
>
>
>
>
> #
>
> # is it neccessary ????
>
> #
>
> lookup("aliases");
>
> if (uri!=myself) {
>
> log(1, "---- Relay message because uri !=
> myself\n");
>
> append_hf("P-hint: outbound alias -
> uri!=myself\r\n");
>
> route(1);
>
> break;
>
> };
>
>
>
> #
>
> # Validate destination calls
>
> #
>
> if (uri=~"sip:31[0-9]*@.*") { # first digits = "31" following
> with 0-9
>
> #
>
> # Local IP calls
>
> #
>
> log(1, "---- local IP calls\n");
>
> if (is_user_in("From", "local")) { # source user
> part of local group?
>
> #
>
> # src part of local group, relay the
> message
>
> #
>
> log(1, "---- src part of local
> group\n");
>
> if (lookup("location")) { # dest user
> registered ?
>
> #
>
> # User registered in
> location table
>
> #
>
> log(1, "---- dest user
> registered\n");
>
> log(1, "---- dest =
> local
> ATA\n");
>
> route(1); /* relay the
> message */
>
> break;
>
> } else {
>
> log(1, "---- dest user
> NOT registered \n");
>
> sl_send_reply("403", "User
> not Found");
>
> break;
>
> };
>
> } else {
>
> log(1, "---- src NOT part of local
> group\n");
>
> sl_send_reply("403", "No Permission for
> local calls");
>
> break;
>
> };
>
> };
>
>
>
> #
>
> # Local PBX calls
>
> #
>
> if (uri=~"sip:3[0-9]*@.*") { # first digit = "3" following with
> 0-9
>
> #
>
> # Local PBX calls
>
> #
>
> log(1, "---- local PBX calls\n");
>
> if (is_user_in("From", "local")) { # source user
> part of local group?
>
> #
>
> # src part of local group, relay the
> message
>
> #
>
> log(1, "---- src part of local
> group\n");
>
> log(1, "---- forward message to VoIP
> Gateway\n");
>
> rewritehostport("192.168.20.105:5060");
>
> forward(192.168.20.105, 5060);
>
> break;
>
> } else {
>
> log(1, "---- src NOT part of local
> group\n");
>
> sl_send_reply("403", "No Permission for
> local calls");
>
> break;
>
> };
>
> };
>
>
>
> if (uri=~"sip:9[2-9][0-9]*@.*") { /* first digit = "9"
> following
> with 2-9 */
>
> #
>
> # Free PSTN calls
>
> #
>
> log(1, "---- free PSTN calls\n");
>
> if (is_user_in("From", "free-pstn")) { # source
> user
> part of free_pstn group?
>
> #
>
> # src part of free-pstn group, forward
> the message
>
> #
>
> log(1, "---- forward message to VoIP
> Gateway\n");
>
> rewritehostport("192.168.20.105:5060");
>
> forward(192.168.20.105, 5060);
>
> break;
>
> } else {
>
> log(1, "---- src NOT part of
> free_pstn group\n");
>
> sl_send_reply("403", "No Permission for
> free PSTN calls");
>
> break;
>
> };
>
> };
>
>
>
> if (uri=~"sip:91[2-9][0-9]*@.*") { /* first digit = "91"
> following with 2-9 */
>
> #
>
> # Long distance PSTN calls
>
> #
>
> log(1, "---- long distance calls\n");
>
> if (is_user_in("From", "ld")) { # source user part
> of long_dist group?
>
> #
>
> # src part of long_dist group, forward
> the message
>
> #
>
> log(1, "---- forward message to VoIP
> Gateway\n");
>
> rewritehostport("192.168.20.105:5060");
>
> forward(192.168.20.105, 5060);
>
> break;
>
> } else {
>
> log(1, "---- src NOT part of long
> ddistance (ld) group\n");
>
> sl_send_reply("403", "No Permission for
> long distance calls");
>
> break;
>
> };
>
> };
>
>
>
> if (uri=~"sip:9011[0-9]*@.*") { /* first digit = "9011"
> following with 2-9 */
>
> #
>
> # International calls
>
> #
>
> log(1, "---- international calls\n");
>
> if (is_user_in("From", "int")) { # source user part
> of int group?
>
> #
>
> # src part of international group,
> forward the message
>
> #
>
> log(1, "---- forward message to VoIP
> Gateway\n");
>
> rewritehostport("192.168.20.105:5060");
>
> forward(192.168.20.105, 5060);
>
> break;
>
> } else {
>
> log(1, "---- src NOT part of
> international (int) group\n");
>
> sl_send_reply("403", "No Permission for
> international calls");
>
> break;
>
> };
>
> };
>
>
>
> #
>
> # Invalid calls
>
> #
>
> log(1, "---- call NOT authorized\n");
>
> sl_send_reply("403", "Call not Authorized");
>
>
>
> }
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list