[Serusers] Proxy Authentication
Andrey Kouprianov
andrey.kouprianov at gmail.com
Mon Aug 28 17:31:55 CEST 2006
Hi,
First of all it is GREAT that you've sent your logs and ser.cfg!! I
wish everyone would do it (however, this is rarely the case).
You SJPhone cannot call, because for some reason your URI and username
differ. Take a closer look at this part:
Proxy-Authorization: Digest
username="313813",realm="localhost",nonce="44f307373cf9fb29da3028442e23f976513fc91d",uri="sip:313812 at sipserver.es",response="bfd77c8cdc1066487b170b19e1e0fe61",algorithm=MD5
The username is 313813, but the URI is sip:313812 at sipserver.es. Notice
any difference? Plz, take a look at your account setup in SJPhone
closely. I think the problem should be there.
Regards,
Andrey.
On 8/28/06, Javier Oviedo <joviedo at plcendesa.com> wrote:
>
> Hi all
>
> In my network schema I have a Sip Express Router to authenticate my outbound
> calls to a PSTN. I add a new equipment to a ser with "serctl add user pass
> e-mail" command. My softphone is registered in proxy but when I make a call
> to a PSTN I obtain the following error: Call rejected: 407 Proxy
> Authentication Rquired :
>
> I use the SJPhone software.
>
> Any idea about where is the problem
>
> Thanks in advance
> Joe
>
> My ser configuration is:
>
> debug=3
> fork=no
> log_stderror=yes
>
> port=5060
> children=4
>
> dns=no
> rev_dns=no
> fifo="/tmp/ser_fifo"
> fifo_db_url="mysql://ser:heslo@localhost/ser"
>
> loadmodule "/usr/local/lib/ser/modules/mysql.so"
> loadmodule "/usr/local/lib/ser/modules/sl.so"
> loadmodule "/usr/local/lib/ser/modules/tm.so"
> loadmodule "/usr/local/lib/ser/modules/rr.so"
> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> loadmodule "/usr/local/lib/ser/modules/registrar.so"
> loadmodule "/usr/local/lib/ser/modules/auth.so"
> loadmodule "/usr/local/lib/ser/modules/auth_db.so"
> loadmodule "/usr/local/lib/ser/modules/uri_db.so"
>
> modparam("auth_db|uri_db|usrloc", "db_url",
> "mysql://ser:heslo@localhost/ser")
> modparam("auth_db", "calculate_ha1", 1)
> modparam("auth_db", "password_column", "password")
> modparam("usrloc", "db_mode", 2)
> modparam("rr", "enable_full_lr", 1)
>
> route {
>
> #
> -----------------------------------------------------------------
> # Sanity Check Section
> #
> -----------------------------------------------------------------
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483", "Too Many Hops");
> break;
> };
>
> if (msg:len > max_len) {
> sl_send_reply("513", "Message Overflow");
> break;
> };
>
> #
> -----------------------------------------------------------------
> # Record Route Section
> #
> -----------------------------------------------------------------
> if (method!="REGISTER") {
> record_route();
> };
>
> #
> -----------------------------------------------------------------
> # Loose Route Section
> #
> -----------------------------------------------------------------
> if (loose_route()) {
> route(1);
> break;
> };
>
> #
> -----------------------------------------------------------------
> # Call Type Processing Section
> #
> -----------------------------------------------------------------
> if (uri!=myself) {
> route(1);
> break;
> };
>
> if (method=="ACK") {
> route(1);
> break;
> } if (method=="INVITE") {
> route(3);
> break;
> } else if (method=="REGISTER") {
> route(2);
> break;
> };
>
> lookup("aliases");
>
> if (uri!=myself) {
> route(1);
> break;
> };
>
> if (!lookup("location")) {
> sl_send_reply("404", "User Not Found");
> break;
> };
>
> route(1);
> }
>
> route[1] {
>
> #
> -----------------------------------------------------------------
> # Default Message Handler
> #
> -----------------------------------------------------------------
> if (!t_relay()) {
> sl_reply_error();
> };
> }
>
> route[2] {
>
> #
> -----------------------------------------------------------------
> # REGISTER Message Handler
> #
> ----------------------------------------------------------------
> sl_send_reply("100", "Trying");
>
> if (!www_authorize("localhost","subscriber")) {
> www_challenge("localhost","0");
> break;
> };
>
> if (!check_to()) {
> sl_send_reply("401", "Unauthorized");
> break;
> };
>
> consume_credentials();
>
> if (!save("location")) {
> sl_reply_error();
> };
> }
>
> route[3] {
> #
> -----------------------------------------------------------------
> # INVITE Message Handler
> #
> -----------------------------------------------------------------
> if (!proxy_authorize("localhost","subscriber")) {
> proxy_challenge("localhost","0");
> break;
> } else if (!check_from()) {
> sl_send_reply("403", "Use From=ID");
> break;
> };
>
> consume_credentials();
>
> lookup("aliases");
> if (uri!=myself) {
> route(1);
> break;
> };
>
> #if (!lookup("location")) {
> # sl_send_reply("404", "User Not Found");
> # break;
> #};
>
> route(1);
> }
>
>
>
> SoftPhone LOG:
>
> 17:04:43.1
> SENDING TO: 10.110.0.127:5060
> INVITE sip:313812 at sipserver.es SIP/2.0
> To: <sip:313812 at sipserver.es>
> From: Joe<sip:313813 at sipserver.es>;tag=52710612
> Via: SIP/2.0/UDP
> 172.25.97.138:9528;branch=z9hG4bK-d87543-366872507-1--d87543-;rport
> Call-ID: fc7b726c6545d126
> CSeq: 1 INVITE
> Contact: <sip:313813 at 172.25.97.138:9528>
> Max-Forwards: 70
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE,
> INFO
> Content-Type: application/sdp
> User-Agent: eyeBeam release 3004t stamp 16741
> Content-Length: 274
>
> v=0
> o=- 32759240 32759303 IN IP4 172.25.97.138
> s=eyeBeam
> c=IN IP4 172.25.97.138
> t=0 0
> m=audio 7262 RTP/AVP 100 6 0 8 3 18 5 101
> a=alt:1 1 : 8013E837 DD8642E8 172.25.97.138 7262
> a=fmtp:101 0-15
> a=rtpmap:100 speex/16000
> a=rtpmap:101 telephone-event/8000
> a=sendrecv
>
> 17:04:43.1
> RECEIVING FROM: 10.110.0.127:5060
> SIP/2.0 407 Proxy Authentication Required
> To:
> <sip:313812 at sipserver.es>;tag=ae8ae6963bd737be6ef2befd1ceaf249.3909
> From: Joe<sip:313813 at sipserver.es>;tag=52710612
> Via: SIP/2.0/UDP
> 172.25.97.138:9528;branch=z9hG4bK-d87543-366872507-1--d87543-;rport=9528
> Call-ID: fc7b726c6545d126
> CSeq: 1 INVITE
> Proxy-Authenticate: Digest realm="localhost",
> nonce="44f307373cf9fb29da3028442e23f976513fc91d"
> Server: Sip EXpress router (0.9.6 (i386/linux))
> Content-Length: 0
> Warning: 392 10.110.0.127:5060 "Noisy feedback tells: pid=7865
> req_src_ip=172.25.97.138 req_src_port=9528 in_uri=sip:313812 at sipserver.es
> out_uri=sip:313812 at sipserver.es via_cnt==1"
>
>
> 17:04:43.1
> SENDING TO: 10.110.0.127:5060
> ACK sip:313812 at sipserver.es SIP/2.0
> To:
> <sip:313812 at sipserver.es>;tag=ae8ae6963bd737be6ef2befd1ceaf249.3909
> From: Joe<sip:313813 at sipserver.es>;tag=52710612
> Via: SIP/2.0/UDP
> 172.25.97.138:9528;branch=z9hG4bK-d87543-366872507-1--d87543-;rport
> Call-ID: fc7b726c6545d126
> CSeq: 1 ACK
> Content-Length: 0
>
>
> 17:04:43.1
> SENDING TO: 10.110.0.127:5060
> INVITE sip:313812 at sipserver.es SIP/2.0
> To: <sip:313812 at sipserver.es>
> From: Joe<sip:313813 at sipserver.es>;tag=52710612
> Via: SIP/2.0/UDP
> 172.25.97.138:9528;branch=z9hG4bK-d87543-736589046-1--d87543-;rport
> Call-ID: fc7b726c6545d126
> CSeq: 2 INVITE
> Contact: <sip:313813 at 172.25.97.138:9528>
> Max-Forwards: 70
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE,
> INFO
> Content-Type: application/sdp
> Proxy-Authorization: Digest
> username="313813",realm="localhost",nonce="44f307373cf9fb29da3028442e23f976513fc91d",uri="sip:313812 at sipserver.es",response="bfd77c8cdc1066487b170b19e1e0fe61",algorithm=MD5
> User-Agent: eyeBeam release 3004t stamp 16741
> Content-Length: 274
>
> v=0
> o=- 32759240 32759303 IN IP4 172.25.97.138
> s=eyeBeam
> c=IN IP4 172.25.97.138
> t=0 0
> m=audio 7262 RTP/AVP 100 6 0 8 3 18 5 101
> a=alt:1 1 : 8013E837 DD8642E8 172.25.97.138 7262
> a=fmtp:101 0-15
> a=rtpmap:100 speex/16000
> a=rtpmap:101 telephone-event/8000
> a=sendrecv
>
> 17:04:43.1
> RECEIVING FROM: 10.110.0.127:5060
> SIP/2.0 100 trying -- your call is important to us
> To: <sip:313812 at sipserver.es>
> From: Joe<sip:313813 at sipserver.es>;tag=52710612
> Via: SIP/2.0/UDP
> 172.25.97.138:9528;branch=z9hG4bK-d87543-736589046-1--d87543-;rport=9528
> Call-ID: fc7b726c6545d126
> CSeq: 2 INVITE
> Server: Sip EXpress router (0.9.6 (i386/linux))
> Content-Length: 0
> Warning: 392 10.110.0.127:5060 "Noisy feedback tells: pid=7865
> req_src_ip=172.25.97.138 req_src_port=9528 in_uri=sip:313812 at sipserver.es
> out_uri=sip:313812 at sipserver.es via_cnt==1"
>
>
> 17:04:43.1
> RECEIVING FROM: 10.110.0.127:5060
> SIP/2.0 407 Proxy Authentication Required
> To:
> <sip:313812 at sipserver.es>;tag=ae8ae6963bd737be6ef2befd1ceaf249.fcd1
> From: Joe<sip:313813 at sipserver.es>;tag=52710612
> Via: SIP/2.0/UDP
> 172.25.97.138:9528;branch=z9hG4bK-d87543-736589046-1--d87543-;rport=9528
> Call-ID: fc7b726c6545d126
> CSeq: 2 INVITE
> Proxy-Authenticate: Digest realm="localhost",
> nonce="44f307373cf9fb29da3028442e23f976513fc91d"
> Server: Sip EXpress router (0.9.6 (i386/linux))
> Content-Length: 0
> Warning: 392 10.110.0.127:5060 "Noisy feedback tells: pid=7865
> req_src_ip=10.110.0.127 req_src_port=5060 in_uri=sip:313812 at sipserver.es
> out_uri=sip:313812 at sipserver.es via_cnt==2"
>
>
> 17:04:43.1
> SENDING TO: 10.110.0.127:5060
> ACK sip:313812 at sipserver.es SIP/2.0
> To:
> <sip:313812 at sipserver.es>;tag=ae8ae6963bd737be6ef2befd1ceaf249.fcd1
> From: Joe<sip:313813 at sipserver.es>;tag=52710612
> Via: SIP/2.0/UDP
> 172.25.97.138:9528;branch=z9hG4bK-d87543-736589046-1--d87543-;rport
> Call-ID: fc7b726c6545d126
> CSeq: 2 ACK
> Content-Length: 0
>
>
> 17:04:43.2 Call (l:'Joe' r:'sip:313812 at sipserver.es') - Call being
> terminated. Reasons: "Proxy Authentication Required", (code: 407)
>
>
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
>
More information about the sr-users
mailing list