[Serusers] Proxy Authentication
Andrey Kouprianov
andrey.kouprianov at gmail.com
Tue Aug 29 09:02:38 CEST 2006
Hi,
Why are you selecting 313814? The problem is with 313812 isnt it? Your
trace log shows the conflict between 313812 and 313813 (not 313814)...
:)
Here's the examle (from RFC document) of authorizationm response from
the client back to the server with a 2nd INVITE...
Authorization: Digest username="bob",
realm="biloxi.com",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri="sip:bob at biloxi.com",
qop=auth,
nc=00000001,
cnonce="0a4f113b",
response="6629fae49393a05397450978507c4ef1",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
As you can see uri is "sip:bob at bioxy.com" as well as the username is
"bob" as well (i.e. they are same)... That gives me an impression
there's something wrong with ur client-side setup..
Regards,
Andrey.
On 8/29/06, Javier Oviedo <joviedo at plcendesa.com> wrote:
> Andrey Kouprianov escribió:
> > Hi,
> >
> > First of all it is GREAT that you've sent your logs and ser.cfg!! I
> > wish everyone would do it (however, this is rarely the case).
> >
> > You SJPhone cannot call, because for some reason your URI and username
> > differ. Take a closer look at this part:
> >
> > Proxy-Authorization: Digest
> > username="313813",realm="localhost",nonce="44f307373cf9fb29da3028442e23f976513fc91d",uri="sip:313812 at sipserver.es",response="bfd77c8cdc1066487b170b19e1e0fe61",algorithm=MD5
> >
> >
> > The username is 313813, but the URI is sip:313812 at sipserver.es. Notice
> > any difference? Plz, take a look at your account setup in SJPhone
> > closely. I think the problem should be there.
> >
> > Regards,
> >
> > Andrey.
> >
> > On 8/28/06, Javier Oviedo <joviedo at plcendesa.com> wrote:
> >>
> >> Hi all
> >>
> >> In my network schema I have a Sip Express Router to authenticate my
> >> outbound
> >> calls to a PSTN. I add a new equipment to a ser with "serctl add user
> >> pass
> >> e-mail" command. My softphone is registered in proxy but when I make
> >> a call
> >> to a PSTN I obtain the following error: Call rejected: 407 Proxy
> >> Authentication Rquired :
> >>
> >> I use the SJPhone software.
> >>
> >> Any idea about where is the problem
> >>
> >> Thanks in advance
> >> Joe
> >>
> >> My ser configuration is:
> >>
> >> debug=3
> >> fork=no
> >> log_stderror=yes
> >>
> >> port=5060
> >> children=4
> >>
> >> dns=no
> >> rev_dns=no
> >> fifo="/tmp/ser_fifo"
> >> fifo_db_url="mysql://ser:heslo@localhost/ser"
> >>
> >> loadmodule "/usr/local/lib/ser/modules/mysql.so"
> >> loadmodule "/usr/local/lib/ser/modules/sl.so"
> >> loadmodule "/usr/local/lib/ser/modules/tm.so"
> >> loadmodule "/usr/local/lib/ser/modules/rr.so"
> >> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> >> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> >> loadmodule "/usr/local/lib/ser/modules/registrar.so"
> >> loadmodule "/usr/local/lib/ser/modules/auth.so"
> >> loadmodule "/usr/local/lib/ser/modules/auth_db.so"
> >> loadmodule "/usr/local/lib/ser/modules/uri_db.so"
> >>
> >> modparam("auth_db|uri_db|usrloc", "db_url",
> >> "mysql://ser:heslo@localhost/ser")
> >> modparam("auth_db", "calculate_ha1", 1)
> >> modparam("auth_db", "password_column", "password")
> >> modparam("usrloc", "db_mode", 2)
> >> modparam("rr", "enable_full_lr", 1)
> >>
> >> route {
> >>
> >> #
> >> -----------------------------------------------------------------
> >> # Sanity Check Section
> >> #
> >> -----------------------------------------------------------------
> >> if (!mf_process_maxfwd_header("10")) {
> >> sl_send_reply("483", "Too Many Hops");
> >> break;
> >> };
> >>
> >> if (msg:len > max_len) {
> >> sl_send_reply("513", "Message Overflow");
> >> break;
> >> };
> >>
> >> #
> >> -----------------------------------------------------------------
> >> # Record Route Section
> >> #
> >> -----------------------------------------------------------------
> >> if (method!="REGISTER") {
> >> record_route();
> >> };
> >>
> >> #
> >> -----------------------------------------------------------------
> >> # Loose Route Section
> >> #
> >> -----------------------------------------------------------------
> >> if (loose_route()) {
> >> route(1);
> >> break;
> >> };
> >>
> >> #
> >> -----------------------------------------------------------------
> >> # Call Type Processing Section
> >> #
> >> -----------------------------------------------------------------
> >> if (uri!=myself) {
> >> route(1);
> >> break;
> >> };
> >>
> >> if (method=="ACK") {
> >> route(1);
> >> break;
> >> } if (method=="INVITE") {
> >> route(3);
> >> break;
> >> } else if (method=="REGISTER") {
> >> route(2);
> >> break;
> >> };
> >>
> >> lookup("aliases");
> >>
> >> if (uri!=myself) {
> >> route(1);
> >> break;
> >> };
> >>
> >> if (!lookup("location")) {
> >> sl_send_reply("404", "User Not Found");
> >> break;
> >> };
> >>
> >> route(1);
> >> }
> >>
> >> route[1] {
> >>
> >> #
> >> -----------------------------------------------------------------
> >> # Default Message Handler
> >> #
> >> -----------------------------------------------------------------
> >> if (!t_relay()) {
> >> sl_reply_error();
> >> };
> >> }
> >>
> >> route[2] {
> >>
> >> #
> >> -----------------------------------------------------------------
> >> # REGISTER Message Handler
> >> #
> >> ----------------------------------------------------------------
> >> sl_send_reply("100", "Trying");
> >>
> >> if (!www_authorize("localhost","subscriber")) {
> >> www_challenge("localhost","0");
> >> break;
> >> };
> >>
> >> if (!check_to()) {
> >> sl_send_reply("401", "Unauthorized");
> >> break;
> >> };
> >>
> >> consume_credentials();
> >>
> >> if (!save("location")) {
> >> sl_reply_error();
> >> };
> >> }
> >>
> >> route[3] {
> >> #
> >> -----------------------------------------------------------------
> >> # INVITE Message Handler
> >> #
> >> -----------------------------------------------------------------
> >> if (!proxy_authorize("localhost","subscriber")) {
> >> proxy_challenge("localhost","0");
> >> break;
> >> } else if (!check_from()) {
> >> sl_send_reply("403", "Use From=ID");
> >> break;
> >> };
> >>
> >> consume_credentials();
> >>
> >> lookup("aliases");
> >> if (uri!=myself) {
> >> route(1);
> >> break;
> >> };
> >>
> >> #if (!lookup("location")) {
> >> # sl_send_reply("404", "User Not Found");
> >> # break;
> >> #};
> >>
> >> route(1);
> >> }
> >>
> >>
> >>
> >> SoftPhone LOG:
> >>
> >> 17:04:43.1
> >> SENDING TO: 10.110.0.127:5060
> >> INVITE sip:313812 at sipserver.es SIP/2.0
> >> To: <sip:313812 at sipserver.es>
> >> From: Joe<sip:313813 at sipserver.es>;tag=52710612
> >> Via: SIP/2.0/UDP
> >> 172.25.97.138:9528;branch=z9hG4bK-d87543-366872507-1--d87543-;rport
> >> Call-ID: fc7b726c6545d126
> >> CSeq: 1 INVITE
> >> Contact: <sip:313813 at 172.25.97.138:9528>
> >> Max-Forwards: 70
> >> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
> >> SUBSCRIBE,
> >> INFO
> >> Content-Type: application/sdp
> >> User-Agent: eyeBeam release 3004t stamp 16741
> >> Content-Length: 274
> >>
> >> v=0
> >> o=- 32759240 32759303 IN IP4 172.25.97.138
> >> s=eyeBeam
> >> c=IN IP4 172.25.97.138
> >> t=0 0
> >> m=audio 7262 RTP/AVP 100 6 0 8 3 18 5 101
> >> a=alt:1 1 : 8013E837 DD8642E8 172.25.97.138 7262
> >> a=fmtp:101 0-15
> >> a=rtpmap:100 speex/16000
> >> a=rtpmap:101 telephone-event/8000
> >> a=sendrecv
> >>
> >> 17:04:43.1
> >> RECEIVING FROM: 10.110.0.127:5060
> >> SIP/2.0 407 Proxy Authentication Required
> >> To:
> >> <sip:313812 at sipserver.es>;tag=ae8ae6963bd737be6ef2befd1ceaf249.3909
> >> From: Joe<sip:313813 at sipserver.es>;tag=52710612
> >> Via: SIP/2.0/UDP
> >> 172.25.97.138:9528;branch=z9hG4bK-d87543-366872507-1--d87543-;rport=9528
> >> Call-ID: fc7b726c6545d126
> >> CSeq: 1 INVITE
> >> Proxy-Authenticate: Digest realm="localhost",
> >> nonce="44f307373cf9fb29da3028442e23f976513fc91d"
> >> Server: Sip EXpress router (0.9.6 (i386/linux))
> >> Content-Length: 0
> >> Warning: 392 10.110.0.127:5060 "Noisy feedback tells: pid=7865
> >> req_src_ip=172.25.97.138 req_src_port=9528
> >> in_uri=sip:313812 at sipserver.es
> >> out_uri=sip:313812 at sipserver.es via_cnt==1"
> >>
> >>
> >> 17:04:43.1
> >> SENDING TO: 10.110.0.127:5060
> >> ACK sip:313812 at sipserver.es SIP/2.0
> >> To:
> >> <sip:313812 at sipserver.es>;tag=ae8ae6963bd737be6ef2befd1ceaf249.3909
> >> From: Joe<sip:313813 at sipserver.es>;tag=52710612
> >> Via: SIP/2.0/UDP
> >> 172.25.97.138:9528;branch=z9hG4bK-d87543-366872507-1--d87543-;rport
> >> Call-ID: fc7b726c6545d126
> >> CSeq: 1 ACK
> >> Content-Length: 0
> >>
> >>
> >> 17:04:43.1
> >> SENDING TO: 10.110.0.127:5060
> >> INVITE sip:313812 at sipserver.es SIP/2.0
> >> To: <sip:313812 at sipserver.es>
> >> From: Joe<sip:313813 at sipserver.es>;tag=52710612
> >> Via: SIP/2.0/UDP
> >> 172.25.97.138:9528;branch=z9hG4bK-d87543-736589046-1--d87543-;rport
> >> Call-ID: fc7b726c6545d126
> >> CSeq: 2 INVITE
> >> Contact: <sip:313813 at 172.25.97.138:9528>
> >> Max-Forwards: 70
> >> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
> >> SUBSCRIBE,
> >> INFO
> >> Content-Type: application/sdp
> >> Proxy-Authorization: Digest
> >> username="313813",realm="localhost",nonce="44f307373cf9fb29da3028442e23f976513fc91d",uri="sip:313812 at sipserver.es",response="bfd77c8cdc1066487b170b19e1e0fe61",algorithm=MD5
> >>
> >> User-Agent: eyeBeam release 3004t stamp 16741
> >> Content-Length: 274
> >>
> >> v=0
> >> o=- 32759240 32759303 IN IP4 172.25.97.138
> >> s=eyeBeam
> >> c=IN IP4 172.25.97.138
> >> t=0 0
> >> m=audio 7262 RTP/AVP 100 6 0 8 3 18 5 101
> >> a=alt:1 1 : 8013E837 DD8642E8 172.25.97.138 7262
> >> a=fmtp:101 0-15
> >> a=rtpmap:100 speex/16000
> >> a=rtpmap:101 telephone-event/8000
> >> a=sendrecv
> >>
> >> 17:04:43.1
> >> RECEIVING FROM: 10.110.0.127:5060
> >> SIP/2.0 100 trying -- your call is important to us
> >> To: <sip:313812 at sipserver.es>
> >> From: Joe<sip:313813 at sipserver.es>;tag=52710612
> >> Via: SIP/2.0/UDP
> >> 172.25.97.138:9528;branch=z9hG4bK-d87543-736589046-1--d87543-;rport=9528
> >> Call-ID: fc7b726c6545d126
> >> CSeq: 2 INVITE
> >> Server: Sip EXpress router (0.9.6 (i386/linux))
> >> Content-Length: 0
> >> Warning: 392 10.110.0.127:5060 "Noisy feedback tells: pid=7865
> >> req_src_ip=172.25.97.138 req_src_port=9528
> >> in_uri=sip:313812 at sipserver.es
> >> out_uri=sip:313812 at sipserver.es via_cnt==1"
> >>
> >>
> >> 17:04:43.1
> >> RECEIVING FROM: 10.110.0.127:5060
> >> SIP/2.0 407 Proxy Authentication Required
> >> To:
> >> <sip:313812 at sipserver.es>;tag=ae8ae6963bd737be6ef2befd1ceaf249.fcd1
> >> From: Joe<sip:313813 at sipserver.es>;tag=52710612
> >> Via: SIP/2.0/UDP
> >> 172.25.97.138:9528;branch=z9hG4bK-d87543-736589046-1--d87543-;rport=9528
> >> Call-ID: fc7b726c6545d126
> >> CSeq: 2 INVITE
> >> Proxy-Authenticate: Digest realm="localhost",
> >> nonce="44f307373cf9fb29da3028442e23f976513fc91d"
> >> Server: Sip EXpress router (0.9.6 (i386/linux))
> >> Content-Length: 0
> >> Warning: 392 10.110.0.127:5060 "Noisy feedback tells: pid=7865
> >> req_src_ip=10.110.0.127 req_src_port=5060 in_uri=sip:313812 at sipserver.es
> >> out_uri=sip:313812 at sipserver.es via_cnt==2"
> >>
> >>
> >> 17:04:43.1
> >> SENDING TO: 10.110.0.127:5060
> >> ACK sip:313812 at sipserver.es SIP/2.0
> >> To:
> >> <sip:313812 at sipserver.es>;tag=ae8ae6963bd737be6ef2befd1ceaf249.fcd1
> >> From: Joe<sip:313813 at sipserver.es>;tag=52710612
> >> Via: SIP/2.0/UDP
> >> 172.25.97.138:9528;branch=z9hG4bK-d87543-736589046-1--d87543-;rport
> >> Call-ID: fc7b726c6545d126
> >> CSeq: 2 ACK
> >> Content-Length: 0
> >>
> >>
> >> 17:04:43.2 Call (l:'Joe' r:'sip:313812 at sipserver.es') - Call being
> >> terminated. Reasons: "Proxy Authentication Required", (code: 407)
> >>
> >>
> >> _______________________________________________
> >> Serusers mailing list
> >> Serusers at lists.iptel.org
> >> http://lists.iptel.org/mailman/listinfo/serusers
> >>
> >>
> >>
> > _______________________________________________
> > Serusers mailing list
> > Serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
> >
> >
> Hi Andrey
>
> I think tha tihs part of log is correct:
>
> Proxy-Authorization: Digest
> username="313813",realm="localhost",nonce="44f307373cf9fb29da3028442e23f976513fc91d",uri="sip:313812 at sipserver.es",response="bfd77c8cdc1066487b170b19e1e0fe61",algorithm=MD5
>
>
> The username is the caller id and the uri is de destination number. My
> SJphone configuration is simply: The user, pass and account name are
> 313813. I attach my mysql subscriber table:
>
>
> mysql> select * from subscriber where username=313814;
> +----------------------------------+----------+----------------------+----------+------------+-----------+-------+-------------------+---------------------+---------------------+--------------+------+------------------+----------+----------------------------------+----------------------------------+------------+----------+------+------+------+
> | phplib_id | username | domain |
> password | first_name | last_name | phone | email_address |
> datetime_created | datetime_modified | confirmation | flag |
> sendnotification | greeting | ha1 |
> ha1b | allow_find | timezone | rpid | domn |
> uuid |
> +----------------------------------+----------+----------------------+----------+------------+-----------+-------+-------------------+---------------------+---------------------+--------------+------+------------------+----------+----------------------------------+----------------------------------+------------+----------+------+------+------+
> | 3fbf3938ba07fa0f280ffe44926e4cd3 | 313814 | sipserver.es | 313814
> | | | | joe at plcendesa.com | 2006-08-28
> 18:23:22 | 0000-00-00 00:00:00 | | o |
> | | 3fbf3938ba07fa0f280ffe44926e4cd3 |
> 147098ce3cd77298d89982cd37b5813a | 0 | NULL | NULL | NULL |
> NULL |
> +----------------------------------+----------+----------------------+----------+------------+-----------+-------+-------------------+---------------------+---------------------+--------------+------+------------------+----------+----------------------------------+----------------------------------+------------+----------+------+------+------+
> 1 row in set (0.00 sec)
>
>
> and my uri table:
>
> mysql> select * from uri;
> +----------+----------------------+----------+---------------------+
> | username | domain | uri_user | last_modified |
> +----------+----------------------+----------+---------------------+
> | 313813 | sipserver.createc.es | 313813 | 2006-08-28 17:52:48 |
> | 313814 | sipserver.createc.es | 313814 | 2006-08-28 18:23:22 |
> +----------+----------------------+----------+---------------------+
> 2 rows in set (0.00 sec)
>
>
> With the X-Lite softphone the same thing happens.
>
> Thanks in advace!
> Regards
> Joe
>
More information about the sr-users
mailing list