[SR-Users]   How to proxy/authenticate on third party sip server?

Daniel-Constantin Mierla miconda at gmail.com
Tue Jul 10 11:43:48 CEST 2012


On 7/10/12 11:50 AM, intel at intrans.baku.az wrote:
> Daniel-Constantin Mierla said:
>> Hello,
>>
>> On 7/6/12 7:59 PM, intel at intrans.baku.az wrote:
>>> Can anybody help me with configuration kamailio to authenticate call on
>>> 3rd party server?
>>>
>>> I want to authenticate(and proxy) call's on other server.
>>>
>>> for example, user A have account on my server(let it be A at myserver.com)
>>> and account on other server (let it be AA at hisserver.com)
>>> myserver.com keeps A's credentials for AA at hisserver.com
>>> when A is registered on myserver.com, he make call to B at othersip.com
>>> (using myserver.com as a proxy)
>>> Kamailio on myserver authenticate itself on hisserver as
>>> AA at hisserver.com,
>>> makes call to destination, and connect it to A.
>>>
>>> How can I setup kamailio for such behavior?
>>> Which module should I use?
>>> UAC seems can authenticate on another server, but I don't sure that it
>>> do
>>> what I want. (I've tried it, but without much success)
>> indeed, the uac module is the one that can provide what you want, with
>> some limitations in regard to cseq incrementation. You have to set a
>> failure route and if the reply code is 407, the sent the realm/username
>> and password to the avps specified by the appropriate module parameters
>> -- the next tree at:
>>
>>    *
>> http://kamailio.org/docs/modules/stable/modules_k/uac.html#auth-realm-avp-id
>>
>> Then call uac_auth() and relay again.
> You mean, i need set auth_*_avp with credentials. set failure route, send
> request to auth_proxy (btw, how? ) and call uac_auth() in failure route,
> correct?
t_relay() is one of the functions to sent the request further.

>
> I've tried to use uacreg sql table and uac_reg_request_to, but there was
> some problems:
> 1) in uac_reg_request_to with mode 1 mistake (it found credentials only if
> l_uuid==l_username)
> i've opened ticket on bugtracker
> http://sourceforge.net/tracker/?func=detail&aid=3540479&group_id=139143&atid=743020
> 2) uac_reg_request_to changes uri in request and instead INVITE
> sip:B at othersip.com makes INVITE sip:AA at hisserver.com
> if comment out
>        snprintf(ruri, MAX_URI_SIZE, "sip:%.*s@%.*s",
>                          reg->r_username.len, reg->r_username.s,
>                          reg->r_domain.len, reg->r_domain.s);
> and so on seems working, but I'm don't sure that such modification don't
> break something else
> (pretty sure that breaks, but don't know where exactly :)
> 3)uacreg table loaded on startup, and AFAIK there is no way to modify it
> dynamically,
>   so if you change something in this table you MUST restart kamailio (not
> convinient)
> I've tried to make RPC for adding new record in htable (using
> reg_ht_add()), but it returns error and in log I can see
>   ERROR: uac [uac_reg.c:313]: no more shm
If you have a lot of records, you need to allocate more shared memory, 
via -m command line parameter.

uacreg is to register for incoming calls, it is not used for 
authentication of outgoing calls. Use uac_auth() instead, as I said in 
previous email.

Cheers,
Daniel

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 - http://asipto.com/u/katu
Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 - http://asipto.com/u/kpw




More information about the sr-users mailing list