[Serusers] multi-domain support with one SER-2

Alberto alberto.ipt at telefonica.net
Thu Sep 29 15:50:08 CEST 2005


Hi,
I am new user too.

Have you add twos domains into "domain" table?

Regards
--
Alberto



----- Original Message ----- 
From: "Lambert, Micheline (Satnet)" <Lambert.M at emssatnet.com>
To: <serusers at lists.iptel.org>
Sent: Thursday, September 29, 2005 3:21 PM
Subject: [Serusers] multi-domain support with one SER-2


> Hi,
>
>
> I'm new with SER since August 2005.
>
>
> I'm using ser v0.9.3 and mysql v4.1.13.
>
>
> I use SER with two domains: 192.168.20.55 and 192.168.20.155.
>
> Some users are configured in subscribe table of SER database with domain
> 192.168.20.55 and
>
> other users are configured in the same subscribe table of SER database 
> with
> domain 192.168.20.155.
>
>
>
> I understand that user from domain 192.168.20.55 can not talk to users in
> domain 192.168.20.155. Is it right?
>
>
>
> I have the following problem:
>
> Users from domain 192.168.20.55 can make calls to PBX/PSTN but users from
> domain 192.168.20.155 can not,
>
> There is the message 403 Forbidden sent to the users.
>
>
>
> Here is the sequence:
>
> <- INVITE
>
> -> 407 Proxy Authentication Required
>
> <-ACK
>
> <-INVITE
>
> ->100 Trying
>
> ->403 Forbidden
>
> <-ACK
>
> ->403 Forbidden
>
> <-ACK
>
> ->403 Forbidden
>
> <-ACK
>
>
>
> I would like to know if there is a need to have two databases for the
> multi-domain support with one SER?
>
>
> Micheline Lambert
>
> I included a part of my ser.cfg file
>
>
>
> #
>
> # $Id: ser.cfg,v 1.25.2.1 2005/02/18 14:30:44 andrei Exp $
>
> #
>
> # simple quick-start config script
>
> #
>
>
>
> ...
>
>
>
> listen=192.168.20.55
>
> listen=192.168.20.155 # support multi-domains
>
>
>
>
>
> # ------------------ module loading ----------------------------------
>
>
>
> # Uncomment this if you want to use SQL database
>
> loadmodule "/usr/local/lib/ser/modules/mysql.so"
>
>
>
> loadmodule "/usr/local/lib/ser/modules/sl.so"
>
> loadmodule "/usr/local/lib/ser/modules/tm.so"
>
> loadmodule "/usr/local/lib/ser/modules/rr.so"
>
> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
>
> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
>
> loadmodule "/usr/local/lib/ser/modules/registrar.so"
>
> loadmodule "/usr/local/lib/ser/modules/textops.so"
>
>
>
> # Uncomment this if you want digest authentication
>
> # mysql.so must be loaded !
>
> loadmodule "/usr/local/lib/ser/modules/auth.so"
>
> loadmodule "/usr/local/lib/ser/modules/auth_db.so"
>
> loadmodule "/usr/local/lib/ser/modules/uri_db.so"
>
>
>
> # load the group module to use : is_useer_in() function
>
> loadmodule "/usr/local/lib/ser/modules/group.so"
>
>
>
> # load the acc module ffor accounting
>
> loadmodule "/usr/local/lib/ser/modules/acc.so"
>
>
>
> #new module for multi-domain support
>
> loadmodule "/usr/local/lib/ser/modules/domain.so"
>
>
>
> # ----------------- setting module-specific parameters ---------------
>
>
>
> # -- usrloc params --
>
>
>
>
>
> modparam("auth_db|uri_db|usrloc", "db_url",
> "mysql://ser:heslo@localhost/ser")
>
>
>
> modparam("acc", "db_url", "mysql://ser:heslo@localhost/ser")
>
>
>
> modparam("usrloc|registrar", "use_domain", 1)
>
>
>
> # -- auth params --
>
> # Uncomment if you are using auth module
>
> #
>
> modparam("auth_db", "calculate_ha1", 1)
>
> #
>
> # If you set "calculate_ha1" parameter to yes (which true in this config),
>
> # uncomment also the following parameter)
>
> #
>
> modparam("auth_db", "password_column", "password")
>
>
>
>
>
> #modparam("usrloc", "db_mode",   0)
>
> # Uncomment this if you want to use SQL database
>
> # for persistent storage and comment the previous line
>
> modparam("usrloc", "db_mode", 2)
>
>
>
>
>
> # -- rr params --
>
> # add value to ;lr param to make some broken UAs happy
>
> modparam("rr", "enable_full_lr", 1)
>
>
>
>
>
> # -- acc params --
>
> # set the reporting log level
>
> modparam("acc", "log_level", 1)
>
> # number of fflag which will be used fffor accounting; if a message
>
> # is labeled with this flag, its completion status will be reported
>
> modparam("acc", "log_flag", 1)
>
>
>
> modparam("acc", "db_flag", 1)
>
> modparam("acc", "report_cancels", 1)
>
>
>
> # -------------------------  request routing logic -------------------
>
>
>
> # main routing logic
>
>
>
> route{
>
>
>
>       # ------------------------------------------------------------------
>
>            # Sanity Check Section
>
>            #
> ------------------------------------------------------------------
>
>            # initial sanity checks -- messages with
>
>            # max_forwards==0, or excessively long requests
>
>            if (!mf_process_maxfwd_header("10")) {
>
>                        sl_send_reply("483","Too Many Hops");
>
>                        break;
>
>            };
>
>            if (msg:len >=  2048 ) {
>
>                        sl_send_reply("513", "Message too big");
>
>                        break;
>
>            };
>
>
>
>
>
>        # ------------------------------------------------------------------
>
>            # labeled all transactions for accounting
>
>            #
> ------------------------------------------------------------------
>
>            log(1, "++++    labeled all transactions for accounting\n");
>
>            setflag(1);
>
>
>
>        # ------------------------------------------------------------------
>
>            # Record Route Section
>
>            #
> ------------------------------------------------------------------
>
>            # we record-route all messages -- to make sure that
>
>            # subsequent messages will go through our proxy; that's
>
>            # particularly good if upstream and downstream entities
>
>            # use different transport protocol
>
>            if (!method=="REGISTER") record_route();
>
>
>
>        # ------------------------------------------------------------------
>
>            # Loose Route Section
>
>            #
> ------------------------------------------------------------------
>
>            # subsequent messages withing a dialog should take the
>
>            # path determined by record-routing
>
>            if (loose_route()) {
>
>                        # mark routing logic in request
>
>                        append_hf("P-hint: rr-enforced\r\n");
>
>                        route(1);
>
>                        break;
>
>            };
>
>
>
>        # ------------------------------------------------------------------
>
>            # Call Type Processing
>
>            #
> ------------------------------------------------------------------
>
>            if (!uri==myself) {
>
>                        # mark routing logic in request
>
>                        append_hf("P-hint: outbound uri!=myself\r\n");
>
>                        route(1);
>
>                        break;
>
>            };
>
>
>
>            # if the request is for other domain use UsrLoc
>
>            # (in case, it does not work, use the following command
>
>            # with proper names and addresses in it)
>
>            if (uri==myself) {
>
>
>
>                        if (method=="INVITE") {
>
>                                    route(3);
>
>                                    break;
>
>                        } else if (method=="REGISTER") {
>
>                                    route(2);
>
>                                    break;
>
>                        };
>
>
>
>                        lookup("aliases");
>
>                        if (!uri==myself) { /* myself = my IP address */
>
>                                    append_hf("P-hint: outbound alias -
> uri!=myself\r\n");
>
>                                    route(1); /* relay the message */
>
>                                    break;
>
>                        };
>
>
>
>                        log(1, "++++    route other SIP
> messages???????????????\n");
>
>                        route(1);
>
>            };
>
> }
>
>
>
> route[1]
>
> {
>
>            if (!t_relay()) {
>
>                        sl_reply_error();
>
>            };
>
> }
>
>
>
>
>
> route[2]
>
> {
>
>            sl_send_reply("100", "Trying");
>
>
>
>            log(1, "====    www_authorize\n");
>
>            # validate the authentication of the user
>
>            if (!www_authorize("", "subscriber")) {
>
>                        log(1, "====    send 401 Unauthorized\n");
>
>                        www_challenge("", "0");  # send back 401
> Unauthorized message
>
>                        break;                   # ask for another
> registration with auth.
>
>            };
>
>
>
>            if (!check_to()) {
>
>                        sl_send_reply("401", "Unauthorized 2");
>
>                        break;
>
>            };
>
>
>
>            log(1, "====    remove Authorization line\n");
>
>            consume_credentials(); # remove Authorization digest info from
> message
>
>
>
>            # save the user in the location table
>
>            log(1, "====    save location and send Ok\n");
>
>            if (!save("location")) { # save the user in the location table,
> send Ok message
>
>                        sl_reply_error();
>
>            };
>
>
>
> }
>
>
>
>
>
> route[3]
>
> {
>
>            if (!uri=~"sip:\+?[0-9]+ at .*") {
>
>                        log(1, "----    call cannot be serverd here - not
> numeric uri\n");
>
>                        sl_send_reply("403", "Call cannot be served here");
>
>                        break;
>
>            }
>
>
>
>            #
>
>            # validate if Incoming call
>
>            #
>
>            if (src_ip==192.168.20.105) { # address of VoIP Gateway
>
>                        #
>
>                        # INCOMING call from VoIP Gateway
>
>                        #
>
>                        log(1, "----    Incoming calls from VoIP
> Gateway\n");
>
>                        if (lookup("location")) {
>
>                                    #
>
>                                    # dest user registered !
>
>                                    #
>
>                                    log(1, "----    dest user registered -
> relay the message\n");
>
>                                    route(1);
>
>                                    break;
>
>                        } else {
>
>                                    #
>
>                                    # dest user not registered (not part of
> location table)
>
>                                    #
>
>                                    log(1, "----    dest user NOT 
> registered
> \n");
>
>                                    sl_send_reply("403", "User not Found");
>
>                                    break;
>
>                        };
>
>            };
>
>
>
>            #
>
>            # Calls received from ATA
>
>            #
>
>            log(1, "----    call received from ATA\n");
>
>
>
>            #
>
>            # validate the authentication of dest user
>
>            #
>
>            log(1, "----    proxy_authorize()\n");
>
>            if (!proxy_authorize("", "subscriber")) {
>
>                        log(1, "----    src user NOT authenticated\n");
>
>                        proxy_challenge("", "0");
>
>                        break;
>
>            } else if (!check_from()) {
>
>                        sl_send_reply("403", "Use From=ID");
>
>                        break;
>
>            };
>
>            log(1, "----    src user authenticated\n");
>
>            #
>
>            # remove Authorization line if necessary
>
>            #
>
>            log(1, "----    remove proxy-authorization line\n");
>
>            consume_credentials();
>
>
>
>
>
>            #
>
>            # is it neccessary ????
>
>            #
>
>            lookup("aliases");
>
>            if (uri!=myself) {
>
>                        log(1, "----    Relay message because uri !=
> myself\n");
>
>                        append_hf("P-hint: outbound alias -
> uri!=myself\r\n");
>
>                        route(1);
>
>                        break;
>
>            };
>
>
>
>            #
>
>            # Validate destination calls
>
>            #
>
>            if (uri=~"sip:31[0-9]*@.*") { # first digits = "31" following
> with 0-9
>
>                        #
>
>                        # Local IP calls
>
>                        #
>
>                        log(1, "----    local IP calls\n");
>
>                        if (is_user_in("From", "local")) { # source user
> part of local group?
>
>                                    #
>
>                                    # src part of local group, relay the
> message
>
>                                    #
>
>                                    log(1, "----    src part of local
> group\n");
>
>                                    if (lookup("location")) { # dest user
> registered ?
>
>                                                #
>
>                                                # User registered in
> location table
>
>                                                #
>
>                                                log(1, "----    dest user
> registered\n");
>
>                                                log(1, "----    dest = 
> local
> ATA\n");
>
>                                                route(1); /* relay the
> message */
>
>                                                break;
>
>                                    } else {
>
>                                                log(1, "----    dest user
> NOT registered \n");
>
>                                                sl_send_reply("403", "User
> not Found");
>
>                                                break;
>
>                                    };
>
>                        } else {
>
>                                    log(1, "----    src NOT part of local
> group\n");
>
>                                    sl_send_reply("403", "No Permission for
> local calls");
>
>                                    break;
>
>                        };
>
>            };
>
>
>
>            #
>
>            # Local PBX calls
>
>            #
>
>            if (uri=~"sip:3[0-9]*@.*") { # first digit = "3" following with
> 0-9
>
>                        #
>
>                        # Local PBX calls
>
>                        #
>
>                        log(1, "----    local PBX calls\n");
>
>                        if (is_user_in("From", "local")) { # source user
> part of local group?
>
>                                    #
>
>                                    # src part of local group, relay the
> message
>
>                                    #
>
>                                    log(1, "----    src part of local
> group\n");
>
>                                    log(1, "----    forward message to VoIP
> Gateway\n");
>
>                                    rewritehostport("192.168.20.105:5060");
>
>                                    forward(192.168.20.105, 5060);
>
>                                    break;
>
>                        } else {
>
>                                    log(1, "----    src NOT part of local
> group\n");
>
>                                    sl_send_reply("403", "No Permission for
> local calls");
>
>                                    break;
>
>                        };
>
>            };
>
>
>
>            if (uri=~"sip:9[2-9][0-9]*@.*") { /* first digit = "9" 
> following
> with 2-9 */
>
>                        #
>
>                        # Free PSTN calls
>
>                        #
>
>                        log(1, "----    free PSTN calls\n");
>
>                        if (is_user_in("From", "free-pstn")) { # source 
> user
> part of free_pstn group?
>
>                                    #
>
>                                    # src part of free-pstn group, forward
> the message
>
>                                    #
>
>                                    log(1, "----    forward message to VoIP
> Gateway\n");
>
>                                    rewritehostport("192.168.20.105:5060");
>
>                                    forward(192.168.20.105, 5060);
>
>                                    break;
>
>                        } else {
>
>                                    log(1, "----    src NOT part of
> free_pstn group\n");
>
>                                    sl_send_reply("403", "No Permission for
> free PSTN calls");
>
>                                    break;
>
>                        };
>
>            };
>
>
>
>            if (uri=~"sip:91[2-9][0-9]*@.*") { /* first digit = "91"
> following with 2-9 */
>
>                        #
>
>                        # Long distance PSTN calls
>
>                        #
>
>                        log(1, "----    long distance calls\n");
>
>                        if (is_user_in("From", "ld")) { # source user part
> of long_dist group?
>
>                                    #
>
>                                    # src part of long_dist group, forward
> the message
>
>                                    #
>
>                                    log(1, "----    forward message to VoIP
> Gateway\n");
>
>                                    rewritehostport("192.168.20.105:5060");
>
>                                    forward(192.168.20.105, 5060);
>
>                                    break;
>
>                        } else {
>
>                                    log(1, "----    src NOT part of long
> ddistance (ld) group\n");
>
>                                    sl_send_reply("403", "No Permission for
> long distance calls");
>
>                                    break;
>
>                        };
>
>            };
>
>
>
>            if (uri=~"sip:9011[0-9]*@.*") { /* first digit = "9011"
> following with 2-9 */
>
>                        #
>
>                        # International calls
>
>                        #
>
>                        log(1, "----    international calls\n");
>
>                        if (is_user_in("From", "int")) { # source user part
> of int group?
>
>                                    #
>
>                                    # src part of international group,
> forward the message
>
>                                    #
>
>                                    log(1, "----    forward message to VoIP
> Gateway\n");
>
>                                    rewritehostport("192.168.20.105:5060");
>
>                                    forward(192.168.20.105, 5060);
>
>                                    break;
>
>                        } else {
>
>                                    log(1, "----    src NOT part of
> international (int) group\n");
>
>                                    sl_send_reply("403", "No Permission for
> international calls");
>
>                                    break;
>
>                        };
>
>            };
>
>
>
>            #
>
>            # Invalid calls
>
>            #
>
>            log(1, "----    call NOT authorized\n");
>
>            sl_send_reply("403", "Call not Authorized");
>
>
>
> }
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers 




More information about the sr-users mailing list