[Serusers] Proxy Authentication
Javier Oviedo
joviedo at plcendesa.com
Mon Aug 28 17:11:12 CEST 2006
Hi all
In my network schema I have a Sip Express Router to authenticate my
outbound calls to a PSTN. I add a new equipment to a ser with "serctl
add user pass e-mail" command. My softphone is registered in proxy but
when I make a call to a PSTN I obtain the following error: *Call
rejected: 407 Proxy Authentication Rquired *:
I use the SJPhone software.
Any idea about where is the problem
Thanks in advance
Joe
My ser configuration is:
debug=3
fork=no
log_stderror=yes
port=5060
children=4
dns=no
rev_dns=no
fifo="/tmp/ser_fifo"
fifo_db_url="mysql://ser:heslo@localhost/ser"
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/uri_db.so"
modparam("auth_db|uri_db|usrloc", "db_url",
"mysql://ser:heslo@localhost/ser")
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "password")
modparam("usrloc", "db_mode", 2)
modparam("rr", "enable_full_lr", 1)
route {
# -----------------------------------------------------------------
# Sanity Check Section
# -----------------------------------------------------------------
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483", "Too Many Hops");
break;
};
if (msg:len > max_len) {
sl_send_reply("513", "Message Overflow");
break;
};
# -----------------------------------------------------------------
# Record Route Section
# -----------------------------------------------------------------
if (method!="REGISTER") {
record_route();
};
# -----------------------------------------------------------------
# Loose Route Section
# -----------------------------------------------------------------
if (loose_route()) {
route(1);
break;
};
# -----------------------------------------------------------------
# Call Type Processing Section
# -----------------------------------------------------------------
if (uri!=myself) {
route(1);
break;
};
if (method=="ACK") {
route(1);
break;
} if (method=="INVITE") {
route(3);
break;
} else if (method=="REGISTER") {
route(2);
break;
};
lookup("aliases");
if (uri!=myself) {
route(1);
break;
};
if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
break;
};
route(1);
}
route[1] {
# -----------------------------------------------------------------
# Default Message Handler
# -----------------------------------------------------------------
if (!t_relay()) {
sl_reply_error();
};
}
route[2] {
# -----------------------------------------------------------------
# REGISTER Message Handler
# ----------------------------------------------------------------
sl_send_reply("100", "Trying");
if (!www_authorize("localhost","subscriber")) {
www_challenge("localhost","0");
break;
};
if (!check_to()) {
sl_send_reply("401", "Unauthorized");
break;
};
consume_credentials();
if (!save("location")) {
sl_reply_error();
};
}
route[3] {
# -----------------------------------------------------------------
# INVITE Message Handler
# -----------------------------------------------------------------
if (!proxy_authorize("localhost","subscriber")) {
proxy_challenge("localhost","0");
break;
} else if (!check_from()) {
sl_send_reply("403", "Use From=ID");
break;
};
consume_credentials();
lookup("aliases");
if (uri!=myself) {
route(1);
break;
};
#if (!lookup("location")) {
# sl_send_reply("404", "User Not Found");
# break;
#};
route(1);
}
SoftPhone LOG:
17:04:43.1
SENDING TO: 10.110.0.127:5060
INVITE sip:313812 at sipserver.es SIP/2.0
To: <sip:313812 at sipserver.es>
From: Joe<sip:313813 at sipserver.es>;tag=52710612
Via: SIP/2.0/UDP
172.25.97.138:9528;branch=z9hG4bK-d87543-366872507-1--d87543-;rport
Call-ID: fc7b726c6545d126
CSeq: 1 INVITE
Contact: <sip:313813 at 172.25.97.138:9528>
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO
Content-Type: application/sdp
User-Agent: eyeBeam release 3004t stamp 16741
Content-Length: 274
v=0
o=- 32759240 32759303 IN IP4 172.25.97.138
s=eyeBeam
c=IN IP4 172.25.97.138
t=0 0
m=audio 7262 RTP/AVP 100 6 0 8 3 18 5 101
a=alt:1 1 : 8013E837 DD8642E8 172.25.97.138 7262
a=fmtp:101 0-15
a=rtpmap:100 speex/16000
a=rtpmap:101 telephone-event/8000
a=sendrecv
17:04:43.1
RECEIVING FROM: 10.110.0.127:5060
SIP/2.0 407 Proxy Authentication Required
To: <sip:313812 at sipserver.es>;tag=ae8ae6963bd737be6ef2befd1ceaf249.3909
From: Joe<sip:313813 at sipserver.es>;tag=52710612
Via: SIP/2.0/UDP
172.25.97.138:9528;branch=z9hG4bK-d87543-366872507-1--d87543-;rport=9528
Call-ID: fc7b726c6545d126
CSeq: 1 INVITE
Proxy-Authenticate: Digest realm="localhost",
nonce="44f307373cf9fb29da3028442e23f976513fc91d"
Server: Sip EXpress router (0.9.6 (i386/linux))
Content-Length: 0
Warning: 392 10.110.0.127:5060 "Noisy feedback tells: pid=7865
req_src_ip=172.25.97.138 req_src_port=9528
in_uri=sip:313812 at sipserver.es out_uri=sip:313812 at sipserver.es via_cnt==1"
17:04:43.1
SENDING TO: 10.110.0.127:5060
ACK sip:313812 at sipserver.es SIP/2.0
To: <sip:313812 at sipserver.es>;tag=ae8ae6963bd737be6ef2befd1ceaf249.3909
From: Joe<sip:313813 at sipserver.es>;tag=52710612
Via: SIP/2.0/UDP
172.25.97.138:9528;branch=z9hG4bK-d87543-366872507-1--d87543-;rport
Call-ID: fc7b726c6545d126
CSeq: 1 ACK
Content-Length: 0
17:04:43.1
SENDING TO: 10.110.0.127:5060
INVITE sip:313812 at sipserver.es SIP/2.0
To: <sip:313812 at sipserver.es>
From: Joe<sip:313813 at sipserver.es>;tag=52710612
Via: SIP/2.0/UDP
172.25.97.138:9528;branch=z9hG4bK-d87543-736589046-1--d87543-;rport
Call-ID: fc7b726c6545d126
CSeq: 2 INVITE
Contact: <sip:313813 at 172.25.97.138:9528>
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO
Content-Type: application/sdp
Proxy-Authorization: Digest
username="313813",realm="localhost",nonce="44f307373cf9fb29da3028442e23f976513fc91d",uri="sip:313812 at sipserver.es",response="bfd77c8cdc1066487b170b19e1e0fe61",algorithm=MD5
User-Agent: eyeBeam release 3004t stamp 16741
Content-Length: 274
v=0
o=- 32759240 32759303 IN IP4 172.25.97.138
s=eyeBeam
c=IN IP4 172.25.97.138
t=0 0
m=audio 7262 RTP/AVP 100 6 0 8 3 18 5 101
a=alt:1 1 : 8013E837 DD8642E8 172.25.97.138 7262
a=fmtp:101 0-15
a=rtpmap:100 speex/16000
a=rtpmap:101 telephone-event/8000
a=sendrecv
17:04:43.1
RECEIVING FROM: 10.110.0.127:5060
SIP/2.0 100 trying -- your call is important to us
To: <sip:313812 at sipserver.es>
From: Joe<sip:313813 at sipserver.es>;tag=52710612
Via: SIP/2.0/UDP
172.25.97.138:9528;branch=z9hG4bK-d87543-736589046-1--d87543-;rport=9528
Call-ID: fc7b726c6545d126
CSeq: 2 INVITE
Server: Sip EXpress router (0.9.6 (i386/linux))
Content-Length: 0
Warning: 392 10.110.0.127:5060 "Noisy feedback tells: pid=7865
req_src_ip=172.25.97.138 req_src_port=9528
in_uri=sip:313812 at sipserver.es out_uri=sip:313812 at sipserver.es via_cnt==1"
17:04:43.1
RECEIVING FROM: 10.110.0.127:5060
SIP/2.0 407 Proxy Authentication Required
To: <sip:313812 at sipserver.es>;tag=ae8ae6963bd737be6ef2befd1ceaf249.fcd1
From: Joe<sip:313813 at sipserver.es>;tag=52710612
Via: SIP/2.0/UDP
172.25.97.138:9528;branch=z9hG4bK-d87543-736589046-1--d87543-;rport=9528
Call-ID: fc7b726c6545d126
CSeq: 2 INVITE
Proxy-Authenticate: Digest realm="localhost",
nonce="44f307373cf9fb29da3028442e23f976513fc91d"
Server: Sip EXpress router (0.9.6 (i386/linux))
Content-Length: 0
Warning: 392 10.110.0.127:5060 "Noisy feedback tells: pid=7865
req_src_ip=10.110.0.127 req_src_port=5060 in_uri=sip:313812 at sipserver.es
out_uri=sip:313812 at sipserver.es via_cnt==2"
17:04:43.1
SENDING TO: 10.110.0.127:5060
ACK sip:313812 at sipserver.es SIP/2.0
To: <sip:313812 at sipserver.es>;tag=ae8ae6963bd737be6ef2befd1ceaf249.fcd1
From: Joe<sip:313813 at sipserver.es>;tag=52710612
Via: SIP/2.0/UDP
172.25.97.138:9528;branch=z9hG4bK-d87543-736589046-1--d87543-;rport
Call-ID: fc7b726c6545d126
CSeq: 2 ACK
Content-Length: 0
17:04:43.2 Call (l:'Joe' r:'sip:313812 at sipserver.es') - Call being
terminated. Reasons: "Proxy Authentication Required", (code: 407)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20060828/5b9f56bf/attachment.htm>
More information about the sr-users
mailing list