[SR-Users] How to proxy/authenticate on third...

Tue Jul 10 12:16:51 CEST 2012

On 7/10/12 12:14 PM, intel at intrans.baku.az wrote:
> Daniel-Constantin Mierla said:
>> On 7/10/12 11:50 AM, intel at intrans.baku.az wrote:
>>> Daniel-Constantin Mierla said:
>>>> Hello,
>>>>
>>>> On 7/6/12 7:59 PM, intel at intrans.baku.az wrote:
>>>>> Can anybody help me with configuration kamailio to authenticate call
>>>>> on
>>>>> 3rd party server?
>>>>>
>>>>> I want to authenticate(and proxy) call's on other server.
>>>>>
>>>>> for example, user A have account on my server(let it be
>>>>> A at myserver.com)
>>>>> and account on other server (let it be AA at hisserver.com)
>>>>> myserver.com keeps A's credentials for AA at hisserver.com
>>>>> when A is registered on myserver.com, he make call to B at othersip.com
>>>>> (using myserver.com as a proxy)
>>>>> Kamailio on myserver authenticate itself on hisserver as
>>>>> AA at hisserver.com,
>>>>> makes call to destination, and connect it to A.
>>>>>
>>>>> How can I setup kamailio for such behavior?
>>>>> Which module should I use?
>>>>> UAC seems can authenticate on another server, but I don't sure that it
>>>>> do
>>>>> what I want. (I've tried it, but without much success)
>>>> indeed, the uac module is the one that can provide what you want, with
>>>> some limitations in regard to cseq incrementation. You have to set a
>>>> failure route and if the reply code is 407, the sent the realm/username
>>>> and password to the avps specified by the appropriate module parameters
>>>> -- the next tree at:
>>>>
>>>>     *
>>>> http://kamailio.org/docs/modules/stable/modules_k/uac.html#auth-realm-avp-id
>>>>
>>>> Then call uac_auth() and relay again.
>>> You mean, i need set auth_*_avp with credentials. set failure route,
>>> send
>>> request to auth_proxy (btw, how? ) and call uac_auth() in failure route,
>>> correct?
>> t_relay() is one of the functions to sent the request further.
> I mean how set next hop not to final destination, but to auth_proxy?
>
>>> I've tried to use uacreg sql table and uac_reg_request_to, but there was
>>> some problems:
>>> 1) in uac_reg_request_to with mode 1 mistake (it found credentials only
>>> if
>>> l_uuid==l_username)
>>> i've opened ticket on bugtracker
>>> http://sourceforge.net/tracker/?func=detail&aid=3540479&group_id=139143&atid=743020
>>> 2) uac_reg_request_to changes uri in request and instead INVITE
>>> sip:B at othersip.com makes INVITE sip:AA at hisserver.com
>>> if comment out
>>>         snprintf(ruri, MAX_URI_SIZE, "sip:%.*s@%.*s",
>>>                           reg->r_username.len, reg->r_username.s,
>>>                           reg->r_domain.len, reg->r_domain.s);
>>> and so on seems working, but I'm don't sure that such modification don't
>>> break something else
>>> (pretty sure that breaks, but don't know where exactly :)
>>> 3)uacreg table loaded on startup, and AFAIK there is no way to modify it
>>> dynamically,
>>>    so if you change something in this table you MUST restart kamailio
>>> (not
>>> convinient)
>>> I've tried to make RPC for adding new record in htable (using
>>> reg_ht_add()), but it returns error and in log I can see
>>>    ERROR: uac [uac_reg.c:313]: no more shm
>> If you have a lot of records, you need to allocate more shared memory,
>> via -m command line parameter.
> 19 records in table -OK
> 1 record in table and try to add using RPC (self modified uac_reg.c) - no
> more shm.
can you set debug=3 in you config file, try again and send all log 
messages of the operation here?

Cheers,
DAniel

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 - http://asipto.com/u/katu
Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 - http://asipto.com/u/kpw