<DIV>Seems some problem with dns resolution, or conflict b/w fqdn of ser and dns_query_reply for domain</DIV>
<DIV>Can connect calls using </DIV>
<DIV><A href="mailto:xxxx@sip.abc.com">xxxx@sip.abc.com</A> and <A href="mailto:xxxx@sip.xyz.com">xxxx@sip.xyz.com</A></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>JF<BR><BR><B><I>John Foster <jfoste2003@yahoo.com></I></B> wrote:</DIV>
<BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">
<DIV>Thanx Jan, worked with "" instead of realm in authorize n challenge..</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>Appreciate ur help.</DIV>
<DIV> </DIV>
<DIV>(any comment on my next mail about two different VoIP domains)</DIV>
<DIV>JF<BR><BR><B><I>Jan Janak <jan@iptel.org></I></B> wrote:</DIV>
<BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">I.e. if your message contains foo.bar in From/To (depending on the<BR>message) then make sure you have either "foo.bar" as the first parameter<BR>of *_authorize and *_challenge functions. Or you can also use empty<BR>string, in that case the parameter will be extracted from the SIP<BR>message.<BR><BR>Jan.<BR><BR>On 04-10 10:54, Jan Janak wrote:<BR>> Hello,<BR>> <BR>> make sure that digest realm parameter and From/To domain are same.<BR>> <BR>> Jan.<BR>> <BR>> On 03-10 22:37, John Foster wrote:<BR>> > Hi Jan,<BR>> > <BR>> > Already gone through this, did exactly the same, radiusclient is installed n configured, While m geting an error in debug of ser, that is <BR>> > <BR>> > 15(26965) check_nonce(): comparing [3f7e23177ff358f48050c11e7540943971b73f02] and [3f7e23177ff358f48050c11e7540943971b73f02]<BR>> > 15(26965) authori ze():
Credentials realm and URI host do not match<BR>> > 15(26965) build_auth_hf(): 'WWW-Authenticate: Digest realm="cooking.com.pk", nonce="3f7e23177ff358f48050c11e7540943971b73f02"<BR>> > <BR>> > While ser conf is fine enough, pasted below.<BR>> > alias="cooking.com.pk"<BR>> > # ------------------ module loading ----------------------------------<BR>> > # Uncomment this if you want to use SQL database<BR>> > loadmodule "/usr/local/lib/ser/modules/mysql.so"<BR>> > loadmodule "/usr/local/lib/ser/modules/sl.so"<BR>> > loadmodule "/usr/local/lib/ser/modules/tm.so"<BR>> > loadmodule "/usr/local/lib/ser/modules/rr.so"<BR>> > loadmodule "/usr/local/lib/ser/modules/maxfwd.so"<BR>> > loadmodule "/usr/local/lib/ser/modules/usrloc.so"<BR>> > loadmodule "/usr/local/lib/ser/modules/registrar.so"<BR>> > # Uncomment this if you want digest authentication<BR>> > # mysql.so must be loaded !<BR>> > loa dmodule
"/usr/local/lib/ser/modules/auth.so"<BR>> > loadmodule "/usr/local/lib/ser/modules/auth_radius.so"<BR>> > # ----------------- setting module-specific parameters ---------------<BR>> > # -- usrloc params --<BR>> > #modparam("usrloc", "db_mode", 0)<BR>> > # Uncomment this if you want to use SQL database<BR>> > # for persistent storage and comment the previous line<BR>> > modparam("usrloc", "db_mode", 2)<BR>> > # -- auth params --<BR>> > # Uncomment if you are using auth module<BR>> > #<BR>> > #modparam("auth_db", "calculate_ha1", yes)<BR>> > modparam("auth_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf")<BR>> > #<BR>> > # If you set "calculate_ha1" parameter to yes (which true in this config),<BR>> > # uncomment also the following parameter)<BR>> > #<BR>> > #modparam("auth_db", "password_column", "password")<BR>> > modparam("auth_radius",
"service_type", 15)<BR>> > # -- rr params --<BR>> > # add value to ;lr param to make some broken UAs happy<BR>> > modparam("rr", "enable_full_lr", 1)<BR>> > # ------------------------- request routing logic -------------------<BR>> > # main routing logic<BR>> > route{<BR>> > # initial sanity checks -- messages with<BR>> > # max_forwards==0, or excessively long requests<BR>> > if (!mf_process_maxfwd_header("10")) {<BR>> > sl_send_reply("483","Too Many Hops....:(");<BR>> > break;<BR>> > };<BR>> > if (len_gt( max_len )) {<BR>> > sl_send_reply("513", "Message too big");<BR>> > break;<BR>> > };<BR>> > # we record-route all messages -- to make sure that<BR>> > # subsequent messages will go through our proxy; that's<BR>> > # particularly good if upstream and downstream entities<BR>> > # use different transport protocol<BR>> > record_route();<BR>> > #
loose-route processing<BR>> > if (loose_route()) {<BR>> > t_relay();<BR>> > break;<BR>> > };<BR>> > # if the request is for other domain use UsrLoc<BR>> > # (in case, it does not work, use the following command<BR>> > # with proper names and addresses in it)<BR>> > if (uri=~"voice.cooking.com.pk") {<BR>> > if (method=="REGISTER") {<BR>> > # Uncomment this if you want to use digest authentication<BR>> > if (!radius_www_authorize("cooking.com.pk")) {<BR>> > www_challenge("cooking.com.pk", "0");<BR>> > break;<BR>> > };<BR>> > save("location");<BR>> > break;<BR>> > };<BR>> > # native SIP destinations are handled using our USRLOC DB<BR>> > if (!lookup("location")) {<BR>> > sl_send_reply("404", "Not Found....!!!");<BR>> > break;<BR>> > };<BR>> > };<BR>> > # forward to current uri now; use stateful forwarding; that<BR>> > # works reli ably
even if we forward from TCP to UDP<BR>> > if (!t_relay()) {<BR>> > sl_reply_error();<BR>> > };<BR>> > }<BR>> > <BR>> > <BR>> > Seems some minor mistake.., As no request is being sent to radius, ngrep shows nothing for that.... <BR>> > <BR>> > JF<BR>> > <BR>> > <BR>> > Jan Janak <JAN@IPTEL.ORG>wrote:<BR>> > See http://iptel.org/ser/ser_radius.html<BR>> > <BR>> > Jan.<BR>> > <BR>> > On 03-10 03:47, John Foster wrote:<BR>> > > Hi <BR>> > > <BR>> > > I m using RADIATOR with ser0.8.11, while ser is running it doesnt send req to radius, following are snapd of log generated at ser (ngrep o/p)<BR>> > > <BR>> > > #<BR>> > > U 202.133.64.66:5060 -> 202.133.64.71:5060<BR>> > > REGISTER sip:voice.cooking.com.pk SIP/2.0..Via: SIP/2.0/UDP 202.133.64.66;branch=z9hG4bKnp1730137267-43b5a45e202.133.64.6<BR>> > > 6..Fro m:
;tag=671fccba..To: ..Call-ID: 1969536413-43c1d03<BR>> > > a@1969536416-43c1d037..Contact: ;expires=600;q=0.500..Expires: 600..CSeq: 22 REGISTER..Content-<BR>> > > Length: 0..User-Agent: Ahead SIPPS IP Phone Version 2.0.42.13....<BR>> > > #<BR>> > > U 202.133.64.71:5060 -> 202.133.64.66:5060<BR>> > > SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 202.133.64.66;branch=z9hG4bKnp1730137267-43b5a45e202.133.64.66..From: > ;tag=671fccba..To">21@voice.cooking.com.pk>;tag=671fccba..To: ;tag=b27e1a1d33761e85846fc98f5f3a7e58.bdca..Ca<BR>> > > ll-ID: 1969536413-43c1d03a@1969536416-43c1d037..CSeq: 22 REGISTER..WWW-Authenticate: Digest realm="cooking.com.pk", nonce<BR>> > > ="3f7d19d62902cb25358e2c666df77d1369d90974"..Server: Sip EXpress router (0.8.11 (i386/linux))..Content-Length: 0..Warning<BR>> > > : 392 202.133.64.71:5060 "Noisy feedback tells: pid=13339 req_src_ip=202.133.64.66 req_src_port=5060
in_uri=sip:voice.co<BR>> > > oking.com.pk out_uri=sip:voice.cooking.com.pk via_cnt==1"....<BR>> > > <BR>> > > <BR>> > > While here is my ser.cfg<BR>> > > <BR>> > > # mysql.so must be loaded !<BR>> > > loadmodule "/usr/local/lib/ser/modules/auth.so"<BR>> > > loadmodule "/usr/local/lib/ser/modules/auth_radius.so"<BR>> > > # ----------------- setting module-specific parameters ---------------<BR>> > > # -- usrloc params --<BR>> > > #modparam("usrloc", "db_mode", 0)<BR>> > > # Uncomment this if you want to use SQL database<BR>> > > # for persistent storage and comment the previous line<BR>> > > modparam("usrloc", "db_mode", 2)<BR>> > > # -- auth params --<BR>> > > # Uncomment if you are using auth module<BR>> > > #<BR>> > > #modparam("auth_dbs", "calculate_ha1", yes)<BR>> > > modparam("auth_radius", "radius_con fig",
"/usr/local/etc/radiusclient/radiusclient.conf")<BR>> > > #<BR>> > > # If you set "calculate_ha1" parameter to yes (which true in this config),<BR>> > > # uncomment also the following parameter)<BR>> > > #<BR>> > > #modparam("auth_db", "password_column", "password")<BR>> > > modparam("auth_radius", "service_type", 15)<BR>> > > :<BR>> > > :<BR>> > > :<BR>> > > :<BR>> > > # Uncomment this if you want to use digest authentication<BR>> > > if (!radius_www_authorize("cooking.com.pk")) {<BR>> > > www_challenge("cooking.com.pk", "0");<BR>> > > break;<BR>> > > };<BR>> > > <BR>> > > <BR>> > > Any hint?<BR>> > > JF<BR>> > > <BR>> > > <BR>> > > <BR>> > > ---------------------------------<BR>> > > Do you Yahoo!?<BR>> > > The New Yahoo! Shopping - with improved produ ct
search<BR>> > > _______________________________________________<BR>> > > Serusers mailing list<BR>> > > serusers@lists.iptel.org<BR>> > > http://lists.iptel.org/mailman/listinfo/serusers<BR>> > <BR>> > <BR>> > ---------------------------------<BR>> > Do you Yahoo!?<BR>> > The New Yahoo! Shopping - with improved product search<BR>> <BR>> _______________________________________________<BR>> Serhelp mailing list<BR>> serhelp@lists.iptel.org<BR>> http://lists.iptel.org/mailman/listinfo/serhelp</BLOCKQUOTE>
<P>
<HR SIZE=1>
Do you Yahoo!?<BR><A href="http://shopping.yahoo.com/?__yltc=s%3A150000443%2Cd%3A22708228%2Cslk%3Atext%2Csec%3Amail">The New Yahoo! Shopping</A> - with improved product search_______________________________________________<BR>Serusers mailing list<BR>serusers@lists.iptel.org<BR>http://lists.iptel.org/mailman/listinfo/serusers<BR></BLOCKQUOTE><p><hr SIZE=1>
Do you Yahoo!?<br>
<a href="http://shopping.yahoo.com/?__yltc=s%3A150000443%2Cd%3A22708228%2Cslk%3Atext%2Csec%3Amail">The New Yahoo! Shopping</a> - with improved product search