Thank you very much Daniel! It works!<br><br>Following your suggestion, I have set the following parameters in the kamailio.cfg in both servers:<br><br>modparam("auth", "secret", "samesecretparam")<br>
modparam("auth", "nonce_expire", 1800)<br>modparam("auth", "nonce_auth_max_drift", 300)<br>modparam("auth", "one_time_nonce", 0)<br><br><br>Now all xcap requests are authenticated successfully and works! Thanks again!<br>
<br>After some tests, now we are facing another problem with multiple presence servers integrated with XCAP servers in integrated mode. We have configured 2 kamailio servers as both presence server and xcap server with the same backend DB in another machine (thank you for your great guide on <a href="http://kb.asipto.com/kamailio:presence:k31-made-simple">http://kb.asipto.com/kamailio:presence:k31-made-simple</a>). In front we have setup a dispatcher for SIP load balancing and apache for http (xcap) load balancing. <br>
<br>It seems the presence server handle the publish/subscribe/notify events with the following tables:<br>- active_watchers (using local cache and update the local cache to db periodically)<br>- presentity (using local cache and update to db immediately)<br>
- watchers (db)<br>- xcap (db)<br><br>we have meet 2 problems:<br><ol><li>when a subscription is created in one server (in active_watchers in local cache) and the publish related to the same subscription goes to another server (presentity), with fallback to db, only the first publish works (it generates a notify with C-SEQ increased by one). When it receives another publish, it always generate the notify with the same C-SEQ, and the SIP Client ignore it. The problem is that the subscription is in the cache of another server and it periodically update it to db. When the publish related to this subscription goes to another server, the C-SEQ in the local cache is not increased. To workaround it, we have configure the Dispatcher to use hashing over URI for all presence related messages. In this way, it seems all messages related to the same subscription go to the same presence server, so the c-seq is increased correctly. Is it correct way to work with multiple presence server?<br>
</li><li>pres_refresh_watchers triggered by xcap message in another presence server: with the hashing over to uri in dispacther workaround, it seems solve the first problem for SIP/SIMPLE messages, but we have the same kind of problem for xcap message. For example, a subscription is in a local cache of one server, and the incomming xcap message related to the same subscription goes to another server, and this message trigger the pres_update_watchers pres_refresh_watchers presence functions from the configuration script in the server where there is no subscription in the local cache, then it send the wrong notify message. This can happen when a user add/remove a contact, and the SUBSCRIBE goes to one server and XCAP PUT goes to another server. Unfortunately there is no DB mode only in PRESENCE module like REGISTRAR module. The fallback to db can't help either for point 1 or for point 2. Can you help please?<br>
</li></ol><br><br>Thank you in advanced!<br><br><br><br>Best Regards,<br>Laura<br><br><br><div class="gmail_quote">On Tue, Jun 28, 2011 at 8:43 PM, Daniel-Constantin Mierla <span dir="ltr"><<a href="mailto:miconda@gmail.com">miconda@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div bgcolor="#FFFFFF" text="#000000">
Hello,<div><div></div><div class="h5"><br>
<br>
<br>
On 6/28/11 6:33 PM, laura testi wrote:
<blockquote type="cite">
<p class="MsoNormal" style="margin:0in 0in 0pt"><font size="3"><font face="Calibri">Hello all,</font></font></p>
<p class="MsoNormal" style="margin:0in 0in 0pt"><font size="3"><font face="Calibri">I’m using two Kamailio Presence Servers that
are also XCAP Servers for the presence and resources
management and the Kamailio Dispatcher in order to balance
the SIP requestes coming from SIP Client.</font></font></p>
<p class="MsoNormal" style="margin:0in 0in 0pt"><font size="3"><font face="Calibri">Then I’m trying to configure a HTTP <span> </span>load–balancer for the
xcap/http traffic. <span> </span></font></font></p>
<p class="MsoNormal" style="margin:0in 0in 0pt"><font size="3"><font face="Calibri">I’m testing both Apache and INginx HTTP proxy
but I’m facing with a problem related with the Xcap
authentication: </font></font></p>
<p class="MsoNormal" style="margin:0in 0in 0pt"><font size="3"><font face="Calibri">when a client sends the first xcap request to
the http load-balancer, it forwards the request to one of
the configured Xcap Server that replies with the 401
response in order to let the client authenticates. So, the
client sends the second request with the Digest
authentication to the http load-balancer. But, sometimes,
the http load-balancer forwards the authenticate request to
the second Xcap Server that is not able to authenticate the
request. <span> </span>Then the
client receive the “Unauthorized” response… </font></font></p>
<p class="MsoNormal" style="margin:0in 0in 0pt"><font size="3"><font face="Calibri"><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span></font></font></p>
<p class="MsoNormal" style="margin:0in 0in 0pt"><font size="3"><font face="Calibri">Could you please give us some hints about
this problem?</font></font></p>
</blockquote>
<br></div></div>
you have to set the same value to secret parameter of auth module:<br>
<a href="http://kamailio.org/docs/modules/stable/modules/auth.html#auth.secret" target="_blank">http://kamailio.org/docs/modules/stable/modules/auth.html#auth.secret</a><br>
<br>
Also be sure the two servers have the same time (use ntp or so) and
the one_time_nonce parameter to auth module is off (not enabled).<br>
<br>
Then it should work.<br>
<br>
Cheers,<br>
Daniel<br><font color="#888888">
<pre cols="72">--
Daniel-Constantin Mierla -- <a href="http://www.asipto.com" target="_blank">http://www.asipto.com</a>
<a href="http://linkedin.com/in/miconda" target="_blank">http://linkedin.com/in/miconda</a> -- <a href="http://twitter.com/miconda" target="_blank">http://twitter.com/miconda</a></pre>
</font></div>
</blockquote></div><br>