sr-users May 2005

sr-users@lists.kamailio.org

230 participants
522 discussions

by Silent Man

Hi, I'm new to SER and I really need your help. I'm trying to install SER 0.8.14 with a radius (Freeradius) authentification and accounting, but I Still have this error message when I "make" : authrad_mod.c:111: error: `DICT_VENDOR' undeclared (first use in this function) authrad_mod.c:111: error: (Each undeclared identifier is reported only once authrad_mod.c:111: error: for each function it appears in.) authrad_mod.c:111: error: `vend' undeclared (first use in this function) authrad_mod.c:135: attention : affectation transforme un entier en pointeur sans transtypage authrad_mod.c:140: error: too many arguments to function `rc_conf_str' authrad_mod.c:140: error: too many arguments to function `rc_read_dictionary' authrad_mod.c:145: attention : implicit declaration of function `rc_dict_findvend' authrad_mod.c:163: error: too many arguments to function `rc_dict_findattr' authrad_mod.c:163: error: too many arguments to function `rc_dict_findval' make: *** [authrad_mod.o] Erreur 1 I've followed all the steps in this tutorial http://www.iptel.org/ser/doc/ser_radius/ser_radius.html, installed two radius client : Radius Client Library (http://developer.berlios.de/projects/radiusclient-ng) and (http://freshmeat.net/projects/radiusclient/). $ cat /usr/local/include/radiusclient.h |grep ,v * $Id: radiusclient.h,v 1.9 1999/01/06 23:53:04 lf Exp $ $ cat /etc/ld.so.conf /usr/X11R6/lib /usr/local/lib My Environnement contain these two variables : INCLUDE_PATH=/usr/local/include LIB_PATH=/usr/local/lib/ Thanks in advance.

19 years, 6 months

[Serusers] exported function : m_store(mode)

by Vincent Verdot

Could someone explain me what does the "m_store(mode)" exported function from the "msilo" module do ? I read the doc but I don't understand...

19 years, 6 months

Re: [Serusers] Re: [Serdev] Patched free-TLS implementation

by Cesc Santasusana

Hi, Good you found out. The reason i turned session caching completely off was because it was not properly configured. So, putting it on a TODO list, i disable it completely, waiting to add it later. Now i found out that the TLS implementation of minisip, the phone i use, was kinda broken. In my working copy i have activated and configured ser-tls with server-side caching, and it works. The problem is that i read that the default session caching provided by openssl is rather simple, and even that it should not be used in any production environment. That was another reason to disable it. And also that some changes in the way reads and writes are handled should be changed ... I will send a patch to fix all this ... Another thing ... the tls code needs to be more "configurable", from the config file. What is the best way to do this? Adding variables to cfx.XX files? or maybe a tls-module could do that also plus several other features? Regards, Cesc Unclassified >>> Alex Mack <amack(a)fhm.edu> 05/10/05 03:10PM >>> Hi again! Funny thing I found out: snom 190 doesn't even USE Session Caching but it seems to need the server to be alel to. It doesn't request the old Session ID, every new TLS connection from the phone to SER is a new one without a session ID. From what I understand with session caching, the client, in order to refetch a session, has to provide the session ID given by the server in the first handshake. Alex Mack Alex Mack schrieb: > Hi! > > I've managed to find out what's bothering the snom 190: It's the > missing TLS Session ID when Session Chaching is turned off. > > The session ID is given to the client for being able to request that > session later on from the server. But > > SSL_CTX_set_session_cache_mode( _ctx, SSL_SESS_CACHE_OFF ); > > turned off Session Caching, so no Session ID is generated and > transfered and that seems to confuse the snom phones. So they answer > the SERVER HELLO immediately with an ALERT and break up the > connection. It seems like snom190 need to have session caching turned > on... > > The snom's firmware is: snom190-SIP 3.60b 6249 > > snom's softphone (emulating a snom 360 with firmware "snomSoft-SIP > 3.57q") seems to have the same problem. > > BTW, what was the problem with session caching in the first place? > Performance hit? > > Alex Mack > > Benny Ben-Ami schrieb: > >> Try checking the expiration date of the certificate and the time & >> date of >> the phone. I once had a phone where the time was not set and he >> rejected the server >> certificate due to date expiration. >> -----Original Message----- >> From: serdev-bounces(a)iptel.org [mailto:serdev-bounces@lists.iptel.org] On >> Behalf >> Of Alex Mack >> Sent: Wednesday, May 04, 2005 7:29 PM >> To: Cesc Santasusana >> Cc: serdev(a)lists.iptel.org; serusers(a)lists.iptel.org >> Subject: Re: [Serusers] Re: [Serdev] Patched free-TLS implementation >> >> Hi Cesc! >> >> I tried your previuos suggestions on changing cleint certificate >> check. I'm now running SSL_VERIFY_NONE. MS Messenger works again. But >> the snom >> still fails. >> Ethereal tells me the server doesn't ask for a client certificate any >> more. >> Ethereal also shows that "Cipher Suite: TLS_RSA_WITH_RC4_128_SHA" was >> selected. So far so good, but the snom still rejects the Server Hello >> with an Alert. >> >> What else have you changed? The original version worked with the snoms. >> >> BTW patch throws some warnings: >> >> # patch -i patch.core.cfg.files.diff >> patching file cfg.y >> Hunk #1 FAILED at 1. >> 1 out of 6 hunks FAILED -- saving rejects to file cfg.y.rej patching >> file >> cfg.lex Hunk #1 FAILED at 1. >> 1 out of 5 hunks FAILED -- saving rejects to file cfg.lex.rej >> >> cfg.y.rej reads: >> *************** >> *** 1,5 **** >> /* >> - * $Id: cfg.y,v 1.2 2005/01/06 14:35:10 sam Exp $ >> * >> * cfg grammar >> * >> --- 1,5 ---- >> /* >> + * $Id: cfg.y,v 1.4 2005/05/03 08:16:35 cesc Exp $ >> * >> * cfg grammar >> * >> >> cfg.lex.rej reads: >> *************** >> *** 1,5 **** >> /* >> - * $Id: cfg.lex,v 1.2 2005/01/06 14:35:10 sam Exp $ >> * >> * scanner for cfg files >> * >> --- 1,5 ---- >> /* >> + * $Id: cfg.lex,v 1.3 2005/04/11 08:18:31 cesc Exp $ >> * >> * scanner for cfg files >> * >> >> Seems to be a minor mismatch, it compiles well anyway. >> >> Alex Mack >> >> Cesc Santasusana schrieb: >> >> >> >>> Hi, >>> >>> Yeah ... I send it with my default config which is using client and >>> server >>> >> >> authentication. >> >> >>> I use this settings with minisip client (supports client side certs) >>> and >>> >> >> for tls between ser proxies. It works perfect. >> >> >>> To turn client authentication off, check: >>> tls/tls_init.c file >>> init_ssl_ctx_behavior function >>> >>> the line >>> SSL_CTX_set_verify( _ctx, SSL_VERIFY_PEER | >>> SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); >>> >>> means that the server will request a certificate from the client and >>> if it >>> >> >> doesn't get one, it will fail. >> >> >>> Try changing it with: >>> SSL_CTX_set_verify( _ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, >>> 0); this way the server will request a cert, the client will not >>> provide, but >>> >> >> on the following renegotiation, the server (ser) will not ask for a >> cert. >> >> >>> And if you want to turn verification off ... completely ... >>> SSL_CTX_set_verify( _ctx, SSL_VERIFY_NONE, 0); this will also work >>> for you if only using tls for ser2phone ... it will not work if you >>> want tls >>> >> >> between proxies ... as the ser client will accept ANY certificate >> from the >> ser server. >> >> >>> And then, from the prompt: >>> >>> >>> >>>> make TLS=1 all && make TLS=1 install ;) >>>> >>>> >>> >>> This whole verification thing needs to be improved and probably the >>> >> >> parameters should be changeable directly from the config file. This >> and many >> other parameters should be exchangeable without the need to recompile. >> >> >>> Any volunteer for a ser-tls.README? :D >>> >>> Can you provide me with some extra info from the snom phones and the >>> >> >> messenger? Do it offline, so you can send me some ethereal captures >> and ser >> logs ... >> >>> Regards, >>> >>> Cesc >>> >>> >>> >>> >>> >>> >>>>>> Alex Mack <amack(a)fhm.edu> 05/04/05 02:01PM >>> >>>>>> >>>>>> >>>>> >>> Hi Cesc! >>> >>> I compiled in your patch. >>> >>> Now I'm facing a new problem: SER wants a client certificate from >>> the UA. Snom phones immediately reply with an ALERT and break up >>> connection upon the certificate requests. MS Messenger on the other >>> hand sends at least a reply - without certificate - and SER rejects >>> the Client Hello because of the missing client certificate: >>> >>> tls_accept: Error in SSL: >>> tls_error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer >>> did not return a certificate >>> >>> Could you please provide some more documentation about the new TLS >>> options you added? It seems you've implemented support for client >>> certificates for a two-way certificate authorization - which would >>> be a good thing if supported by the UAs, which don't right now. So >>> how can I turn it off again and get back to server side certification? >>> >>> Alex Mack >>> >>> Cesc Santasusana schrieb: >>> >>> >>> >>> >>> >>>> Hi everybody, >>>> >>>> The last i sent is a replacement as a whole for the original code >>>> sent by >>>> >>> >> P. Griffiths. Sorry i forgot to mention that. >> >> >>>> The patches for cfg.y and cfg.lex are both in the same file >>>> (patch.core.cfg..files.diff) within the zip. I was lazy :) I resent >>>> it as >>>> >>> >> a whole, and not as a diff, because i indented all the code with tabs, >> instead of spaces (so a diff would be bigger than just sending all the >> files). >> >> >>>> As for the CVS thing ... i agree with Juha. Either gets into the >>>> >>> >> "official" cvs or we do something about it. The code i think is rather >> stable as it is (i only tested on my debian linux box, soon i will >> try on an >> ARM linux and i will report back on that too). For me, as long as it >> gets >> into a CVS, i don't care if it is mantained against HEAD or 0.9.0 (i use >> 0.9.0 .... so all my patches are against it). >> >>>> On a more philosophical level, i understand the "quietness" on iptel's >>>> >>> >> side ... they have their own version, and make money on it. But the >> thing is >> that this free version is here to stay ... it is the "problem" of >> opensource. >> >>>> Another option would be for them to release their proprietary >>>> >>> >> implementation if they feel that it is a better, more tested one. >> >>>> In any case, i think that this whole thing needs to be decided fast. >>>> >>>> Regards! >>>> >>>> Cesc >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>>>> Alex Mack <amack(a)fhm.edu> 05/03/05 01:26PM >>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>> Hi Cesc! >>>> >>>> Nice to have those fixes in a package. >>>> >>>> Is your cfg.y-patch to be applied *after* cfg.y.patch was applied or >>>> *instead* of cfg.y.patch? >>>> >>>> Or is your version a patched one which replaces the original >>>> implementation as a whole? In that case where's cfg.lex.patch? >>>> >>>> Alex Mack >>>> >>>> Cesc Santasusana schrieb: >>>> >>>> >>>> >>>> >>>> >>>>> Hi, >>>>> >>>>> I really hate to be so pushy, but i dont understand how such an >>>>> important >>>>> >>>> >> piece of code as TLS is not moving on into CVS ... or anywhere else >> by this >> matter. I will keep sending patches till i get tired (soon). >> >> >>>>> Anyway ... i thought someone may be interested in a compilation >>>>> fix for >>>>> >>>> >> cfg.y introduced with the tls_domains (it would not compile if the cfg.y >> file had been patched but the tls-core files were not there); a bug >> fix for >> the session caching (fixed by turning session caching and resumption >> off); >> and an extension (the ability to choose the list of allowed ciphers >> from the >> config file). Oh, and all the files have been tabbed, instead of >> spaced (for >> indentation). >> >> >>>>> Enjoy! >>>>> >>>>> Cesc >>>>> >>>>> >>>>> >>>>> >>>> >>> >>> >>> >>> >>>>> --------------------------------------------------------------------- >>>>> --- >>>>> >>>>> _______________________________________________ >>>>> Serdev mailing list >>>>> serdev(a)lists.iptel.org >>>>> http://lists.iptel.org/mailman/listinfo/serdev >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Serusers mailing list >>>> serusers(a)lists.iptel.org >>>> http://lists.iptel.org/mailman/listinfo/serusers >>>> >>>> _______________________________________________ >>>> Serusers mailing list >>>> serusers(a)lists.iptel.org >>>> http://lists.iptel.org/mailman/listinfo/serusers >>>> >>>> >>>> >>>> >>>> >>> >>> >>> >>> >>> >> >> >> _______________________________________________ >> Serdev mailing list >> serdev(a)lists.iptel.org >> http://lists.iptel.org/mailman/listinfo/serdev >> >> >> >> >> > > _______________________________________________ > Serusers mailing list > serusers(a)lists.iptel.org > http://lists.iptel.org/mailman/listinfo/serusers > > _______________________________________________ Serusers mailing list serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

19 years, 6 months

[Serusers] Ser Accepting Calls From Asterisk

by Mr Greg Plater

Hi I am using the onsip getting started doc with mediaproxy. Calls for registered users on SER work great but when I try to call a registered ser user from my asterisk box. I get a response in Asterisk Debug. Says "failed to auth on INVITE" If I wish to allow calls from my asterisk box to registered users on SER what do I change. IN SER.cfg I note these 2 snippets if (!www_authorize("","subscriber")) { www_challenge("","0"); break; }; if (!proxy_authorize("","subscriber")) { proxy_challenge("","0"); break; } else if (!check_from()) { sl_send_reply("403", "Use From=ID"); break; };

19 years, 6 months

[Serusers] Radiator + SER

by Edgardo O. Gonzales II

Hi! Can somebody help us on how to install SER supporting radiator. If possible provide us a scratch for us to easily understand the process. Your immediate feedback is highly appreciated. thanks, ed

19 years, 6 months

[Serusers] RE: [Sems] How to absorb ACKs in UAS mode?

by Franz Edler

From: Stefan Sayer Sent: Tuesday, May 10, 2005 4:02 PM > in my opinion t_newtran() will release the transmission on processing of > an ACK so the 200 is not retransmitted; have a look at t_newtran (in > t_lookup.c about line 1094). Unfortunately I cannot verify this behaviour. See my code snippet of ser.cfg below. Without explicitly using t_relay() for ACK the 200 OKs are retransmitted by SER. Calling t_newtran() is obviously not enough to stop retransmissions. Any further opinions around? Regards Franz --- code snippet of ser.cfg follows -------------------------------------- if (method=="INVITE" || method=="BYE" || method=="CANCEL" || method=="ACK") { # switch to stateful mode: if (!t_newtran()) { sl_send_reply("500","could not create transaction\n"); break; }; if (method=="INVITE" && uri=~"sip:910@") { t_reply("100","Trying - just wait a minute !"); if(!t_write_req("/tmp/am_fifo","announcement")) { t_reply("500","error contacting sems"); }; break; }; if (method=="BYE" || method=="CANCEL") { if(!t_write_req("/tmp/am_fifo","bye")) { t_reply("500","error contacting sems"); }; break; }; if (method=="ACK") { t_relay(); }; };

19 years, 6 months

[Serusers]Serweb Problem

by chin31kimo

try to modify the "output_buffering=on" in the php.ini and restart your apache server >Hi SerUser! >Can somebody help me with this problem.. >After I install and configure serweb as stated on >configuration guide.. I >got a blank page >accessing admin and user_interface page. >On logs of my apache, this is the feedback .. >210.23.237.236 - - [21/Apr/2005:23:51:12 +0800] "GET >/serweb/user_interface/index.php?phplib_Session=4026e0eaf3aa336098b7e1d2926f49ff&phplib_Session=dc200ec3587d1985cf9aaf706d3b248c&phplib_Session=8d66aaa5f4418cb75126beda37c2acde&phplib_Session=14d85207dd2ec6439325db9f78bea914&phplib_Session=3a23bcfc1ecae59dcefead744c64aaf3&phplib_Session=6ff4d142925c0574d1d3614bcb679578&phplib_Session=5d83ca96f291e0310ab4777442a547f9&phplib_Session=8ac2999cee413bde7ef4769b8f73b860&phplib_Session=96c5b130e01b2db96d73bc050248183e&phplib_Session=9ae3f9631ab331d0c0299cf394e6f691&phplib_Session=ddb01b22fdc4d988a9093a37cf4ee00b&phplib_Session=d48993a3af2167a562d151f2cb285ce4&phplib_Session=2492b77a05e07417c38d229d30f58d9a&phplib_Session=a4edc5415a40e4a922c4dbf721f25dc0&phplib_Session=5d41839c67fbc842ac27f59a558e982a&phplib_Session=7b5b95a63d36ffdf9b412264bf941691&phplib_Session=507571c99dc312b6e36ea364de2644f4&phplib_Session=0992981f5a11f248824edbb95f5db9f3&phplib_Session=1f25b8f300e72b404a54ab4c2c4060e8&phplib_Session=870611806d28cda0d0021f8422454! > 12a&ph >p >lib_Session=f5c422596455228e1749a081e1d9be1e&phplib_Session=2ecc3410c0ef13c4a66f12d51b02e7a3&phplib_Session=ff433b28f8596fe03518398fef080887&phplib_Session=aec18ca4299ec9009c236cde5d0bb733&phplib_Session=5937f583e214b20d67999da9947a9b7c&phplib_Session=854621f5353598bf6b6c9fd0f882766a&phplib_Session=0809e0fb3fddff21a14190e4240b814a&phplib_Session=22b80c053272e22c30c33a883182e014&phplib_Session=7c69db32533cd64b763462353c20d927&phplib_Session=c4eeba51a9991c5161269dafa9647d38&phplib_Session=472ca546c8ff6970ea9cae514940b86f&phplib_Session=c3c6871818a255d4eafe2d8a373228ef&phplib_Session=fded6f2f186c6d2dedd467a2b93f5c2a&phplib_Session=53033ca88aa7ec64b25d70f8ac424086&phplib_Session=62744ffaf3c7866e2f3324b1d6ca9f69&phplib_Session=d43a04d83057e27859e9a9db63782a4c&phplib_Session=bb309e7809c1341764212cab865e33ce&phplib_Session=002136a613c2bdee8d927d8a43be20ad&phplib_Session=82a678edfc54753212929c25f5fb5221&phplib_Session=2de93e7370b1de73041c6f4dc21a11df&phplib_Session=dfd10093b5f05cccd! >3178ad >f >cc3f8c62 HTTP/1.1" 302 - >Is there something I miss during the configuration .. >thanks, >ed _______________________________________________________________________ Yahoo!奇摩電子信箱免費容量250MB，信件在多也不怕 http://tw.promo.yahoo.com/mail_new/index.html

19 years, 6 months

[Serusers] db_insert_ucontact(): Error while inserting contact

by Pawel Urawski

Hello, I would like to use my SER with dbtext for user location. I made everything that was written in the readmee file. Ser starts ok without any errors, but when I try to register a new user I get in syslog: May 10 22:07:53 qwe ser[2042]: db_insert_ucontact(): Error while inserting contact May 10 22:07:53 qwe ser[2042]: insert_ucontact(): Error while inserting in database Any idea ? Regards. Pawel.

19 years, 6 months

[Serusers] BYE from Cisco gateway

by Torbjørn Lium

I'm using a cisco 1760 with a VIC2-4FXO card for my calls to PSTN. If a user on a softphone hangs up first the PSTN port on the cisco is released and new calls can be made on the same voice port. But when the user on the PSTN side hangs up first the voice port on the cisco stays open until the user on the softphone hangs up. Any ideas what I'm doing wrong?

19 years, 6 months

[Serusers] migration 0.8.14 -> 0.9.0 and SQL broken

by Mik

Hello, I am started using SER from 0.8.14 version. All was fine. I use postgres SQL for registered location, stored cridentical username & password. But I needed some basic UAC functionalities like client authentication on other SIP-proxy. I take uac module. This module don't work with 0.8.14 SER. And I take 0.9.0. Compile and install new ser & modules. After that ALL my SQL shema is broken! SER don't work with SQL! Why? I nothing change in ser.cfg..... Old version 0.8.14 work, but new version 0.9.0 don't work. postgres - initializing stateless - initializing textops - initializing 0(0) Maxfwd module- initializing acc - initializing exec - initializing 0(0) bind_dbmod: Module sql does not export db_use_table function 0(0) ERROR: mod_init(): Can't bind database module 0(0) init_mod(): Error while initializing module usrloc ERROR: error while initializing modules If I am deleted 2 modules from SER.CFG: loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" I have error in other module postgres - initializing stateless - initializing textops - initializing 0(0) Maxfwd module- initializing acc - initializing exec - initializing 0(0) bind_dbmod: Module sql does not export db_use_table function 0(0) ERROR: auth_db_bind: unable to bind to the database module 0(0) init_mod(): Error while initializing module auth_db ERROR: error while initializing modules SER.CFG (very simple for debug): # ----------- global configuration parameters ------------------------ user=voip listen=213.24.21.2 log_stderror=yes debug=3 fifo="/var/run/ser.pipe" fifo_mode=0600 children=5 alias=tagan.ru alias=megalink.com.ru sip_warning=no # ------------------ module loading ---------------------------------- loadmodule "/usr/local/lib/ser/modules/postgres.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/textops.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/acc.so" loadmodule "/usr/local/lib/ser/modules/xlog.so" loadmodule "/usr/local/lib/ser/modules/exec.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" # ----------------- setting module-specific parameters --------------- modparam("usrloc", "db_url" ,"sql://pgsql@localhost/megalink") modparam("usrloc", "db_mode", 1) modparam("auth_db", "db_url" ,"sql://pgsql@localhost/megalink") modparam("auth_db", "password_column", "password") modparam("auth_db", "calculate_ha1", yes) modparam("acc", "log_level", 1) modparam("acc", "early_media", 1) modparam("acc", "failed_transactions", 1) modparam("acc", "log_missed_flag", 3) modparam("acc", "report_cancels", 1) #modparam("acc", "db_url" ,"sql://pgsql@localhost/megalink") modparam("acc", "log_flag", 1) # ------------------------- request routing logic ------------------- route [0] { break; }

19 years, 6 months

← Newer
1
...
34
35
36
37
38
39
40
...
53
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users May 2005