sr-users September 2005

sr-users@lists.kamailio.org

231 participants
507 discussions

Re: [Serusers] please help me about how to config radiusclient!

by zhangshuai

Dear Ludovic Zipp-Fuhrer, What do you mean exactly? Whose configuration files? How to check it? The number "DA61FC29" in the error message is the hexadecimal value of the ip address of radius server. >did you set the good bind addresses in the configuration files? > > > >zhangshuai a écrit : >> Hi all, >> >> >> I wish to use softphone X-lite on SER and radius in db_mode. When I installed both freeradius 1.0.4 and radiusclient 0.4.3 on the same server which ser 0.8.14 has installed on, I could log in X-lite through radius authorization. And now I want radiusclient (on server A) to send the request to a remote radius server (on server B) to realize authorization. I have changed those config files: /usr/local/etc/radiusclient/servers, /usr/local/etc/radiusclient/radiusclient.conf and /usr/local/etc/raddb/clients.conf as the document (http://www.iptel.org/ser/doc/ser_radius/ser_radius.html#AEN193) did. Then I test the radius server as the above document said on server A: radclient -f digest server B auth testing123 and I received expected replied message from server B. >> >> But when I log in x-lite, there are error messages: >> >> Sep 29 17:11:06 localhost ser[4408]: rc_ip_hostname: couldn't look up host by addr: DA61FC29 >> Sep 29 17:11:06 localhost ser[4408]: rc_send_server: no reply from RADIUS server unknown:1812 >> >> How come? Did I mis-config anything? >> >> Many thanks for your reply! >> >> >> Shuai >> http://www.goldentek.biz >> >> >> _______________________________________________ >> Serusers mailing list >> Serusers(a)iptel.org >> http://mail.iptel.org/mailman/listinfo/serusers >> >

19 years, 1 month

Re: [Serusers] Proxy Behaviour on a parallel fork

by jim.pafford＠comcast.net

Thank you very much. You are absolutely correct. Removed the lookup and relied on loose-route and problem is solved. Jim -------------- Original message -------------- > > > jim.pafford(a)comcast.net wrote: > > In ser 0.9.3 I am seeing the following problem with a parallel forking > > scenario. The SER is sending the final Request ACK to the wrong location > > every time. Is there a way to fix this. See below: > > > > Endpoint (xyz(a)1.1.1.1 ) sends > > Invite(abc123(a)proxy.com ) to the SER. > > SER looks up location and then sends the following three messages: > > TRYING back to (xyz(a)1.1.1.1 ) > > INVITE to abc123(a)2.2.2.2 > > INVITE to abc123(a)3.3.3.3 > > > > This looks good so far. > > SER then gets back ringing from both endpoints and sends along to > > xyz(a)1.1.1.1 > > > > abc123(a)3.3.3.3 answers the call and sends back OK > > SER then sends OK to xyz(a)1.1.1.1 - Still good > > SER then sends CANCEL to abc123(a)2.2.2.2 > > abc123(a)2.2.2.2 responds with 200 Canceling - so > > far so good. > > > > Now xyz(a)1.1.1.1 sends the ACK to (abc123(a)proxy.com > > ) - Still looks good. > > > > But now after looking up location for abc123 SER sends the ACK to the > > Do you use lookup(location) for ACK? This is not necessary. It should be > handled in loose_route section. > > klaus > > > > wrong endpoint abc123(a)2.2.2.2 > > > > What am I doing wrong? SER always sends the ACK back to the first > > address in the list as shown by serctl ul show abc123. Is there a way > > to correct this so that SER knows the correct endpoint to relay the ACK > > to? Seems like it should understand which endpoint sent back the OK to > > the original INVITE and then send the ACK to that endpoint and not the > > first one in the list after a location lookup. > > > > thanks, > > Jim > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Serusers mailing list > > serusers(a)lists.iptel.org > > http://lists.iptel.org/mailman/listinfo/serusers

19 years, 1 month

RE: [Serusers] multi-domain support with one SER-2

by Lambert, Micheline (Satnet)

Yes, I have added two domains into domain table. I created them with serctl domain add >From the database ser, it is there. mysql>select * from domain; +----------------+---------------------+ | domain | last_modified | +----------------+---------------------+ | 192.168.20.155 | 0000-00-00 00:00:00 | | 192.168.20.55 | 0000-00-00 00:00:00 | +----------------+---------------------+ 2 rows in set (0.00 sec) mysql> from the serctl command, I have this error: #serctl domain show 500 command 'domain_dump' not available # Micheline -----Original Message----- From: Alberto [mailto:alberto.ipt@telefonica.net] Sent: Thursday, September 29, 2005 9:50 AM To: Lambert, Micheline (Satnet); serusers(a)lists.iptel.org Subject: Re: [Serusers] multi-domain support with one SER-2 Hi, I am new user too. Have you add twos domains into "domain" table? Regards -- Alberto ----- Original Message ----- From: "Lambert, Micheline (Satnet)" <Lambert.M(a)emssatnet.com> To: <serusers(a)lists.iptel.org> Sent: Thursday, September 29, 2005 3:21 PM Subject: [Serusers] multi-domain support with one SER-2 > Hi, > > > I'm new with SER since August 2005. > > > I'm using ser v0.9.3 and mysql v4.1.13. > > > I use SER with two domains: 192.168.20.55 and 192.168.20.155. > > Some users are configured in subscribe table of SER database with domain > 192.168.20.55 and > > other users are configured in the same subscribe table of SER database > with > domain 192.168.20.155. > > > > I understand that user from domain 192.168.20.55 can not talk to users in > domain 192.168.20.155. Is it right? > > > > I have the following problem: > > Users from domain 192.168.20.55 can make calls to PBX/PSTN but users from > domain 192.168.20.155 can not, > > There is the message 403 Forbidden sent to the users. > > > > Here is the sequence: > > <- INVITE > > -> 407 Proxy Authentication Required > > <-ACK > > <-INVITE > > ->100 Trying > > ->403 Forbidden > > <-ACK > > ->403 Forbidden > > <-ACK > > ->403 Forbidden > > <-ACK > > > > I would like to know if there is a need to have two databases for the > multi-domain support with one SER? > > > Micheline Lambert > > I included a part of my ser.cfg file > > > > # > > # $Id: ser.cfg,v 1.25.2.1 2005/02/18 14:30:44 andrei Exp $ > > # > > # simple quick-start config script > > # > > > > ... > > > > listen=192.168.20.55 > > listen=192.168.20.155 # support multi-domains > > > > > > # ------------------ module loading ---------------------------------- > > > > # Uncomment this if you want to use SQL database > > loadmodule "/usr/local/lib/ser/modules/mysql.so" > > > > loadmodule "/usr/local/lib/ser/modules/sl.so" > > loadmodule "/usr/local/lib/ser/modules/tm.so" > > loadmodule "/usr/local/lib/ser/modules/rr.so" > > loadmodule "/usr/local/lib/ser/modules/maxfwd.so" > > loadmodule "/usr/local/lib/ser/modules/usrloc.so" > > loadmodule "/usr/local/lib/ser/modules/registrar.so" > > loadmodule "/usr/local/lib/ser/modules/textops.so" > > > > # Uncomment this if you want digest authentication > > # mysql.so must be loaded ! > > loadmodule "/usr/local/lib/ser/modules/auth.so" > > loadmodule "/usr/local/lib/ser/modules/auth_db.so" > > loadmodule "/usr/local/lib/ser/modules/uri_db.so" > > > > # load the group module to use : is_useer_in() function > > loadmodule "/usr/local/lib/ser/modules/group.so" > > > > # load the acc module ffor accounting > > loadmodule "/usr/local/lib/ser/modules/acc.so" > > > > #new module for multi-domain support > > loadmodule "/usr/local/lib/ser/modules/domain.so" > > > > # ----------------- setting module-specific parameters --------------- > > > > # -- usrloc params -- > > > > > > modparam("auth_db|uri_db|usrloc", "db_url", > "mysql://ser:heslo@localhost/ser") > > > > modparam("acc", "db_url", "mysql://ser:heslo@localhost/ser") > > > > modparam("usrloc|registrar", "use_domain", 1) > > > > # -- auth params -- > > # Uncomment if you are using auth module > > # > > modparam("auth_db", "calculate_ha1", 1) > > # > > # If you set "calculate_ha1" parameter to yes (which true in this config), > > # uncomment also the following parameter) > > # > > modparam("auth_db", "password_column", "password") > > > > > > #modparam("usrloc", "db_mode", 0) > > # Uncomment this if you want to use SQL database > > # for persistent storage and comment the previous line > > modparam("usrloc", "db_mode", 2) > > > > > > # -- rr params -- > > # add value to ;lr param to make some broken UAs happy > > modparam("rr", "enable_full_lr", 1) > > > > > > # -- acc params -- > > # set the reporting log level > > modparam("acc", "log_level", 1) > > # number of fflag which will be used fffor accounting; if a message > > # is labeled with this flag, its completion status will be reported > > modparam("acc", "log_flag", 1) > > > > modparam("acc", "db_flag", 1) > > modparam("acc", "report_cancels", 1) > > > > # ------------------------- request routing logic ------------------- > > > > # main routing logic > > > > route{ > > > > # ------------------------------------------------------------------ > > # Sanity Check Section > > # > ------------------------------------------------------------------ > > # initial sanity checks -- messages with > > # max_forwards==0, or excessively long requests > > if (!mf_process_maxfwd_header("10")) { > > sl_send_reply("483","Too Many Hops"); > > break; > > }; > > if (msg:len >= 2048 ) { > > sl_send_reply("513", "Message too big"); > > break; > > }; > > > > > > # ------------------------------------------------------------------ > > # labeled all transactions for accounting > > # > ------------------------------------------------------------------ > > log(1, "++++ labeled all transactions for accounting\n"); > > setflag(1); > > > > # ------------------------------------------------------------------ > > # Record Route Section > > # > ------------------------------------------------------------------ > > # we record-route all messages -- to make sure that > > # subsequent messages will go through our proxy; that's > > # particularly good if upstream and downstream entities > > # use different transport protocol > > if (!method=="REGISTER") record_route(); > > > > # ------------------------------------------------------------------ > > # Loose Route Section > > # > ------------------------------------------------------------------ > > # subsequent messages withing a dialog should take the > > # path determined by record-routing > > if (loose_route()) { > > # mark routing logic in request > > append_hf("P-hint: rr-enforced\r\n"); > > route(1); > > break; > > }; > > > > # ------------------------------------------------------------------ > > # Call Type Processing > > # > ------------------------------------------------------------------ > > if (!uri==myself) { > > # mark routing logic in request > > append_hf("P-hint: outbound uri!=myself\r\n"); > > route(1); > > break; > > }; > > > > # if the request is for other domain use UsrLoc > > # (in case, it does not work, use the following command > > # with proper names and addresses in it) > > if (uri==myself) { > > > > if (method=="INVITE") { > > route(3); > > break; > > } else if (method=="REGISTER") { > > route(2); > > break; > > }; > > > > lookup("aliases"); > > if (!uri==myself) { /* myself = my IP address */ > > append_hf("P-hint: outbound alias - > uri!=myself\r\n"); > > route(1); /* relay the message */ > > break; > > }; > > > > log(1, "++++ route other SIP > messages???????????????\n"); > > route(1); > > }; > > } > > > > route[1] > > { > > if (!t_relay()) { > > sl_reply_error(); > > }; > > } > > > > > > route[2] > > { > > sl_send_reply("100", "Trying"); > > > > log(1, "==== www_authorize\n"); > > # validate the authentication of the user > > if (!www_authorize("", "subscriber")) { > > log(1, "==== send 401 Unauthorized\n"); > > www_challenge("", "0"); # send back 401 > Unauthorized message > > break; # ask for another > registration with auth. > > }; > > > > if (!check_to()) { > > sl_send_reply("401", "Unauthorized 2"); > > break; > > }; > > > > log(1, "==== remove Authorization line\n"); > > consume_credentials(); # remove Authorization digest info from > message > > > > # save the user in the location table > > log(1, "==== save location and send Ok\n"); > > if (!save("location")) { # save the user in the location table, > send Ok message > > sl_reply_error(); > > }; > > > > } > > > > > > route[3] > > { > > if (!uri=~"sip:\+?[0-9]+@.*") { > > log(1, "---- call cannot be serverd here - not > numeric uri\n"); > > sl_send_reply("403", "Call cannot be served here"); > > break; > > } > > > > # > > # validate if Incoming call > > # > > if (src_ip==192.168.20.105) { # address of VoIP Gateway > > # > > # INCOMING call from VoIP Gateway > > # > > log(1, "---- Incoming calls from VoIP > Gateway\n"); > > if (lookup("location")) { > > # > > # dest user registered ! > > # > > log(1, "---- dest user registered - > relay the message\n"); > > route(1); > > break; > > } else { > > # > > # dest user not registered (not part of > location table) > > # > > log(1, "---- dest user NOT > registered > \n"); > > sl_send_reply("403", "User not Found"); > > break; > > }; > > }; > > > > # > > # Calls received from ATA > > # > > log(1, "---- call received from ATA\n"); > > > > # > > # validate the authentication of dest user > > # > > log(1, "---- proxy_authorize()\n"); > > if (!proxy_authorize("", "subscriber")) { > > log(1, "---- src user NOT authenticated\n"); > > proxy_challenge("", "0"); > > break; > > } else if (!check_from()) { > > sl_send_reply("403", "Use From=ID"); > > break; > > }; > > log(1, "---- src user authenticated\n"); > > # > > # remove Authorization line if necessary > > # > > log(1, "---- remove proxy-authorization line\n"); > > consume_credentials(); > > > > > > # > > # is it neccessary ???? > > # > > lookup("aliases"); > > if (uri!=myself) { > > log(1, "---- Relay message because uri != > myself\n"); > > append_hf("P-hint: outbound alias - > uri!=myself\r\n"); > > route(1); > > break; > > }; > > > > # > > # Validate destination calls > > # > > if (uri=~"sip:31[0-9]*@.*") { # first digits = "31" following > with 0-9 > > # > > # Local IP calls > > # > > log(1, "---- local IP calls\n"); > > if (is_user_in("From", "local")) { # source user > part of local group? > > # > > # src part of local group, relay the > message > > # > > log(1, "---- src part of local > group\n"); > > if (lookup("location")) { # dest user > registered ? > > # > > # User registered in > location table > > # > > log(1, "---- dest user > registered\n"); > > log(1, "---- dest = > local > ATA\n"); > > route(1); /* relay the > message */ > > break; > > } else { > > log(1, "---- dest user > NOT registered \n"); > > sl_send_reply("403", "User > not Found"); > > break; > > }; > > } else { > > log(1, "---- src NOT part of local > group\n"); > > sl_send_reply("403", "No Permission for > local calls"); > > break; > > }; > > }; > > > > # > > # Local PBX calls > > # > > if (uri=~"sip:3[0-9]*@.*") { # first digit = "3" following with > 0-9 > > # > > # Local PBX calls > > # > > log(1, "---- local PBX calls\n"); > > if (is_user_in("From", "local")) { # source user > part of local group? > > # > > # src part of local group, relay the > message > > # > > log(1, "---- src part of local > group\n"); > > log(1, "---- forward message to VoIP > Gateway\n"); > > rewritehostport("192.168.20.105:5060"); > > forward(192.168.20.105, 5060); > > break; > > } else { > > log(1, "---- src NOT part of local > group\n"); > > sl_send_reply("403", "No Permission for > local calls"); > > break; > > }; > > }; > > > > if (uri=~"sip:9[2-9][0-9]*@.*") { /* first digit = "9" > following > with 2-9 */ > > # > > # Free PSTN calls > > # > > log(1, "---- free PSTN calls\n"); > > if (is_user_in("From", "free-pstn")) { # source > user > part of free_pstn group? > > # > > # src part of free-pstn group, forward > the message > > # > > log(1, "---- forward message to VoIP > Gateway\n"); > > rewritehostport("192.168.20.105:5060"); > > forward(192.168.20.105, 5060); > > break; > > } else { > > log(1, "---- src NOT part of > free_pstn group\n"); > > sl_send_reply("403", "No Permission for > free PSTN calls"); > > break; > > }; > > }; > > > > if (uri=~"sip:91[2-9][0-9]*@.*") { /* first digit = "91" > following with 2-9 */ > > # > > # Long distance PSTN calls > > # > > log(1, "---- long distance calls\n"); > > if (is_user_in("From", "ld")) { # source user part > of long_dist group? > > # > > # src part of long_dist group, forward > the message > > # > > log(1, "---- forward message to VoIP > Gateway\n"); > > rewritehostport("192.168.20.105:5060"); > > forward(192.168.20.105, 5060); > > break; > > } else { > > log(1, "---- src NOT part of long > ddistance (ld) group\n"); > > sl_send_reply("403", "No Permission for > long distance calls"); > > break; > > }; > > }; > > > > if (uri=~"sip:9011[0-9]*@.*") { /* first digit = "9011" > following with 2-9 */ > > # > > # International calls > > # > > log(1, "---- international calls\n"); > > if (is_user_in("From", "int")) { # source user part > of int group? > > # > > # src part of international group, > forward the message > > # > > log(1, "---- forward message to VoIP > Gateway\n"); > > rewritehostport("192.168.20.105:5060"); > > forward(192.168.20.105, 5060); > > break; > > } else { > > log(1, "---- src NOT part of > international (int) group\n"); > > sl_send_reply("403", "No Permission for > international calls"); > > break; > > }; > > }; > > > > # > > # Invalid calls > > # > > log(1, "---- call NOT authorized\n"); > > sl_send_reply("403", "Call not Authorized"); > > > > } > > _______________________________________________ > Serusers mailing list > serusers(a)lists.iptel.org > http://lists.iptel.org/mailman/listinfo/serusers

19 years, 1 month

[Users] TLS

by Helge Waastad

Hi, sometimes when I retstart OpenSER eith tls support, I get: BUG: qm_free: freeing already freed pointer, first free: tls/tls_init.c: ser_free(207) - aborting br hw -- mvh/best regards Helge Waastad System Engineer Smartnet (+47)67830017

19 years, 1 month

[Users] TLS testing

by Bogdan-Andrei Iancu

Hi everybody, To make more easier the testing of the new TLS code, I would like to know if there are people interested to get involved. My idea is to set a OpenSER proxy only with TLS as a central node for interdomain/interservers TLS connectivity. Everybody will be free to connect to the server and to route through calls to the other participants. I will take care about setting the proxy, providing TLS certificates and info about how to connect. By doing this, we will be able to test the TLS as conformity and robustness (number of calls, and number or connections). Again, if there are people interested in this, please let me know in order to start the setup. regards, Bogdan

19 years, 1 month

[Serusers] SER and SN2300 inalp

by GT

Hello everybody, Anyone using SER with Inalp gateways SN2300 ? Any experience ? Thanks, gtel

19 years, 1 month

[Serusers] Forwarding to a CISCO 1760 with FXO

by Nhadie

Hi All, I have this on my SIP server; # Local PSTN Destination forward to CISCO 1760 if ((uri=~"^(sip:)?02[0-9]*@................etc..etc.. if (is_user_in("From", "local-pstn")) { rewritehostport("12.34.56.78:5060"); consume_credentials(); t_relay_to_udp("12.34.56.78", "5060"); # World PSTN Destination forward to gateway provider } else if ((uri=~"^(sip:)?00[0-9]*@......etc.etc.. { if (is_user_in("From", "world-pstn")) { strip(2); prefix("00000#"); rewritehostport("87.65.43.21:5060"); consume_credentials(); t_relay_to_udp("87.65.43.21", "5060"); The forwarding to the gateway provider works no problem, but the one going to local pstn, rings on the pstn line but when I answer it session will be cut, busy signal. Is this a problem on the CISCO 1760 or in my configuration? TIA Regards, Nhadie

19 years, 1 month

[Serusers] multi-domain support with one SER-2

by Lambert, Micheline (Satnet)

Hi, I'm new with SER since August 2005. I'm using ser v0.9.3 and mysql v4.1.13. I use SER with two domains: 192.168.20.55 and 192.168.20.155. Some users are configured in subscribe table of SER database with domain 192.168.20.55 and other users are configured in the same subscribe table of SER database with domain 192.168.20.155. I understand that user from domain 192.168.20.55 can not talk to users in domain 192.168.20.155. Is it right? I have the following problem: Users from domain 192.168.20.55 can make calls to PBX/PSTN but users from domain 192.168.20.155 can not, There is the message 403 Forbidden sent to the users. Here is the sequence: <- INVITE -> 407 Proxy Authentication Required <-ACK <-INVITE ->100 Trying ->403 Forbidden <-ACK ->403 Forbidden <-ACK ->403 Forbidden <-ACK I would like to know if there is a need to have two databases for the multi-domain support with one SER? Micheline Lambert I included a part of my ser.cfg file # # $Id: ser.cfg,v 1.25.2.1 2005/02/18 14:30:44 andrei Exp $ # # simple quick-start config script # ... listen=192.168.20.55 listen=192.168.20.155 # support multi-domains # ------------------ module loading ---------------------------------- # Uncomment this if you want to use SQL database loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/textops.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/uri_db.so" # load the group module to use : is_useer_in() function loadmodule "/usr/local/lib/ser/modules/group.so" # load the acc module ffor accounting loadmodule "/usr/local/lib/ser/modules/acc.so" #new module for multi-domain support loadmodule "/usr/local/lib/ser/modules/domain.so" # ----------------- setting module-specific parameters --------------- # -- usrloc params -- modparam("auth_db|uri_db|usrloc", "db_url", "mysql://ser:heslo@localhost/ser") modparam("acc", "db_url", "mysql://ser:heslo@localhost/ser") modparam("usrloc|registrar", "use_domain", 1) # -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", 1) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password") #modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2) # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # -- acc params -- # set the reporting log level modparam("acc", "log_level", 1) # number of fflag which will be used fffor accounting; if a message # is labeled with this flag, its completion status will be reported modparam("acc", "log_flag", 1) modparam("acc", "db_flag", 1) modparam("acc", "report_cancels", 1) # ------------------------- request routing logic ------------------- # main routing logic route{ # ------------------------------------------------------------------ # Sanity Check Section # ------------------------------------------------------------------ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); break; }; # ------------------------------------------------------------------ # labeled all transactions for accounting # ------------------------------------------------------------------ log(1, "++++ labeled all transactions for accounting\n"); setflag(1); # ------------------------------------------------------------------ # Record Route Section # ------------------------------------------------------------------ # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route(); # ------------------------------------------------------------------ # Loose Route Section # ------------------------------------------------------------------ # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); break; }; # ------------------------------------------------------------------ # Call Type Processing # ------------------------------------------------------------------ if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound uri!=myself\r\n"); route(1); break; }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="INVITE") { route(3); break; } else if (method=="REGISTER") { route(2); break; }; lookup("aliases"); if (!uri==myself) { /* myself = my IP address */ append_hf("P-hint: outbound alias - uri!=myself\r\n"); route(1); /* relay the message */ break; }; log(1, "++++ route other SIP messages???????????????\n"); route(1); }; } route[1] { if (!t_relay()) { sl_reply_error(); }; } route[2] { sl_send_reply("100", "Trying"); log(1, "==== www_authorize\n"); # validate the authentication of the user if (!www_authorize("", "subscriber")) { log(1, "==== send 401 Unauthorized\n"); www_challenge("", "0"); # send back 401 Unauthorized message break; # ask for another registration with auth. }; if (!check_to()) { sl_send_reply("401", "Unauthorized 2"); break; }; log(1, "==== remove Authorization line\n"); consume_credentials(); # remove Authorization digest info from message # save the user in the location table log(1, "==== save location and send Ok\n"); if (!save("location")) { # save the user in the location table, send Ok message sl_reply_error(); }; } route[3] { if (!uri=~"sip:\+?[0-9]+@.*") { log(1, "---- call cannot be serverd here - not numeric uri\n"); sl_send_reply("403", "Call cannot be served here"); break; } # # validate if Incoming call # if (src_ip==192.168.20.105) { # address of VoIP Gateway # # INCOMING call from VoIP Gateway # log(1, "---- Incoming calls from VoIP Gateway\n"); if (lookup("location")) { # # dest user registered ! # log(1, "---- dest user registered - relay the message\n"); route(1); break; } else { # # dest user not registered (not part of location table) # log(1, "---- dest user NOT registered \n"); sl_send_reply("403", "User not Found"); break; }; }; # # Calls received from ATA # log(1, "---- call received from ATA\n"); # # validate the authentication of dest user # log(1, "---- proxy_authorize()\n"); if (!proxy_authorize("", "subscriber")) { log(1, "---- src user NOT authenticated\n"); proxy_challenge("", "0"); break; } else if (!check_from()) { sl_send_reply("403", "Use From=ID"); break; }; log(1, "---- src user authenticated\n"); # # remove Authorization line if necessary # log(1, "---- remove proxy-authorization line\n"); consume_credentials(); # # is it neccessary ???? # lookup("aliases"); if (uri!=myself) { log(1, "---- Relay message because uri != myself\n"); append_hf("P-hint: outbound alias - uri!=myself\r\n"); route(1); break; }; # # Validate destination calls # if (uri=~"sip:31[0-9]*@.*") { # first digits = "31" following with 0-9 # # Local IP calls # log(1, "---- local IP calls\n"); if (is_user_in("From", "local")) { # source user part of local group? # # src part of local group, relay the message # log(1, "---- src part of local group\n"); if (lookup("location")) { # dest user registered ? # # User registered in location table # log(1, "---- dest user registered\n"); log(1, "---- dest = local ATA\n"); route(1); /* relay the message */ break; } else { log(1, "---- dest user NOT registered \n"); sl_send_reply("403", "User not Found"); break; }; } else { log(1, "---- src NOT part of local group\n"); sl_send_reply("403", "No Permission for local calls"); break; }; }; # # Local PBX calls # if (uri=~"sip:3[0-9]*@.*") { # first digit = "3" following with 0-9 # # Local PBX calls # log(1, "---- local PBX calls\n"); if (is_user_in("From", "local")) { # source user part of local group? # # src part of local group, relay the message # log(1, "---- src part of local group\n"); log(1, "---- forward message to VoIP Gateway\n"); rewritehostport("192.168.20.105:5060"); forward(192.168.20.105, 5060); break; } else { log(1, "---- src NOT part of local group\n"); sl_send_reply("403", "No Permission for local calls"); break; }; }; if (uri=~"sip:9[2-9][0-9]*@.*") { /* first digit = "9" following with 2-9 */ # # Free PSTN calls # log(1, "---- free PSTN calls\n"); if (is_user_in("From", "free-pstn")) { # source user part of free_pstn group? # # src part of free-pstn group, forward the message # log(1, "---- forward message to VoIP Gateway\n"); rewritehostport("192.168.20.105:5060"); forward(192.168.20.105, 5060); break; } else { log(1, "---- src NOT part of free_pstn group\n"); sl_send_reply("403", "No Permission for free PSTN calls"); break; }; }; if (uri=~"sip:91[2-9][0-9]*@.*") { /* first digit = "91" following with 2-9 */ # # Long distance PSTN calls # log(1, "---- long distance calls\n"); if (is_user_in("From", "ld")) { # source user part of long_dist group? # # src part of long_dist group, forward the message # log(1, "---- forward message to VoIP Gateway\n"); rewritehostport("192.168.20.105:5060"); forward(192.168.20.105, 5060); break; } else { log(1, "---- src NOT part of long ddistance (ld) group\n"); sl_send_reply("403", "No Permission for long distance calls"); break; }; }; if (uri=~"sip:9011[0-9]*@.*") { /* first digit = "9011" following with 2-9 */ # # International calls # log(1, "---- international calls\n"); if (is_user_in("From", "int")) { # source user part of int group? # # src part of international group, forward the message # log(1, "---- forward message to VoIP Gateway\n"); rewritehostport("192.168.20.105:5060"); forward(192.168.20.105, 5060); break; } else { log(1, "---- src NOT part of international (int) group\n"); sl_send_reply("403", "No Permission for international calls"); break; }; }; # # Invalid calls # log(1, "---- call NOT authorized\n"); sl_send_reply("403", "Call not Authorized"); }

19 years, 1 month

[Serusers] create admin account for a second domain with one ser

by Lambert, Micheline (Satnet)

Hi, I'm new with SER since August 2005. I'm using ser v0.9.3 and mysql v4.1.13. With the ser_mysql.sh create command, we can create the ser database with an admin user with a domain let's say: 192.168.20.55. How can I create a second admin user, let's say admin2 for the second domain 192.168.20.155? Do I have to execute the same command ser_mysql.sh create with the second domain 192.168.20.155? I don't think so. Is there a command I can use, or I have to create the admin2 user directly in the database (via the mysql command)? Thanks. Micheline Lambert

19 years, 1 month

[Serusers] installation & first run problem (I am new, ...)

by Ronald Wiplinger

I am new to SER, forgive me if I use "strange terms" or ask stupid or obviously things ;-) I downloaded SER and compiled from source. I tried to use the ser_mysql.sh script to create the database and the permittion. For me unknown reasons, the permissions for all ser(ro) are set to 'N' in the table mysql.user I tried to change it to 'Y' with GRANT ALL PRIVILEGES ON ser.* to 'ser'@'localhost' IDENTIFIED BY 'password' but that does not change anything in the mysql.user Strange is also that the database ser does not show up at all in phpMyAdmin and also the 4 records in mysql.user. Before I changed /usr/local/etc/ser/ser.cfg to reflect the mysql I tried to start ser with /usr/local/sbin/serctl start and I had many ser process in my ps list, but now it says: :/usr/local # /usr/local/sbin/serctl start Starting SER : PID file exists! (/var/run/ser.pid) already running? What have I done wrong? bye Ronald Wiplinger

19 years, 1 month

← Newer
1
2
3
4
5
6
7
8
9
...
51
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users September 2005