RE: [Serusers] multi-domain support with one SER-2

From the database ser, it is there.

Hi, I'm new with SER since August 2005. I'm using ser v0.9.3 and mysql v4.1.13. I use SER with two domains: 192.168.20.55 and 192.168.20.155. Some users are configured in subscribe table of SER database with domain 192.168.20.55 and other users are configured in the same subscribe table of SER database with domain 192.168.20.155. I understand that user from domain 192.168.20.55 can not talk to users in domain 192.168.20.155. Is it right? I have the following problem: Users from domain 192.168.20.55 can make calls to PBX/PSTN but users from domain 192.168.20.155 can not, There is the message 403 Forbidden sent to the users. Here is the sequence: <- INVITE -> 407 Proxy Authentication Required <-ACK <-INVITE ->100 Trying ->403 Forbidden <-ACK ->403 Forbidden <-ACK ->403 Forbidden <-ACK I would like to know if there is a need to have two databases for the multi-domain support with one SER? Micheline Lambert I included a part of my ser.cfg file # # $Id: ser.cfg,v 1.25.2.1 2005/02/18 14:30:44 andrei Exp $ # # simple quick-start config script # ... listen=192.168.20.55 listen=192.168.20.155 # support multi-domains # ------------------ module loading ---------------------------------- # Uncomment this if you want to use SQL database loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/textops.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/uri_db.so" # load the group module to use : is_useer_in() function loadmodule "/usr/local/lib/ser/modules/group.so" # load the acc module ffor accounting loadmodule "/usr/local/lib/ser/modules/acc.so" #new module for multi-domain support loadmodule "/usr/local/lib/ser/modules/domain.so" # ----------------- setting module-specific parameters --------------- # -- usrloc params -- modparam("auth_db|uri_db|usrloc", "db_url", "mysql://ser:heslo@localhost/ser") modparam("acc", "db_url", "mysql://ser:heslo@localhost/ser") modparam("usrloc|registrar", "use_domain", 1) # -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", 1) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password") #modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2) # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # -- acc params -- # set the reporting log level modparam("acc", "log_level", 1) # number of fflag which will be used fffor accounting; if a message # is labeled with this flag, its completion status will be reported modparam("acc", "log_flag", 1) modparam("acc", "db_flag", 1) modparam("acc", "report_cancels", 1) # ------------------------- request routing logic ------------------- # main routing logic route{ # ------------------------------------------------------------------ # Sanity Check Section # ------------------------------------------------------------------ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); break; }; #

# labeled all transactions for accounting # ------------------------------------------------------------------ log(1, "++++ labeled all transactions for accounting\n"); setflag(1); #

# Record Route Section # ------------------------------------------------------------------ # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route(); #

# Loose Route Section # ------------------------------------------------------------------ # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); break; }; #

# Call Type Processing # ------------------------------------------------------------------ if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound uri!=myself\r\n"); route(1); break; }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="INVITE") { route(3); break; } else if (method=="REGISTER") { route(2); break; }; lookup("aliases"); if (!uri==myself) { /* myself = my IP address */ append_hf("P-hint: outbound alias - uri!=myself\r\n"); route(1); /* relay the message */ break; }; log(1, "++++ route other SIP messages???????????????\n"); route(1); }; } route[1] { if (!t_relay()) { sl_reply_error(); }; } route[2] { sl_send_reply("100", "Trying"); log(1, "==== www_authorize\n"); # validate the authentication of the user if (!www_authorize("", "subscriber")) { log(1, "==== send 401 Unauthorized\n"); www_challenge("", "0"); # send back 401 Unauthorized message break; # ask for another registration with auth. }; if (!check_to()) { sl_send_reply("401", "Unauthorized 2"); break; }; log(1, "==== remove Authorization line\n"); consume_credentials(); # remove Authorization digest info from message # save the user in the location table log(1, "==== save location and send Ok\n"); if (!save("location")) { # save the user in the location table, send Ok message sl_reply_error(); }; } route[3] { if (!uri=~"sip:\+?[0-9]+@.*") { log(1, "---- call cannot be serverd here - not numeric uri\n"); sl_send_reply("403", "Call cannot be served here"); break; } # # validate if Incoming call # if (src_ip==192.168.20.105) { # address of VoIP Gateway # # INCOMING call from VoIP Gateway # log(1, "---- Incoming calls from VoIP Gateway\n"); if (lookup("location")) { # # dest user registered ! # log(1, "---- dest user registered - relay the message\n"); route(1); break; } else { # # dest user not registered (not part of location table) # log(1, "---- dest user NOT registered \n"); sl_send_reply("403", "User not Found"); break; }; }; # # Calls received from ATA # log(1, "---- call received from ATA\n"); # # validate the authentication of dest user # log(1, "---- proxy_authorize()\n"); if (!proxy_authorize("", "subscriber")) { log(1, "---- src user NOT authenticated\n"); proxy_challenge("", "0"); break; } else if (!check_from()) { sl_send_reply("403", "Use From=ID"); break; }; log(1, "---- src user authenticated\n"); # # remove Authorization line if necessary # log(1, "---- remove proxy-authorization line\n"); consume_credentials(); # # is it neccessary ???? # lookup("aliases"); if (uri!=myself) { log(1, "---- Relay message because uri != myself\n"); append_hf("P-hint: outbound alias - uri!=myself\r\n"); route(1); break; }; # # Validate destination calls # if (uri=~"sip:31[0-9]*@.*") { # first digits = "31" following with 0-9 # # Local IP calls # log(1, "---- local IP calls\n"); if (is_user_in("From", "local")) { # source user part of local group? # # src part of local group, relay the message # log(1, "---- src part of local group\n"); if (lookup("location")) { # dest user registered ? # # User registered in location table # log(1, "---- dest user registered\n"); log(1, "---- dest = local ATA\n"); route(1); /* relay the message */ break; } else { log(1, "---- dest user NOT registered \n"); sl_send_reply("403", "User not Found"); break; }; } else { log(1, "---- src NOT part of local group\n"); sl_send_reply("403", "No Permission for local calls"); break; }; }; # # Local PBX calls # if (uri=~"sip:3[0-9]*@.*") { # first digit = "3" following with 0-9 # # Local PBX calls # log(1, "---- local PBX calls\n"); if (is_user_in("From", "local")) { # source user part of local group? # # src part of local group, relay the message # log(1, "---- src part of local group\n"); log(1, "---- forward message to VoIP Gateway\n"); rewritehostport("192.168.20.105:5060"); forward(192.168.20.105, 5060); break; } else { log(1, "---- src NOT part of local group\n"); sl_send_reply("403", "No Permission for local calls"); break; }; }; if (uri=~"sip:9[2-9][0-9]*@.*") { /* first digit = "9" following with 2-9 */ # # Free PSTN calls # log(1, "---- free PSTN calls\n"); if (is_user_in("From", "free-pstn")) { # source user part of free_pstn group? # # src part of free-pstn group, forward the message # log(1, "---- forward message to VoIP Gateway\n"); rewritehostport("192.168.20.105:5060"); forward(192.168.20.105, 5060); break; } else { log(1, "---- src NOT part of free_pstn group\n"); sl_send_reply("403", "No Permission for free PSTN calls"); break; }; }; if (uri=~"sip:91[2-9][0-9]*@.*") { /* first digit = "91" following with 2-9 */ # # Long distance PSTN calls # log(1, "---- long distance calls\n"); if (is_user_in("From", "ld")) { # source user part of long_dist group? # # src part of long_dist group, forward the message # log(1, "---- forward message to VoIP Gateway\n"); rewritehostport("192.168.20.105:5060"); forward(192.168.20.105, 5060); break; } else { log(1, "---- src NOT part of long ddistance (ld) group\n"); sl_send_reply("403", "No Permission for long distance calls"); break; }; }; if (uri=~"sip:9011[0-9]*@.*") { /* first digit = "9011" following with 2-9 */ # # International calls # log(1, "---- international calls\n"); if (is_user_in("From", "int")) { # source user part of int group? # # src part of international group, forward the message # log(1, "---- forward message to VoIP Gateway\n"); rewritehostport("192.168.20.105:5060"); forward(192.168.20.105, 5060); break; } else { log(1, "---- src NOT part of international (int) group\n"); sl_send_reply("403", "No Permission for international calls"); break; }; }; # # Invalid calls # log(1, "---- call NOT authorized\n"); sl_send_reply("403", "Call not Authorized"); } _______________________________________________ Serusers mailing list serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers