[Serusers] 401 Not authorized from all hosts bar localhost [newbie]

I think I have taken a pretty standard install of ser 0.8.12, added mysql support (as per INSTALL) and attempted to add a user. I only seem to be able to authenticate from localhost. I have installed sipsak 0.8.7 on the local machine and on another on the same LAN (no NAT nasties yet), and it seems to show the problem. Any ideas? Apologies if I've broken stuff in anonymizing the server names. Extracts from config files below. server.xx.com = the sip server. 10.0.0.1 = sip server IP 10.0.0.2 = test server IP Alex ser.conf relevant bit: if (method=="REGISTER") { # Uncomment this if you want to use digest authentication if (!www_authorize("server.xx.com", "subscriber")) { www_challenge("server.xx.com", "0"); break; }; save("location"); break; }; running from sipsak on server.xx.com: amb@server:~/ser/sipsak-0.8.7$ sipsak -vv -n -U -s sip:alex2@server.xx.com -a mypassword warning: redirects are not expected in USRLOC. disableing registering user alex2... authorizing registering user alex2... OK All usrloc tests completed successful. received last message 0.036 ms after first request (test duration). and here's the ngrep: server:/home/amb# ngrep -d lo -s 1524 port 5060 interface: lo (127.0.0.0/255.0.0.0) filter: ip and ( port 5060 ) # U 10.0.0.1:1044 -> 10.0.0.1:5060 REGISTER sip:server.xx.com SIP/2.0..Via: SIP/2.0/UDP 10.0.0.1:104 4;rport..From: <sip:alex2@server.xx.com>..To: <sip:alex2@server.xx .com>..Call-ID: 475684381@10.0.0.1..CSeq: 1 REGISTER..Contact: <sip: alex2@10.0.0.1:1044>..Expires: 15..Content-Length: 0..Max-Forwards: 70. .User-Agent: sipsak 0.8.7.... # U 10.0.0.1:5060 -> 10.0.0.1:1044 SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 10.0.0.1:1044;rport=1044..Fr om: <sip:alex2@server.xx.com>..To: <sip:alex2@server.xx.com>;ta g=b27e1a1d33761e85846fc98f5f3a7e58.97fd..Call-ID: 475684381@10.0.0.1..C Seq: 1 REGISTER..WWW-Authenticate: Digest realm="server.xx.com", nonc e="502d62a485790d640f7f69dd181347090302cdcd"..Server: Sip EXpress router (0 .8.12 (i386/linux))..Content-Length: 0..Warning: 392 10.0.0.1:5060 "Noi sy feedback tells: pid=7642 req_src_ip=10.0.0.1 req_src_port=1044 in_u ri=sip:server.xx.com out_uri=sip:server.xx.com via_cnt==1".... # U 10.0.0.1:1044 -> 10.0.0.1:5060 REGISTER sip:server.xx.com SIP/2.0..Authorization: Digest username="a lex2", uri="sip:server.xx.com", algorithm=MD5, realm="server.xx.com ", nonce="502d62a485790d640f7f69dd181347090302cdcd", response="6a404e2b 88fc6188700f79f320a6a51c"..Via: SIP/2.0/UDP 10.0.0.1:1044;rport..From: <sip:alex2@server.xx.com>..To: <sip:alex2@server.xx.com>..Call- ID: 475684381@10.0.0.1..CSeq: 1 REGISTER..Contact: <sip:alex2@10.0.0.1 :1044>..Expires: 15..Content-Length: 0..Max-Forwards: 70..User-Agent: si psak 0.8.7.... # U 10.0.0.1:5060 -> 10.0.0.1:1044 SIP/2.0 200 OK..Via: SIP/2.0/UDP 10.0.0.1:1044;rport=1044..From: <sip:a lex2@server.xx.com>..To: <sip:alex2@server.xx.com>;tag=b27e1a1d 33761e85846fc98f5f3a7e58.97fd..Call-ID: 475684381@10.0.0.1..CSeq: 1 REG ISTER..Contact: <sip:alex2@10.0.0.1:1044>;q=0.00;expires=15..Server: Si p EXpress router (0.8.12 (i386/linux))..Content-Length: 0..Warning: 392 10.0.0.1:5060 "Noisy feedback tells: pid=7647 req_src_ip=10.0.0.1 req _src_port=1044 in_uri=sip:server.xx.com out_uri=sip:server.alex.org. uk via_cnt==1".... exit 4 received, 0 dropped So the above worked OK, in contrast to the following from the other machine: amb@shed:~/ser/sipsak-0.8.7$ sipsak -vv -n -U -s sip:alex2@server.xx.com -a mypassword warning: redirects are not expected in USRLOC. disableing registering user alex2... authorizing registering user alex2... request: REGISTER sip:server.xx.com SIP/2.0 Authorization: Digest username="alex2", uri="sip:server.xx.com", algorithm=MD5, realm="server.xx.com", nonce="402d62ec967c4b87fd544107bd35d2b1bcd992aa", response="fc2bed90d6b618ad2567d56a49c2c897" Via: SIP/2.0/UDP 10.0.0.2:36939;rport From: <sip:alex2@server.xx.com> To: <sip:alex2@server.xx.com> Call-ID: 53052185(a)10.0.0.2 CSeq: 1 REGISTER Contact: <sip:alex2@10.0.0.2:36939> Expires: 15 Content-Length: 0 Max-Forwards: 70 User-Agent: sipsak 0.8.7 response: SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 10.0.0.2:36939;rport=36939 From: <sip:alex2@server.xx.com> To: <sip:alex2@server.xx.com>;tag=b27e1a1d33761e85846fc98f5f3a7e58.7eaf Call-ID: 53052185(a)10.0.0.2 CSeq: 1 REGISTER WWW-Authenticate: Digest realm="server.xx.com", nonce="402d62ec967c4b87fd544107bd35d2b1bcd992aa" Server: Sip EXpress router (0.8.12 (i386/linux)) Content-Length: 0 Warning: 392 10.0.0.1:5060 "Noisy feedback tells: pid=7637 req_src_ip=10.0.0.2 req_src_port=36939 in_uri=sip:server.xx.com out_uri=sip:server.xx.com via_cnt==1" error: authorization failed request already contains (Proxy-) Authorization, but received 401, see above And here's the ngrep: server:/home/amb# ngrep -d eth0 -s 1524 port 5060 interface: eth0 (195.82.114.0/255.255.255.0) filter: ip and ( port 5060 ) # U 10.0.0.2:36939 -> 10.0.0.1:5060 REGISTER sip:server.xx.com SIP/2.0..Via: SIP/2.0/UDP 10.0.0.2:3 6939;rport..From: <sip:alex2@server.xx.com>..To: <sip:alex2@server. xx.com>..Call-ID: 53052185@10.0.0.2..CSeq: 1 REGISTER..Contact: < sip:alex2@10.0.0.2:36939>..Expires: 15..Content-Length: 0..Max-Forwar ds: 70..User-Agent: sipsak 0.8.7.... # U 10.0.0.1:5060 -> 10.0.0.2:36939 SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 10.0.0.2:36939;rport=36939 ..From: <sip:alex2@server.xx.com>..To: <sip:alex2@server.xx.com ..CSeq: 1 REGISTER..WWW-Authenticate: Digest realm="server.xx.com", nonce="502d62ec967c4b87fd544107bd35d2b1bcd992aa"..Server: Sip EXpress rout er (0.8.12 (i386/linux))..Content-Length: 0..Warning: 392 10.0.0.1:5060 "Noisy feedback tells: pid=7647 req_src_ip=10.0.0.2 req_src_port=36 939 in_uri=sip:server.xx.com out_uri=sip:server.xx.com via_cnt= =1".... # U 10.0.0.2:36939 -> 10.0.0.1:5060 REGISTER sip:server.xx.com SIP/2.0..Authorization: Digest username="a lex2", uri="sip:server.xx.com", algorithm=MD5, realm="server.xx.com ", nonce="502d62ec967c4b87fd544107bd35d2b1bcd992aa", response="ec2bed90 d6b618ad2567d56a49c2c897"..Via: SIP/2.0/UDP 10.0.0.2:36939;rport..Fro m: <sip:alex2@server.xx.com>..To: <sip:alex2@server.xx.com>..Ca ll-ID: 53052185@10.0.0.2..CSeq: 1 REGISTER..Contact: <sip:alex2@10. 0.0.2:36939>..Expires: 15..Content-Length: 0..Max-Forwards: 70..User-Ag ent: sipsak 0.8.7.... # U 10.0.0.1:5060 -> 10.0.0.2:36939 SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 10.0.0.2:36939;rport=36939 ..From: <sip:alex2@server.xx.com>..To: <sip:alex2@server.xx.com ..CSeq: 1 REGISTER..WWW-Authenticate: Digest realm="server.xx.com", nonce="502d62ec967c4b87fd544107bd35d2b1bcd992aa"..Server: Sip EXpress rout er (0.8.12 (i386/linux))..Content-Length: 0..Warning: 392 10.0.0.1:5060 "Noisy feedback tells: pid=7637 req_src_ip=10.0.0.2 req_src_port=36 939 in_uri=sip:server.xx.com out_uri=sip:server.xx.com via_cnt= =1"....