the problem is the cisco gateway is not capable of supporting digest authetnication. (not ver good indeed). You are left with authentication by source IP address.
-jiri
At 04:56 PM 3/26/2004, Daniel-Constantin Mierla wrote:
No idea about it. You can watch the network traffic (using ngrep on ser machine: ngrep port 5060) and see if the realm from a 401/407 reply matches with the one from next request.
.Daniel
On 03/26/04 16:46, Raymond Chen wrote:
I use AS5300 as UA.
-----Original Message----- From: Daniel-Constantin Mierla [mailto:daniel@iptel.org] Sent: Friday, March 26, 2004 11:04 PM To: Raymond Chen Cc: serdev@lists.iptel.org; serusers@lists.iptel.org Subject: Re: [Serusers] RE: [Serdev] check_from
What client do you use? It does not use the realm from challenge -- it is a MSN Messenger specific bug, but it might be present in other sip clients. You must set the realm from challenge as the host part of the sip id.
.Daniel
On 03/26/04 15:46, Raymond Chen wrote:
Danial,
www_authorize fail to authorize without password
0(3283) lookup(): '85234230599@218.20.229.53' Not found in usrloc 0(3283) parse_headers: flags=4096 0(3283) pre_auth(): Credentials with given realm not found 0(3283) build_auth_hf(): 'WWW-Authenticate: Digest realm="xxx.org", nonce="40644192d74bf39b0ebb5d141cb2073a6c09daf8" '
Regards
Raymond
-----Original Message----- From: Daniel-Constantin Mierla [mailto:daniel@iptel.org] Sent: Friday, March 26, 2004 8:04 PM To: Raymond Chen Subject: Re: [Serusers] RE: [Serdev] check_from
Try something like this:
if (method=="INVITE") { if (!www_authorize("xxx.org", "subscriber")) { www_challenge("xxx.org", "0"); break; }; if (!check_from()) { sl_send_reply("403", "Only registered users are allowed"); break; };
};
.Daniel
On 03/26/04 12:48, Raymond Chen wrote:
Now we understand what the what the message means after reading the
message
a few times. We are trying to do PSTN(as5300) ---> ser -----> pstn (AS5300), and to authorize the calling number (callerid) in the INVITE message against URI table. But check_from command needs to call proxy_authorize, which it requires username and password. we setup the configuration like this
if (method=="INVITE" & proxy_authorize("xxx.org", "subscriber") if (!check_from()) { sl_send_reply("403", "Only registered users are allowed"); break; } }
Because cisco does not have sip password setting, so we have
0(3173) check_username(): No authorized credentials found (error in
scripts)
0(3173) check_username(): Call {www,proxy}_authorize before calling
check_*
function !
Does anyone has a solution?
Regards
-----Original Message----- From: Daniel-Constantin Mierla [mailto:daniel@iptel.org] Sent: Friday, March 26, 2004 6:18 PM To: Raymond Chen Cc: serdev@lists.iptel.org Subject: Re: [Serdev] check_from
Hello, the last error message is self explanatory. You need to call either www_authorize() or proxy_authorize() before calling check_from() because this method compares the data from From header with what is in credentials (response to a authentication challenge).
.Daniel
On 03/26/04 04:35, Raymond Chen wrote:
Dear all,
We have configured Ser to check from username field to authorize user ¡°unknown¡±
if (!check_from()) {
sl_send_reply("403", "Only registered users are allowed");
break;
};
We have error message
0(2568) check_username(): No authorized credentials found (error in scripts)
0(2568) check_username(): Call {www,proxy}_authorize before calling check_* function !
We have ¡°unknown¡± username entry in uri table.
Regards
Serdev mailing list serdev@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serdev
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serdev mailing list serdev@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serdev
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/