I'm having trouble divining the proper way to authenticate calls to remote destinations that require it. I'm hoping someone can clear it up.
Freeswitch client server A is authenticated to Kamailio. Freeswitch test server B is authenticated to Kamailio.
Calls from A -> Kamailio -> B fail with rejection of the authentication information that A is using to Kamailio.
As far as I understand, I need to rewrite the authentication information with UAC? However, UAC's uacreg table seems to tie remote users to remote destinations, when all I want to do is authenticate all calls routed to the destination regardless of what the user or the source is. Am I using the wrong module?
On Monday 03 February 2014 20:59:57 Pete Ashdown wrote:
As far as I understand, I need to rewrite the authentication information with UAC? However, UAC's uacreg table seems to tie remote users to remote destinations, when all I want to do is authenticate all calls routed to the destination regardless of what the user or the source is. Am I using the wrong module?
Rewriting is not an option AFAIK, since B will issue its own challenge.
uacreg is REGISTERing to an other server. You want to authenticate INVITEs, for which uac is the right module. You'll need to set the folowing:
modparam("uac","auth_realm_avp","$avp(uac_auth_realm)") modparam("uac","auth_username_avp","$avp(uac_auth_user)") modparam("uac","auth_password_avp","$avp(uac_auth_pass)")
You'll just have to sent the INVITE from A to B, B will respond with a 401. In the failure route that was set for the INVITE to B you have to set the AVPs and call uac_auth():
if (t_check_status("401")) { $avp(uac_auth_realm)=$td;
if($si=="serverB") { $avp(uac_auth_user)=$B_USER; $avp(uac_auth_pass)=$B_PASSWD: } ...
uac_auth();
t_relay(); exit; }
-
Daniel Tryba -
Pete Ashdown