Hi folks!
I have many users logged on my SER proxy, and routing works fine, but for some destinations, I have to relay the call for another sip proxy.
Well, on the second proxy, my users login doesn't exist, so I have to rewrite the username or credentials, before to relay!
I have tried with setuserpass and sethost but doesn't work...
My question is: does this is a normal thing, or I don't have to change the username from sip message?
Regards.
what kind of authentication requires the second proxy? Can you establish a trust relation based on IP addresses with that proxy? SER is mainly a SIP proxy and it doesn't authenticate by itself, neither in behalf of users.
Daniel
On 11/22/04 22:46, sendman wrote:
Hi folks!
I have many users logged on my SER proxy, and routing works fine, but for some destinations, I have to relay the call for another sip proxy.
Well, on the second proxy, my users login doesn't exist, so I have to rewrite the username or credentials, before to relay!
I have tried with setuserpass and sethost but doesn't work...
My question is: does this is a normal thing, or I don't have to change the username from sip message?
Regards.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
I've got more or less the same problem, I'm now using ser for routing and Asterisk for routing to other destinations which require authentication.
Kind regards,
E. Versaevel
-----Oorspronkelijk bericht----- Van: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] Namens Daniel-Constantin Mierla Verzonden: dinsdag 23 november 2004 11:51 Aan: sendman CC: serusers@lists.iptel.org Onderwerp: Re: [Serusers] Double autentication
what kind of authentication requires the second proxy? Can you establish a trust relation based on IP addresses with that proxy? SER is mainly a SIP proxy and it doesn't authenticate by itself, neither in behalf of users.
Daniel
On 11/22/04 22:46, sendman wrote:
Hi folks!
I have many users logged on my SER proxy, and routing works fine, but for some destinations, I have to relay the call for another sip proxy.
Well, on the second proxy, my users login doesn't exist, so I have to rewrite the username or credentials, before to relay!
I have tried with setuserpass and sethost but doesn't work...
My question is: does this is a normal thing, or I don't have to change the username from sip message?
Regards.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Well, on second proxy I have to do Digest authentication with different username/password from my proxy...
I want to know if I can rewrite the username/password before to relay to second proxy?
On Tue, 23 Nov 2004 11:50:55 +0100, Daniel-Constantin Mierla daniel-constantin.mierla@fokus.fraunhofer.de wrote:
what kind of authentication requires the second proxy? Can you establish a trust relation based on IP addresses with that proxy? SER is mainly a SIP proxy and it doesn't authenticate by itself, neither in behalf of users.
Daniel
On 11/22/04 22:46, sendman wrote:
Hi folks!
I have many users logged on my SER proxy, and routing works fine, but for some destinations, I have to relay the call for another sip proxy.
Well, on the second proxy, my users login doesn't exist, so I have to rewrite the username or credentials, before to relay!
I have tried with setuserpass and sethost but doesn't work...
My question is: does this is a normal thing, or I don't have to change the username from sip message?
Regards.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
On 11/23/04 12:48, sendman wrote:
Well, on second proxy I have to do Digest authentication with different username/password from my proxy...
I want to know if I can rewrite the username/password before to relay to second proxy?
this will not help. These operations apply to request URI and doesn't affect credentials for digest authentication. The solution used by E. Versaevel (in the same mail thread) is a way to go.
Daniel
On Tue, 23 Nov 2004 11:50:55 +0100, Daniel-Constantin Mierla daniel-constantin.mierla@fokus.fraunhofer.de wrote:
what kind of authentication requires the second proxy? Can you establish a trust relation based on IP addresses with that proxy? SER is mainly a SIP proxy and it doesn't authenticate by itself, neither in behalf of users.
Daniel
On 11/22/04 22:46, sendman wrote:
Hi folks!
I have many users logged on my SER proxy, and routing works fine, but for some destinations, I have to relay the call for another sip proxy.
Well, on the second proxy, my users login doesn't exist, so I have to rewrite the username or credentials, before to relay!
I have tried with setuserpass and sethost but doesn't work...
My question is: does this is a normal thing, or I don't have to change the username from sip message?
Regards.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
However I've still got problems with that setup. * Asterisk seems to alter the From: header in my incoming calls (changes non numeric usernames to asterisk) * Sip error messages are not relayed (ie, my outgoing call creates a 404 not found, but asterisk doesn't relay that message back to the originating UA * Asterisk is annoying for the fact that it want's to remain in the RTP Path (could be solved with canreinvite=yes entries in sip.conf, however my asterisk doesn't want to get out of the RTP Path, hence it scales much worse.
Not even starting on how to design and implement a scaleable/redundant setup (which is more or less what I need to do for my final school project)
Kind regards,
E. Versaevel
-----Oorspronkelijk bericht----- Van: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] Namens Daniel-Constantin Mierla Verzonden: dinsdag 23 november 2004 13:12 Aan: sendman CC: serusers@lists.iptel.org Onderwerp: Re: [Serusers] Double autentication
On 11/23/04 12:48, sendman wrote:
Well, on second proxy I have to do Digest authentication with different username/password from my proxy...
I want to know if I can rewrite the username/password before to relay to second proxy?
this will not help. These operations apply to request URI and doesn't affect credentials for digest authentication. The solution used by E. Versaevel (in the same mail thread) is a way to go.
Daniel
On Tue, 23 Nov 2004 11:50:55 +0100, Daniel-Constantin Mierla daniel-constantin.mierla@fokus.fraunhofer.de wrote:
what kind of authentication requires the second proxy? Can you establish a trust relation based on IP addresses with that proxy? SER is mainly a SIP proxy and it doesn't authenticate by itself, neither in behalf of
users.
Daniel
On 11/22/04 22:46, sendman wrote:
Hi folks!
I have many users logged on my SER proxy, and routing works fine, but for some destinations, I have to relay the call for another sip proxy.
Well, on the second proxy, my users login doesn't exist, so I have to rewrite the username or credentials, before to relay!
I have tried with setuserpass and sethost but doesn't work...
My question is: does this is a normal thing, or I don't have to change the username from sip message?
Regards.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Well, according to the specifications, it is possible to challenge one SIP request several times (with different realm in digest credentials). The 401 would be always forwarded to the user agent and the user agent should be configured with several usernames and password (for different realms).
The problem is that this is not supported in user agents (as far as I know only Snom and Pingtel support it). I did ask several UA vendors if they plan to implement it and the answer was always no. Given that, the best you can do is avoid double authentication.
Jan.
On 23-11 09:48, sendman wrote:
Well, on second proxy I have to do Digest authentication with different username/password from my proxy...
I want to know if I can rewrite the username/password before to relay to second proxy?
On Tue, 23 Nov 2004 11:50:55 +0100, Daniel-Constantin Mierla daniel-constantin.mierla@fokus.fraunhofer.de wrote:
what kind of authentication requires the second proxy? Can you establish a trust relation based on IP addresses with that proxy? SER is mainly a SIP proxy and it doesn't authenticate by itself, neither in behalf of users.
Daniel
On 11/22/04 22:46, sendman wrote:
Hi folks!
I have many users logged on my SER proxy, and routing works fine, but for some destinations, I have to relay the call for another sip proxy.
Well, on the second proxy, my users login doesn't exist, so I have to rewrite the username or credentials, before to relay!
I have tried with setuserpass and sethost but doesn't work...
My question is: does this is a normal thing, or I don't have to change the username from sip message?
Regards.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Daniel-Constantin Mierla -
E. Versaevel -
Jan Janak -
sendman