1 Nov
2004
1 Nov
'04
11:32 a.m.
Hi,
Even though the mysql database is working fine (i.e. I can add users
etc) and I've uncommented the authentication lines in the ser.cfg
file, my ser still allows any UA to register. I have included my
config file below. Any ideas?
Really appreciate the help Im getting from this list,
Aisling.
# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters
------------------------
#debug=3 # debug level (cmd line: -dddddddddd)
#fork=yes
#log_stderror=no # (cmd line: -E)
alias=172.16.3.12
#alias=10.10.10.12
#alias=10.0.1.4
#alias=192.168.3.77
#alias=cit.ie
/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
#children=4
fifo="/tmp/ser_fifo"
# ------------------ module loading
----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
# ----------------- setting module-specific parameters
---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this
config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password"
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic
-------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER" {
# Uncomment this if you want to use digest authentication
if (!www_authorize("172.16.3.12", "subscriber")) {
www_challenge("172.16.3.12", "0");
break;
};
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
#inserted by klaus
if (method=="INVITE"){
record_route();
force_rtp_proxy();
/* set up reply processing */
t_on_reply("1");
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
# inserted by klaus
#all incoming replies for t_onrepli-ed transactions enter here
onreply-route[1]{
if(status=~"[12][0-9][0-9]"
force_rtp_proxy();
}
-------------------Legal Disclaimer---------------------------------------
The above electronic mail transmission is confidential and intended only for the person to
whom it is addressed. Its contents may be protected by legal and/or professional
privilege. Should it be received by you in error please contact the sender at the above
quoted email address. Any unauthorised form of reproduction of this message is strictly
prohibited. The Institute does not guarantee the security of any information
electronically transmitted and is not liable if the information contained in this
communication is not a proper and complete record of the message as transmitted by the
sender nor for any delay in its receipt.
----------------------------------------------------------------------------------------
1 Nov
1 Nov
5:53 p.m.
Hi Ashling,
I've just recently gotten this working myself!
In your Ser.cfg you seem to have both of the following lines uncommented.
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
You need to choose one or the other.
Barring that have you checked that ser_mysql tables are installed correctly
by querying them as per the How To Doc?
Finally! You could try hardening your MySQL server by changing the mysql
root PW and removeing the anonymous userids. It's detailed in the My SQL
Docs on www.mysql.com
I'm no expert but I did all the above and registration works well now.
Good Luck!
Darren
PS Anyone out there had a chance to look at my post re registered users not
being able to see/call each other?? I'm stumped!
----- Original Message -----
From: "Ashling O'Driscoll" <ashling.odriscoll(a)cit.ie>
To: <serusers(a)lists.iptel.org>
Sent: Monday, November 01, 2004 9:32 AM
Subject: [Serusers] authentication (or lack there of)
Hi,
Even though the mysql database is working fine (i.e. I can add users
etc) and I've uncommented the authentication lines in the ser.cfg
file, my ser still allows any UA to register. I have included my
config file below. Any ideas?
Really appreciate the help Im getting from this list,
Aisling.
# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters
------------------------
#debug=3 # debug level (cmd line: -dddddddddd)
#fork=yes
#log_stderror=no # (cmd line: -E)
alias=172.16.3.12
#alias=10.10.10.12
#alias=10.0.1.4
#alias=192.168.3.77
#alias=cit.ie
/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
#children=4
fifo="/tmp/ser_fifo"
# ------------------ module loading
----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
# ----------------- setting module-specific parameters
---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this
config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password"
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic
-------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER" {
# Uncomment this if you want to use digest authentication
if (!www_authorize("172.16.3.12", "subscriber")) {
www_challenge("172.16.3.12", "0");
break;
};
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
#inserted by klaus
if (method=="INVITE"){
record_route();
force_rtp_proxy();
/* set up reply processing */
t_on_reply("1");
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
# inserted by klaus
#all incoming replies for t_onrepli-ed transactions enter here
onreply-route[1]{
if(status=~"[12][0-9][0-9]"
force_rtp_proxy();
}
-------------------Legal
Disclaimer---------------------------------------
The above electronic mail transmission is confidential and intended only
for the
person to whom it is addressed. Its contents may be protected by
legal and/or professional privilege. Should it be received by you in error
please contact the sender at the above quoted email address. Any
unauthorised form of reproduction of this message is strictly prohibited.
The Institute does not guarantee the security of any information
electronically transmitted and is not liable if the information contained in
this communication is not a proper and complete record of the message as
transmitted by the sender nor for any delay in its receipt.
--------------------------------------------------------------------------
--------------
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
7326
days inactive
7326
days old
1 comments
2 participants
participants (2)
-
Ashling O'Driscoll -
Darren O'Donohoe