I am trying to bring up the anthentication module. Here are the list of what I have done.
1. Create MySQL tables and modify the permissions (SER could connect MySQL successfully) 2. Modify SER configuration (See below)
loadmodule "//usr/lib/ser/modules/mysql.so" loadmodule "//usr/lib/ser/modules/auth.so" modparam("usrloc", "db_url", "sql://ser:heslo@localhost/ser") modparam("usrloc", "db_mode", 2) modparam("auth", "db_url", "sql://ser:heslo@localhost/ser") modparam("auth", "user_column", "user_id") modparam("auth", "calculate_ha1", yes) modparam("auth", "password_column", "password")
if (uri=~"sip.abcd.com") { if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication if (!www_authorize("sip.abcd.com", "subscriber")) { www_challenge("sip.abcd.com", "0"); break; };
save("location"); break; };
After all these changes, SER could start without problem. But it seems that the Auth module doesn't take effect. For whatever username/password (whether it's included in the subscriber table or not), SER just allow the registration.
What maybe the problem? Is there anything wrong with the configuration?
Thanks.
Hello,
please always include ser logs and dump of the messages when asking for help, I really have no crystal ball. The config seems to be ok.
regards, Jan.
On 19-03 11:26, Bo wrote:
I am trying to bring up the anthentication module. Here are the list of what I have done.
- Create MySQL tables and modify the permissions (SER could connect MySQL successfully)
- Modify SER configuration (See below)
loadmodule "//usr/lib/ser/modules/mysql.so" loadmodule "//usr/lib/ser/modules/auth.so" modparam("usrloc", "db_url", "sql://ser:heslo@localhost/ser") modparam("usrloc", "db_mode", 2) modparam("auth", "db_url", "sql://ser:heslo@localhost/ser") modparam("auth", "user_column", "user_id") modparam("auth", "calculate_ha1", yes) modparam("auth", "password_column", "password")
if (uri=~"sip\.abcd\.com") { if (method=="REGISTER") {# Uncomment this if you want to use digest authentication if (!www_authorize("sip.abcd.com", "subscriber")) { www_challenge("sip.abcd.com", "0"); break; };
save("location"); break; };After all these changes, SER could start without problem. But it seems that the Auth module doesn't take effect. For whatever username/password (whether it's included in the subscriber table or not), SER just allow the registration.
What maybe the problem? Is there anything wrong with the configuration?
Thanks.
Sorry, here are the log file and ngrep dump for your reference. Thanks.
Mar 19 16:10:23 dda ser: mod_init(): Database connection opened successfuly Mar 19 16:10:23 dda ser: INFO: udp_init: SO_RCVBUF is initially 65535 Mar 19 16:10:23 dda ser: INFO: udp_init: SO_RCVBUF is finally 262142 Mar 19 16:10:23 dda ser: WARNING: using only the first listen address (no fork) Mar 19 16:10:23 dda ser: INFO: fifo process starting: 4233 Mar 19 16:10:23 dda ser: SER: open_uac_fifo: fifo server up at /tmp/ser_fifo... Mar 19 16:11:23 dda kernel: device eth0 entered promiscuous mode Mar 19 16:11:52 dda kernel: device eth0 left promiscuous mode
# U 68.48.117.200:5060 -> 192.168.3.19:5060 REGISTER sip:dda.bmx-inc.com SIP/2.0..Via: SIP/2.0/UDP 192.168.2.2:5060..From: <sip:6335391@dd a.bmx-inc.com;user=phone>..To: sip:6335391@dda.bmx-inc.com;user=phone..Call-ID: 175462817@19 2.168.2.2..CSeq: 2 REGISTER..Contact: <sip:6335391@68.48.117.200:5060;user=phone;transport=udp
;expires=120..User-Agent: Cisco ATA v2.15 ata18x
(020927a)..Content-Length: 0.... # U 192.168.3.19:5060 -> 68.48.117.200:5060 SIP/2.0 200 OK..Via: SIP/2.0/UDP 192.168.2.2:5060;received=68.48.117.200..From: <sip:6335391@d da.bmx-inc.com;user=phone>..To: sip:6335391@dda.bmx-inc.com;user=phone;tag=d907c037823644515 dfe0ede38ca9976.1a2f..Call-ID: 175462817@192.168.2.2..CSeq: 2 REGISTER..Contact: <sip:6335391@6 8.48.117.200:5060;user=phone;transport=udp>;q=0.00;expires=120..Server: Sip EXpress router (0.8 .10 (i386/linux))..Content-Length: 0..Warning: 392 192.168.3.19:5060 "Noisy feedback tells: pid =3269 req_src_ip=68.48.117.200 in_uri=sip:dda.bmx-inc.com out_uri=sip:dda.bmx-inc.com via_cnt== 1"....
----- Original Message ----- From: "Jan Janak" jan@iptel.org To: "Bo" boman122@yahoo.com Cc: serusers@lists.iptel.org Sent: Wednesday, March 19, 2003 3:25 PM Subject: Re: [Serusers] Auth Module
Hi Jan,
I think I missed the line "WARNING: using only the first listen address (no fork)" in the log. The first listen address is the lp0 (127.0.0.1). After I turned on the fork option, it started working.
Thanks for reminding.
----- Original Message ----- From: "Jan Janak" jan@iptel.org To: "Bo" boman122@yahoo.com Cc: serusers@lists.iptel.org Sent: Wednesday, March 19, 2003 3:25 PM Subject: Re: [Serusers] Auth Module
-
Bo -
Jan Janak