19 Mar
2003
19 Mar
'03
6:26 p.m.
I am trying to bring up the anthentication module. Here are the list of what I have done.
1. Create MySQL tables and modify the permissions (SER could connect MySQL successfully)
2. Modify SER configuration (See below)
loadmodule "//usr/lib/ser/modules/mysql.so"
loadmodule "//usr/lib/ser/modules/auth.so"
modparam("usrloc", "db_url",
"sql://ser:heslo@localhost/ser")
modparam("usrloc", "db_mode", 2)
modparam("auth", "db_url", "sql://ser:heslo@localhost/ser")
modparam("auth", "user_column", "user_id")
modparam("auth", "calculate_ha1", yes)
modparam("auth", "password_column", "password")
if (uri=~"sip\.abcd\.com") {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!www_authorize("sip.abcd.com",
"subscriber")) {
www_challenge("sip.abcd.com", "0");
break;
};
save("location");
break;
};
After all these changes, SER could start without problem. But it seems that the Auth
module doesn't take effect. For whatever username/password (whether it's included
in the subscriber table or not), SER just allow the registration.
What maybe the problem? Is there anything wrong with the configuration?
Thanks.
19 Mar
19 Mar
10:25 p.m.
Hello,
please always include ser logs and dump of the messages when asking
for help, I really have no crystal ball. The config seems to be ok.
regards, Jan.
On 19-03 11:26, Bo wrote:
I am trying to bring up the anthentication module.
Here are the list of what I have done.
1. Create MySQL tables and modify the permissions (SER could connect MySQL successfully)
2. Modify SER configuration (See below)
loadmodule "//usr/lib/ser/modules/mysql.so"
loadmodule "//usr/lib/ser/modules/auth.so"
modparam("usrloc", "db_url",
"sql://ser:heslo@localhost/ser")
modparam("usrloc", "db_mode", 2)
modparam("auth", "db_url",
"sql://ser:heslo@localhost/ser")
modparam("auth", "user_column", "user_id")
modparam("auth", "calculate_ha1", yes)
modparam("auth", "password_column", "password")
if (uri=~"sip\.abcd\.com") {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!www_authorize("sip.abcd.com",
"subscriber")) {
www_challenge("sip.abcd.com", "0");
break;
};
save("location");
break;
};
After all these changes, SER could start without problem. But it seems that the Auth
module doesn't take effect. For whatever username/password (whether it's included
in the subscriber table or not), SER just allow the registration.
What maybe the problem? Is there anything wrong with the configuration?
Thanks.
10:38 p.m.
Sorry, here are the log file and ngrep dump for your reference. Thanks.
Mar 19 16:10:23 dda ser: mod_init(): Database connection opened successfuly
Mar 19 16:10:23 dda ser: INFO: udp_init: SO_RCVBUF is initially 65535
Mar 19 16:10:23 dda ser: INFO: udp_init: SO_RCVBUF is finally 262142
Mar 19 16:10:23 dda ser: WARNING: using only the first listen address (no
fork)
Mar 19 16:10:23 dda ser: INFO: fifo process starting: 4233
Mar 19 16:10:23 dda ser: SER: open_uac_fifo: fifo server up at
/tmp/ser_fifo...
Mar 19 16:11:23 dda kernel: device eth0 entered promiscuous mode
Mar 19 16:11:52 dda kernel: device eth0 left promiscuous mode
#
U 68.48.117.200:5060 -> 192.168.3.19:5060
REGISTER sip:dda.bmx-inc.com SIP/2.0..Via: SIP/2.0/UDP
192.168.2.2:5060..From: <sip:6335391@dd
a.bmx-inc.com;user=phone>..To:
<sip:6335391@dda.bmx-inc.com;user=phone>..Call-ID: 175462817@19
2.168.2.2..CSeq: 2 REGISTER..Contact:
<sip:6335391@68.48.117.200:5060;user=phone;transport=udp
;expires=120..User-Agent: Cisco ATA v2.15 ata18x
(020927a)..Content-Length: 0....
#
U 192.168.3.19:5060 -> 68.48.117.200:5060
SIP/2.0 200 OK..Via: SIP/2.0/UDP
192.168.2.2:5060;received=68.48.117.200..From: <sip:6335391@d
da.bmx-inc.com;user=phone>..To:
<sip:6335391@dda.bmx-inc.com;user=phone>;tag=d907c037823644515
dfe0ede38ca9976.1a2f..Call-ID: 175462817@192.168.2.2..CSeq: 2
REGISTER..Contact: <sip:6335391@6
8.48.117.200:5060;user=phone;transport=udp>;q=0.00;expires=120..Server:
Sip EXpress router (0.8
.10 (i386/linux))..Content-Length: 0..Warning: 392 192.168.3.19:5060
"Noisy feedback tells: pid
=3269 req_src_ip=68.48.117.200 in_uri=sip:dda.bmx-inc.com
out_uri=sip:dda.bmx-inc.com via_cnt==
1"....
----- Original Message -----
From: "Jan Janak" <jan(a)iptel.org>
To: "Bo" <boman122(a)yahoo.com>
Cc: <serusers(a)lists.iptel.org>
Sent: Wednesday, March 19, 2003 3:25 PM
Subject: Re: [Serusers] Auth Module
10:42 p.m.
Hi Jan,
I think I missed the line "WARNING: using only the first listen address (no
fork)" in the log. The first listen address is the lp0 (127.0.0.1). After I
turned on the fork option, it started working.
Thanks for reminding.
----- Original Message -----
From: "Jan Janak" <jan(a)iptel.org>
To: "Bo" <boman122(a)yahoo.com>
Cc: <serusers(a)lists.iptel.org>
Sent: Wednesday, March 19, 2003 3:25 PM
Subject: Re: [Serusers] Auth Module
7922
days inactive
7922
days old
3 comments
2 participants
participants (2)
-
Bo -
Jan Janak