-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michiel van Baak Sent: Thursday, December 20, 2007 12:22 AM To: [email protected] Subject: Re: [asterisk-users] Realtime logic in Asterisk 1.4.16.1
On 00:12, Thu 20 Dec 07, Mindaugas Kezys wrote: > Hello, > > I have configured one provider in Asterisk Realtime DB without username and > password, only host=<providers_IP> and ipaddress=<providers_IP> > > Now when I'm trying to send call using this provider I'm using following > string: Dial(SIP/[EMAIL PROTECTED]) > > In Asterisk 1.4.15 debug I see that Realtime engine is using query: > > [Dec 20 00:02:15] DEBUG[14634]: res_config_mysql.c:138 realtime_mysql: MySQL > RealTime: Retrieve SQL: SELECT * FROM devices WHERE name = 'Provider' > > to retrieve info about this device. > > And in Asterisk 1.4.16.1 I see: > > [Dec 20 00:04:12] DEBUG[25686]: res_config_mysql.c:138 realtime_mysql: MySQL > RealTime: Retrieve SQL: SELECT * FROM devices WHERE name = 'Provider' AND > host = 'dynamic' > > Note: host = 'dynamic' > > Where this came from? In mine DB host=<providers_IP>, how Asterisk managed to > visualize that it should be "dynamic"?! > > Offcourse I get: > > [Dec 20 00:05:58] WARNING[25686]: chan_sip.c:2898 create_addr: No such host: > Provider > [Dec 20 00:05:58] WARNING[25686]: app_dial.c:1191 dial_exec_full: Unable to > create channel of type 'SIP' (cause 3 - No route to destination) > == Everyone is busy/congested at this time (1:0/0/1) > > Because Realtime Engine is not able to find my Provider which is NOT DYNAMIC! > > No other settings changed. Same configuration files. res_config_mysql.so > recompiled to 1.4.16.1. > > Please help or explain what's wrong! Have a look at http://downloads.digium.com/pub/security/AST-2007-027.pdf That's why it's not working anymore -- Michiel van Baak [EMAIL PROTECTED] http://michiel.vanbaak.eu GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD "Why is it drug addicts and computer afficionados are both called users?" ------------------- Thank you for pointing this, but I red this doc many times. It does not help. I tried to put username/password for my device - but it still is looking for "dynamic". Does it mean I can't have anything else in host field for device except "dynamic"? Also this PDF states: "An attacker may impersonate any user using host-based authentication without a secret, simply by guessing the username of that user." AFAIK host-based authentication is done by IP address. Username and password are not present. Following this I see no logic in above statements: "host-based authentication without a secret" - host-based auth. is always WITHOUT secret, and "simply by guessing the username of that user" - again -> host-based auth. is always WITHOUT username If device (peer/user) has username/password - that's not HOST-BASED authentication. Correct me if I'm wrong. Question follows - how can I have host-based authentication in Realtime in Asterisk 1.4.16.1?? Maybe tommorow we will see Asterisk 1.4.16.2? Regards, Mindaugas Kezys http://www.kolmisoft.com MOR - Advanced Billing for Asterisk PBX _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
