Hi, I apologize that this is not directly associated with Asterisk, I have been trying to solve this, but not having any luck.
Does anyone have a setup with http or https with basic authentication for provisioning Polycom Phones. We use edgemarc 4500 routers and use Option 66 to auto-provision phones using DHCP. I am trying to set up an apache server with subdirectories for different customers protected by a username and password so that their phones can only access their own directory. The string I am putting in Option 66 is: "http://username:[EMAIL PROTECTED]/dir1/" This is packet dumps of the polycom phone trying to grab files from the server - using basic authentication - I have set up .htaccess files which work correctly when pulling down files using firefox. GET FILE WITH POLYCOM [EMAIL PROTECTED] ~]# ngrep -q 'HTTP/1.[01]' interface: eth0 (XXX.XXX.XXX.XXX/255.255.254.0) match: HTTP/1.[01] T XXX.XXX.XXX.XXX:1024 -> XXX.XXX.XXX.XXX [AP] GET /dir1/2345-12200-002.bootrom.ld HTTP/1.1..Host: http.server.com..Accept: */*..U ser-Agent: FileTransport PolycomSoundPointIP-SPIP_320-UA/4.0.0.0423.... T XXX.XXX.XXX.XXX:80 -> XXX.XXX.XXX.XXX:1024 [AP] HTTP/1.1 401 Authorization Required..Date: Fri, 27 Jun 2008 16:46:59 GMT..Server: A pache/2.0.61 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwli mited/1.4 FrontPage/5.0.2.2635 PHP/5.2.5..WWW-Authenticate: Basic realm="Restricted Area"..Content-Length: 703..Content-Type: text/html; charset=iso-8859-1....<!DOCTY PE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>401 Authorization R equired</title>.</head><body>.<h1>Authorization Required</h1>.<p>This server could not verify that you.are authorized to access the document.requested. Either you su pplied the wrong.credentials (e.g., bad password), or your.browser doesn't understa nd how to supply.the credentials required.</p>.<p>Additionally, a 404 Not Found.err or was encountered while trying to use an ErrorDocument to handle the request.</p>. <hr>.<address>Apache/2.0.61 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.8b mod_auth_passthrou gh/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.5 Server at prov.xiptel.net P ort 80</address>.</body></html>. T XXX.XXX.XXX.XXX:1025 -> XXX.XXX.XXX.XXX:80 [AP] GET /dir1/bootrom.ld HTTP/1.1..Host: http.server.com..Accept: */*..User-Agent: File Transport PolycomSoundPointIP-SPIP_320-UA/4.0.0.0423.... USING FIREFOX [EMAIL PROTECTED] ~]# ngrep -q 'HTTP/1.[01]' interface: eth0 (69.73.146.0/255.255.254.0) match: HTTP/1.[01] T XXX.XXX.XXX.XXX:57773 -> XXX.XXX.XXX.XXX:80 [AP] GET /dir1/2345-11300-010.bootrom.ld HTTP/1.1..Host: http.server.com..User-Agent: Mo zilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008061015 Firefox/3.0..Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8..Accept-Language: en-us,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-Charset: ISO-8859-1,utf-8;q=0 .7,*;q=0.7..Keep-Alive: 300..Connection: keep-alive..Referer: http://prov.xiptel.ne t/dir1/..Cookie: logintheme=cpanel; cprelogin=no; cpsession=closed.... T XXX.XXX.XXX.XXX:80 -> XXX.XXX.XXX.XXX:57773 [AP] HTTP/1.1 401 Authorization Required..Date: Fri, 27 Jun 2008 16:36:20 GMT..Server: A pache/2.0.61 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwli mited/1.4 FrontPage/5.0.2.2635 PHP/5.2.5..WWW-Authenticate: Basic realm="Restricted Area"..Content-Length: 703..Keep-Alive: timeout=15, max=100..Connection: Keep-Aliv e..Content-Type: text/html; charset=iso-8859-1....<!DOCTYPE HTML PUBLIC "-//IETF//D TD HTML 2.0//EN">.<html><head>.<title>401 Authorization Required</title>.</head><bo dy>.<h1>Authorization Required</h1>.<p>This server could not verify that you.are au thorized to access the document.requested. Either you supplied the wrong.credentia ls (e.g., bad password), or your.browser doesn't understand how to supply.the crede ntials required.</p>.<p>Additionally, a 404 Not Found.error was encountered while t rying to use an ErrorDocument to handle the request.</p>.<hr>.<address>Apache/2.0.6 1 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 F rontPage/5.0.2.2635 PHP/5.2.5 Server at prov.xiptel.net Port 80</address>.</body></ html>. T XXX.XXX.XXX.XXX:57773 -> XXX.XXX.XXX.XXX:80 [AP] GET /dir1/2345-11300-010.bootrom.ld HTTP/1.1..Host: http.server.com..User-Agent: Mo zilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008061015 Firefox/3.0..Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8..Accept-Language: en-us,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-Charset: ISO-8859-1,utf-8;q=0 .7,*;q=0.7..Keep-Alive: 300..Connection: keep-alive..Referer: http://prov.xiptel.ne t/dir1/..Cookie: logintheme=cpanel; cprelogin=no; cpsession=closed..Authorization: Basic ZGlyMTppcGd2MTMxNA==.... As you can see, the server responds asking for authorization credentials, which are not responded to by the Polycom in its next HTTP message, whereas with a browser, when I type in my username and password in the dialog box, a response is made. I have been assured by Polycom that basic authentication works with their new models of phones - I am using a ip320. Further their admin guide states: "The protocol that will be used to transfer files from the boot server depends on several factors including the phone model and whether the bootROM or SIP application stage of provisioning is in progress. By default, the phones are shipped with FTP enabled as the provisioning protocol. If an unsupported protocol is specified, this may result in a defined behavior (see the table below for details of which protocol the phone will use). The Specified Protocol listed in the table can be selected in the Server Type field or the Server Address can include a transfer protocol, for example http://usr:[EMAIL PROTECTED] (refer to Server Menu on page 3-9). The boot server address can be an IP address, domain string name, or URL. The boot server address can also be obtained through DHCP. Configuration file names in the <Ethernet address>.cfg file can include a transfer protocol, for example https://usr:[EMAIL PROTECTED]/dir/file.cfg. If a user name and password are specified as part of the server address or file name, they will be used only if the server supports them." Anyone familiar with this situation, or have a different Option 66 string? or any troubleshooting tips Thanks Robert _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
