Bugs item #1384616, was opened at 2005-12-18 15:16 Message generated for change (Settings changed) made by thekingant You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100235&aid=1384616&group_id=235
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open >Resolution: None >Priority: 6 Private: No Submitted By: Jason Haar (jhaar) Assigned to: Thomas Butter (tbutter) Summary: SIMPLE won't conncet to Microsoft LCS Initial Comment: Hi there Can gaim-2 join an LCS network? We have LCS at work here, and as one of the lone Linux users, I'd like to take part in all it's wonders ;-) Can the SIP module access LCS? I know to use the Windows client, I have to create an account based on my email address, and then authenticate with my domain name and password. The SIP module doesn't seem to be configured the same way, so I wonder if this is even possible? Thanks! ---------------------------------------------------------------------- Comment By: FixXxeR (aavelar) Date: 2007-04-08 03:31 Message: Logged In: YES user_id=1073934 Originator: NO I did a Gaim Plugin for you can to connect to LCS. Please check this article on my blog: http://fixxxer.cc/blog-en/?page_id=19 And the tarball is here: http://fixxxer.cc/pub/gaim-sip/gaim-sip-exchange-1.0.tar.gz Please, remember. It works fine on my network. I unknown if it works in other enviroments (other LCS configurations). I based my work on the initial version from Thomas Butter's SIP/Simple on gaim-2beta3.1, that version just lets you authenticated but somebody modified the code. Thomas broke the NTLM authentication (tremendous hacker), but many others things are different on LCS. For that, I toke the original code and I created a new Plug-In called SIP-E (Sip Exchange). The code had to be modified (from the original SIP Protocol) to work with Live Communications Server (like MESSAGE and NOTIFY methods). MSN modified the standard SIP. But I using reverse engineer and one sniffer to broke it. :P Many features are necessary, but I release this first version. Please read the README file. I think the plug-in should work on gaim-2beta5 and newer. Suggested, bugs founds and successfull cases are welcome to debianmx arroba gmail.com Enjoy. FixXxeR ---------------------------------------------------------------------- Comment By: Peter Fales (psfales) Date: 2007-01-18 11:05 Message: Logged In: YES user_id=150101 Originator: NO For the record, and for what it's worth, I was able to convince the SIP plugin to get past the REGISTER sequence with LCS. It took some code changes as well as some configuration hacks on the system - I can supply more details if anyone is interested. The REGISTER sequence looks like this: - Client sends unauthenticated SIP REGISTER - Server sends back 401 with a list of Authentication methods (only NTLM) - Client sends a SIP REGISTER saying "I want to use NTLM" - Server sends back a 401 with an NTLM type 2 challenge - Client sends the SIP REGISTER a third time with an NTLM type 3 response - Server sends 200 OK along with signing credentials It works up to that point, but then I'm stuck. It's not clear how to use the signing information to send the additional requests like SUBSCRIBE and PUBLISH. I think it *might* be possible to send the subsequent requests using the same 3-step NTLM authentication. However, that's not easy to test, as it would require some fairly major architectural changes to the plugin. ---------------------------------------------------------------------- Comment By: pp_mad (pp_mad) Date: 2007-01-10 09:24 Message: Logged In: YES user_id=1688370 Originator: NO I've found that LCS uses SIP propietary Microsoft Extensions. Those prop definitions can be downloaded (well, actually they will send you) from Microsoft. See at: http://www.microsoft.com/about/legal/intellectualproperty/search/details.mspx?ip_id=IDAEQ3AE&techType=Any&ipCat=Any&feeStructure=Any&keywords=lcs&ipVenture=false "PROTOCOLS Live Communications Server (LCS) Protocol Extensions The definition of a set of SIP headers and other protocol extensions that are used within the Microsoft RTC applications to facilitate an enhanced user experience. These protocol extensions are required to register a client with Microsoft Office Live Communications Server and to establish a SIP session. Partners can use these protocols to enhance the base IM experience in RTC applications by integrating additional features such as archiving and virus protection. Deliverables include documentation and XML schema files" and you need more for multiconferencing or PBX integration.... ---------------------------------------------------------------------- Comment By: Ahmed El-Mahmoudy (aelmahmoudy) Date: 2006-10-02 05:49 Message: Logged In: YES user_id=68390 I tried to connect to our LCS server using gaim 2.0.0b3.1 (using SIP protocol) I've done the following settings: Screen name: [EMAIL PROTECTED] Server: <server IP> alias: aelmahmoudy Auth user: [EMAIL PROTECTED] Auth domain: company.com It gives me a "Could not connect" error If I set the screen name to: aelmahmoudy, I get this error: "Incorrect Password" ---------------------------------------------------------------------- Comment By: Jason Haar (jhaar) Date: 2006-03-31 02:26 Message: Logged In: YES user_id=17025 Is that some option that can be set within the LCS server? I don't own/run ours, but I'm sure I could twist someone's arm to make changes if it would make it interoperate (assuming the change doesn't break any functionality of course!) Jason ---------------------------------------------------------------------- Comment By: Thomas Butter (tbutter) Date: 2006-03-31 01:31 Message: Logged In: YES user_id=629117 it is dependent if your server configuration requires signed messages. i implemented ntlm signing but it is not known which parts of the message should be signed so i am still trying many combinations. ---------------------------------------------------------------------- Comment By: Mark Doliner (thekingant) Date: 2006-03-30 18:45 Message: Logged In: YES user_id=20979 I can confirm that I have the same problem with Gaim 2.0.0 beta 3. I think the error message is "Wrong password." I have a libpcap packet capture from Ethereal and a copy of the debug output if anyone wants it. Shoot me an email. ---------------------------------------------------------------------- Comment By: Charles Green (charleswgreenjr) Date: 2006-03-30 09:51 Message: Logged In: YES user_id=589441 I just tried this on beta3 and couldn't get it to work with our LCS server, either. The only third-party client I know of which can work with LCS is Trillian (Pro, paid version, to get the necessary plugin support). Anyone know if this issue is currently being worked? The last update I see is a month old. Thanks! -Charles Green ---------------------------------------------------------------------- Comment By: Jason Haar (jhaar) Date: 2006-02-27 21:41 Message: Logged In: YES user_id=17025 Whoops. The attachment bit is a bit rough! Anyway, it's the "gaim-simple.txt" file attachment at the bottom :-) Jason ---------------------------------------------------------------------- Comment By: Jason Haar (jhaar) Date: 2006-02-27 21:38 Message: Logged In: YES user_id=17025 Hi there I have just updated gaim via CVS and can say I still can't log into our LCS server :-( I've checked, and it's currently set to exclusively use NTLM authentication (i.e. no Kerberos) - we have issues with workstation clocks - anyway, that's not important Ethereal shows gaim going through the NTLM cycle. I can see the initial attempt, followed by "Access Denied", followed by another attempt, followed by "Access Denied", followed by an attempt that succeeds. That's looks correct. Butthen gaim tries to actually do something (PUBLISH) and it looks like it doesn't send the right token as it fails. Actually, is it as simple as the REGISTER succeeds when it has the Authorization: header, and the PUBLISH fails as it doesn't? Is there a bit of code missing? Attached is the text output of Ethereal showing this issue. BTW: I purposefully corrupted the gssapi bits :-) Thanks Jason ---------------------------------------------------------------------- Comment By: Jason Haar (jhaar) Date: 2006-02-01 20:05 Message: Logged In: YES user_id=17025 I think this 127.0.0.1 thing might be due to the fact that I have my local hostname associated with 127.0.0.1 in /etc/hosts. It's a laptop, so it changes addresses a lot, and I thought that was the best way of making it keep it's hostname. Anyway, I got it to find a different address, and now the "Invalid Contact" error has disappeared, to be replaced with my original "Unauthorized" one that started this whole thing :-( Attached is a text dump of an Ethereal session showing that it still fails. ---------------------------------------------------------------------- Comment By: Jason Haar (jhaar) Date: 2006-02-01 19:42 Message: Logged In: YES user_id=17025 Hmmm Looking at the code, it looks like my FC4 box is causing the "get_my_ip()" call to always return 127.0.0.1 even though it has several other interfaces up? (I have an eth1 wireless interface and a tun0 OpenVPN interface). As 127.0.0.1 would also be a valid LOCAL address on the LCS server - could that be why it's rejecting the request? Going via a HTTP proxy doesn't seem to change get_my_ip and causes the same fault. As 127.0.0.1 could never be valid, maybe it should be hardwire-excluded? Or maybe the interface responsible for the default route should be chosen to get the appropriate IP from? ---------------------------------------------------------------------- Comment By: Jason Haar (jhaar) Date: 2006-02-01 19:35 Message: Logged In: YES user_id=17025 OK, I've waited and indeed the SIMPLE updates showed up - so I downloaded the recompiled. I am testing this from a remote office to our server, and the initial M-SEARCH broadcasts cause gaim to sit around for ages doing nothing, but at some stage a SRV record lookup occurs and away we go. However, I immediately get this error from the LCS server when gaim tries to register: SIP/2.0 400 Invalid Contact information Via: SIP/2.0/TCP 127.0.0.1:5060;branch=z9hG4bKFE268846442405370F4A;received=1.2.3.4;ms-received-port=42949;ms-received-cid=296a00 From: <sip:[EMAIL PROTECTED]>;tag=80018685;epid=1234567890 To: <sip:[EMAIL PROTECTED]>;tag=21F109FB187757AB58BF27EB231824E8 Call-ID: 43B3g93C5aCF3Ai586Fm1B36tDC83bFD9Bx7FBBx CSeq: 1 REGISTER Content-Length: 0 BTW "_sip._tcp.domain" resolves to point at the LCS server name. The "invalid contact" appears to be due to the fact that gaim is sending 127.0.0.1 as part of the Contact: field? The config for that gaim account makes no mention of 127.0.0.1: REGISTER sip:domain SIP/2.0 Via: SIP/2.0/TCP 127.0.0.1:5060;branch=z9hG4bKFE268846442405370F4A From: <sip:[EMAIL PROTECTED]>;tag=80018685;epid=1234567890 To: <sip:[EMAIL PROTECTED]> Max-Forwards: 10 CSeq: 1 REGISTER User-Agent: Gaim SIP/SIMPLE Plugin Call-ID: 43B3g93C56Fm1B36tDC83bFD9Bx7FBBx Contact: <sip:[EMAIL PROTECTED]:5060;transport=tcp>;methods="MESSAGE, SUBSCRIBE, NOTIFY" Expires: 900 Content-Length: 0 ---------------------------------------------------------------------- Comment By: Mark Doliner (thekingant) Date: 2006-02-01 01:02 Message: Logged In: YES user_id=20979 Sourceforge's anonymous CVS repository tends to lag a few hours behind the developer CVS repository. Being as developer CVS was down for a few hours this evening, it's very likely that tbutter's changes aren't in anonymous CVS yet. I'd try cvs updating in 5 or 10 hours. If some files in the src/protcols/simple/ directory are updated then you probably have the changes. ---------------------------------------------------------------------- Comment By: Jason Haar (jhaar) Date: 2006-02-01 00:57 Message: Logged In: YES user_id=17025 I just compiled from CVS (-r HEAD) and it still won't connect. In fact, it only seems to go into a loop of doing weird XXX.0.0.127.in-addr.arpa DNS lookups - no actual connection to the LCS server occured. (I have just upgraded to Fedora Core 4 - so maybe some libraries are missing?) I login using my Email address - as I do with Microsoft's Windows Messenger LCS client. I use the left-hand side of the "@" sign in the "Screen Name" field, and the RHS in the "server" field - but nothing happens. It used to do SRV record lookups (which would find our LCS server) - but doesn't now? Any ideas what I'm missing? Thanks! ---------------------------------------------------------------------- Comment By: Thomas Butter (tbutter) Date: 2006-01-31 16:12 Message: Logged In: YES user_id=629117 Connecting and registration at a Live Communication Server works now with the CVS HEAD version. Presence depends on 1418636. ---------------------------------------------------------------------- Comment By: Thomas Butter (tbutter) Date: 2006-01-31 16:12 Message: Logged In: YES user_id=629117 This bug is fixed in the most recent version of Gaim. If you are not using the lastest version, please upgrade. If you are using the latest version, please indicate so and reopen this bug. ---------------------------------------------------------------------- Comment By: Thomas Butter (tbutter) Date: 2006-01-06 18:19 Message: Logged In: YES user_id=629117 >Thomas, do you know if there are any 3rd party SIP/SIMPLE clients that word with Microsoft Live Communication Server? Only on windows (e.g. trillian) since these can simply use the windows libraries provided for the LCS. I think it is not possible to write a client working with LCS only following the RFCs, even if you knew the NTLM variant used (which I don't and still have problems with type3 messages). I am writing down everything I find to have a guide what is needed to make a SIP client work with it. ---------------------------------------------------------------------- Comment By: Mark Doliner (thekingant) Date: 2006-01-06 17:34 Message: Logged In: YES user_id=20979 Thomas, do you know if there are any 3rd party SIP/SIMPLE clients that word with Microsoft Live Communication Server? I kinda feel like Microsoft is trying to get good PR by advertising that they follow the SIP/SIMPLE RFCs, but if that's not true, it might be fun to whip up a web page detailing the aspects of the spec that they don't follow. We could publish it on the Gaim web site if you want, and try to get it digged or slashdotted... ---------------------------------------------------------------------- Comment By: Jason Haar (jhaar) Date: 2006-01-06 03:20 Message: Logged In: YES user_id=17025 Yes please! I only care for LCS support at the moment, so would be totally happy to "lose" other SIP connectivity if it meant getting LCS to work Jason.Haar trimble.co.nz with an at sign ---------------------------------------------------------------------- Comment By: Thomas Butter (tbutter) Date: 2006-01-06 02:44 Message: Logged In: YES user_id=629117 LCS is the Microsoft Live Communication Server. It does not support the mandatory Digest authentication for SIP as stated in the RFC. It has some further MS-isms which only activate the NTLM authentication if some other headers are present. I have a patch which makes some of the NTLM stuff in LCS working, but still some problems left (e.g working with non LCS servers when the MS headers are present). If you have access to an LCS and want to help testing I can send you the patch. ---------------------------------------------------------------------- Comment By: Mark Doliner (thekingant) Date: 2005-12-19 10:08 Message: Logged In: YES user_id=20979 jhaar: You're right about RVP being their older protocol and LCS being a SIP-based successor. I also haven't been able to connect to our LCS server, and I had the same hunch you did when I tried to figure out what was going on (that Gaim gets the NTLM auth bits wrong). ---------------------------------------------------------------------- Comment By: Jason Haar (jhaar) Date: 2005-12-19 04:52 Message: Logged In: YES user_id=17025 Thanks for that - I'll take a look. However RVP appears to be related to Exchange - which was Microsoft's "old" IM client I think LCS is the successor - and it's SIP-based Ah - I've just found a link - RVP is the old - LCS/SIP is the new. So it looks like I can't use RVP. And as I've mentioned - it looks like Gaim-2 SIP plugin is *almost* working. I think I'll put it in as a bug report as it looks too close to working to not be supported in my eyes ---------------------------------------------------------------------- Comment By: Luke Schierer (lschiere) Date: 2005-12-19 03:26 Message: Logged In: YES user_id=28833 1339254 is the one I was thinking of. I could be wrong, perhaps that's different. ---------------------------------------------------------------------- Comment By: Jason Haar (jhaar) Date: 2005-12-19 02:35 Message: Logged In: YES user_id=17025 Can you be more specific? I have just searched the plugins section for "lcs", "SIP" and "ntlm" - no matches found. The current gaim-2 looks like it actually should work. Ethereal shows it doing NTLM - it just seems to be getting something wrong... ---------------------------------------------------------------------- Comment By: Luke Schierer (lschiere) Date: 2005-12-19 01:07 Message: Logged In: YES user_id=28833 There is a plugin in the plugin tracker for this I believe. ---------------------------------------------------------------------- Comment By: Jason Haar (jhaar) Date: 2005-12-18 18:36 Message: Logged In: YES user_id=17025 It's Microsoft's corporate IM platform. SIP-based. In fact, since I posted this I have got a bit further into it with gaim-2. Looks to me like it *could* work - but I can't get it to actually successfully log in. Ethereal shows gaim-2 to "do the same things" that Microsofts own Windows LCS client does - but gaim seems to get the NTLM auth bit wrong ---------------------------------------------------------------------- Comment By: Luke Schierer (lschiere) Date: 2005-12-18 18:13 Message: Logged In: YES user_id=28833 what is LCS? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100235&aid=1384616&group_id=235 ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Gaim-bugs mailing list Gaim-bugs@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/gaim-bugs
