Daniel-Constantin Mierla said: > > On 7/10/12 11:50 AM, in...@intrans.baku.az wrote: >> Daniel-Constantin Mierla said: >>> Hello, >>> >>> On 7/6/12 7:59 PM, in...@intrans.baku.az wrote: >>>> Can anybody help me with configuration kamailio to authenticate call >>>> on >>>> 3rd party server? >>>> >>>> I want to authenticate(and proxy) call's on other server. >>>> >>>> for example, user A have account on my server(let it be >>>> a...@myserver.com) >>>> and account on other server (let it be a...@hisserver.com) >>>> myserver.com keeps A's credentials for a...@hisserver.com >>>> when A is registered on myserver.com, he make call to b...@othersip.com >>>> (using myserver.com as a proxy) >>>> Kamailio on myserver authenticate itself on hisserver as >>>> a...@hisserver.com, >>>> makes call to destination, and connect it to A. >>>> >>>> How can I setup kamailio for such behavior? >>>> Which module should I use? >>>> UAC seems can authenticate on another server, but I don't sure that it >>>> do >>>> what I want. (I've tried it, but without much success) >>> indeed, the uac module is the one that can provide what you want, with >>> some limitations in regard to cseq incrementation. You have to set a >>> failure route and if the reply code is 407, the sent the realm/username >>> and password to the avps specified by the appropriate module parameters >>> -- the next tree at: >>> >>> * >>> http://kamailio.org/docs/modules/stable/modules_k/uac.html#auth-realm-avp-id >>> >>> Then call uac_auth() and relay again. >> You mean, i need set auth_*_avp with credentials. set failure route, >> send >> request to auth_proxy (btw, how? ) and call uac_auth() in failure route, >> correct? > t_relay() is one of the functions to sent the request further.
I mean how set next hop not to final destination, but to auth_proxy? > >> >> I've tried to use uacreg sql table and uac_reg_request_to, but there was >> some problems: >> 1) in uac_reg_request_to with mode 1 mistake (it found credentials only >> if >> l_uuid==l_username) >> i've opened ticket on bugtracker >> http://sourceforge.net/tracker/?func=detail&aid=3540479&group_id=139143&atid=743020 >> 2) uac_reg_request_to changes uri in request and instead INVITE >> sip:b...@othersip.com makes INVITE sip:a...@hisserver.com >> if comment out >> snprintf(ruri, MAX_URI_SIZE, "sip:%.*s@%.*s", >> reg->r_username.len, reg->r_username.s, >> reg->r_domain.len, reg->r_domain.s); >> and so on seems working, but I'm don't sure that such modification don't >> break something else >> (pretty sure that breaks, but don't know where exactly :) >> 3)uacreg table loaded on startup, and AFAIK there is no way to modify it >> dynamically, >> so if you change something in this table you MUST restart kamailio >> (not >> convinient) >> I've tried to make RPC for adding new record in htable (using >> reg_ht_add()), but it returns error and in log I can see >> ERROR: uac [uac_reg.c:313]: no more shm > If you have a lot of records, you need to allocate more shared memory, > via -m command line parameter. 19 records in table -OK 1 record in table and try to add using RPC (self modified uac_reg.c) - no more shm. I think than there is not shortage of shared memory, but something forgotten in function for RPC. Here is src static void rpc_uac_reg_add(rpc_t* rpc, void* ctx) { reg_uac_t reg ; str l_uuid, l_username, l_domain, r_username, r_domain, realm, auth_username, auth_password, auth_proxy; int expire; if(_reg_htable==NULL) { rpc->fault(ctx, 500, "Not enabled"); return; } if (rpc->scan(ctx, "SSSSSSSSSd", &l_uuid, &l_username, &l_domain, &r_username, &r_domain, &realm, &auth_username, &auth_password, &auth_proxy, &expire) < 0) { return; } memset(®, 0, sizeof(reg_uac_t));; /* check for NULL values ?!?! */ reg.l_uuid=l_uuid; reg.l_username=l_username; reg.l_domain=l_domain; reg.r_username=r_username; reg.r_domain=r_domain; reg.realm=realm; reg.auth_username=auth_username; reg.auth_password=auth_password; reg.auth_proxy=auth_proxy; reg.expires = expire; if(reg_ht_add(®)<0) { rpc->fault(ctx, 500, "Error adding reg to htable"); return; } } > > uacreg is to register for incoming calls, it is not used for > authentication of outgoing calls. Use uac_auth() instead, as I said in > previous email. > I'll try. > Cheers, > Daniel > > -- > Daniel-Constantin Mierla - http://www.asipto.com > http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda > Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 - > http://asipto.com/u/katu > Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 - > http://asipto.com/u/kpw > > -- _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
