Hi,
I'm using OpenSER 1.3.2 (because I have to) with the auth_radius module to
authorize users against a FreeRADIUS server. Capturing the SIP packets showed,
that consume_credentials() doesn't remove the "Proxy-Authorization" header
field containing the challenged credentials.
Further is_present_hf("Proxy-Authorization") returns true, also if there is no
Proxy-Authorization header field in the message, which leads to the following
ERROR:
Jan 21 17:28:48 sip0 /usr/sbin/openser[3982]: ERROR:auth:consume_credentials:
no authorized credentials found (error in scripts)
Do I have to use www_authorize() and proxy_authorize() to get
consume_credentials() working?
I need to authenticate against a FreeRADIUS server, what is a common
alternative to consume_credentials and why doesn't the is_present_hf() function
work as expected?
Any help would be really appreciated...
Thanks a lot!
Robert.
Here's the base-outbound part of my current configuration, adapted from the
sip:wizard from sip:wise:
route[3]
{
if (isbflagset(6)) {
if (!isflagset(22) && !search("^Content-Length:[ ]*0")) {
setflag(22);
force_rtp_proxy();
}
t_on_reply("2");
} else {
t_on_reply("1");
}
if (!isflagset(21)) {
t_on_failure("2");
}
if (isflagset(29)) {
append_branch();
}
if (is_present_hf("Proxy-Authorization")) {
xlog("L_ERR", "==========> is_present_hf=TRUE");
consume_credentials();
append_hf("P-hint: credentials should be removed.\r\n");
}
if (!is_present_hf("Proxy-Authorization")) {
xlog("L_ERR", "==========> is_present_hf=FALSE");
}
xlog("L_INFO", "Request leaving server, D-URI='$du' - M=$rm RURI=$ru
F=$fu T=$tu IP=$si ID=$ci\n");
# no 100 (we already sent it) and no DNS blacklisting
if (!t_relay("0x05")) {
sl_reply_error();
if(is_method("INVITE") && isbflagset(6)) {
unforce_rtp_proxy();
}
}
exit;
}
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
