Hi Khan, Here is the problem:
Feb 19 23:28:09 [12798] DBG:auth:pre_auth: credentials with given realm not found The auth module looks for the credentials based on realm - so the Auth hdr must have the realm value equal to the TO URI domain. Check the request you received. Regards, Bogdan Khan wrote: > Bogdan, > > I made the changes: you suggested, and then i made call within network > but I get 407 error. The UAC bounce error "Call rejected: 407 Proxy > authenticaion Required... > > I have the following data in domain table: > +--------+----+----------------+---------------------+ > | domain | id | domain | last_modified | > +--------+----+----------------+---------------------+ > | domain | 1 | 192.168.1.2 | 2009-02-04 22:35:22 | > | domain | 2 | xxxxxxxxxx.com | 2009-02-04 22:35:54 | > | domain | 3 | 127.0.0.1 | 2009-02-18 23:29:28 | > | domain | 4 | localhost | 2009-02-18 23:29:56 | > +--------+----+----------------+---------------------+ > > > > > > > > On Thu, Feb 19, 2009 at 4:14 AM, Bogdan-Andrei Iancu > <[email protected]> wrote: > >> Hi Khan, >> >> If it doesn't work, enable full logging (debug=6) and post the opensips's >> logs while trying to authenticate. >> >> Regards, >> Bogdan >> >> >> Khan wrote: >> >>> Hi Bogdan, >>> >>> Thanks for your prompt reply, I have generated users as follows: >>> >>> OPENSIPSCTL add 11111110000 1234 >>> database engine 'MYSQL' loaded >>> Control engine 'FIFO' loaded >>> is_user: user counter=0 >>> check_db_alias: alias counter=0 >>> new user '11111110000' added >>> >>> >>> my contents of table in MySQL looks like this: >>> >>> +-------------+----------------+----------+----------------------------------+ >>> | username | domain | password | ha1 >>> | >>> >>> +-------------+----------------+----------+----------------------------------+ >>> | 11111110000 | xxxxxxxxxx.com <http://xxxxxxxxxx.com> | 1234 | >>> 5ff58df2ebbad1408412dd01c2b285e0 | >>> | 11111110001 | xxxxxxxxxx.com <http://xxxxxxxxxx.com> | 1234 | >>> 2640b80036659c6b34354f8026ef3067 | >>> | 11111110002 | xxxxxxxxxx.com <http://xxxxxxxxxx.com> | 1234 | >>> 6cdf8849b8b75d657bb217b5ab820a44 >>> >>> >>> there are no values in email column, rpid has null, but ha1b do have >>> values: >>> >>> >>> OPENSIPS.CFG >>> ############# >>> modparam("auth_db", "user_column", "username") >>> modparam("auth_db", "domain_column", "domain") >>> modparam("auth_db", "password_column", "password") >>> modparam("auth_db", "password_column_2", "ha1b") >>> modparam("auth_db", "calculate_ha1", 1) >>> modparam("auth_db", "use_domain", 0) >>> modparam("auth_db", "load_credentials", "rpid") >>> >>> ... ... >>> ... ... >>> >>> sl_send_reply("100", "Trying"); >>> if(!www_authorize("", "subscriber")) { >>> xlog("L_INFO", "Register auth failed (subscribe) - M=$rm RURI=$ru >>> F=$fu T=$tu IP=$si ID=$ci\n"); >>> www_challenge("", "0"); >>> exit; >>> } else { >>> xlog("L_INFO", "@@@ Register auth success @@@ - M=$rm RURI=$ru >>> F=$fu T=$tu IP=$si ID=$ci\n"); >>> } >>> >>> # ---> >>> if(!check_to()) { >>> xlog("L_INFO", "Spoofed To-URI detected - M=$rm RURI=$ru >>> F=$fu T=$tu IP=$si ID=$ci\n"); >>> sl_send_reply("403", "Spoofed To-URI Detected"); >>> exit; >>> } >>> >>> # >>> xlog("L_INFO", "consume_credentials!!! - M=$rm RURI=$ru F=$fu T=$tu >>> IP=$si ID=$ci\n"); >>> consume_credentials(); >>> >>> ... ... >>> ... ... >>> >>> if(proxy_authorize("", "subscriber")) xlog("L_INFO", "@@@ Proxy >>> authentication success @@@ - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n"); >>> >>> if(!proxy_authorize("", "subscriber")) { >>> xlog("L_INFO", "Proxy authentication failed R8- M=$rm >>> RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n"); >>> proxy_challenge("", "0"); >>> exit; >>> } >>> if(!check_from()) { >>> xlog("L_INFO", "Spoofed From-URI detected - >>> M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n"); >>> sl_send_reply("403", "Spoofed From-URI Detected"); >>> exit; >>> } >>> >>> >>> The config file was generated from sipwize for 1.2 ver and made the >>> necessary changes according to my needs and newer version of OpenSIPS. >>> >>> The way my box is laid out is as follows: >>> >>> ubuntu --> MySQL --> OpenSIPS 1.4.4 --> RTPProxy >>> >>> >>> Is there anything I missed in the process, because according to what you >>> said I do have them exactly the same way except some additional stuff... >>> >>> Thanks for help in advance. >>> >>> >>> Khan >>> >>> >>> On Wed, Feb 18, 2009 at 12:59 PM, Bogdan-Andrei Iancu >>> <[email protected] <mailto:[email protected]>> wrote: >>> >>> Hi Khan, >>> >>> do you set the "calculate_ha1" parameter in auth_db? because the >>> default value indicates that you have in DB a HA1 and not a plain >>> text password. (see: >>> http://www.opensips.org/html/docs/modules/1.4.x/auth_db.html#id228159). >>> >>> So, if you have the plain-text passwords in the "password" field add: >>> modparam("auth_db", "calculate_ha1", 1) >>> modparam("auth_db", "password_column", "password") >>> >>> Regards, >>> Bogdan >>> >>> Khan wrote: >>> >>> Hello everyone, >>> >>> Can someone help me or point me in direction to resolve some >>> authenticaion errors. >>> Currently I m having problems with UAC outside network, it >>> gives me >>> authentication problem. I need to understand the followings: >>> >>> 1. www_authorize("", "subscriber") checks in subscriber table >>> but what >>> fields, what should exist in table, what parameters function >>> passes >>> for mattching existence >>> 2. proxy_authorize("", "subscriber") checks what in >>> subscriber? what >>> column should exist in table and match to what >>> >>> I'm getting 407, I checked subscriber table, it has records with >>> mydomain, user, pwd but i keep getting error since >>> authentication keep >>> failing. >>> >>> ########## >>> My xlog outputs: >>> >>> New request and force_rport - M=REGISTER RURI=sip:mydomain.com >>> <http://mydomain.com> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> >>> My request... M=REGISTER sip:mydomain.com <http://mydomain.com> >>> method REGISTER from R0 ... R6 - M=REGISTER >>> RURI=sip:mydomain.com <http://mydomain.com> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> IP= >>> Register auth failed (subscribe) - M=REGISTER >>> RURI=sip:mydomain.com <http://mydomain.com> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> IP= >>> New request and force_rport - M=REGISTER RURI=sip:mydomain.com >>> <http://mydomain.com> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> IP= >>> My request... M=REGISTER sip:mydomain.com <http://mydomain.com> >>> >>> method REGISTER from R0 ... R6 - M=REGISTER >>> RURI=sip:mydomain.com <http://mydomain.com> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> IP= >>> consume_credentials!!! - M=REGISTER RURI=sip:mydomain.com >>> <http://mydomain.com> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> IP= >>> >>> Request Username in RURI - rU=<null> >>> >>> Registration successful 6 - M=REGISTER RURI=sip:mydomain.com >>> <http://mydomain.com> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> IP= >>> New request and force_rport - M=SUBSCRIBE >>> RURI=sip:[email protected] <mailto:sip%[email protected]> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> IP= >>> >>> method is NOT REGISTER from R0 ... NAT test - M=SUBSCRIBE >>> RURI=sip:[email protected] <mailto:sip%[email protected]> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] >>> om IP= >>> My request... M=SUBSCRIBE sip:[email protected] >>> <mailto:sip%[email protected]> >>> >>> Requested Service Unavailable PUBLISH/SUBSCRIBE/NOTIFY - >>> M=SUBSCRIBE >>> >>> New request and force_rport - M=INVITE >>> RURI=sip:[email protected] <mailto:sip%[email protected]> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> IP= >>> method is NOT REGISTER from R0 ... NAT test - M=INVITE >>> RURI=sip:[email protected] <mailto:sip%[email protected]> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> >>> IP= >>> My request... M=INVITE sip:[email protected] >>> <mailto:sip%[email protected]> >>> >>> method INVITE from R0 ...R8 pre-set 24, 25 - M=INVITE >>> RURI=sip:[email protected] <mailto:sip%[email protected]> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> I >>> P= >>> Proxy authentication failed R8- M=INVITE >>> RURI=sip:[email protected] <mailto:sip%[email protected]> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> IP= >>> New request and force_rport - M=INVITE >>> RURI=sip:[email protected] <mailto:sip%[email protected]> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> IP= >>> method is NOT REGISTER from R0 ... NAT test - M=INVITE >>> RURI=sip:[email protected] <mailto:sip%[email protected]> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> >>> IP= >>> >>> My request... M=INVITE sip:[email protected] >>> <mailto:sip%[email protected]> >>> method INVITE from R0 ...R8 pre-set 24, 25 - M=INVITE >>> RURI=sip:[email protected] <mailto:sip%[email protected]> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> I >>> P= >>> Proxy authentication failed R8- M=INVITE >>> RURI=sip:[email protected] <mailto:sip%[email protected]> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> IP= >>> New request and force_rport - M=INVITE >>> RURI=sip:[email protected] <mailto:sip%[email protected]> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> IP= >>> method is NOT REGISTER from R0 ... NAT test - M=INVITE >>> RURI=sip:[email protected] <mailto:sip%[email protected]> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> >>> IP= >>> My request... M=INVITE sip:[email protected] >>> <mailto:sip%[email protected]> >>> >>> method INVITE from R0 ...R8 pre-set 24, 25 - M=INVITE >>> RURI=sip:[email protected] <mailto:sip%[email protected]> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> I >>> P= >>> Proxy authentication failed R8- M=INVITE >>> RURI=sip:[email protected] <mailto:sip%[email protected]> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> IP= >>> New request and force_rport - M=SUBSCRIBE >>> RURI=sip:[email protected] <mailto:sip%[email protected]> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] <mailto:sip%[email protected]> IP= >>> method is NOT REGISTER from R0 ... NAT test - M=SUBSCRIBE >>> RURI=sip:[email protected] <mailto:sip%[email protected]> >>> F=sip:[email protected] <mailto:sip%[email protected]> >>> T=sip:[email protected] >>> om IP= >>> My request... M=SUBSCRIBE sip:[email protected] >>> <mailto:sip%[email protected]> >>> Requested Service Unavailable PUBLISH/SUBSCRIBE/NOTIFY - >>> M=SUBSCRIBE >>> >>> Khan >>> >>> _______________________________________________ >>> Users mailing list >>> [email protected] <mailto:[email protected]> >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> >>> >>> >>> >>> >> > > _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
