[OpenSIPS-Users] LDAP Authentication
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Fri Jun 19 03:21:59 CEST 2009
Alan,
2 points:
1) what you mean by "encrypted" ? the module supports only ha1 encoded
passwords.
2) I see you deal with a REGISTER request, but in your script you
changed the auth (from DB to LDAP) only for INVITES - check in the
script the second auth block (for REGISTERS) and change it in the same
time as we did for the INVITEs.
Regards,
Bogdan
Alan Rubin wrote:
> Bogdan,
>
> Thanks for your help. I reset the configuration for calculate_ha1 to 0
> (it was set to 1), but I am still getting a "401 - Unauthorized" error.
> The password returning from the LDAP server should be an encrypted
> string.
>
> # ----- auth_db params -----
> /* uncomment the following lines if you want to enable the DB based
> authentication */
> #modparam("auth_db", "calculate_ha1", yes)
> #modparam("auth_db", "password_column", "password")
> #modparam("auth_db", "db_url",
> # "mysql://opensips:<redacted>@localhost/opensips")
> #modparam("auth_db", "load_credentials", "")
>
> # ------ auth params -----
> #modparam("auth", "username_spec", "$var(username)")
> #modparam("auth", "password_spec", "$avp(s:password)")
> modparam("auth", "nonce_expire", 30)
> modparam("auth", "secret", "<redacted>")
> modparam("auth", "disable_nonce_check", 0)
> modparam("auth", "username_spec", "$var(username)")
> modparam("auth", "password_spec", "$avp(s:password)")
> modparam("auth", "calculate_ha1", 0)
>
> Here are the relevant logs from the connection (I think):
>
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:parse_msg: SIP Request:
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:parse_msg: method: <REGISTER>
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:parse_msg: uri: <sip:155.205.69.126>
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:parse_msg: version: <SIP/2.0>
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:parse_headers: flags=2
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:parse_via_param: found param type 232, <branch> =
> <z9hG4bK-d8754z-f2755c5f5d1c3201-1---d8754z->; state=6
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:parse_via_param: found param type 235, <rport> = <n/a>;
> state=17
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:parse_via: end of header reached, state=5
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:parse_headers: via found, flags=2
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:parse_headers: this is the first via
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:receive_msg: After parse_msg...
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:receive_msg: preparing to run routing scripts...
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:parse_headers: flags=100
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:maxfwd:is_maxfwd_present: value = 70
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:parse_headers: flags=8
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:parse_to: end of header reached, state=10
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:parse_to: display={"alan"}, ruri={sip:oh5 at 155.205.69.126}
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:get_hdr_field: <To> [32]; uri=[sip:oh5 at 155.205.69.126]
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:get_hdr_field: to body ["alan"<sip:oh5 at 155.205.69.126> ]
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:uri:has_totag: no totag
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:parse_headers: flags=78
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:get_hdr_field: cseq <CSeq>: <1> <REGISTER>
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:tm:t_lookup_request: start searching: hash=57545, isACK=0
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:tm:matching_3261: RFC3261 transaction matching failed
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:tm:t_lookup_request: no transaction found
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:parse_headers: flags=200
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:get_hdr_field: content_length=0
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:get_hdr_field: found end of header
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:rr:find_first_route: No Route headers found
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:rr:loose_route: There is no Route HF
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:grep_sock_info: checking if host==us: 14==9 &&
> [155.205.69.126] == [127.0.0.1]
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:grep_sock_info: checking if port 5060 matches port 5060
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:grep_sock_info: checking if host==us: 14==14 &&
> [155.205.69.126] == [155.205.69.126]
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:grep_sock_info: checking if port 5060 matches port 5060
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:parse_headers: flags=4000
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:auth:pre_auth: credentials with given realm not found
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:auth:reserve_nonce_index: second= 3, sec_monit= -1, index= 0
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:auth:build_auth_hf: nonce index= 0
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:auth:build_auth_hf: 'WWW-Authenticate: Digest
> realm="155.205.69.126",
> nonce="4a3ad9b90000000032ce5a6488ce3120fce3ebb88c23cd79" '
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:parse_headers: flags=ffffffffffffffff
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:check_via_address: params 155.205.26.124, 155.205.26.124, 0
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:destroy_avp_list: destroying list (nil)
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
> DBG:core:receive_msg: cleaning up
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:parse_msg: SIP Request:
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:parse_msg: method: <REGISTER>
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:parse_msg: uri: <sip:155.205.69.126>
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:parse_msg: version: <SIP/2.0>
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:parse_headers: flags=2
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:parse_via_param: found param type 232, <branch> =
> <z9hG4bK-d8754z-9520b61e7123e11e-1---d8754z->; state=6
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:parse_via_param: found param type 235, <rport> = <n/a>;
> state=17
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:parse_via: end of header reached, state=5
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:parse_headers: via found, flags=2
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:parse_headers: this is the first via
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:receive_msg: After parse_msg...
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:receive_msg: preparing to run routing scripts...
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:parse_headers: flags=100
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:maxfwd:is_maxfwd_present: value = 70
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:parse_headers: flags=8
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:parse_to: end of header reached, state=10
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:parse_to: display={"alan"}, ruri={sip:oh5 at 155.205.69.126}
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:get_hdr_field: <To> [32]; uri=[sip:oh5 at 155.205.69.126]
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:get_hdr_field: to body ["alan"<sip:oh5 at 155.205.69.126> ]
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:uri:has_totag: no totag
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:parse_headers: flags=78
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:get_hdr_field: cseq <CSeq>: <2> <REGISTER>
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:tm:t_lookup_request: start searching: hash=57542, isACK=0
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:tm:matching_3261: RFC3261 transaction matching failed
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:tm:t_lookup_request: no transaction found
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:parse_headers: flags=200
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:get_hdr_field: content_length=0
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:get_hdr_field: found end of header
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:rr:find_first_route: No Route headers found
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:rr:loose_route: There is no Route HF
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:grep_sock_info: checking if host==us: 14==9 &&
> [155.205.69.126] == [127.0.0.1]
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:grep_sock_info: checking if port 5060 matches port 5060
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:grep_sock_info: checking if host==us: 14==14 &&
> [155.205.69.126] == [155.205.69.126]
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:grep_sock_info: checking if port 5060 matches port 5060
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:auth:check_nonce: comparing
> [4a3ad9b90000000032ce5a6488ce3120fce3ebb88c23cd79] and
> [4a3ad9b90000000032ce5a6488ce3120fce3ebb88c23cd79]
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:db_do_query: SYNC-DBG - SELECT successfully executed!
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:db_mysql:db_mysql_do_prepared_query: conn=0x81b2c68 (tail=135989560)
> MC=0x81b4338
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:db_mysql:db_mysql_do_prepared_query: new query=|select ha1,rpid from
> subscriber where username=?|
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:db_mysql:db_mysql_do_prepared_query: prepared statement successfully
> set...
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:db_mysql:db_mysql_do_prepared_query: discon is 0 for 135989560
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:db_mysql:db_mysql_do_prepared_query: set values for the statement
> run
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:db_mysql:db_mysql_val2bind: added val (0): len=3; type=254;
> is_null=0
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:db_mysql:db_mysql_do_prepared_query: doing BIND_PARAM in...
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:db_mysql:db_mysql_do_prepared_query: discon reset for 135989560
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:db_mysql:db_mysql_do_prepared_query: prepared statement has 2
> columns in result
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:db_mysql:db_mysql_do_prepared_query: doing to BIND_PARAM out ...
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:db_mysql:db_mysql_query: SYNC-DBG - SELECT-STMT successfully
> executed!!
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:db_new_result: allocate 28 bytes for result set at 0x81b7ee0
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:db_mysql:db_mysql_store_result: SYNC-DBG - SELECT result was stored!
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:db_mysql:db_mysql_get_columns: 2 columns returned from the query
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:db_allocate_columns: allocate 32 bytes for result columns at
> 0x81b7f08
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:db_mysql:db_mysql_get_columns: RES_NAMES(0x81b7f10)[0]=[ha1]
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:db_mysql:db_mysql_get_columns: use DB_STRING result type
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:db_mysql:db_mysql_get_columns: RES_NAMES(0x81b7f18)[1]=[rpid]
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:db_mysql:db_mysql_get_columns: use DB_STRING result type
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:db_mysql:db_mysql_convert_rows: no rows returned from the query
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:auth_db:get_ha1: no result for user 'oh5@'
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:db_free_columns: freeing result columns at 0x81b7f08
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:db_free_rows: freeing 0 rows
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:db_free_result: freeing result set at 0x81b7ee0
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:db_free_result: SYNC-DBG - freeing result!
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:auth:reserve_nonce_index: second= 4, sec_monit= -1, index= 1
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:auth:build_auth_hf: nonce index= 1
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:auth:build_auth_hf: 'WWW-Authenticate: Digest
> realm="155.205.69.126",
> nonce="4a3ad9b9000000012a548105ca3e174701a4abc4ca9ebe65" '
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:parse_headers: flags=ffffffffffffffff
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:check_via_address: params 155.205.26.124, 155.205.26.124, 0
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:destroy_avp_list: destroying list (nil)
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
> DBG:core:receive_msg: cleaning up
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:parse_msg: SIP Request:
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:parse_msg: method: <REGISTER>
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:parse_msg: uri: <sip:155.205.69.126>
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:parse_msg: version: <SIP/2.0>
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:parse_headers: flags=2
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:parse_via_param: found param type 232, <branch> =
> <z9hG4bK-d8754z-9d36227c7e326926-1---d8754z->; state=6
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:parse_via_param: found param type 235, <rport> = <n/a>;
> state=17
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:parse_via: end of header reached, state=5
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:parse_headers: via found, flags=2
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:parse_headers: this is the first via
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:receive_msg: After parse_msg...
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:receive_msg: preparing to run routing scripts...
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:parse_headers: flags=100
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:maxfwd:is_maxfwd_present: value = 70
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:parse_headers: flags=8
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:parse_to: end of header reached, state=10
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:parse_to: display={"alan"}, ruri={sip:oh5 at 155.205.69.126}
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:get_hdr_field: <To> [32]; uri=[sip:oh5 at 155.205.69.126]
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:get_hdr_field: to body ["alan"<sip:oh5 at 155.205.69.126> ]
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:uri:has_totag: no totag
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:parse_headers: flags=78
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:get_hdr_field: cseq <CSeq>: <3> <REGISTER>
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:tm:t_lookup_request: start searching: hash=57543, isACK=0
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:tm:matching_3261: RFC3261 transaction matching failed
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:tm:t_lookup_request: no transaction found
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:parse_headers: flags=200
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:get_hdr_field: content_length=0
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:get_hdr_field: found end of header
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:rr:find_first_route: No Route headers found
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:rr:loose_route: There is no Route HF
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:grep_sock_info: checking if host==us: 14==9 &&
> [155.205.69.126] == [127.0.0.1]
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:grep_sock_info: checking if port 5060 matches port 5060
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:grep_sock_info: checking if host==us: 14==14 &&
> [155.205.69.126] == [155.205.69.126]
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:grep_sock_info: checking if port 5060 matches port 5060
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:auth:check_nonce: comparing
> [4a3ad9b9000000012a548105ca3e174701a4abc4ca9ebe65] and
> [4a3ad9b9000000012a548105ca3e174701a4abc4ca9ebe65]
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:db_do_query: SYNC-DBG - SELECT successfully executed!
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:db_mysql:db_mysql_do_prepared_query: conn=0x81b2c68 (tail=135989560)
> MC=0x81b4338
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:db_mysql:db_mysql_do_prepared_query: new query=|select ha1,rpid from
> subscriber where username=?|
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:db_mysql:db_mysql_do_prepared_query: prepared statement successfully
> set...
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:db_mysql:db_mysql_do_prepared_query: discon is 0 for 135989560
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:db_mysql:db_mysql_do_prepared_query: set values for the statement
> run
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:db_mysql:db_mysql_val2bind: added val (0): len=3; type=254;
> is_null=0
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:db_mysql:db_mysql_do_prepared_query: doing BIND_PARAM in...
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:db_mysql:db_mysql_do_prepared_query: discon reset for 135989560
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:db_mysql:db_mysql_do_prepared_query: prepared statement has 2
> columns in result
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:db_mysql:db_mysql_do_prepared_query: doing to BIND_PARAM out ...
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:db_mysql:db_mysql_query: SYNC-DBG - SELECT-STMT successfully
> executed!!
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:db_new_result: allocate 28 bytes for result set at 0x81b7ee0
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:db_mysql:db_mysql_store_result: SYNC-DBG - SELECT result was stored!
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:db_mysql:db_mysql_get_columns: 2 columns returned from the query
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:db_allocate_columns: allocate 32 bytes for result columns at
> 0x81b7f08
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:db_mysql:db_mysql_get_columns: RES_NAMES(0x81b7f10)[0]=[ha1]
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:db_mysql:db_mysql_get_columns: use DB_STRING result type
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:db_mysql:db_mysql_get_columns: RES_NAMES(0x81b7f18)[1]=[rpid]
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:db_mysql:db_mysql_get_columns: use DB_STRING result type
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:db_mysql:db_mysql_convert_rows: no rows returned from the query
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:auth_db:get_ha1: no result for user 'oh5@'
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:db_free_columns: freeing result columns at 0x81b7f08
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:db_free_rows: freeing 0 rows
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:db_free_result: freeing result set at 0x81b7ee0
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:db_free_result: SYNC-DBG - freeing result!
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:auth:reserve_nonce_index: second= 4, sec_monit= -1, index= 2
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:auth:build_auth_hf: nonce index= 2
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:auth:build_auth_hf: 'WWW-Authenticate: Digest
> realm="155.205.69.126",
> nonce="4a3ad9b900000002b64f5ef190966742551aa9531e9165f3" '
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:parse_headers: flags=ffffffffffffffff
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:check_via_address: params 155.205.26.124, 155.205.26.124, 0
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:destroy_avp_list: destroying list (nil)
> Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
> DBG:core:receive_msg: cleaning up
> ...
>
>
> And here are the changes I made to the main route, for the benefit of
> anyone else who might have an idea for me:
>
> if (!(method=="REGISTER") && from_uri==myself) { /*no
> multidomain version*/
> # are any credentials available in the request ?
> if (!is_present_hf("Proxy-Authorization")) {
> proxy_challenge("", "0");
> exit;
> }
>
> # run the ldap_query() and load the passwd into
> $avp(s:password)
> # TODO
> $var(username)=$fU;
>
> ldap_search("ldap://sipaccounts/o=ntg??sub?(&(cn=$fU)(departmentNumber=6
> 6)(ntguserstatus=Active))");
> ldap_result("userPassword/$avp(s:password)");
>
> # username to authenticate
> #$var(username) = $fU;
>
> # do the authentication
> if(!pv_proxy_authorize("")){
> proxy_challenge("", "0");
> exit;
> }
>
> Regards,
>
> Alan Rubin
>
> -----Original Message-----
> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro]
> Sent: Friday, 19 June 2009 9:42 AM
> To: Alan Rubin; users at lists.opensips.org
> Subject: Re: [OpenSIPS-Users] LDAP Authentication
>
> HI Alan,
>
> sorry for the late reply - this week we have the OpenSIPS bootcamp and
> I'm getting my hands on the emails only from time to time..
>
> So, Are you loading the passwd in raw format (plain text) ? If so, you
> need the calulcate_ha1 param to be set to 1
> (http://www.opensips.org/html/docs/modules/1.5.x/auth.html#id228275) -
> by default it is set to 0.... (see prev email)
>
> Regards,
> Bogdan
>
> Alan Rubin wrote:
>
>> Bogdan,
>>
>> I've attached a log from a test this morning. I restarted opensips,
>> tried connecting from my PC using LDAP credentials and failed. Then I
>> made sure that the local account was removed and tried again with LDAP
>> credentials and it failed. Hopefully that's all apparent in the
>> logfile. I am using the X-lite client to connect.
>>
>> Regards,
>>
>> Alan Rubin
>>
>> -----Original Message-----
>> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro]
>> Sent: Wednesday, 17 June 2009 1:29 AM
>> To: Alan Rubin
>> Subject: Re: [OpenSIPS-Users] LDAP Authentication
>>
>> Hi Alan,
>>
>> the script looks ok - you can 1) use xlog just before the pv_auth() to
>>
>
>
>> see if the user and passwd are properly filled in, or 2) use debug=6
>>
> to
>
>> get the logs and post them here.
>>
>> Regards,
>> Bogdan
>>
>> Alan Rubin wrote:
>>
>>
>>> Bogdan,
>>>
>>> If you have a minute, could you take a look at my opensips.cfg file?
>>>
>>>
>> It
>>
>>
>>> is still authorizing against the users that were added by hand. I
>>>
>>>
>> have
>>
>>
>>> probably put the LDAP authentication in the wrong place, but I seem
>>>
> to
>
>>> be going in circles.
>>>
>>> Also, I used some of the template from Tristan Mahe for readability
>>>
> (I
>
>>> adapted his LDAP search examples and used his variable names). I
>>>
>>>
>> don't
>>
>>
>>> think this is my issue, but it could be.
>>>
>>> Thanks for your time,
>>>
>>>
>>> Alan Rubin
>>>
>>> -----Original Message-----
>>> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro]
>>> Sent: Tuesday, 16 June 2009 10:49 AM
>>> To: Alan Rubin
>>> Cc: Thiago Rondon; users at lists.opensips.org
>>> Subject: Re: [OpenSIPS-Users] LDAP Authentication
>>>
>>> cool, in this case simply replace the existing code for proxy_auth
>>>
>>>
>> with
>>
>>
>>> the code I previously posted.
>>>
>>> Regards,
>>> Bogdan
>>>
>>> Alan Rubin wrote:
>>>
>>>
>>>
>>>> Bogdan,
>>>>
>>>> Yes, my script is derived from the default and I have enabled MySQL
>>>>
>>>>
>>>>
>>> and
>>>
>>>
>>>
>>>> added PUA, PUA_userloc and Presence modules.
>>>>
>>>> Regards,
>>>>
>>>> Alan Rubin
>>>>
>>>> -----Original Message-----
>>>> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro]
>>>> Sent: Tuesday, 16 June 2009 9:59 AM
>>>> To: Alan Rubin
>>>> Cc: Thiago Rondon; users at lists.opensips.org
>>>> Subject: Re: [OpenSIPS-Users] LDAP Authentication
>>>>
>>>> Hi Alan,
>>>>
>>>> put in in the main route, where you need to do the
>>>>
>>>>
>> authentication...Is
>>
>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>> your script derived from the default opensips cfg file ?
>>>>
>>>> Regards,
>>>> Bogdan
>>>>
>>>> Alan Rubin wrote:
>>>>
>>>>
>>>>
>>>>
>>>>> Bogdan,
>>>>>
>>>>> Thanks for the help. Is the script part inside of the main route
>>>>>
> or
>
>>>>>
>>>>>
>>>>>
>>>>>
>>>> is
>>>>
>>>>
>>>>
>>>>
>>>>> it a separate section?
>>>>>
>>>>> Regards,
>>>>>
>>>>> Alan Rubin
>>>>> Unix Systems Administrator
>>>>> DCS Midrange Services
>>>>> Phone: +61 (08) 8999 5111
>>>>> Fax: +61 (08) 8999 7493
>>>>> e-Mail: alan.rubin at nt.gov.au
>>>>>
>>>>> -----Original Message-----
>>>>> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro]
>>>>> Sent: Tuesday, 16 June 2009 8:58 AM
>>>>> To: Alan Rubin
>>>>> Cc: Thiago Rondon; users at lists.opensips.org
>>>>> Subject: Re: [OpenSIPS-Users] LDAP Authentication
>>>>>
>>>>> Hi Alan,
>>>>>
>>>>> The way to do it is like:
>>>>>
>>>>> 1) configure the auth module to do authentication via
>>>>>
>>>>>
>>>>>
>>>>>
>>>> Pseudo-variables:
>>>>
>>>>
>>>>
>>>>
>>>>> # -- auth params --
>>>>> modparam("auth", "nonce_expire", 30)
>>>>> modparam("auth", "secret", "my-deepest-and-darkest-secret")
>>>>> modparam("auth", "disable_nonce_check", 0)
>>>>> modparam("auth", "username_spec", "$avp(i:2)")
>>>>> modparam("auth", "password_spec", "$avp(i:1)")
>>>>> modparam("auth", "calculate_ha1", 1)
>>>>>
>>>>> 2) and in script do:
>>>>>
>>>>> # are any credentials available in the request ?
>>>>> if (!is_present_hf("Proxy-Authorization")) {
>>>>> proxy_challenge("", "0");
>>>>> exit;
>>>>> }
>>>>>
>>>>> # run the ldap_query() and load the passwd into $avp(i:1)
>>>>> # TODO
>>>>>
>>>>> # username to authenticate
>>>>> $avp(i:2) = $fU;
>>>>>
>>>>> # do the authentication
>>>>> if(!pv_proxy_authorize("")){
>>>>> proxy_challenge("", "0");
>>>>> exit;
>>>>> }
>>>>>
>>>>>
>>>>> Regards,
>>>>> Bogdan
>>>>>
>>>>>
>>>>> Alan Rubin wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> Bogdan,
>>>>>>
>>>>>> I want to use LDAP to authenticate clients. We're using it for
>>>>>>
> our
>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> XMPP
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> server (amongst other services) without issues.
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Alan Rubin
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro]
>>>>>> Sent: Tuesday, 16 June 2009 8:24 AM
>>>>>> To: Alan Rubin
>>>>>> Cc: Thiago Rondon; users at lists.opensips.org
>>>>>> Subject: Re: [OpenSIPS-Users] LDAP Authentication
>>>>>>
>>>>>> Hi Alan,
>>>>>>
>>>>>> Do you want to use LDAP to authenticate clients or to authenticate
>>>>>>
>
>
>>>>>> opensips against other SIP server?
>>>>>>
>>>>>> Regards,
>>>>>> Bogdan
>>>>>>
>>>>>>
>>>>>> Alan Rubin wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Thiago,
>>>>>>>
>>>>>>> Thanks for the reply; however, the module documentation does not
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>> seem
>>>>
>>>>
>>>>
>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> to
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> give examples on how to configure LDAP with the auth mechanism.
>>>>>>>
>>>>>>>
>> Or
>>
>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>> is
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>> that not necessary?
>>>>>>>
>>>>>>> This is the section from the tutorial I found, mentioned
>>>>>>>
>>>>>>>
>>>>>>>
>>> previously:
>>>
>>>
>>>
>>>>>>> modparam("auth", "username_spec", "$avp(s:username)")
>>>>>>> modparam("auth", "password_spec", "$avp(s:password)")
>>>>>>> modparam("auth", "calculate_ha1", 1)
>>>>>>> ...
>>>>>>>
>>>>>>> The possible difference (typo?) that concerns me is this next
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> reference
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> in the tutorial:
>>>>>>>
>>>>>>> route[11] {
>>>>>>> if(is_method("REGISTER"))
>>>>>>> {
>>>>>>> if(is_present_hf("Authorization"))
>>>>>>> {
>>>>>>> # ldap search
>>>>>>> if
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
> (!ldap_search("ldap://sipaccounts/ou=sip,dc=example,dc=com?SIPUserName,S
>
>>
>>
>>>
>>>
>>>
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> IPPassword?one?(cn=$fU)"))
>>>>>>> {
>>>>>>> switch ($retcode)
>>>>>>> {
>>>>>>> ...
>>>>>>>
>>>>>>> I have no "route[11]" in my configuration file. Am I meant to
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>> create
>>>>
>>>>
>>>>
>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> a
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> new route section to handle LDAP authentication?
>>>>>>>
>>>>>>> What I am trying to do, if it is not clear, is use LDAP as a
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>> mechanism
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>> for authentication/registration of SIP accounts rather than
>>>>>>>
> having
>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>> to
>>>>
>>>>
>>>>
>>>>
>>>>>>> configure, by hand and with a separate password, a SIP account
>>>>>>>
> for
>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> each
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> user of my SIP server.
>>>>>>>
>>>>>>> Regards,
>>>>>>>
>>>>>>> Alan
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: users-bounces at lists.opensips.org
>>>>>>> [mailto:users-bounces at lists.opensips.org] On Behalf Of Thiago
>>>>>>>
>>>>>>>
>>>>>>>
>>> Rondon
>>>
>>>
>>>
>>>>>>> Sent: Monday, 15 June 2009 1:47 PM
>>>>>>> To: Alan Rubin
>>>>>>> Cc: users at lists.opensips.org
>>>>>>> Subject: Re: [OpenSIPS-Users] LDAP Authentication
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Alan,
>>>>>>>
>>>>>>> How about the document of ldap module ?
>>>>>>>
>>>>>>> http://www.opensips.org/html/docs/modules/1.5.x/ldap.html
>>>>>>>
>>>>>>> -Thiago Rondon
>>>>>>>
>>>>>>> Alan Rubin escreveu:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>
>
>
More information about the Users
mailing list