<html><body>
<p>HI James,<br>
<br>
Your "From" header as geneated by your client doesn't have a user name. The db_check_from() will fail because of this.<br>
<br>
Kennard<br>
<br>
<img width="16" height="16" src="cid:1__=07BBFD3DDFDC4C9F8f9e8a93df9@logitech.com" border="0" alt="Inactive hide details for James Mbuthia ---09/30/2010 12:08:53 AM---Hi, Am still having the same problem and am still lost. Bel"><font color="#424282">James Mbuthia ---09/30/2010 12:08:53 AM---Hi, Am still having the same problem and am still lost. Below is what I have on my invite header:</font><br>
<br>
<font size="2" color="#5F5F5F">From: </font><font size="2">James Mbuthia <jmmbuthia@gmail.com></font><br>
<font size="2" color="#5F5F5F">To: </font><font size="2">OpenSIPS users mailling list <users@lists.opensips.org></font><br>
<font size="2" color="#5F5F5F">Date: </font><font size="2">09/30/2010 12:08 AM</font><br>
<font size="2" color="#5F5F5F">Subject: </font><font size="2">Re: [OpenSIPS-Users] Proxy Authorization problem</font><br>
<font size="2" color="#5F5F5F">Sent by: </font><font size="2">users-bounces@lists.opensips.org</font><br>
<hr width="100%" size="2" align="left" noshade style="color:#8091A5; "><br>
<br>
<br>
<tt>Hi, Am still having the same problem and am still lost. Below is what<br>
I have on my invite header:<br>
<br>
INVITE sip:james@72.55.133.123 SIP/2.0<br>
Via: SIP/2.0/UDP 72.55.133.123:5060;rport;branch=z9hG4bK<br>
From: ;tag=232323<br>
To: James<br>
Call-ID:ytaRyb@72.55.133.123<br>
CSeq: 3 INVITE<br>
Contact:<br>
Content-type: application/sdp<br>
Max-Forwards: 70<br>
User-Agent: PHP SIP<br>
Subject: click2call<br>
Content-Length: 225<br>
Proxy-Authorization: Digest username="jm21", realm="72.55.133.123",<br>
nonce="4ca43525000000c92236b97996ebc9378f70674fe6ba6d7a",<br>
uri="james@72.55.133.123",<br>
response="e9b0b226c39cee9d80783832a53d3931", algorithm=MD5<br>
<br>
<br>
Below is what I have on my opensips.cfg<br>
<br>
# authenticate if from local subscriber (uncomment to enable auth)<br>
# authenticate all initial non-REGISTER request that pretend to be<br>
# generated by local subscriber (domain from FROM URI is local)<br>
if (!(method=="REGISTER") && from_uri==myself) /*no<br>
multidomain version*/<br>
##if (!(method=="REGISTER") && is_from_local()) /*multidomain version*/<br>
{<br>
if (!proxy_authorize("", "subscriber")) {<br>
proxy_challenge("", "0");<br>
exit;<br>
}<br>
if (!db_check_from()) {<br>
sl_send_reply("403","Forbidden auth ID");<br>
exit;<br>
}<br>
##<br>
consume_credentials();<br>
## # caller authenticated<br>
}<br>
<br>
<br>
Below is what i get on /var/log/messages<br>
<br>
Sep 30 03:07:43 CL-T020-483CL opensips: ERROR:uri:check_username: No<br>
authorized credentials found (error in scripts)<br>
Sep 30 03:07:43 CL-T020-483CL opensips: ERROR:uri:check_username: Call<br>
{www,proxy}_authorize before calling check_* functions!<br>
<br>
<br>
Am still as confused as ever as to what am doing wrong, can anyone<br>
give me some pointers or maybe a sample invite authorization script.<br>
Thanks<br>
<br>
james<br>
<br>
<br>
On 9/29/10, Anca Vamanu <anca@opensips.org> wrote:<br>
> Sorry, it's "check_to" or "check_from" what you have in your script, I<br>
> can't tell from the logs you pasted.<br>
><br>
> Regards,<br>
> Anca<br>
><br>
><br>
> On 09/29/2010 06:29 PM, James Mbuthia wrote:<br>
>> Ok, sorry to sound like a blond but which is<br>
>> the check_username function? Please can you give me an example snippet<br>
>> just so that I can have an idea?<br>
>><br>
>> On Wed, Sep 29, 2010 at 5:19 PM, Anca Vamanu <anca@opensips.org<br>
>> <</tt><tt><a href="mailto:anca@opensips.org">mailto:anca@opensips.org</a></tt><tt>>> wrote:<br>
>><br>
>> Hi James,<br>
>><br>
>> As the error says, you have to call a *_authorize function before<br>
>> calling the check_username function. As it is in the default<br>
>> configuration file:<br>
>><br>
>> if (!(method=="REGISTER") && from_uri==myself) /*no multidomain<br>
>> version*/<br>
>> {<br>
>> if (!proxy_authorize("", "subscriber")) {<br>
>> proxy_challenge("", "0");<br>
>> exit;<br>
>> }<br>
>> if (!db_check_from()) {<br>
>> sl_send_reply("403","Forbidden auth ID");<br>
>> exit;<br>
>> }<br>
>> }<br>
>><br>
>><br>
>> Regards,<br>
>><br>
>> --<br>
>> Anca Vamanu<br>
>> </tt><tt>www.voice-system.ro</tt><tt> <</tt><tt><a href="http://www.voice-system.ro">http://www.voice-system.ro</a></tt><tt>><br>
>><br>
>><br>
>><br>
>> On 09/29/2010 05:47 PM, James Mbuthia wrote:<br>
>>> Hi guys,<br>
>>> I hope you can help, am trying to do proxy authentication but I<br>
>>> seem to be making a mistake when compiling the<br>
>>> proxy-authorization response. The following is what I have as the<br>
>>> response on my INVITE header:<br>
>>><br>
>>> Proxy-Authorization: Digest username="james", realm="72.55.133.123",<br>
>>> nonce="4ca351fd000000ba2f06398974466cff346fa0ee28e9c12b",<br>
>>> uri="james@72.55.133.123 <</tt><tt><a href="mailto:james@72.55.133.123">mailto:james@72.55.133.123</a></tt><tt>>",<br>
>>> response="6caa56878d256a8220f6f70cfc4b10fe", algorithm=MD5<br>
>>><br>
>>><br>
>>><br>
>>><br>
>>><br>
>>> The following is the error on the server<br>
>>><br>
>>> Sep 29 10:47:38 CL-T020-483CL opensips: ERROR:uri:check_username:<br>
>>> No authorized credentials found (error in scripts)<br>
>>> Sep 29 10:47:38 CL-T020-483CL opensips: ERROR:uri:check_username:<br>
>>> Call {www,proxy}_authorize before calling check_* functions!<br>
>>><br>
>>> I've checked through books and websites but there's no clear<br>
>>> indication on how to compile the Proxy-authorization header, can<br>
>>> someone help me out and give me some pointers on what amd doing<br>
>>> wrong and how to compile the header. Thank.<br>
>>><br>
>>> james<br>
>>><br>
>>><br>
>>> _______________________________________________<br>
>>> Users mailing list<br>
>>> Users@lists.opensips.org <</tt><tt><a href="mailto:Users@lists.opensips.org">mailto:Users@lists.opensips.org</a></tt><tt>><br>
>>> </tt><tt><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a></tt><tt><br>
>>><br>
>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> Users mailing list<br>
>> Users@lists.opensips.org <</tt><tt><a href="mailto:Users@lists.opensips.org">mailto:Users@lists.opensips.org</a></tt><tt>><br>
>> </tt><tt><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a></tt><tt><br>
>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> Users mailing list<br>
>> Users@lists.opensips.org<br>
>> </tt><tt><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a></tt><tt><br>
>><br>
><br>
><br>
> --<br>
> Anca Vamanu<br>
> </tt><tt>www.voice-system.ro</tt><tt><br>
><br>
><br>
<br>
_______________________________________________<br>
Users mailing list<br>
Users@lists.opensips.org<br>
</tt><tt><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a></tt><tt><br>
</tt><br>
</body></html>