[OpenSIPS-Users] LDAP Authentication
Alan Rubin
Alan.Rubin at nt.gov.au
Fri Jun 19 02:34:32 CEST 2009
Bogdan,
Thanks for your help. I reset the configuration for calculate_ha1 to 0
(it was set to 1), but I am still getting a "401 - Unauthorized" error.
The password returning from the LDAP server should be an encrypted
string.
# ----- auth_db params -----
/* uncomment the following lines if you want to enable the DB based
authentication */
#modparam("auth_db", "calculate_ha1", yes)
#modparam("auth_db", "password_column", "password")
#modparam("auth_db", "db_url",
# "mysql://opensips:<redacted>@localhost/opensips")
#modparam("auth_db", "load_credentials", "")
# ------ auth params -----
#modparam("auth", "username_spec", "$var(username)")
#modparam("auth", "password_spec", "$avp(s:password)")
modparam("auth", "nonce_expire", 30)
modparam("auth", "secret", "<redacted>")
modparam("auth", "disable_nonce_check", 0)
modparam("auth", "username_spec", "$var(username)")
modparam("auth", "password_spec", "$avp(s:password)")
modparam("auth", "calculate_ha1", 0)
Here are the relevant logs from the connection (I think):
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:parse_msg: SIP Request:
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:parse_msg: method: <REGISTER>
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:parse_msg: uri: <sip:155.205.69.126>
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:parse_msg: version: <SIP/2.0>
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:parse_headers: flags=2
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:parse_via_param: found param type 232, <branch> =
<z9hG4bK-d8754z-f2755c5f5d1c3201-1---d8754z->; state=6
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:parse_via_param: found param type 235, <rport> = <n/a>;
state=17
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:parse_via: end of header reached, state=5
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:parse_headers: via found, flags=2
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:parse_headers: this is the first via
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:receive_msg: After parse_msg...
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:receive_msg: preparing to run routing scripts...
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:parse_headers: flags=100
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:maxfwd:is_maxfwd_present: value = 70
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:parse_headers: flags=8
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:parse_to: end of header reached, state=10
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:parse_to: display={"alan"}, ruri={sip:oh5 at 155.205.69.126}
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:get_hdr_field: <To> [32]; uri=[sip:oh5 at 155.205.69.126]
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:get_hdr_field: to body ["alan"<sip:oh5 at 155.205.69.126> ]
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:uri:has_totag: no totag
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:parse_headers: flags=78
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:get_hdr_field: cseq <CSeq>: <1> <REGISTER>
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:tm:t_lookup_request: start searching: hash=57545, isACK=0
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:tm:matching_3261: RFC3261 transaction matching failed
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:tm:t_lookup_request: no transaction found
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:parse_headers: flags=200
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:get_hdr_field: content_length=0
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:get_hdr_field: found end of header
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:rr:find_first_route: No Route headers found
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:rr:loose_route: There is no Route HF
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:grep_sock_info: checking if host==us: 14==9 &&
[155.205.69.126] == [127.0.0.1]
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:grep_sock_info: checking if port 5060 matches port 5060
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:grep_sock_info: checking if host==us: 14==14 &&
[155.205.69.126] == [155.205.69.126]
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:grep_sock_info: checking if port 5060 matches port 5060
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:parse_headers: flags=4000
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:auth:pre_auth: credentials with given realm not found
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:auth:reserve_nonce_index: second= 3, sec_monit= -1, index= 0
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:auth:build_auth_hf: nonce index= 0
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:auth:build_auth_hf: 'WWW-Authenticate: Digest
realm="155.205.69.126",
nonce="4a3ad9b90000000032ce5a6488ce3120fce3ebb88c23cd79" '
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:parse_headers: flags=ffffffffffffffff
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:check_via_address: params 155.205.26.124, 155.205.26.124, 0
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:destroy_avp_list: destroying list (nil)
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27778]:
DBG:core:receive_msg: cleaning up
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:parse_msg: SIP Request:
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:parse_msg: method: <REGISTER>
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:parse_msg: uri: <sip:155.205.69.126>
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:parse_msg: version: <SIP/2.0>
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:parse_headers: flags=2
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:parse_via_param: found param type 232, <branch> =
<z9hG4bK-d8754z-9520b61e7123e11e-1---d8754z->; state=6
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:parse_via_param: found param type 235, <rport> = <n/a>;
state=17
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:parse_via: end of header reached, state=5
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:parse_headers: via found, flags=2
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:parse_headers: this is the first via
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:receive_msg: After parse_msg...
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:receive_msg: preparing to run routing scripts...
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:parse_headers: flags=100
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:maxfwd:is_maxfwd_present: value = 70
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:parse_headers: flags=8
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:parse_to: end of header reached, state=10
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:parse_to: display={"alan"}, ruri={sip:oh5 at 155.205.69.126}
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:get_hdr_field: <To> [32]; uri=[sip:oh5 at 155.205.69.126]
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:get_hdr_field: to body ["alan"<sip:oh5 at 155.205.69.126> ]
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:uri:has_totag: no totag
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:parse_headers: flags=78
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:get_hdr_field: cseq <CSeq>: <2> <REGISTER>
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:tm:t_lookup_request: start searching: hash=57542, isACK=0
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:tm:matching_3261: RFC3261 transaction matching failed
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:tm:t_lookup_request: no transaction found
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:parse_headers: flags=200
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:get_hdr_field: content_length=0
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:get_hdr_field: found end of header
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:rr:find_first_route: No Route headers found
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:rr:loose_route: There is no Route HF
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:grep_sock_info: checking if host==us: 14==9 &&
[155.205.69.126] == [127.0.0.1]
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:grep_sock_info: checking if port 5060 matches port 5060
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:grep_sock_info: checking if host==us: 14==14 &&
[155.205.69.126] == [155.205.69.126]
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:grep_sock_info: checking if port 5060 matches port 5060
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:auth:check_nonce: comparing
[4a3ad9b90000000032ce5a6488ce3120fce3ebb88c23cd79] and
[4a3ad9b90000000032ce5a6488ce3120fce3ebb88c23cd79]
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:db_do_query: SYNC-DBG - SELECT successfully executed!
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:db_mysql:db_mysql_do_prepared_query: conn=0x81b2c68 (tail=135989560)
MC=0x81b4338
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:db_mysql:db_mysql_do_prepared_query: new query=|select ha1,rpid from
subscriber where username=?|
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:db_mysql:db_mysql_do_prepared_query: prepared statement successfully
set...
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:db_mysql:db_mysql_do_prepared_query: discon is 0 for 135989560
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:db_mysql:db_mysql_do_prepared_query: set values for the statement
run
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:db_mysql:db_mysql_val2bind: added val (0): len=3; type=254;
is_null=0
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:db_mysql:db_mysql_do_prepared_query: doing BIND_PARAM in...
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:db_mysql:db_mysql_do_prepared_query: discon reset for 135989560
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:db_mysql:db_mysql_do_prepared_query: prepared statement has 2
columns in result
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:db_mysql:db_mysql_do_prepared_query: doing to BIND_PARAM out ...
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:db_mysql:db_mysql_query: SYNC-DBG - SELECT-STMT successfully
executed!!
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:db_new_result: allocate 28 bytes for result set at 0x81b7ee0
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:db_mysql:db_mysql_store_result: SYNC-DBG - SELECT result was stored!
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:db_mysql:db_mysql_get_columns: 2 columns returned from the query
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:db_allocate_columns: allocate 32 bytes for result columns at
0x81b7f08
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:db_mysql:db_mysql_get_columns: RES_NAMES(0x81b7f10)[0]=[ha1]
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:db_mysql:db_mysql_get_columns: use DB_STRING result type
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:db_mysql:db_mysql_get_columns: RES_NAMES(0x81b7f18)[1]=[rpid]
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:db_mysql:db_mysql_get_columns: use DB_STRING result type
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:db_mysql:db_mysql_convert_rows: no rows returned from the query
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:auth_db:get_ha1: no result for user 'oh5@'
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:db_free_columns: freeing result columns at 0x81b7f08
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:db_free_rows: freeing 0 rows
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:db_free_result: freeing result set at 0x81b7ee0
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:db_free_result: SYNC-DBG - freeing result!
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:auth:reserve_nonce_index: second= 4, sec_monit= -1, index= 1
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:auth:build_auth_hf: nonce index= 1
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:auth:build_auth_hf: 'WWW-Authenticate: Digest
realm="155.205.69.126",
nonce="4a3ad9b9000000012a548105ca3e174701a4abc4ca9ebe65" '
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:parse_headers: flags=ffffffffffffffff
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:check_via_address: params 155.205.26.124, 155.205.26.124, 0
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:destroy_avp_list: destroying list (nil)
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27784]:
DBG:core:receive_msg: cleaning up
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:parse_msg: SIP Request:
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:parse_msg: method: <REGISTER>
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:parse_msg: uri: <sip:155.205.69.126>
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:parse_msg: version: <SIP/2.0>
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:parse_headers: flags=2
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:parse_via_param: found param type 232, <branch> =
<z9hG4bK-d8754z-9d36227c7e326926-1---d8754z->; state=6
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:parse_via_param: found param type 235, <rport> = <n/a>;
state=17
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:parse_via: end of header reached, state=5
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:parse_headers: via found, flags=2
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:parse_headers: this is the first via
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:receive_msg: After parse_msg...
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:receive_msg: preparing to run routing scripts...
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:parse_headers: flags=100
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:maxfwd:is_maxfwd_present: value = 70
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:parse_headers: flags=8
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:parse_to: end of header reached, state=10
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:parse_to: display={"alan"}, ruri={sip:oh5 at 155.205.69.126}
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:get_hdr_field: <To> [32]; uri=[sip:oh5 at 155.205.69.126]
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:get_hdr_field: to body ["alan"<sip:oh5 at 155.205.69.126> ]
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:uri:has_totag: no totag
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:parse_headers: flags=78
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:get_hdr_field: cseq <CSeq>: <3> <REGISTER>
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:tm:t_lookup_request: start searching: hash=57543, isACK=0
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:tm:matching_3261: RFC3261 transaction matching failed
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:tm:t_lookup_request: no transaction found
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:parse_headers: flags=200
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:get_hdr_field: content_length=0
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:get_hdr_field: found end of header
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:rr:find_first_route: No Route headers found
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:rr:loose_route: There is no Route HF
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:grep_sock_info: checking if host==us: 14==9 &&
[155.205.69.126] == [127.0.0.1]
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:grep_sock_info: checking if port 5060 matches port 5060
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:grep_sock_info: checking if host==us: 14==14 &&
[155.205.69.126] == [155.205.69.126]
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:grep_sock_info: checking if port 5060 matches port 5060
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:auth:check_nonce: comparing
[4a3ad9b9000000012a548105ca3e174701a4abc4ca9ebe65] and
[4a3ad9b9000000012a548105ca3e174701a4abc4ca9ebe65]
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:db_do_query: SYNC-DBG - SELECT successfully executed!
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:db_mysql:db_mysql_do_prepared_query: conn=0x81b2c68 (tail=135989560)
MC=0x81b4338
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:db_mysql:db_mysql_do_prepared_query: new query=|select ha1,rpid from
subscriber where username=?|
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:db_mysql:db_mysql_do_prepared_query: prepared statement successfully
set...
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:db_mysql:db_mysql_do_prepared_query: discon is 0 for 135989560
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:db_mysql:db_mysql_do_prepared_query: set values for the statement
run
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:db_mysql:db_mysql_val2bind: added val (0): len=3; type=254;
is_null=0
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:db_mysql:db_mysql_do_prepared_query: doing BIND_PARAM in...
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:db_mysql:db_mysql_do_prepared_query: discon reset for 135989560
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:db_mysql:db_mysql_do_prepared_query: prepared statement has 2
columns in result
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:db_mysql:db_mysql_do_prepared_query: doing to BIND_PARAM out ...
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:db_mysql:db_mysql_query: SYNC-DBG - SELECT-STMT successfully
executed!!
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:db_new_result: allocate 28 bytes for result set at 0x81b7ee0
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:db_mysql:db_mysql_store_result: SYNC-DBG - SELECT result was stored!
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:db_mysql:db_mysql_get_columns: 2 columns returned from the query
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:db_allocate_columns: allocate 32 bytes for result columns at
0x81b7f08
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:db_mysql:db_mysql_get_columns: RES_NAMES(0x81b7f10)[0]=[ha1]
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:db_mysql:db_mysql_get_columns: use DB_STRING result type
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:db_mysql:db_mysql_get_columns: RES_NAMES(0x81b7f18)[1]=[rpid]
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:db_mysql:db_mysql_get_columns: use DB_STRING result type
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:db_mysql:db_mysql_convert_rows: no rows returned from the query
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:auth_db:get_ha1: no result for user 'oh5@'
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:db_free_columns: freeing result columns at 0x81b7f08
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:db_free_rows: freeing 0 rows
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:db_free_result: freeing result set at 0x81b7ee0
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:db_free_result: SYNC-DBG - freeing result!
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:auth:reserve_nonce_index: second= 4, sec_monit= -1, index= 2
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:auth:build_auth_hf: nonce index= 2
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:auth:build_auth_hf: 'WWW-Authenticate: Digest
realm="155.205.69.126",
nonce="4a3ad9b900000002b64f5ef190966742551aa9531e9165f3" '
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:parse_headers: flags=ffffffffffffffff
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:check_via_address: params 155.205.26.124, 155.205.26.124, 0
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:destroy_avp_list: destroying list (nil)
Jun 19 09:49:39 dcshub1 /usr/local/opensips/sbin/opensips[27781]:
DBG:core:receive_msg: cleaning up
...
And here are the changes I made to the main route, for the benefit of
anyone else who might have an idea for me:
if (!(method=="REGISTER") && from_uri==myself) { /*no
multidomain version*/
# are any credentials available in the request ?
if (!is_present_hf("Proxy-Authorization")) {
proxy_challenge("", "0");
exit;
}
# run the ldap_query() and load the passwd into
$avp(s:password)
# TODO
$var(username)=$fU;
ldap_search("ldap://sipaccounts/o=ntg??sub?(&(cn=$fU)(departmentNumber=6
6)(ntguserstatus=Active))");
ldap_result("userPassword/$avp(s:password)");
# username to authenticate
#$var(username) = $fU;
# do the authentication
if(!pv_proxy_authorize("")){
proxy_challenge("", "0");
exit;
}
Regards,
Alan Rubin
-----Original Message-----
From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro]
Sent: Friday, 19 June 2009 9:42 AM
To: Alan Rubin; users at lists.opensips.org
Subject: Re: [OpenSIPS-Users] LDAP Authentication
HI Alan,
sorry for the late reply - this week we have the OpenSIPS bootcamp and
I'm getting my hands on the emails only from time to time..
So, Are you loading the passwd in raw format (plain text) ? If so, you
need the calulcate_ha1 param to be set to 1
(http://www.opensips.org/html/docs/modules/1.5.x/auth.html#id228275) -
by default it is set to 0.... (see prev email)
Regards,
Bogdan
Alan Rubin wrote:
> Bogdan,
>
> I've attached a log from a test this morning. I restarted opensips,
> tried connecting from my PC using LDAP credentials and failed. Then I
> made sure that the local account was removed and tried again with LDAP
> credentials and it failed. Hopefully that's all apparent in the
> logfile. I am using the X-lite client to connect.
>
> Regards,
>
> Alan Rubin
>
> -----Original Message-----
> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro]
> Sent: Wednesday, 17 June 2009 1:29 AM
> To: Alan Rubin
> Subject: Re: [OpenSIPS-Users] LDAP Authentication
>
> Hi Alan,
>
> the script looks ok - you can 1) use xlog just before the pv_auth() to
> see if the user and passwd are properly filled in, or 2) use debug=6
to
> get the logs and post them here.
>
> Regards,
> Bogdan
>
> Alan Rubin wrote:
>
>> Bogdan,
>>
>> If you have a minute, could you take a look at my opensips.cfg file?
>>
> It
>
>> is still authorizing against the users that were added by hand. I
>>
> have
>
>> probably put the LDAP authentication in the wrong place, but I seem
to
>> be going in circles.
>>
>> Also, I used some of the template from Tristan Mahe for readability
(I
>> adapted his LDAP search examples and used his variable names). I
>>
> don't
>
>> think this is my issue, but it could be.
>>
>> Thanks for your time,
>>
>>
>> Alan Rubin
>>
>> -----Original Message-----
>> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro]
>> Sent: Tuesday, 16 June 2009 10:49 AM
>> To: Alan Rubin
>> Cc: Thiago Rondon; users at lists.opensips.org
>> Subject: Re: [OpenSIPS-Users] LDAP Authentication
>>
>> cool, in this case simply replace the existing code for proxy_auth
>>
> with
>
>> the code I previously posted.
>>
>> Regards,
>> Bogdan
>>
>> Alan Rubin wrote:
>>
>>
>>> Bogdan,
>>>
>>> Yes, my script is derived from the default and I have enabled MySQL
>>>
>>>
>> and
>>
>>
>>> added PUA, PUA_userloc and Presence modules.
>>>
>>> Regards,
>>>
>>> Alan Rubin
>>>
>>> -----Original Message-----
>>> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro]
>>> Sent: Tuesday, 16 June 2009 9:59 AM
>>> To: Alan Rubin
>>> Cc: Thiago Rondon; users at lists.opensips.org
>>> Subject: Re: [OpenSIPS-Users] LDAP Authentication
>>>
>>> Hi Alan,
>>>
>>> put in in the main route, where you need to do the
>>>
> authentication...Is
>
>>>
>>>
>>
>>
>>> your script derived from the default opensips cfg file ?
>>>
>>> Regards,
>>> Bogdan
>>>
>>> Alan Rubin wrote:
>>>
>>>
>>>
>>>> Bogdan,
>>>>
>>>> Thanks for the help. Is the script part inside of the main route
or
>>>>
>>>>
>>>>
>>> is
>>>
>>>
>>>
>>>> it a separate section?
>>>>
>>>> Regards,
>>>>
>>>> Alan Rubin
>>>> Unix Systems Administrator
>>>> DCS Midrange Services
>>>> Phone: +61 (08) 8999 5111
>>>> Fax: +61 (08) 8999 7493
>>>> e-Mail: alan.rubin at nt.gov.au
>>>>
>>>> -----Original Message-----
>>>> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro]
>>>> Sent: Tuesday, 16 June 2009 8:58 AM
>>>> To: Alan Rubin
>>>> Cc: Thiago Rondon; users at lists.opensips.org
>>>> Subject: Re: [OpenSIPS-Users] LDAP Authentication
>>>>
>>>> Hi Alan,
>>>>
>>>> The way to do it is like:
>>>>
>>>> 1) configure the auth module to do authentication via
>>>>
>>>>
>>>>
>>> Pseudo-variables:
>>>
>>>
>>>
>>>> # -- auth params --
>>>> modparam("auth", "nonce_expire", 30)
>>>> modparam("auth", "secret", "my-deepest-and-darkest-secret")
>>>> modparam("auth", "disable_nonce_check", 0)
>>>> modparam("auth", "username_spec", "$avp(i:2)")
>>>> modparam("auth", "password_spec", "$avp(i:1)")
>>>> modparam("auth", "calculate_ha1", 1)
>>>>
>>>> 2) and in script do:
>>>>
>>>> # are any credentials available in the request ?
>>>> if (!is_present_hf("Proxy-Authorization")) {
>>>> proxy_challenge("", "0");
>>>> exit;
>>>> }
>>>>
>>>> # run the ldap_query() and load the passwd into $avp(i:1)
>>>> # TODO
>>>>
>>>> # username to authenticate
>>>> $avp(i:2) = $fU;
>>>>
>>>> # do the authentication
>>>> if(!pv_proxy_authorize("")){
>>>> proxy_challenge("", "0");
>>>> exit;
>>>> }
>>>>
>>>>
>>>> Regards,
>>>> Bogdan
>>>>
>>>>
>>>> Alan Rubin wrote:
>>>>
>>>>
>>>>
>>>>
>>>>> Bogdan,
>>>>>
>>>>> I want to use LDAP to authenticate clients. We're using it for
our
>>>>>
>>>>>
>>>>>
>>>>>
>>>> XMPP
>>>>
>>>>
>>>>
>>>>
>>>>> server (amongst other services) without issues.
>>>>>
>>>>> Regards,
>>>>>
>>>>> Alan Rubin
>>>>>
>>>>> -----Original Message-----
>>>>> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro]
>>>>> Sent: Tuesday, 16 June 2009 8:24 AM
>>>>> To: Alan Rubin
>>>>> Cc: Thiago Rondon; users at lists.opensips.org
>>>>> Subject: Re: [OpenSIPS-Users] LDAP Authentication
>>>>>
>>>>> Hi Alan,
>>>>>
>>>>> Do you want to use LDAP to authenticate clients or to authenticate
>>>>> opensips against other SIP server?
>>>>>
>>>>> Regards,
>>>>> Bogdan
>>>>>
>>>>>
>>>>> Alan Rubin wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> Thiago,
>>>>>>
>>>>>> Thanks for the reply; however, the module documentation does not
>>>>>>
>>>>>>
>>>>>>
>>> seem
>>>
>>>
>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> to
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> give examples on how to configure LDAP with the auth mechanism.
>>>>>>
> Or
>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>> is
>>>>
>>>>
>>>>
>>>>
>>>>>> that not necessary?
>>>>>>
>>>>>> This is the section from the tutorial I found, mentioned
>>>>>>
>>>>>>
>> previously:
>>
>>
>>>>>> modparam("auth", "username_spec", "$avp(s:username)")
>>>>>> modparam("auth", "password_spec", "$avp(s:password)")
>>>>>> modparam("auth", "calculate_ha1", 1)
>>>>>> ...
>>>>>>
>>>>>> The possible difference (typo?) that concerns me is this next
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> reference
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> in the tutorial:
>>>>>>
>>>>>> route[11] {
>>>>>> if(is_method("REGISTER"))
>>>>>> {
>>>>>> if(is_present_hf("Authorization"))
>>>>>> {
>>>>>> # ldap search
>>>>>> if
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>
(!ldap_search("ldap://sipaccounts/ou=sip,dc=example,dc=com?SIPUserName,S
>
>>
>>
>>>
>>>
>>>
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> IPPassword?one?(cn=$fU)"))
>>>>>> {
>>>>>> switch ($retcode)
>>>>>> {
>>>>>> ...
>>>>>>
>>>>>> I have no "route[11]" in my configuration file. Am I meant to
>>>>>>
>>>>>>
>>>>>>
>>> create
>>>
>>>
>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> a
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> new route section to handle LDAP authentication?
>>>>>>
>>>>>> What I am trying to do, if it is not clear, is use LDAP as a
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>> mechanism
>>>>
>>>>
>>>>
>>>>
>>>>>> for authentication/registration of SIP accounts rather than
having
>>>>>>
>>>>>>
>>>>>>
>>> to
>>>
>>>
>>>
>>>>>> configure, by hand and with a separate password, a SIP account
for
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> each
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> user of my SIP server.
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Alan
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: users-bounces at lists.opensips.org
>>>>>> [mailto:users-bounces at lists.opensips.org] On Behalf Of Thiago
>>>>>>
>>>>>>
>> Rondon
>>
>>
>>>>>> Sent: Monday, 15 June 2009 1:47 PM
>>>>>> To: Alan Rubin
>>>>>> Cc: users at lists.opensips.org
>>>>>> Subject: Re: [OpenSIPS-Users] LDAP Authentication
>>>>>>
>>>>>>
>>>>>>
>>>>>> Alan,
>>>>>>
>>>>>> How about the document of ldap module ?
>>>>>>
>>>>>> http://www.opensips.org/html/docs/modules/1.5.x/ldap.html
>>>>>>
>>>>>> -Thiago Rondon
>>>>>>
>>>>>> Alan Rubin escreveu:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>
>
More information about the Users
mailing list