Re: Simple Call Authentication/Authorization

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Michal, thank you for your response. You're right, now it worked fine for almost all the scenarios that I have been testing. However, It doesn't work in a scenario where I have a terminal registering with a Child GK.
I have been using this setup without a problem before adding this call authentication feature. I mean, I have a terminal connected to a child gk to go through NAT and it works beautifully.
When I added this alias authentication I can not make this setup work.
The terminal is able to register with the child GK but the parent GK rejects the call for securitydenial reason. The alias is comming correct from the child to the parent, the ARQ that the parent gets from the child seems to be ok, with the correct alias, but I always get a security denial. It seems that I need to change something in the parent GK to allow the child to call. Do I need to change something in the parent GK configuration to allow the child to call ?


Thanks


From: "Zygmuntowicz Michal" <m.zygmuntowicz@xxxxxxx>
Reply-To: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
To: <openh323gk-users@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Simple Call Authentication/Authorization Didn't work
Date: Tue, 9 Mar 2004 02:04:53 +0100


I looked at the source and found that "|" operator does not like spaces, so try to write:
ALL=allow alias:300|allow alias:400
or
ALL=allow alias:^300$|allow alias:^400$


----- Original Message -----
From: "Andrew Croch" <o_engenheiro71@xxxxxxxxxxx>
Sent: Tuesday, March 09, 2004 1:40 AM


> Michal, thank you for the response. But, are you sure this works the way you
> said ?
> I tried several times after reading your email but it never worked.
> Again, I wanted to call from terminal 300 and 400 for instance.
> I tried
>
> [Gatekeeper::Auth]
> PrefixAuth=required;ARQ
>
> [PrefixAuth]
> ALL=allow alias:300 | allow alias:400
>
> I also tried
> [PrefixAuth]
> ALL=allow alias:^300$ | allow alias:^400$
>
> It never worked...
> ARJ|192.168.0.103:1720|4526859:dialedDigits|300:dialedDigits=300:h323_ID|fal
> se|securityDenial;
>
> It only works when I use
>
> [PrefixAuth]
> ALL=allow alias:300
>
> Thanks for any insight...
>
>
> >From: Zygmuntowicz Michal <m.zygmuntowicz@xxxxxxx>
> >Reply-To: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
> >To: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
> >Subject: Re: Simple Call Authentication/Authorization
> >Date: Mon, 08 Mar 2004 17:30:36 +0100
> >
> >You need to specify all rules for one destination at a single line, like:
> >
> >ALL=allow alias:50041 | allow alias:50371
> >
> >you should also take into account the fact, that "alias:" rules takes
> >a regular expression as the argument:
> >
> >ALL=allow alias:^50041$ | allow alias:^50371$
> >
> >This will ensure only endpoint with exact alias 50041 (not containing
> >string
> >50041) is accepted by the rule.
> >
> >(The best would be to write just ALL=allow alias:^(50041|50371)$,
> > but | character is a rule separator... I think I have to fix it:)
> >
> >Andrew Croch <o_engenheiro71@xxxxxxxxxxx>:
> > >Posting again...
> > >Hi, I want to use a very simple authorization rule in my gnuGK. I read
> >the
> > >manual and tried to implement but can\'t make it work. I want to
> >authorize
> > >calls comming from endpoints with specific aliases.
> > >My config file:
> > >...
> > >...
> > >
> > >[Gatekeeper::Auth]
> > >PrefixAuth=required;ARQ
> > >
> > >[PrefixAuth]
> > >ALL=allow alias:50041
> > >ALL=allow alias:50371
> > >
> > >The terminal with alias 50041 can complete its call. The terminal with
> >alias
> > >50371 gets a security denial from the GK. What is wrong in my config ?
> > >ARJ|x.x.x.x:1720|yyyyyyyy:dialedDigits|50371:dialedDigits|false|security
> > >Denial;
> > >ACF|xxxxx:1720|8683_endp|20895|yyyyyyyy:dialedDigits|50041:dialedDigit
> > >s|false;




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/

_________________________________________________________________
Store more e-mails with MSN Hotmail Extra Storage ? 4 plans to choose from! http://click.atdmt.com/AVE/go/onm00200362ave/direct/01/




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/

[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux