Re: Simple Call Authentication/Authorization

["Andrew Croch" <o_engenheiro71@xxxxxxxxxxx>]

Michal, thank you for your response. You're right, now it worked fine for 
almost all the scenarios that I have been testing. However, It doesn't work 
in a scenario where I have a terminal registering with a Child GK.
I have been using this setup without a problem before adding this call 
authentication feature. I mean, I have a terminal connected to a child gk to 
go through NAT and it works beautifully.
When I added this alias authentication I can not make this setup work.
The terminal is able to register with the child GK but the parent GK rejects 
the call for securitydenial reason. The alias is comming correct from the 
child to the parent, the ARQ that the parent gets from the child seems to be 
ok, with the correct alias, but I always get a security denial. It seems 
that I need to change something in the parent GK to allow the child to call. 
Do I need to change something in the parent GK configuration to allow the 
child to call ?

Thanks


> From: "Zygmuntowicz Michal" <m.zygmuntowicz@xxxxxxx>
> Reply-To: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
> To: <openh323gk-users@xxxxxxxxxxxxxxxxxxxxx>
> Subject: Re:  Simple Call Authentication/Authorization 
> Didn't work
> Date: Tue, 9 Mar 2004 02:04:53 +0100
>
> I looked at the source and found that "|" operator does not like spaces, so 
> try to write:
>     ALL=allow alias:300|allow alias:400
> or
>     ALL=allow alias:^300$|allow alias:^400$
>
> ----- Original Message -----
> From: "Andrew Croch" <o_engenheiro71@xxxxxxxxxxx>
> Sent: Tuesday, March 09, 2004 1:40 AM
>
>
> > Michal, thank you for the response. But, are you sure this works the way 
> you
> > said ?
> > I tried several times after reading your email but it never worked.
> > Again, I wanted to call from terminal 300 and 400 for instance.
> > I tried
> >
> > [Gatekeeper::Auth]
> > PrefixAuth=required;ARQ
> >
> > [PrefixAuth]
> > ALL=allow alias:300 | allow alias:400
> >
> > I also tried
> > [PrefixAuth]
> > ALL=allow alias:^300$ | allow alias:^400$
> >
> > It never worked...
> > 
> ARJ|192.168.0.103:1720|4526859:dialedDigits|300:dialedDigits=300:h323_ID|fal
> > se|securityDenial;
> >
> > It only works when I use
> >
> > [PrefixAuth]
> > ALL=allow alias:300
> >
> > Thanks for any insight...
> >
> >
> > >From: Zygmuntowicz Michal <m.zygmuntowicz@xxxxxxx>
> > >Reply-To: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
> > >To: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
> > >Subject: Re:  Simple Call 
> Authentication/Authorization
> > >Date: Mon, 08 Mar 2004 17:30:36 +0100
> > >
> > >You need to specify all rules for one destination at a single line, 
> like:
> > >
> > >ALL=allow alias:50041 | allow alias:50371
> > >
> > >you should also take into account the fact, that "alias:" rules takes
> > >a regular expression as the argument:
> > >
> > >ALL=allow alias:^50041$ | allow alias:^50371$
> > >
> > >This will ensure only endpoint with exact alias 50041 (not containing
> > >string
> > >50041) is accepted by the rule.
> > >
> > >(The best would be to write just ALL=allow alias:^(50041|50371)$,
> > >  but | character is a rule separator... I think I have to fix it:)
> > >
> > >Andrew Croch <o_engenheiro71@xxxxxxxxxxx>:
> > > >Posting again...
> > > >Hi, I want to use a very simple authorization rule in my gnuGK. I 
> read
> > >the
> > > >manual and tried to implement but can\'t make it work. I want to
> > >authorize
> > > >calls comming from endpoints with specific aliases.
> > > >My config file:
> > > >...
> > > >...
> > > >
> > > >[Gatekeeper::Auth]
> > > >PrefixAuth=required;ARQ
> > > >
> > > >[PrefixAuth]
> > > >ALL=allow alias:50041
> > > >ALL=allow alias:50371
> > > >
> > > >The terminal with alias 50041 can complete its call. The terminal 
> with
> > >alias
> > > >50371 gets a security denial from the GK. What is wrong in my config 
> ?
> > > 
> >ARJ|x.x.x.x:1720|yyyyyyyy:dialedDigits|50371:dialedDigits|false|security
> > > >Denial;
> > > 
> >ACF|xxxxx:1720|8683_endp|20895|yyyyyyyy:dialedDigits|50041:dialedDigit
> > > >s|false;
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
> Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
> Homepage: http://www.gnugk.org/

_________________________________________________________________
Store more e-mails with MSN Hotmail Extra Storage ? 4 plans to choose from! 
http://click.atdmt.com/AVE/go/onm00200362ave/direct/01/



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/