Sat 27 June 2004 18:55, Michal Zygmuntowicz wrote:
> Probably you need to modify your Gatekeeper::Auth section
> to not contain default=reject line (or change it to default=accept).
> The stack of modules configured in the Gatekeeper::Auth section
> is processed sequentially with each message (GRQ, RRQ, ARQ, ...).
> If you have default=reject rule at the end, all requests not
> accepted or rejected by preceding modules are rejected by this
> last line.
Now I have following in my gatekeeper.ini:
[Gatekeeper::Auth]
SQLPasswordAuth=required;RRQ
default=allow;GRQ
Gatekeeper gets GRQ, RRQ.
If I login with propably user name and propably password athentication passes.
If I login with wrong user name athentication failes.
But if I login with propably user and wrong password athentication passes!!!
So the problem has slightly changed:
It doesn't matter what password I type. Gatekeeper checks only username and
does not compare passwords.
2004/06/27 19:37:59.650 2 RasSrv.cxx(2392) GK Read from 10.0.0.81:4552
2004/06/27 19:37:59.650 3 RasSrv.cxx(2405) GK
gatekeeperRequest {
requestSeqNum = 50262
protocolIdentifier = 0.0.8.2250.0.4
rasAddress = ipAddress {
ip = 4 octets {
0a 00 00 51 ...Q
}
port = 4552
}
endpointType = {
vendor = {
vendor = {
t35CountryCode = 9
t35Extension = 0
manufacturerCode = 61
}
productId = 3 octets {
00 00 00 ...
}
versionId = 26 octets {
31 2e 30 2e 31 20 28 4f 70 65 6e 48 33 32 33 20 1.0.1 (OpenH323
76 31 2e 31 34 2e 31 29 00 00 v1.14.1)..
}
}
terminal = {
}
mc = FALSE
undefinedNode = FALSE
}
endpointAlias = 1 entries {
[0]=h323_ID 5 characters {
006a 0061 0063 0065 006b jacek
}
}
authenticationCapability = 2 entries {
[0]=pwdHash <<null>>
[1]=authenticationBES radius <<null>>
}
algorithmOIDs = 3 entries {
[0]=0.0.8.235.0.2.6
[1]=1.2.840.113549.2.5
[2]=1.2.840.113548.10.1.2.1
}
supportsAltGK = <<null>>
}
2004/06/27 19:37:59.650 1 RasSrv.cxx(900) GK GRQ Received
2004/06/27 19:37:59.650 4 gkauth.h(82) GkAuth default check ok
2004/06/27 19:37:59.651 4 RasSrv.cxx(2470) GK GCF will select
authentication mechanism: pwdHash <<null>> and algorithm OID:
1.2.840.113549.2.5
2004/06/27 19:37:59.651 2 RasSrv.cxx(975) GCF|10.0.0.81|jacek:h323_ID|
terminal;
2004/06/27 19:37:59.651 3 RasSrv.cxx(2332) GK Send to 10.0.0.81:4552
gatekeeperConfirm {
requestSeqNum = 50262
protocolIdentifier = 0.0.8.2250.0.4
gatekeeperIdentifier = 10 characters {
004b 0061 0063 007a 006f 0072 0065 006b Kaczorek
0047 004b GK
}
rasAddress = ipAddress {
ip = 4 octets {
c0 a8 00 05 ....
}
port = 1719
}
authenticationMode = pwdHash <<null>>
algorithmOID = 1.2.840.113549.2.5
}
2004/06/27 19:37:59.652 2 RasSrv.cxx(2392) GK Read from 192.168.0.1:4553
2004/06/27 19:37:59.653 3 RasSrv.cxx(2405) GK
gatekeeperRequest {
requestSeqNum = 50262
protocolIdentifier = 0.0.8.2250.0.4
rasAddress = ipAddress {
ip = 4 octets {
c0 a8 00 01 ....
}
port = 4553
}
endpointType = {
vendor = {
vendor = {
t35CountryCode = 9
t35Extension = 0
manufacturerCode = 61
}
productId = 3 octets {
00 00 00 ...
}
versionId = 26 octets {
31 2e 30 2e 31 20 28 4f 70 65 6e 48 33 32 33 20 1.0.1 (OpenH323
76 31 2e 31 34 2e 31 29 00 00 v1.14.1)..
}
}
terminal = {
}
mc = FALSE
undefinedNode = FALSE
}
endpointAlias = 1 entries {
[0]=h323_ID 5 characters {
006a 0061 0063 0065 006b jacek
}
}
authenticationCapability = 2 entries {
[0]=pwdHash <<null>>
[1]=authenticationBES radius <<null>>
}
algorithmOIDs = 3 entries {
[0]=0.0.8.235.0.2.6
[1]=1.2.840.113549.2.5
[2]=1.2.840.113548.10.1.2.1
}
supportsAltGK = <<null>>
}
2004/06/27 19:37:59.653 1 RasSrv.cxx(900) GK GRQ Received
2004/06/27 19:37:59.653 4 gkauth.h(82) GkAuth default check ok
2004/06/27 19:37:59.653 4 RasSrv.cxx(2470) GK GCF will select
authentication mechanism: pwdHash <<null>> and algorithm OID:
1.2.840.113549.2.5
2004/06/27 19:37:59.653 2 RasSrv.cxx(975) GCF|192.168.0.1|jacek:h323_ID|
terminal;
2004/06/27 19:37:59.653 3 RasSrv.cxx(2332) GK Send to 192.168.0.1:4553
gatekeeperConfirm {
requestSeqNum = 50262
protocolIdentifier = 0.0.8.2250.0.4
gatekeeperIdentifier = 10 characters {
004b 0061 0063 007a 006f 0072 0065 006b Kaczorek
0047 004b GK
}
rasAddress = ipAddress {
ip = 4 octets {
c0 a8 00 05 ....
}
port = 1719
}
authenticationMode = pwdHash <<null>>
algorithmOID = 1.2.840.113549.2.5
}
2004/06/27 19:37:59.654 2 RasSrv.cxx(2392) GK Read from
192.168.176.1:4554
2004/06/27 19:37:59.655 3 RasSrv.cxx(2405) GK
gatekeeperRequest {
requestSeqNum = 50262
protocolIdentifier = 0.0.8.2250.0.4
rasAddress = ipAddress {
ip = 4 octets {
c0 a8 b0 01 ....
}
port = 4554
}
endpointType = {
vendor = {
vendor = {
t35CountryCode = 9
t35Extension = 0
manufacturerCode = 61
}
productId = 3 octets {
00 00 00 ...
}
versionId = 26 octets {
31 2e 30 2e 31 20 28 4f 70 65 6e 48 33 32 33 20 1.0.1 (OpenH323
76 31 2e 31 34 2e 31 29 00 00 v1.14.1)..
}
}
terminal = {
}
mc = FALSE
undefinedNode = FALSE
}
endpointAlias = 1 entries {
[0]=h323_ID 5 characters {
006a 0061 0063 0065 006b jacek
}
}
authenticationCapability = 2 entries {
[0]=pwdHash <<null>>
[1]=authenticationBES radius <<null>>
}
algorithmOIDs = 3 entries {
[0]=0.0.8.235.0.2.6
[1]=1.2.840.113549.2.5
[2]=1.2.840.113548.10.1.2.1
}
supportsAltGK = <<null>>
}
2004/06/27 19:37:59.655 1 RasSrv.cxx(900) GK GRQ Received
2004/06/27 19:37:59.655 4 gkauth.h(82) GkAuth default check ok
2004/06/27 19:37:59.655 4 RasSrv.cxx(2470) GK GCF will select
authentication mechanism: pwdHash <<null>> and algorithm OID:
1.2.840.113549.2.5
2004/06/27 19:37:59.655 2 RasSrv.cxx(975) GCF|192.168.176.1|
jacek:h323_ID|terminal;
2004/06/27 19:37:59.655 3 RasSrv.cxx(2332) GK Send to 192.168.176.1:4554
gatekeeperConfirm {
requestSeqNum = 50262
protocolIdentifier = 0.0.8.2250.0.4
gatekeeperIdentifier = 10 characters {
004b 0061 0063 007a 006f 0072 0065 006b Kaczorek
0047 004b GK
}
rasAddress = ipAddress {
ip = 4 octets {
c0 a8 00 05 ....
}
port = 1719
}
authenticationMode = pwdHash <<null>>
algorithmOID = 1.2.840.113549.2.5
}
2004/06/27 19:37:59.656 2 RasSrv.cxx(2392) GK Read from
192.168.187.1:4555
2004/06/27 19:37:59.657 3 RasSrv.cxx(2405) GK
gatekeeperRequest {
requestSeqNum = 50262
protocolIdentifier = 0.0.8.2250.0.4
rasAddress = ipAddress {
ip = 4 octets {
c0 a8 bb 01 ....
}
port = 4555
}
endpointType = {
vendor = {
vendor = {
t35CountryCode = 9
t35Extension = 0
manufacturerCode = 61
}
productId = 3 octets {
00 00 00 ...
}
versionId = 26 octets {
31 2e 30 2e 31 20 28 4f 70 65 6e 48 33 32 33 20 1.0.1 (OpenH323
76 31 2e 31 34 2e 31 29 00 00 v1.14.1)..
}
}
terminal = {
}
mc = FALSE
undefinedNode = FALSE
}
endpointAlias = 1 entries {
[0]=h323_ID 5 characters {
006a 0061 0063 0065 006b jacek
}
}
authenticationCapability = 2 entries {
[0]=pwdHash <<null>>
[1]=authenticationBES radius <<null>>
}
algorithmOIDs = 3 entries {
[0]=0.0.8.235.0.2.6
[1]=1.2.840.113549.2.5
[2]=1.2.840.113548.10.1.2.1
}
supportsAltGK = <<null>>
}
2004/06/27 19:37:59.657 1 RasSrv.cxx(900) GK GRQ Received
2004/06/27 19:37:59.657 4 gkauth.h(82) GkAuth default check ok
2004/06/27 19:37:59.657 4 RasSrv.cxx(2470) GK GCF will select
authentication mechanism: pwdHash <<null>> and algorithm OID:
1.2.840.113549.2.5
2004/06/27 19:37:59.657 2 RasSrv.cxx(975) GCF|192.168.187.1|
jacek:h323_ID|terminal;
2004/06/27 19:37:59.657 3 RasSrv.cxx(2332) GK Send to 192.168.187.1:4555
gatekeeperConfirm {
requestSeqNum = 50262
protocolIdentifier = 0.0.8.2250.0.4
gatekeeperIdentifier = 10 characters {
004b 0061 0063 007a 006f 0072 0065 006b Kaczorek
0047 004b GK
}
rasAddress = ipAddress {
ip = 4 octets {
c0 a8 00 05 ....
}
port = 1719
}
authenticationMode = pwdHash <<null>>
algorithmOID = 1.2.840.113549.2.5
}
2004/06/27 19:37:59.675 2 RasSrv.cxx(2392) GK Read from 10.0.0.81:4552
2004/06/27 19:37:59.675 3 RasSrv.cxx(2405) GK
registrationRequest {
requestSeqNum = 50263
protocolIdentifier = 0.0.8.2250.0.4
discoveryComplete = TRUE
callSignalAddress = 4 entries {
[0]=ipAddress {
ip = 4 octets {
0a 00 00 51 ...Q
}
port = 1720
}
[1]=ipAddress {
ip = 4 octets {
c0 a8 00 01 ....
}
port = 1720
}
[2]=ipAddress {
ip = 4 octets {
c0 a8 b0 01 ....
}
port = 1720
}
[3]=ipAddress {
ip = 4 octets {
c0 a8 bb 01 ....
}
port = 1720
}
}
rasAddress = 1 entries {
[0]=ipAddress {
ip = 4 octets {
0a 00 00 51 ...Q
}
port = 4552
}
}
terminalType = {
vendor = {
vendor = {
t35CountryCode = 9
t35Extension = 0
manufacturerCode = 61
}
productId = 3 octets {
00 00 00 ...
}
versionId = 26 octets {
31 2e 30 2e 31 20 28 4f 70 65 6e 48 33 32 33 20 1.0.1 (OpenH323
76 31 2e 31 34 2e 31 29 00 00 v1.14.1)..
}
}
terminal = {
}
mc = FALSE
undefinedNode = FALSE
}
terminalAlias = 1 entries {
[0]=h323_ID 5 characters {
006a 0061 0063 0065 006b jacek
}
}
gatekeeperIdentifier = 10 characters {
004b 0061 0063 007a 006f 0072 0065 006b Kaczorek
0047 004b GK
}
endpointVendor = {
vendor = {
t35CountryCode = 9
t35Extension = 0
manufacturerCode = 61
}
productId = 3 octets {
00 00 00 ...
}
versionId = 26 octets {
31 2e 30 2e 31 20 28 4f 70 65 6e 48 33 32 33 20 1.0.1 (OpenH323
76 31 2e 31 34 2e 31 29 00 00 v1.14.1)..
}
}
cryptoTokens = 1 entries {
[0]=cryptoEPPwdHash {
alias = h323_ID 5 characters {
006a 0061 0063 0065 006b jacek
}
timeStamp = 1088357867
token = {
algorithmOID = 1.2.840.113549.2.5
paramS = {
}
hash = Hex: c8 2a e0 92 73 9c f6 17 ca a9 89 ef 7b c0 28 41
}
}
}
keepAlive = FALSE
willSupplyUUIEs = TRUE
maintainConnection = FALSE
supportsAltGK = <<null>>
usageReportingCapability = {
nonStandardUsageTypes = 0 entries {
}
startTime = <<null>>
endTime = <<null>>
terminationCause = <<null>>
}
callCreditCapability = {
canDisplayAmountString = TRUE
canEnforceDurationLimit = TRUE
}
}
2004/06/27 19:37:59.676 1 RasSrv.cxx(1002) GK RRQ Received
2004/06/27 19:37:59.676 4 gkauth.cxx(884) GkAuth jacek password match
(MD5)
2004/06/27 19:37:59.676 4 gkauth.cxx(444) GkAuth SQLPasswordAuth check
ok
2004/06/27 19:37:59.676 1 RasTbl.cxx(64) New EP|10.0.0.81:1720|
jacek:h323_ID|terminal|9008_endp
2004/06/27 19:37:59.677 2 RasSrv.cxx(1257) RCF|10.0.0.81:1720|
jacek:h323_ID|terminal|9008_endp;
2004/06/27 19:37:59.677 3 RasSrv.cxx(2332) GK Send to 10.0.0.81:4552
registrationConfirm {
requestSeqNum = 50263
protocolIdentifier = 0.0.8.2250.0.4
callSignalAddress = 1 entries {
[0]=ipAddress {
ip = 4 octets {
c0 a8 00 05 ....
}
port = 0
}
}
terminalAlias = 1 entries {
[0]=h323_ID 5 characters {
006a 0061 0063 0065 006b jacek
}
}
gatekeeperIdentifier = 10 characters {
004b 0061 0063 007a 006f 0072 0065 006b Kaczorek
0047 004b GK
}
endpointIdentifier = 9 characters {
0039 0030 0030 0038 005f 0065 006e 0064 9008_end
0070 p
}
timeToLive = 600
willRespondToIRR = FALSE
maintainConnection = FALSE
}
2004/06/27 19:37:59.703 2 RasSrv.cxx(2392) GK Read from 10.0.0.81:4552
2004/06/27 19:37:59.704 3 RasSrv.cxx(2405) GK
admissionRequest {
requestSeqNum = 50264
callType = pointToPoint <<null>>
endpointIdentifier = 9 characters {
0039 0030 0030 0038 005f 0065 006e 0064 9008_end
0070 p
}
destinationInfo = 1 entries {
[0]=h323_ID 6 characters {
006d 0061 006e 0075 0069 0061 manuia
}
}
destCallSignalAddress = ipAddress {
ip = 4 octets {
c0 a8 00 05 ....
}
port = 1720
}
srcInfo = 1 entries {
[0]=h323_ID 5 characters {
006a 0061 0063 0065 006b jacek
}
}
bandWidth = 200000
callReferenceValue = 7839
conferenceID = 16 octets {
5c d8 18 3f 6c f0 18 10 8d 0e 00 40 05 3f 19 f8 \..?l......@.?..
}
activeMC = FALSE
answerCall = FALSE
canMapAlias = TRUE
callIdentifier = {
guid = 16 octets {
42 d2 18 3f 6c f0 18 10 8d 0e 00 40 05 3f 19 f8 B..?l......@.?..
}
}
gatekeeperIdentifier = 10 characters {
004b 0061 0063 007a 006f 0072 0065 006b Kaczorek
0047 004b GK
}
cryptoTokens = 1 entries {
[0]=cryptoEPPwdHash {
alias = h323_ID 5 characters {
006a 0061 0063 0065 006b jacek
}
timeStamp = 1088357867
token = {
algorithmOID = 1.2.840.113549.2.5
paramS = {
}
hash = Hex: c8 2a e0 92 73 9c f6 17 ca a9 89 ef 7b c0 28 41
}
}
}
willSupplyUUIEs = TRUE
}
2004/06/27 19:37:59.704 1 RasSrv.cxx(1414) GK ARQ Received
2004/06/27 19:37:59.705 3 RasSrv.cxx(1716) GK ARQ will request bandwith
of 200000
2004/06/27 19:37:59.705 2 RasTbl.cxx(2005) CallTable::Insert(CALL) Call
No. 1, total sessions : 1
2004/06/27 19:37:59.705 2 RasSrv.cxx(1830) ACF|10.0.0.81:1720|9008_endp|
7839|manuia:h323_ID|jacek:h323_ID|false;
2004/06/27 19:37:59.705 3 RasSrv.cxx(2332) GK Send to 10.0.0.81:4552
admissionConfirm {
requestSeqNum = 50264
bandWidth = 200000
callModel = direct <<null>>
destCallSignalAddress = ipAddress {
ip = 4 octets {
c0 a8 00 05 ....
}
port = 1720
}
irrFrequency = 120
willRespondToIRR = FALSE
uuiesRequested = {
setup = FALSE
callProceeding = FALSE
connect = FALSE
alerting = FALSE
information = FALSE
releaseComplete = FALSE
facility = FALSE
progress = FALSE
empty = FALSE
status = FALSE
statusInquiry = FALSE
setupAcknowledge = FALSE
notify = FALSE
}
}
2004/06/27 19:37:59.894 2 RasSrv.cxx(2392) GK Read from
192.168.0.5:33570
2004/06/27 19:37:59.895 3 RasSrv.cxx(2405) GK
admissionRequest {
requestSeqNum = 42083
callType = pointToPoint <<null>>
endpointIdentifier = 9 characters {
0039 0030 0030 0037 005f 0065 006e 0064 9007_end
0070 p
}
destinationInfo = 1 entries {
[0]=h323_ID 12 characters {
0063 006f 006d 006d 0075 006e 0069 0063 communic
0061 0074 006f 0072 ator
}
}
destCallSignalAddress = ipAddress {
ip = 4 octets {
c0 a8 00 05 ....
}
port = 1720
}
srcInfo = 1 entries {
[0]=h323_ID 19 characters {
006a 0061 0063 0065 006b 0020 005b 0031 jacek [1
0039 0032 002e 0031 0036 0038 002e 0030 92.168.0
002e 0031 005d .1]
}
}
srcCallSignalAddress = ipAddress {
ip = 4 octets {
c0 a8 00 01 ....
}
port = 4558
}
bandWidth = 100000
callReferenceValue = 7839
conferenceID = 16 octets {
5c d8 18 3f 6c f0 18 10 8d 0e 00 40 05 3f 19 f8 \..?l......@.?..
}
activeMC = FALSE
answerCall = TRUE
canMapAlias = TRUE
callIdentifier = {
guid = 16 octets {
42 d2 18 3f 6c f0 18 10 8d 0e 00 40 05 3f 19 f8 B..?l......@.?..
}
}
gatekeeperIdentifier = 10 characters {
004b 0061 0063 007a 006f 0072 0065 006b Kaczorek
0047 004b GK
}
cryptoTokens = 1 entries {
[0]=cryptoEPPwdHash {
alias = h323_ID 12 characters {
0063 006f 006d 006d 0075 006e 0069 0063 communic
0061 0074 006f 0072 ator
}
timeStamp = 1088357879
token = {
algorithmOID = 1.2.840.113549.2.5
paramS = {
}
hash = Hex: c2 08 ff 5d d9 a8 de 1f e9 72 b8 92 db 0c f8 81
}
}
}
willSupplyUUIEs = TRUE
}
2004/06/27 19:37:59.895 1 RasSrv.cxx(1414) GK ARQ Received
2004/06/27 19:37:59.895 3 RasSrv.cxx(1716) GK ARQ will request bandwith
of 100000
2004/06/27 19:37:59.896 3 RasSrv.cxx(1759) GK ACF: found existing call
no 1
2004/06/27 19:37:59.896 2 RasSrv.cxx(1830) ACF|192.168.0.5:1720|
9007_endp|7839|communicator:h323_ID|jacek [192.168.0.1]:h323_ID|true;
2004/06/27 19:37:59.896 3 RasSrv.cxx(2332) GK Send to 192.168.0.5:33570
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/
