Robert McNaught
2008-Jun-27 17:20 UTC
[asterisk-users] polycom with http/https basic authentication
Hi, I apologize that this is not directly associated with Asterisk, I have been trying to solve this, but not having any luck. Does anyone have a setup with http or https with basic authentication for provisioning Polycom Phones. We use edgemarc 4500 routers and use Option 66 to auto-provision phones using DHCP. I am trying to set up an apache server with subdirectories for different customers protected by a username and password so that their phones can only access their own directory. The string I am putting in Option 66 is: "http://username:password at http.server.com/dir1/" This is packet dumps of the polycom phone trying to grab files from the server - using basic authentication - I have set up .htaccess files which work correctly when pulling down files using firefox. GET FILE WITH POLYCOM [root at server3 ~]# ngrep -q 'HTTP/1.[01]' interface: eth0 (XXX.XXX.XXX.XXX/255.255.254.0) match: HTTP/1.[01] T XXX.XXX.XXX.XXX:1024 -> XXX.XXX.XXX.XXX [AP] GET /dir1/2345-12200-002.bootrom.ld HTTP/1.1..Host: http.server.com..Accept: */*..U ser-Agent: FileTransport PolycomSoundPointIP-SPIP_320-UA/4.0.0.0423.... T XXX.XXX.XXX.XXX:80 -> XXX.XXX.XXX.XXX:1024 [AP] HTTP/1.1 401 Authorization Required..Date: Fri, 27 Jun 2008 16:46:59 GMT..Server: A pache/2.0.61 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwli mited/1.4 FrontPage/5.0.2.2635 PHP/5.2.5..WWW-Authenticate: Basic realm="Restricted Area"..Content-Length: 703..Content-Type: text/html; charset=iso-8859-1....<!DOCTY PE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>401 Authorization R equired</title>.</head><body>.<h1>Authorization Required</h1>.<p>This server could not verify that you.are authorized to access the document.requested. Either you su pplied the wrong.credentials (e.g., bad password), or your.browser doesn't understa nd how to supply.the credentials required.</p>.<p>Additionally, a 404 Not Found.err or was encountered while trying to use an ErrorDocument to handle the request.</p>. <hr>.<address>Apache/2.0.61 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.8b mod_auth_passthrou gh/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.5 Server at prov.xiptel.net P ort 80</address>.</body></html>. T XXX.XXX.XXX.XXX:1025 -> XXX.XXX.XXX.XXX:80 [AP] GET /dir1/bootrom.ld HTTP/1.1..Host: http.server.com..Accept: */*..User-Agent: File Transport PolycomSoundPointIP-SPIP_320-UA/4.0.0.0423.... USING FIREFOX [root at server3 ~]# ngrep -q 'HTTP/1.[01]' interface: eth0 (69.73.146.0/255.255.254.0) match: HTTP/1.[01] T XXX.XXX.XXX.XXX:57773 -> XXX.XXX.XXX.XXX:80 [AP] GET /dir1/2345-11300-010.bootrom.ld HTTP/1.1..Host: http.server.com..User-Agent: Mo zilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008061015 Firefox/3.0..Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8..Accept-Language: en-us,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-Charset: ISO-8859-1,utf-8;q=0 .7,*;q=0.7..Keep-Alive: 300..Connection: keep-alive..Referer: http://prov.xiptel.ne t/dir1/..Cookie: logintheme=cpanel; cprelogin=no; cpsession=closed.... T XXX.XXX.XXX.XXX:80 -> XXX.XXX.XXX.XXX:57773 [AP] HTTP/1.1 401 Authorization Required..Date: Fri, 27 Jun 2008 16:36:20 GMT..Server: A pache/2.0.61 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwli mited/1.4 FrontPage/5.0.2.2635 PHP/5.2.5..WWW-Authenticate: Basic realm="Restricted Area"..Content-Length: 703..Keep-Alive: timeout=15, max=100..Connection: Keep-Aliv e..Content-Type: text/html; charset=iso-8859-1....<!DOCTYPE HTML PUBLIC "-//IETF//D TD HTML 2.0//EN">.<html><head>.<title>401 Authorization Required</title>.</head><bo dy>.<h1>Authorization Required</h1>.<p>This server could not verify that you.are au thorized to access the document.requested. Either you supplied the wrong.credentia ls (e.g., bad password), or your.browser doesn't understand how to supply.the crede ntials required.</p>.<p>Additionally, a 404 Not Found.error was encountered while t rying to use an ErrorDocument to handle the request.</p>.<hr>.<address>Apache/2.0.6 1 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 F rontPage/5.0.2.2635 PHP/5.2.5 Server at prov.xiptel.net Port 80</address>.</body></ html>. T XXX.XXX.XXX.XXX:57773 -> XXX.XXX.XXX.XXX:80 [AP] GET /dir1/2345-11300-010.bootrom.ld HTTP/1.1..Host: http.server.com..User-Agent: Mo zilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008061015 Firefox/3.0..Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8..Accept-Language: en-us,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-Charset: ISO-8859-1,utf-8;q=0 .7,*;q=0.7..Keep-Alive: 300..Connection: keep-alive..Referer: http://prov.xiptel.ne t/dir1/..Cookie: logintheme=cpanel; cprelogin=no; cpsession=closed..Authorization: Basic ZGlyMTppcGd2MTMxNA==.... As you can see, the server responds asking for authorization credentials, which are not responded to by the Polycom in its next HTTP message, whereas with a browser, when I type in my username and password in the dialog box, a response is made. I have been assured by Polycom that basic authentication works with their new models of phones - I am using a ip320. Further their admin guide states: "The protocol that will be used to transfer files from the boot server depends on several factors including the phone model and whether the bootROM or SIP application stage of provisioning is in progress. By default, the phones are shipped with FTP enabled as the provisioning protocol. If an unsupported protocol is specified, this may result in a defined behavior (see the table below for details of which protocol the phone will use). The Specified Protocol listed in the table can be selected in the Server Type field or the Server Address can include a transfer protocol, for example http://usr:pwd at server (refer to Server Menu on page 3-9). The boot server address can be an IP address, domain string name, or URL. The boot server address can also be obtained through DHCP. Configuration file names in the <Ethernet address>.cfg file can include a transfer protocol, for example https://usr:pwd at server/dir/file.cfg. If a user name and password are specified as part of the server address or file name, they will be used only if the server supports them." Anyone familiar with this situation, or have a different Option 66 string? or any troubleshooting tips Thanks Robert
Alexander Lopez
2008-Jun-27 18:07 UTC
[asterisk-users] polycom with http/https basic authentication
I could never get the http stuff to work, I tried Ftp like what you have ftp://user:password at server/customomer It worked fine for me the first time, and I just ran with it. Has worked without an issue since day one. If FTP not an option for you???? Alex> -----Original Message----- > From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users- > bounces at lists.digium.com] On Behalf Of Robert McNaught > Sent: Friday, June 27, 2008 1:20 PM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: [asterisk-users] polycom with http/https basic authentication > > Hi, > > I apologize that this is not directly associated with Asterisk, I have > been trying to solve this, but not having any luck. > > Does anyone have a setup with http or https with basic authentication > for provisioning Polycom Phones. We use edgemarc 4500 routers and use > Option 66 to auto-provision phones using DHCP. I am trying to set up > an apache server with subdirectories for different customers protected > by a username and password so that their phones can only access their > own directory. > > The string I am putting in Option 66 is: > > "http://username:password at http.server.com/dir1/" > > This is packet dumps of the polycom phone trying to grab files from > the server - using basic authentication - I have set up .htaccess > files which work correctly when pulling down files using firefox. > > GET FILE WITH POLYCOM > [root at server3 ~]# ngrep -q 'HTTP/1.[01]' > interface: eth0 (XXX.XXX.XXX.XXX/255.255.254.0) > match: HTTP/1.[01] > > T XXX.XXX.XXX.XXX:1024 -> XXX.XXX.XXX.XXX [AP] > GET /dir1/2345-12200-002.bootrom.ld HTTP/1.1..Host: > http.server.com..Accept: */*..U > ser-Agent: FileTransportPolycomSoundPointIP-SPIP_320-UA/4.0.0.0423....> > T XXX.XXX.XXX.XXX:80 -> XXX.XXX.XXX.XXX:1024 [AP] > HTTP/1.1 401 Authorization Required..Date: Fri, 27 Jun 2008 16:46:59 > GMT..Server: A > pache/2.0.61 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.8b > mod_auth_passthrough/2.1 mod_bwli > mited/1.4 FrontPage/5.0.2.2635 PHP/5.2.5..WWW-Authenticate: Basic > realm="Restricted > Area"..Content-Length: 703..Content-Type: text/html; > charset=iso-8859-1....<!DOCTY > PE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>401 > Authorization R > equired</title>.</head><body>.<h1>Authorization > Required</h1>.<p>This server could > not verify that you.are authorized to access the document.requested. > Either you su > pplied the wrong.credentials (e.g., bad password), or your.browser > doesn't understa > nd how to supply.the credentials required.</p>.<p>Additionally, a > 404 Not Found.err > or was encountered while trying to use an ErrorDocument to handle > the request.</p>. > <hr>.<address>Apache/2.0.61 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.8b > mod_auth_passthrou > gh/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.5 Server at > prov.xiptel.net P > ort 80</address>.</body></html>. > > T XXX.XXX.XXX.XXX:1025 -> XXX.XXX.XXX.XXX:80 [AP] > GET /dir1/bootrom.ld HTTP/1.1..Host: http.server.com..Accept: > */*..User-Agent: File > Transport PolycomSoundPointIP-SPIP_320-UA/4.0.0.0423.... > > > > USING FIREFOX > [root at server3 ~]# ngrep -q 'HTTP/1.[01]' > interface: eth0 (69.73.146.0/255.255.254.0) > match: HTTP/1.[01] > > T XXX.XXX.XXX.XXX:57773 -> XXX.XXX.XXX.XXX:80 [AP] > GET /dir1/2345-11300-010.bootrom.ld HTTP/1.1..Host: > http.server.com..User-Agent: Mo > zilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008061015 > Firefox/3.0..Accept: > >text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8..Accept-> Language: > en-us,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-Charset: > ISO-8859-1,utf-8;q=0 > .7,*;q=0.7..Keep-Alive: 300..Connection: keep-alive..Referer: > http://prov.xiptel.ne > t/dir1/..Cookie: logintheme=cpanel; cprelogin=no;cpsession=closed....> > T XXX.XXX.XXX.XXX:80 -> XXX.XXX.XXX.XXX:57773 [AP] > HTTP/1.1 401 Authorization Required..Date: Fri, 27 Jun 2008 16:36:20 > GMT..Server: A > pache/2.0.61 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.8b > mod_auth_passthrough/2.1 mod_bwli > mited/1.4 FrontPage/5.0.2.2635 PHP/5.2.5..WWW-Authenticate: Basic > realm="Restricted > Area"..Content-Length: 703..Keep-Alive: timeout=15, > max=100..Connection: Keep-Aliv > e..Content-Type: text/html; charset=iso-8859-1....<!DOCTYPE HTML > PUBLIC "-//IETF//D > TD HTML 2.0//EN">.<html><head>.<title>401 Authorization > Required</title>.</head><bo > dy>.<h1>Authorization Required</h1>.<p>This server could not verify > that you.are au > thorized to access the document.requested. Either you supplied the > wrong.credentia > ls (e.g., bad password), or your.browser doesn't understand how to > supply.the crede > ntials required.</p>.<p>Additionally, a 404 Not Found.error was > encountered while t > rying to use an ErrorDocument to handle the > request.</p>.<hr>.<address>Apache/2.0.6 > 1 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.8b mod_auth_passthrough/2.1 > mod_bwlimited/1.4 F > rontPage/5.0.2.2635 PHP/5.2.5 Server at prov.xiptel.net Port > 80</address>.</body></ > html>. > > T XXX.XXX.XXX.XXX:57773 -> XXX.XXX.XXX.XXX:80 [AP] > GET /dir1/2345-11300-010.bootrom.ld HTTP/1.1..Host: > http.server.com..User-Agent: Mo > zilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008061015 > Firefox/3.0..Accept: > >text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8..Accept-> Language: > en-us,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-Charset: > ISO-8859-1,utf-8;q=0 > .7,*;q=0.7..Keep-Alive: 300..Connection: keep-alive..Referer: > http://prov.xiptel.ne > t/dir1/..Cookie: logintheme=cpanel; cprelogin=no; > cpsession=closed..Authorization: > Basic ZGlyMTppcGd2MTMxNA==.... > > > As you can see, the server responds asking for authorization > credentials, which are not responded to by the Polycom in its next > HTTP message, whereas with a browser, when I type in my username and > password in the dialog box, a response is made. > > I have been assured by Polycom that basic authentication works with > their new models of phones - I am using a ip320. Further their admin > guide states: > > "The protocol that will be used to transfer files from the boot server > depends on > several factors including the phone model and whether the bootROM orSIP> application stage of provisioning is in progress. By default, thephones> are > shipped with FTP enabled as the provisioning protocol. If anunsupported> protocol is specified, this may result in a defined behavior (see the > table below > for details of which protocol the phone will use). The SpecifiedProtocol> listed > in the table can be selected in the Server Type field or the Server > Address can > include a transfer protocol, for example http://usr:pwd at server (referto> Server Menu on page 3-9). The boot server address can be an IPaddress,> domain string name, or URL. The boot server address can also beobtained> through DHCP. Configuration file names in the <Ethernet address>.cfgfile> can include a transfer protocol, for example > https://usr:pwd at server/dir/file.cfg. If a user name and password are > specified as part of the server address or file name, they will be > used only if the > server supports them." > > > Anyone familiar with this situation, or have a different Option 66 > string? or any troubleshooting tips > > Thanks > > Robert > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > AstriCon 2008 - September 22 - 25 Phoenix, Arizona > Register Now: http://www.astricon.net > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users