Hi,
the security denial usually happens when authentication fails. But you
don't have any authentication set up, so it could be that a gateway
sends H.235 credentials when GnuGk doesn't expect any. (You cut away
the actual registrationRequest from the trace, so we can't see this.)
The other cause for a security denial can be when GnuGk looks up the
endpoint ID from the registration and finds it already has one from
a different call signalling address. This can happen for example if a
gateway sends broken endpoint IDs.
Regards,
Jan
Ian wrote:
> Hi Jan,
>
> Thanks for the quick response.
>
> > there is definitely no limit on the number of registrations in GnuGk.
>
> It is what I assumed.
>
> I can now see I have more than one problem.
>
>
> The Quintum ASM400 gateway below will register to my secondary GnuGk,
> which is the same config as the primary, except for some IPs.
>
> Primary:
> 2010/02/12 12:27:37.159 1 RasSrv.cxx(354) RAS RRQ Received from
> xxx.xxx.177.20:20001
> 2010/02/12 12:27:37.159 2 RasSrv.cxx(394)
> RRJ|xxx.xxx.177.20|xxx.xxx.177.20:h323_ID|gateway|securityDenial;
> 2010/02/12 12:27:37.160 3 RasSrv.cxx(236) RAS Send to xxx.xxx.177.20:20001
> registrationReject {
> requestSeqNum = 10681
> protocolIdentifier = 0.0.8.2250.0.3
> rejectReason = securityDenial <<null>>
> gatekeeperIdentifier = 5 characters {
> 0047 006e 0075 0047 006b GnuGk
> }
> }
>
> Secondary:
> 2010/02/12 14:06:40.621 1 RasSrv.cxx(354) RAS RRQ Received from
> xxx.xxx.177.20:20001
> 2010/02/12 14:06:40.622 3 RasSrv.cxx(236) RAS Send to xxx.xxx.177.20:20001
> registrationConfirm {
> requestSeqNum = 10876
> protocolIdentifier = 0.0.8.2250.0.3
> callSignalAddress = 1 entries {
> [0]=ipAddress {
> ip = 4 octets {
> xx xx 22 59 .."Y
> }
> port = 0
> }
> }
>
> I'm not sure what to look for with the "securityDenial" in the gateway config.
>
>
> Also, I have a Quintum AXM1600 gateway that logs as:
>
> 2010/02/12 14:11:45.610 1 RasSrv.cxx(178) RAS Could
> not decode message from xxx.xxx.55.9:20001
> 2010/02/12 14:11:48.622 2 RasSrv.cxx(175) RAS Read
> from xxx.xxx.55.9:20001
>
>
> I have more gateways that don't seem to appear in the logs, yet.
>
>
> Thanks.
>
> Ian.
--
Jan Willamowius, [email protected], http://www.gnugk.org/
------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________________
Posting: mailto:[email protected]
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/
