Hello,
there is a limitation of uac_auth() mentioned in the readme of uac module. Perhaps asterisk doesn't accept the follow up request with credentials having the same cseq value.
You should just configure asterisk to allow traffic from kamailio based on ip address, without username/password authentication.
Cheers, Daniel
On 16/04/14 09:19, neumann wrote:
Hi all sorry for my english! Iam trying to authenticate as uac on 3rd party server(Asterisk). Kamailio get 401, send next invite with DIGEST but Asterisk send 401 again((( Asterisk don’t write in log what auth is failed.
115.600045 xxx.xxx.xxx.xxx -> yyy.yyy.yyy.yyy SIP/SDP 1093 Request: INVITE sip:321321231@xxx.xxx.xxx.xxx, with session description 115.601818 yyy.yyy.yyy.yyy -> xxx.xxx.xxx.xxx SIP 674 Status: 401 Unauthorized 115.602470 xxx.xxx.xxx.xxx -> yyy.yyy.yyy.yyy SIP 389 Request: ACK sip:321321231@xxx.xxx.xxx.xxx 115.604310 xxx.xxx.xxx.xxx -> yyy.yyy.yyy.yyy SIP/SDP 1267 Request: INVITE sip:321321231@xxx.xxx.xxx.xxx, with session description 115.605537 yyy.yyy.yyy.yyy -> xxx.xxx.xxx.xxx SIP 674 Status: 401 Unauthorized 115.606431 xxx.xxx.xxx.xxx -> yyy.yyy.yyy.yyy SIP 389 Request: ACK sip:321321231@xxx.xxx.xxx.xxx
My aster peer:
[kamailio] type=peer defaultuser=kamailio secret=1234 host=dynamic disallow=all allow=alaw nat=no qualify=yes
My kamailio config:
modparam("uac","auth_username_avp","$avp(s:uac_user)") modparam("uac","auth_password_avp","$avp(s:uac_pass)") modparam("uac","auth_realm_avp","$avp(s:uac_realm)")
route[DISPATCH_OUT] { if(!ds_select_dst( 4, 8)){ send_reply("404", "No destination"); exit; } t_set_fr(0,2000); t_on_failure("RTF_DISPATCH_OUT"); t_relay(); exit; }
failure_route[RTF_DISPATCH_OUT] { if (t_is_canceled()) { exit; }
if ( t_check_status("401|407") ) { $avp(s:uac_user) = "kamailio"; $avp(s:uac_pass) = "1234"; $avp(s:uac_realm) = "asterisk"; if (isflagset(7)) { t_reply("513","Authentication failed"); xlog("L_INFO", "[%ci]: Remote authentication failed\n"); break; }
if (uac_auth()) { xlog("L_INFO", "401/407 message recived"); # mark that auth was performed setflag(7); # trigger again the failure route t_on_failure("RTF_DISPATCH_OUT"); # repeat the request with auth response this time append_branch(); #t_relay_to_udp("94.25.100.198","5060"); t_relay(); break; } else { xlog("L_INFO", "uac_auth filed!!!!!!!!!!!"); } t_reply("514","Unknow authentication peer"); xlog("L_INFO", "[%ci]: Unknown authentication peer.\n"); break; }
# next DST - only for 500 or local timeout if (t_check_status("500") or t_check_status("480") or (t_branch_timeout() and !t_branch_replied())){ ds_mark_dst("p"); if(ds_next_dst()){ t_set_fr(0,2000); t_on_failure("RTF_DISPATCH_OUT"); route(RELAY); exit; } } }
————————————
Timofeev Dmitry VoIP Engineer Linux, Asterisk, Freeswitch, Cisco solutions Skype: itsroot icq: 227227933
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users