Whoops,
Sorry to waste you time.
I have rebuilt and repopulated the database so many times, I forgot to check the obvious. Yes, I was simply trying to log in as a user that didn't have a password.
Thanks,
---greg
-----Original Message----- From: Jiri Kuthan [mailto:jiri@iptel.org] Sent: Saturday, January 18, 2003 3:27 AM To: Greg Fausak; serusers@lists.iptel.org Subject: Re: [Serusers] problem with phone authentication
I don't have a quick reply to what the problem in your setting could be -- we haven't encountered any problems with 7960 authentication yet. Some few suggestions you may want to verify follow. The first few may sound too trivial, but I just want to be safe not to miss them -- sometimes strange things happen sometimes when people work too hard :)
- is the password really correct?
- is the route[1] really entered for Cisco messages too?
If that is none of these trivial errors, it may be worth trying if things change when you use qop/authentication (the second paramterer of www_authorize changed to "1") and/or replace www_{authorize|challenge} with proxy_{authorize|challenge}.
Other possible issues might have popped up, if you changed use of plain-text credentials to hashed credentials -- if that is the case, let me know.
-jiri
At 02:06 AM 1/18/2003, Greg Fausak wrote:
This works with my eStara soft phone client: --------------cut # route[1], REGISTER block # REGISTER messages destined for our realm are forwarded here. # after a successful registration a customer can receive calls. # route[1] { if(!www_authorize("augustvoice.net", "subscriber")) { www_challenge("augustvoice.net", "0"); break; }; log("here is a register"); if(!save("location")) { sl_reply_error(); }; break; } ---------------uncut
However, when I try to get my Cisco 7960 to authorize it
fails. I've appended
the ngrep trace of the failed transaction. The only
difference I can see is
that the line argument algorithm=MD5 is in the WWW-Authenticate line. Do I have to do something special to accept a MD5 password???
---greg Greg Fausak
ngrep trace: --------cut # U 216.87.128.66:5060 -> 64.90.42.25:5060 REGISTER sip:64.90.42.25 SIP/2.0. Via: SIP/2.0/UDP
216.87.128.66:5060;branch=f6645848fea927b96489c6a32e39a956.0.
From: sip:2424377@64.90.42.25. To: sip:2424377@64.90.42.25. Call-ID: 003094c4-3d2f0002-23a6c56d-0dcb5c8f@192.168.100.101. Date: Sat, 18 Jan 2003 00:42:54 GMT. CSeq: 101 REGISTER. Contact: sip:2424377@216.87.128.66. Expires: 3600. Content-Length: 0. .
# U 64.90.42.25:5060 -> 216.87.128.66:5060 SIP/2.0 401 Unauthorized. Via: SIP/2.0/UDP
216.87.128.66:5060;branch=f6645848fea927b96489c6a32e39a956.0.
From: sip:2424377@64.90.42.25. To:
sip:2424377@64.90.42.25;tag=af30b122c950f7c4343d8a73d2eaf455.2313.
Call-ID: 003094c4-3d2f0002-23a6c56d-0dcb5c8f@192.168.100.101. CSeq: 101 REGISTER. WWW-Authenticate: Digest realm="augustvoice.net",
nonce="3e28a43a000000005b6a30b9fa105b98b2fd9d1aa59c4c72", algorithm=MD5.
Server: Sip EXpress router (0.8.10 (i386/linux)). Content-Length: 0. Warning: 392 register.augustvoice.net:5060 "Noisy feedback
tells: pid=2262 req_src_ip=216.87.128.66 in_uri=sip:64.90.42.25 out_uri=sip:64.90.42.25 via_cnt==1".
.
# U 216.87.128.66:5060 -> 64.90.42.25:5060 REGISTER sip:64.90.42.25 SIP/2.0. Via: SIP/2.0/UDP
216.87.128.66:5060;branch=e71832739a0647b7ba91baa50bcc1497.0.
From: sip:2424377@64.90.42.25. To: sip:2424377@64.90.42.25. Call-ID: 003094c4-3d2f0002-23a6c56d-0dcb5c8f@192.168.100.101. Date: Sat, 18 Jan 2003 00:42:54 GMT. CSeq: 102 REGISTER. Authorization: Digest
username="2424377",realm="augustvoice.net",uri="sip:64.90.42.2 5",response="039cee96c9321217973c4914314fc3ed",nonce="3e28a43a 000000005b6a30b9fa105b98b2fd9d1aa59c4c72",algorithm=MD5.
Contact: sip:2424377@216.87.128.66. Expires: 3600. Content-Length: 0. .
# U 64.90.42.25:5060 -> 216.87.128.66:5060 SIP/2.0 401 Unauthorized. Via: SIP/2.0/UDP
216.87.128.66:5060;branch=e71832739a0647b7ba91baa50bcc1497.0.
From: sip:2424377@64.90.42.25. To:
sip:2424377@64.90.42.25;tag=af30b122c950f7c4343d8a73d2eaf455.2581.
Call-ID: 003094c4-3d2f0002-23a6c56d-0dcb5c8f@192.168.100.101. CSeq: 102 REGISTER. WWW-Authenticate: Digest realm="augustvoice.net",
nonce="3e28a43a000000005b6a30b9fa105b98b2fd9d1aa59c4c72", algorithm=MD5.
Server: Sip EXpress router (0.8.10 (i386/linux)). Content-Length: 0. Warning: 392 register.augustvoice.net:5060 "Noisy feedback
tells: pid=2263 req_src_ip=216.87.128.66 in_uri=sip:64.90.42.25 out_uri=sip:64.90.42.25 via_cnt==1".
.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/