I passed the domain string as first parameter in proxy_authorize (also in REGISTER's www_authorize in a separate test) - but I still get Proxy Auth Failed.
Getting the same result, two copies of digest response are being sent from X-Lite. OpenSER (most likely) denying Auth based on the Digest issued for Asterisk.
Proxy-Authorization: Digest username="1274229212",realm="asterisk",nonce="1780f1c0",uri="sip:6099999999999@sip.dummydomain",response="bb7a713ee1d85608390ec8adbcc6bda4",algorithm=MD5. Proxy-Authorization: Digest username="1274229212",realm="sip.dummydomain",nonce="48114cd64a57df739fc9d6131eb3057c3afc3eac",uri="sip:6099999999999@sip.dummydomain",response="89a293207ff00c3bf2d3ec483aa0838d",algo rithm=MD5.
Iñaki Baz Castillo wrote:
El Viernes, 25 de Abril de 2008, Ash Rah escribió:
Hi,
On initial INVITEs, both OpenSER and Asterisk send separate nonce and X-Lite then sends back two different digests in a single following INVITE :
Proxy-Authorization: Digest username="1274229212",realm="asterisk",nonce="01d3972c",uri="sip:6048484848 484@sip.dummydomain.com",response="ff9058f8ea89c55d0b110d4eccf27e9c",algorit hm=MD5.
Proxy-Authorization: Digest username="1274229212",realm="sip.dummydomain.com",nonce="480ee655da312e1c8f 977cae40a747d26f7e9c5f",uri="sip:6048484848484@sip.dummydomain.com",response ="361700cce632c00ff70ede5e5126c6ac",algo
The first one is for asterisk, (realm="asterisk") and the second one is for OpenSER. But unfortunately OpenSER probably examines the first digest which causes failed Proxy Authorization.
Is it possible to instruct OpenSER to inspect both of the digests before it makes a decision?
Yes, but you must specify it, try this:
if (!proxy_authorize("sip.dummydomain.com","subscriber")) { proxy_challenge("","0"); exit; }
Do you understand? if "proxy_authorize" has an empty first parameter then OpenSer tries to authenticate against a realm paramenter that the client sends in the first "Proxy-Authorization" header.
Anyway I've never tryed it so I'm not sure but hope theorically it should work XD
Regards.