Hi all,
I'm trying to implement the MD5 digest authentication in my SIP client to register with SER, and I sent and receive:
REGISTER sip:10.0.0.113:6060 SIP/2.0 Via: SIP/2.0/UDP 205.150.90.93:5060;branch=z9hG4bK0167f788a27be2 From: sip:VoiceGenie@10.0.0.113:6060;tag=AB7327E9-BD62-46F5-F2A0-55C60D2C15A3 To: sip:VoiceGenie@10.0.0.113:6060 Max-Forwards: 70 CSeq: 1 REGISTER Call-ID: ED2DD8A5-2A10-40F6-5BA1-27F0DE4456D1@205.150.90.93:5060 Contact: sip:VoiceGenie@205.150.90.93:5060;expires=60 Content-Length: 0
SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 205.150.90.93:5060;branch=z9hG4bK0167f788a27be2 From: sip:VoiceGenie@10.0.0.113:6060;tag=AB7327E9-BD62-46F5-F2A0-55C60D2C15A3 To: sip:VoiceGenie@10.0.0.113:6060;tag=224edcece75971e271cb292defd4983a.bf0d CSeq: 1 REGISTER Call-ID: ED2DD8A5-2A10-40F6-5BA1-27F0DE4456D1@205.150.90.93:5060 WWW-Authenticate: Digest realm="iptel.org", nonce="41a27b3b6184801b57dba727f73804c29f91f1b3" Server: Sip EXpress router (0.8.14 (i386/linux)) Content-Length: 0 Warning: 392 10.0.0.113:6060 "Noisy feedback tells: pid=9455 req_src_ip=205.150.90.93 req_src_port=5060 in_uri=sip:10.0.0.113:6060 out_uri=sip:10.0.0.113:6060 via_cnt==1"
Following RFC 2617, A1 = admin:iptel.org:heslo (where SER's default username:password pair "admin:heslo" are used, with realm="iptel.org) A2 = REGISTER:sip:10.0.0.113:6060 (where method="REGISTER" and digest-url="sip:10.0.0.113:6060" which agrees with request URI, and note that SER is running at 10.0.0.113, port = 6060)
Response was calculated as MD5( MD5(A1):nonce:MD5(A2) )
And my new REGISTER msg is: REGISTER sip:10.0.0.113:6060 SIP/2.0 Via: SIP/2.0/UDP 205.150.90.93:5060;branch=z9hG4bK01683cc0a27be2 From: sip:VoiceGenie@10.0.0.113:6060;tag=A1C28CFF-9D16-47DD-059A-0E8F88F7F4AE To: sip:VoiceGenie@10.0.0.113:6060 Max-Forwards: 70 CSeq: 2 REGISTER Call-ID: 30EB6AEA-9A88-4D34-1E92-5050F566665B@205.150.90.93:5060 Contact: sip:VoiceGenie@205.150.90.93:5060;expires=60 Content-Length: 0 Authorization: Digest username="admin", realm="iptel.org", nonce="41a27b3b6184801b57dba727f73804c29f91f1b3", uri="sip:10.0.0.113:6060", response="55a3888ff8ff7e8a9b31e38091effe21"
But I still get another 401 Unauthorized response ... I'm pretty sure my A1 is correct. Could it be my A2 where method shouldn't be REGISTER? Or may be the digest-uri is wrong?
Thank you in advance. Andrew Ho
The algorithm seems to be correct, check the contents of subscriber table to make sure that you have username admin with realm iptel.org and password heslo there.
Also make sure that you have calculate_ha1 parameter uncommented in the configuration file of SER. If you do not use the parameter then ser will use ha1 column instead, that column contains MD5(A1) and that string may be built using different realm (common source of problems). If unsure use calculate_ha1 parameter.
Jan.
On 22-11 19:18, Andrew Ho wrote:
Hi all,
I'm trying to implement the MD5 digest authentication in my SIP client to register with SER, and I sent and receive:
REGISTER sip:10.0.0.113:6060 SIP/2.0 Via: SIP/2.0/UDP 205.150.90.93:5060;branch=z9hG4bK0167f788a27be2 From: sip:VoiceGenie@10.0.0.113:6060;tag=AB7327E9-BD62-46F5-F2A0-55C60D2C15A3 To: sip:VoiceGenie@10.0.0.113:6060 Max-Forwards: 70 CSeq: 1 REGISTER Call-ID: ED2DD8A5-2A10-40F6-5BA1-27F0DE4456D1@205.150.90.93:5060 Contact: sip:VoiceGenie@205.150.90.93:5060;expires=60 Content-Length: 0
SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 205.150.90.93:5060;branch=z9hG4bK0167f788a27be2 From: sip:VoiceGenie@10.0.0.113:6060;tag=AB7327E9-BD62-46F5-F2A0-55C60D2C15A3 To: sip:VoiceGenie@10.0.0.113:6060;tag=224edcece75971e271cb292defd4983a.bf0d CSeq: 1 REGISTER Call-ID: ED2DD8A5-2A10-40F6-5BA1-27F0DE4456D1@205.150.90.93:5060 WWW-Authenticate: Digest realm="iptel.org", nonce="41a27b3b6184801b57dba727f73804c29f91f1b3" Server: Sip EXpress router (0.8.14 (i386/linux)) Content-Length: 0 Warning: 392 10.0.0.113:6060 "Noisy feedback tells: pid=9455 req_src_ip=205.150.90.93 req_src_port=5060 in_uri=sip:10.0.0.113:6060 out_uri=sip:10.0.0.113:6060 via_cnt==1"
Following RFC 2617, A1 = admin:iptel.org:heslo (where SER's default username:password pair "admin:heslo" are used, with realm="iptel.org) A2 = REGISTER:sip:10.0.0.113:6060 (where method="REGISTER" and digest-url="sip:10.0.0.113:6060" which agrees with request URI, and note that SER is running at 10.0.0.113, port = 6060)
Response was calculated as MD5( MD5(A1):nonce:MD5(A2) )
And my new REGISTER msg is: REGISTER sip:10.0.0.113:6060 SIP/2.0 Via: SIP/2.0/UDP 205.150.90.93:5060;branch=z9hG4bK01683cc0a27be2 From: sip:VoiceGenie@10.0.0.113:6060;tag=A1C28CFF-9D16-47DD-059A-0E8F88F7F4AE To: sip:VoiceGenie@10.0.0.113:6060 Max-Forwards: 70 CSeq: 2 REGISTER Call-ID: 30EB6AEA-9A88-4D34-1E92-5050F566665B@205.150.90.93:5060 Contact: sip:VoiceGenie@205.150.90.93:5060;expires=60 Content-Length: 0 Authorization: Digest username="admin", realm="iptel.org", nonce="41a27b3b6184801b57dba727f73804c29f91f1b3", uri="sip:10.0.0.113:6060", response="55a3888ff8ff7e8a9b31e38091effe21"
But I still get another 401 Unauthorized response ... I'm pretty sure my A1 is correct. Could it be my A2 where method shouldn't be REGISTER? Or may be the digest-uri is wrong?
Thank you in advance. Andrew Ho
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Andrew Ho -
Jan Janak