Hi all,
After 3 hours stuck on this I have to ask the group. I am setting up Kam 3.1.3 +Ast 1.6.2.18 + realtime following Daniel's guide on the Asipto site. The problem I see is 401 not authorized when uac tries to register.
Below is ngrep . do you see something I am missing or have any pointers? I can't seem to get any devices to register with asterisk. --- TIA
interface: any
filter: (ip or ip6) and ( port 5060 )
U 2011/05/21 23:40:39.333181 192.168.1.132:5060 -> 192.168.1.104:5060
REGISTER sip:192.168.1.104 SIP/2.0.
Via: SIP/2.0/UDP 192.168.1.132:5060;branch=z9hG4bK-cd60fa71.
From: testing sip:4444@192.168.1.104;tag=16b905e66a42787eo0.
To: testing sip:4444@192.168.1.104.
Call-ID: 5407498c-e755970e@192.168.1.132.
CSeq: 55278 REGISTER.
Max-Forwards: 70.
Authorization: Digest username="4444",realm="192.168.1.104",nonce="Tdiwvk3Yr5JAcX9Iljh/AX0BieRt73Y v",uri="sip:192.168.1.104",algorithm=MD5,response="68bc7ad2de02caa48b8cbb22b 6de7aa6".
Contact: testing sip:4444@192.168.1.132:5060;expires=30.
User-Agent: Linksys/PAP2-3.1.23(LS).
Content-Length: 0.
Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER.
Supported: x-sipura, replaces.
U 2011/05/21 23:40:39.347248 192.168.1.104:5060 -> 192.168.1.132:5060
SIP/2.0 200 OK.
Via: SIP/2.0/UDP 192.168.1.132:5060;branch=z9hG4bK-cd60fa71;rport=5060.
From: testing sip:4444@192.168.1.104;tag=16b905e66a42787eo0.
To: testing sip:4444@192.168.1.104;tag=d0c53e97c845e2d86a9876bb195e3450.e92e.
Call-ID: 5407498c-e755970e@192.168.1.132.
CSeq: 55278 REGISTER.
Contact: sip:4444@192.168.1.132:5060;expires=60;received="sip:192.168.1.132:5060".
Server: kamailio (3.1.3 (i386/linux)).
Content-Length: 0.
U 2011/05/21 23:40:39.349726 192.168.1.104:5060 -> 192.168.1.104:5080
REGISTER sip:192.168.1.104:5080 SIP/2.0.
Via: SIP/2.0/UDP 192.168.1.104;branch=z9hG4bK0f62.635b95f3.0.
To: sip:4444@192.168.1.104.
From: sip:4444@192.168.1.104;tag=a707bfce77c9367d1734afac7b3de6ca-f4de.
CSeq: 10 REGISTER.
Call-ID: 7f1ddb01-6717@192.168.1.104.
Content-Length: 0.
User-Agent: kamailio (3.1.3 (i386/linux)).
Contact: sip:4444@192.168.1.104:5060.
Expires: 30.
U 2011/05/21 23:40:39.351790 192.168.1.104:5080 -> 192.168.1.104:5060
SIP/2.0 401 Unauthorized.
v: SIP/2.0/UDP 192.168.1.104;branch=z9hG4bK0f62.635b95f3.0;received=192.168.1.104.
f: sip:4444@192.168.1.104;tag=a707bfce77c9367d1734afac7b3de6ca-f4de.
t: sip:4444@192.168.1.104;tag=as64ca9fe3.
i: 7f1ddb01-6717@192.168.1.104.
CSeq: 10 REGISTER.
Server: taridium ipbx.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO.
k: replaces, timer.
WWW-Authenticate: Digest algorithm=MD5, realm="192.168.1.104", nonce="5bad77f5".
l: 0.
U 2011/05/21 23:40:53.322348 192.168.1.104:5060 -> 192.168.1.132:5060
....
U 2011/05/21 23:40:57.180694 192.168.1.132:5060 -> 192.168.1.104:5060
NOTIFY sip:192.168.1.104 SIP/2.0.
Via: SIP/2.0/UDP 192.168.1.132:5060;branch=z9hG4bK-56c97474.
From: testing sip:4444@192.168.1.104;tag=16b905e66a42787eo0.
To: sip:192.168.1.104.
Call-ID: dbc8d986-9fbb95e@192.168.1.132.
CSeq: 47 NOTIFY.
Max-Forwards: 70.
Event: keep-alive.
User-Agent: Linksys/PAP2-3.1.23(LS).
Content-Length: 0.
U 2011/05/21 23:40:57.187840 192.168.1.104:5060 -> 192.168.1.132:5060
SIP/2.0 200 OK - keepalive.
Via: SIP/2.0/UDP 192.168.1.132:5060;branch=z9hG4bK-56c97474;rport=5060.
From: testing sip:4444@192.168.1.104;tag=16b905e66a42787eo0.
To: sip:192.168.1.104;tag=d0c53e97c845e2d86a9876bb195e3450.e05a.
Call-ID: dbc8d986-9fbb95e@192.168.1.132.
CSeq: 47 NOTIFY.
Server: kamailio (3.1.3 (i386/linux)).
Content-Length: 0.
Skyler wrote:
After 3 hours stuck on this I have to ask the group. I am setting up Kam 3.1.3 +Ast 1.6.2.18 + realtime following Daniel’s guide on the Asipto site. The problem I see is 401 not authorized when uac tries to register.
Hey, kamailio is addictive - there are quite some of us doing it on Sundays ;-)
I've just checked the manual, it says kamailio, not asterisk should do authentication of REGISTERs. Could you check you have created sipusers table and configured asterisk as per manual:
sipusers is the standard table required by Asterisk to store SIP user profile, with one extra column sippasswd where will be stored the password for SIP authentication. By default, Asterisk uses the column secret for SIP user password, but if that is filled in, Asterisk will ask for authentication again, resulting in double-authentication which we want to avoid. ?
Skyler wrote:
After 3 hours stuck on this I have to ask the group. I am setting up Kam 3.1.3 +Ast 1.6.2.18 + realtime following Daniel's guide on the Asipto site. The problem I see is 401 not authorized when uac tries to register.
Hey, kamailio is addictive - there are quite some of us doing it on Sundays ;-)
I've just checked the manual, it says kamailio, not asterisk should do authentication of REGISTERs. Could you check you have created sipusers table and configured asterisk as per manual:
sipusers is the standard table required by Asterisk to store SIP user profile, with one extra column sippasswd where will be stored the password for SIP authentication. By default, Asterisk uses the column secret for SIP user password, but if that is filled in, Asterisk will ask for authentication again, resulting in double-authentication which we want to avoid. ?
-- Sincerely, Andrew Pogrebennyk
---------------------------------------------------------------------
OMG.right under my nose the whole time. I love this stuff! ;)
I must have read and re-read the asipto guide a thousand times and googled until my fingers seized up, but I completely missed that . lol
So, in case anyone else comes across this same problem and you've followed the guide 100% you are undoubtedly looking for the "trick" to "configure Asterisk to not authenticate SIP requests coming from Kamailio". Well, there's no trick. Just slow down and read again. If that doesn't work . do this:
For each Asterisk extension - set host=dynamic, secret=<blank> and permit=<kamailioip> then put the device password into sippasswd field in db. Kamailio will authenticate the device with sippasswd in db and route[REGFWD] will pass the registration to Asterisk. Since there is no password for secret, Asterisk will register the extension to kamailio.ip:port automatically. Because permit =< kamailioip > Asterisk will ONLY accept registration from Kamailio for the extension. You may want to set permit =< kamailioip > in sip.conf general section to set ACL for all extensions to make life easier.
My particular problem was that I did not delete the secret. This apparently causes Asterisk to request authentication from Kamailio on registration FWD.
Thanks Andrew, sometimes it just takes another person to 'say it out loud' lol
Skyler
-
Andrew Pogrebennyk -
Skyler