[Serusers] problem with phone authentication
Greg Fausak
greg at august.net
Sat Jan 18 21:15:23 CET 2003
Whoops,
Sorry to waste you time.
I have rebuilt and repopulated the database so many times,
I forgot to check the obvious.
Yes, I was simply trying to log in as a user that didn't
have a password.
Thanks,
---greg
> -----Original Message-----
> From: Jiri Kuthan [mailto:jiri at iptel.org]
> Sent: Saturday, January 18, 2003 3:27 AM
> To: Greg Fausak; serusers at lists.iptel.org
> Subject: Re: [Serusers] problem with phone authentication
>
>
> I don't have a quick reply to what the problem in your
> setting could be
> -- we haven't encountered any problems with 7960 authentication yet.
> Some few suggestions you may want to verify follow. The first few
> may sound too trivial, but I just want to be safe not to miss them
> -- sometimes strange things happen sometimes when people work
> too hard :)
>
> - is the password really correct?
> - is the route[1] really entered for Cisco messages too?
>
> If that is none of these trivial errors, it may be worth trying if
> things change when you use qop/authentication (the second paramterer
> of www_authorize changed to "1") and/or replace
> www_{authorize|challenge}
> with proxy_{authorize|challenge}.
>
> Other possible issues might have popped up, if you changed
> use of plain-text
> credentials to hashed credentials -- if that is the case, let me know.
>
> -jiri
>
> At 02:06 AM 1/18/2003, Greg Fausak wrote:
> >This works with my eStara soft phone client:
> >--------------cut
> ># route[1], REGISTER block
> ># REGISTER messages destined for our realm are forwarded here.
> ># after a successful registration a customer can receive calls.
> >#
> >route[1]
> >{
> > if(!www_authorize("augustvoice.net", "subscriber"))
> > {
> > www_challenge("augustvoice.net", "0");
> > break;
> > };
> > log("here is a register");
> > if(!save("location"))
> > {
> > sl_reply_error();
> > };
> > break;
> >}
> >---------------uncut
> >
> >However, when I try to get my Cisco 7960 to authorize it
> fails. I've appended
> >the ngrep trace of the failed transaction. The only
> difference I can see is
> >that the line argument algorithm=MD5 is in the WWW-Authenticate line.
> >Do I have to do something special to accept a MD5 password???
> >
> >---greg
> >Greg Fausak
> >
> >ngrep trace:
> >--------cut
> >#
> >U 216.87.128.66:5060 -> 64.90.42.25:5060
> >REGISTER sip:64.90.42.25 SIP/2.0.
> >Via: SIP/2.0/UDP
> 216.87.128.66:5060;branch=f6645848fea927b96489c6a32e39a956.0.
> >From: sip:2424377 at 64.90.42.25.
> >To: sip:2424377 at 64.90.42.25.
> >Call-ID: 003094c4-3d2f0002-23a6c56d-0dcb5c8f at 192.168.100.101.
> >Date: Sat, 18 Jan 2003 00:42:54 GMT.
> >CSeq: 101 REGISTER.
> >Contact: <sip:2424377 at 216.87.128.66>.
> >Expires: 3600.
> >Content-Length: 0.
> >.
> >
> >#
> >U 64.90.42.25:5060 -> 216.87.128.66:5060
> >SIP/2.0 401 Unauthorized.
> >Via: SIP/2.0/UDP
> 216.87.128.66:5060;branch=f6645848fea927b96489c6a32e39a956.0.
> >From: sip:2424377 at 64.90.42.25.
> >To:
> sip:2424377 at 64.90.42.25;tag=af30b122c950f7c4343d8a73d2eaf455.2313.
> >Call-ID: 003094c4-3d2f0002-23a6c56d-0dcb5c8f at 192.168.100.101.
> >CSeq: 101 REGISTER.
> >WWW-Authenticate: Digest realm="augustvoice.net",
> nonce="3e28a43a000000005b6a30b9fa105b98b2fd9d1aa59c4c72",
> algorithm=MD5.
> >Server: Sip EXpress router (0.8.10 (i386/linux)).
> >Content-Length: 0.
> >Warning: 392 register.augustvoice.net:5060 "Noisy feedback
> tells: pid=2262 req_src_ip=216.87.128.66
> in_uri=sip:64.90.42.25 out_uri=sip:64.90.42.25 via_cnt==1".
> >.
> >
> >#
> >U 216.87.128.66:5060 -> 64.90.42.25:5060
> >REGISTER sip:64.90.42.25 SIP/2.0.
> >Via: SIP/2.0/UDP
> 216.87.128.66:5060;branch=e71832739a0647b7ba91baa50bcc1497.0.
> >From: sip:2424377 at 64.90.42.25.
> >To: sip:2424377 at 64.90.42.25.
> >Call-ID: 003094c4-3d2f0002-23a6c56d-0dcb5c8f at 192.168.100.101.
> >Date: Sat, 18 Jan 2003 00:42:54 GMT.
> >CSeq: 102 REGISTER.
> >Authorization: Digest
> username="2424377",realm="augustvoice.net",uri="sip:64.90.42.2
> 5",response="039cee96c9321217973c4914314fc3ed",nonce="3e28a43a
> 000000005b6a30b9fa105b98b2fd9d1aa59c4c72",algorithm=MD5.
> >Contact: <sip:2424377 at 216.87.128.66>.
> >Expires: 3600.
> >Content-Length: 0.
> >.
> >
> >#
> >U 64.90.42.25:5060 -> 216.87.128.66:5060
> >SIP/2.0 401 Unauthorized.
> >Via: SIP/2.0/UDP
> 216.87.128.66:5060;branch=e71832739a0647b7ba91baa50bcc1497.0.
> >From: sip:2424377 at 64.90.42.25.
> >To:
> sip:2424377 at 64.90.42.25;tag=af30b122c950f7c4343d8a73d2eaf455.2581.
> >Call-ID: 003094c4-3d2f0002-23a6c56d-0dcb5c8f at 192.168.100.101.
> >CSeq: 102 REGISTER.
> >WWW-Authenticate: Digest realm="augustvoice.net",
> nonce="3e28a43a000000005b6a30b9fa105b98b2fd9d1aa59c4c72",
> algorithm=MD5.
> >Server: Sip EXpress router (0.8.10 (i386/linux)).
> >Content-Length: 0.
> >Warning: 392 register.augustvoice.net:5060 "Noisy feedback
> tells: pid=2263 req_src_ip=216.87.128.66
> in_uri=sip:64.90.42.25 out_uri=sip:64.90.42.25 via_cnt==1".
> >.
> >
> >_______________________________________________
> >Serusers mailing list
> >serusers at lists.iptel.org
> >http://lists.iptel.org/mailman/listinfo/serusers
>
> --
> Jiri Kuthan http://iptel.org/~jiri/
>
More information about the sr-users
mailing list