[Serusers] problem with phone authentication

Greg Fausak greg at august.net
Sat Jan 18 21:15:23 CET 2003 

Whoops,

Sorry to waste you time.

I have rebuilt and repopulated the database so many times,
I forgot to check the obvious.
Yes, I was simply trying to log in as a user that didn't
have a password.

Thanks,

---greg




> -----Original Message-----
> From: Jiri Kuthan [mailto:jiri at iptel.org] 
> Sent: Saturday, January 18, 2003 3:27 AM
> To: Greg Fausak; serusers at lists.iptel.org
> Subject: Re: [Serusers] problem with phone authentication
> 
> 
> I don't have a quick reply to what the problem in your 
> setting could be
> -- we haven't encountered any problems with 7960 authentication yet.
> Some few suggestions you may want to verify follow. The first few
> may sound too trivial, but I just want to be safe not to miss them
> -- sometimes strange things happen sometimes when people work 
> too hard :)
> 
> - is the password really correct?
> - is the route[1] really entered for Cisco messages too?
> 
> If that is none of these trivial errors, it may be worth trying if
> things change when you use qop/authentication (the second paramterer
> of www_authorize changed to "1") and/or replace 
> www_{authorize|challenge}
> with proxy_{authorize|challenge}.
> 
> Other possible issues might have popped up, if you changed 
> use of plain-text
> credentials to hashed credentials -- if that is the case, let me know.
> 
> -jiri
> 
> At 02:06 AM 1/18/2003, Greg Fausak wrote:
> >This works with my eStara soft phone client:
> >--------------cut
> ># route[1], REGISTER block
> >#       REGISTER messages destined for our realm are forwarded here.
> >#       after a successful registration a customer can receive calls.
> >#
> >route[1]
> >{
> >        if(!www_authorize("augustvoice.net", "subscriber"))
> >        {
> >                www_challenge("augustvoice.net", "0");
> >                break;
> >        };
> >        log("here is a register");
> >        if(!save("location"))
> >        {
> >                sl_reply_error();
> >        };
> >        break;
> >}
> >---------------uncut
> >
> >However, when I try to get my Cisco 7960 to authorize it 
> fails.  I've appended
> >the ngrep trace of the failed transaction.  The only 
> difference I can see is
> >that the line argument algorithm=MD5 is in the WWW-Authenticate line.
> >Do I have to do something special to accept a MD5 password???
> >
> >---greg
> >Greg Fausak
> >
> >ngrep trace:
> >--------cut
> >#
> >U 216.87.128.66:5060 -> 64.90.42.25:5060
> >REGISTER sip:64.90.42.25 SIP/2.0.
> >Via: SIP/2.0/UDP 
> 216.87.128.66:5060;branch=f6645848fea927b96489c6a32e39a956.0.
> >From: sip:2424377 at 64.90.42.25.
> >To: sip:2424377 at 64.90.42.25.
> >Call-ID: 003094c4-3d2f0002-23a6c56d-0dcb5c8f at 192.168.100.101.
> >Date: Sat, 18 Jan 2003 00:42:54 GMT.
> >CSeq: 101 REGISTER.
> >Contact: <sip:2424377 at 216.87.128.66>.
> >Expires: 3600.
> >Content-Length: 0.
> >.
> >
> >#
> >U 64.90.42.25:5060 -> 216.87.128.66:5060
> >SIP/2.0 401 Unauthorized.
> >Via: SIP/2.0/UDP 
> 216.87.128.66:5060;branch=f6645848fea927b96489c6a32e39a956.0.
> >From: sip:2424377 at 64.90.42.25.
> >To: 
> sip:2424377 at 64.90.42.25;tag=af30b122c950f7c4343d8a73d2eaf455.2313.
> >Call-ID: 003094c4-3d2f0002-23a6c56d-0dcb5c8f at 192.168.100.101.
> >CSeq: 101 REGISTER.
> >WWW-Authenticate: Digest realm="augustvoice.net", 
> nonce="3e28a43a000000005b6a30b9fa105b98b2fd9d1aa59c4c72", 
> algorithm=MD5.
> >Server: Sip EXpress router (0.8.10 (i386/linux)).
> >Content-Length: 0.
> >Warning: 392 register.augustvoice.net:5060 "Noisy feedback 
> tells: pid=2262 req_src_ip=216.87.128.66 
> in_uri=sip:64.90.42.25 out_uri=sip:64.90.42.25 via_cnt==1".
> >.
> >
> >#
> >U 216.87.128.66:5060 -> 64.90.42.25:5060
> >REGISTER sip:64.90.42.25 SIP/2.0.
> >Via: SIP/2.0/UDP 
> 216.87.128.66:5060;branch=e71832739a0647b7ba91baa50bcc1497.0.
> >From: sip:2424377 at 64.90.42.25.
> >To: sip:2424377 at 64.90.42.25.
> >Call-ID: 003094c4-3d2f0002-23a6c56d-0dcb5c8f at 192.168.100.101.
> >Date: Sat, 18 Jan 2003 00:42:54 GMT.
> >CSeq: 102 REGISTER.
> >Authorization: Digest 
> username="2424377",realm="augustvoice.net",uri="sip:64.90.42.2
> 5",response="039cee96c9321217973c4914314fc3ed",nonce="3e28a43a
> 000000005b6a30b9fa105b98b2fd9d1aa59c4c72",algorithm=MD5.
> >Contact: <sip:2424377 at 216.87.128.66>.
> >Expires: 3600.
> >Content-Length: 0.
> >.
> >
> >#
> >U 64.90.42.25:5060 -> 216.87.128.66:5060
> >SIP/2.0 401 Unauthorized.
> >Via: SIP/2.0/UDP 
> 216.87.128.66:5060;branch=e71832739a0647b7ba91baa50bcc1497.0.
> >From: sip:2424377 at 64.90.42.25.
> >To: 
> sip:2424377 at 64.90.42.25;tag=af30b122c950f7c4343d8a73d2eaf455.2581.
> >Call-ID: 003094c4-3d2f0002-23a6c56d-0dcb5c8f at 192.168.100.101.
> >CSeq: 102 REGISTER.
> >WWW-Authenticate: Digest realm="augustvoice.net", 
> nonce="3e28a43a000000005b6a30b9fa105b98b2fd9d1aa59c4c72", 
> algorithm=MD5.
> >Server: Sip EXpress router (0.8.10 (i386/linux)).
> >Content-Length: 0.
> >Warning: 392 register.augustvoice.net:5060 "Noisy feedback 
> tells: pid=2263 req_src_ip=216.87.128.66 
> in_uri=sip:64.90.42.25 out_uri=sip:64.90.42.25 via_cnt==1".
> >.
> >
> >_______________________________________________
> >Serusers mailing list
> >serusers at lists.iptel.org
> >http://lists.iptel.org/mailman/listinfo/serusers 
> 
> --
> Jiri Kuthan            http://iptel.org/~jiri/ 
>

More information about the sr-users mailing list