[Serusers] 401 Not authorized from all hosts bar localhost [newbie]

Alex Bligh alex at alex.org.uk
Sat Feb 14 01:03:23 CET 2004


I think I have taken a pretty standard install of ser 0.8.12, added
mysql support (as per INSTALL) and attempted to add a user.

I only seem to be able to authenticate from localhost. I have installed
sipsak 0.8.7 on the local machine and on another on the same LAN (no
NAT nasties yet), and it seems to show the problem.

Any ideas? Apologies if I've broken stuff in anonymizing the server names.

Extracts from config files below.

server.xx.com = the sip server.
10.0.0.1  = sip server IP
10.0.0.2  = test server IP

Alex


ser.conf relevant bit:

                if (method=="REGISTER") {

# Uncomment this if you want to use digest authentication
                        if (!www_authorize("server.xx.com", "subscriber"))
 {
                                www_challenge("server.xx.com", "0");
                                break;
                        };

                        save("location");
                        break;
                };

running from sipsak on server.xx.com:

amb at server:~/ser/sipsak-0.8.7$ sipsak -vv -n -U -s sip:alex2 at server.xx.com -a mypassword
warning: redirects are not expected in USRLOC. disableing
registering user alex2... authorizing
registering user alex2...       OK

All usrloc tests completed successful.
received last message 0.036 ms after first request (test duration).

and here's the ngrep:

server:/home/amb# ngrep -d lo -s 1524 port 5060
interface: lo (127.0.0.0/255.0.0.0)
filter: ip and ( port 5060 )
#
U 10.0.0.1:1044 -> 10.0.0.1:5060
  REGISTER sip:server.xx.com SIP/2.0..Via: SIP/2.0/UDP 10.0.0.1:104
  4;rport..From: <sip:alex2 at server.xx.com>..To: <sip:alex2 at server.xx
  .com>..Call-ID: 475684381 at 10.0.0.1..CSeq: 1 REGISTER..Contact: <sip:
  alex2 at 10.0.0.1:1044>..Expires: 15..Content-Length: 0..Max-Forwards: 70.
  .User-Agent: sipsak 0.8.7....
#
U 10.0.0.1:5060 -> 10.0.0.1:1044
  SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 10.0.0.1:1044;rport=1044..Fr
  om: <sip:alex2 at server.xx.com>..To: <sip:alex2 at server.xx.com>;ta
  g=b27e1a1d33761e85846fc98f5f3a7e58.97fd..Call-ID: 475684381 at 10.0.0.1..C
  Seq: 1 REGISTER..WWW-Authenticate: Digest realm="server.xx.com", nonc
  e="502d62a485790d640f7f69dd181347090302cdcd"..Server: Sip EXpress router (0
  .8.12 (i386/linux))..Content-Length: 0..Warning: 392 10.0.0.1:5060 "Noi
  sy feedback tells:  pid=7642 req_src_ip=10.0.0.1 req_src_port=1044 in_u
  ri=sip:server.xx.com out_uri=sip:server.xx.com via_cnt==1"....
#
U 10.0.0.1:1044 -> 10.0.0.1:5060
  REGISTER sip:server.xx.com SIP/2.0..Authorization: Digest username="a
  lex2", uri="sip:server.xx.com", algorithm=MD5, realm="server.xx.com
  ", nonce="502d62a485790d640f7f69dd181347090302cdcd", response="6a404e2b
  88fc6188700f79f320a6a51c"..Via: SIP/2.0/UDP 10.0.0.1:1044;rport..From:
  <sip:alex2 at server.xx.com>..To: <sip:alex2 at server.xx.com>..Call-
  ID: 475684381 at 10.0.0.1..CSeq: 1 REGISTER..Contact: <sip:alex2 at 10.0.0.1
  :1044>..Expires: 15..Content-Length: 0..Max-Forwards: 70..User-Agent: si
  psak 0.8.7....
#
U 10.0.0.1:5060 -> 10.0.0.1:1044
  SIP/2.0 200 OK..Via: SIP/2.0/UDP 10.0.0.1:1044;rport=1044..From: <sip:a
  lex2 at server.xx.com>..To: <sip:alex2 at server.xx.com>;tag=b27e1a1d
  33761e85846fc98f5f3a7e58.97fd..Call-ID: 475684381 at 10.0.0.1..CSeq: 1 REG
  ISTER..Contact: <sip:alex2 at 10.0.0.1:1044>;q=0.00;expires=15..Server: Si
  p EXpress router (0.8.12 (i386/linux))..Content-Length: 0..Warning: 392
  10.0.0.1:5060 "Noisy feedback tells:  pid=7647 req_src_ip=10.0.0.1 req
  _src_port=1044 in_uri=sip:server.xx.com out_uri=sip:server.alex.org.
  uk via_cnt==1"....
exit
4 received, 0 dropped

So the above worked OK, in contrast to the following from the other
machine:

amb at shed:~/ser/sipsak-0.8.7$ sipsak -vv -n -U -s sip:alex2 at server.xx.com -a mypassword
warning: redirects are not expected in USRLOC. disableing
registering user alex2... authorizing
registering user alex2...
request:
REGISTER sip:server.xx.com SIP/2.0
Authorization: Digest username="alex2", uri="sip:server.xx.com", algorithm=MD5, realm="server.xx.com", nonce="402d62ec967c4b87fd544107bd35d2b1bcd992aa", response="fc2bed90d6b618ad2567d56a49c2c897"
Via: SIP/2.0/UDP 10.0.0.2:36939;rport
From: <sip:alex2 at server.xx.com>
To: <sip:alex2 at server.xx.com>
Call-ID: 53052185 at 10.0.0.2
CSeq: 1 REGISTER
Contact: <sip:alex2 at 10.0.0.2:36939>
Expires: 15
Content-Length: 0
Max-Forwards: 70
User-Agent: sipsak 0.8.7


response:
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.0.0.2:36939;rport=36939
From: <sip:alex2 at server.xx.com>
To: <sip:alex2 at server.xx.com>;tag=b27e1a1d33761e85846fc98f5f3a7e58.7eaf
Call-ID: 53052185 at 10.0.0.2
CSeq: 1 REGISTER
WWW-Authenticate: Digest realm="server.xx.com", nonce="402d62ec967c4b87fd544107bd35d2b1bcd992aa"
Server: Sip EXpress router (0.8.12 (i386/linux))
Content-Length: 0
Warning: 392 10.0.0.1:5060 "Noisy feedback tells:  pid=7637 req_src_ip=10.0.0.2 req_src_port=36939 in_uri=sip:server.xx.com out_uri=sip:server.xx.com via_cnt==1"


error: authorization failed
       request already contains (Proxy-) Authorization, but received 401, see above

And here's the ngrep:

server:/home/amb# ngrep -d eth0 -s 1524 port 5060
interface: eth0 (195.82.114.0/255.255.255.0)
filter: ip and ( port 5060 )
#
U 10.0.0.2:36939 -> 10.0.0.1:5060
  REGISTER sip:server.xx.com SIP/2.0..Via: SIP/2.0/UDP 10.0.0.2:3
  6939;rport..From: <sip:alex2 at server.xx.com>..To: <sip:alex2 at server.
  xx.com>..Call-ID: 53052185 at 10.0.0.2..CSeq: 1 REGISTER..Contact: <
  sip:alex2 at 10.0.0.2:36939>..Expires: 15..Content-Length: 0..Max-Forwar
  ds: 70..User-Agent: sipsak 0.8.7....
#
U 10.0.0.1:5060 -> 10.0.0.2:36939
  SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 10.0.0.2:36939;rport=36939
  ..From: <sip:alex2 at server.xx.com>..To: <sip:alex2 at server.xx.com
  >;tag=b27e1a1d33761e85846fc98f5f3a7e58.7eaf..Call-ID: 53052185 at 10.0.0.2
  ..CSeq: 1 REGISTER..WWW-Authenticate: Digest realm="server.xx.com",
   nonce="502d62ec967c4b87fd544107bd35d2b1bcd992aa"..Server: Sip EXpress rout
  er (0.8.12 (i386/linux))..Content-Length: 0..Warning: 392 10.0.0.1:5060
   "Noisy feedback tells:  pid=7647 req_src_ip=10.0.0.2 req_src_port=36
  939 in_uri=sip:server.xx.com out_uri=sip:server.xx.com via_cnt=
  =1"....
#
U 10.0.0.2:36939 -> 10.0.0.1:5060
  REGISTER sip:server.xx.com SIP/2.0..Authorization: Digest username="a
  lex2", uri="sip:server.xx.com", algorithm=MD5, realm="server.xx.com
  ", nonce="502d62ec967c4b87fd544107bd35d2b1bcd992aa", response="ec2bed90
  d6b618ad2567d56a49c2c897"..Via: SIP/2.0/UDP 10.0.0.2:36939;rport..Fro
  m: <sip:alex2 at server.xx.com>..To: <sip:alex2 at server.xx.com>..Ca
  ll-ID: 53052185 at 10.0.0.2..CSeq: 1 REGISTER..Contact: <sip:alex2 at 10.
  0.0.2:36939>..Expires: 15..Content-Length: 0..Max-Forwards: 70..User-Ag
  ent: sipsak 0.8.7....
#
U 10.0.0.1:5060 -> 10.0.0.2:36939
  SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 10.0.0.2:36939;rport=36939
  ..From: <sip:alex2 at server.xx.com>..To: <sip:alex2 at server.xx.com
  >;tag=b27e1a1d33761e85846fc98f5f3a7e58.7eaf..Call-ID: 53052185 at 10.0.0.2
  ..CSeq: 1 REGISTER..WWW-Authenticate: Digest realm="server.xx.com",
   nonce="502d62ec967c4b87fd544107bd35d2b1bcd992aa"..Server: Sip EXpress rout
  er (0.8.12 (i386/linux))..Content-Length: 0..Warning: 392 10.0.0.1:5060
   "Noisy feedback tells:  pid=7637 req_src_ip=10.0.0.2 req_src_port=36
  939 in_uri=sip:server.xx.com out_uri=sip:server.xx.com via_cnt=
  =1"....





More information about the sr-users mailing list