[Serusers] authentication problem

Martin Bangiev bangieff at securax.org
Tue Nov 9 16:40:24 CET 2004 

Yes that's what it says - but it's not
here is the whole log for the session

 0(18510) SIP Request:
 0(18510)  method:  <INVITE>
 0(18510)  uri:     <sip:666 at 10.3.3.7>
 0(18510)  version: <SIP/2.0>
 0(18510) parse_headers: flags=1
 0(18510) Found param type 232, <branch> = <z9hG4bK5a8b19762ff03932>; 
state=16
 0(18510) end of header reached, state=5
 0(18510) parse_headers: Via found, flags=1
 0(18510) parse_headers: this is the first via
 0(18510) After parse_msg...
 0(18510) preparing to run routing scripts...
 0(18510) parse_headers: flags=16384
 0(18510) end of header reached, state=9
 0(18510) DEBUG: get_hdr_field: <To> [20]; uri=[sip:666 at 10.3.3.7]
 0(18510) DEBUG: to body [<sip:666 at 10.3.3.7>
]
 0(18510) get_hdr_field: cseq <CSeq>: <52160> <INVITE>
 0(18510) DEBUG: get_hdr_body : content_length=169
 0(18510) found end of header
 0(18510) pre_auth(): Credentials with given realm not found
 0(18510) build_auth_hf(): 'Proxy-Authenticate: Digest realm="asterisk", 
nonce="4190d804c51f55efc7af5db65b7b1d2539cadbb6"
'
 0(18510) parse_headers: flags=-1
 0(18510) check_via_address(10.10.0.13, 10.10.0.13, 0)
 0(18510) DEBUG:destroy_avp_list: destroing list (nil)
 0(18510) receive_msg: cleaning up
 0(18510) SIP Request:
 0(18510)  method:  <ACK>
 0(18510)  uri:     <sip:666 at 10.3.3.7>
 0(18510)  version: <SIP/2.0>
 0(18510) parse_headers: flags=1
 0(18510) Found param type 232, <branch> = <z9hG4bK5a8b19762ff03932>; 
state=16
 0(18510) end of header reached, state=5
 0(18510) parse_headers: Via found, flags=1
 0(18510) parse_headers: this is the first via
 0(18510) After parse_msg...
 0(18510) preparing to run routing scripts...
 0(18510) parse_headers: flags=4
 0(18510) DEBUG: add_param: tag=89f3a2e99dcf9447240c5dd5d06c7672.c886
 0(18510) end of header reached, state=29
 0(18510) DEBUG: get_hdr_field: <To> [62]; uri=[sip:666 at 10.3.3.7]
 0(18510) DEBUG: to body [<sip:666 at 10.3.3.7>]
 0(18510) DEBUG: sl_filter_ACK : local ACK found -> dropping it!
 0(18510) DEBUG:destroy_avp_list: destroing list (nil)
 0(18510) receive_msg: cleaning up
 0(18510) SIP Request:
 0(18510)  method:  <INVITE>
 0(18510)  uri:     <sip:666 at 10.3.3.7>
 0(18510)  version: <SIP/2.0>
 0(18510) parse_headers: flags=1
 0(18510) Found param type 232, <branch> = <z9hG4bK1d7e814619765104>; 
state=16
 0(18510) end of header reached, state=5
 0(18510) parse_headers: Via found, flags=1
 0(18510) parse_headers: this is the first via
 0(18510) After parse_msg...
 0(18510) preparing to run routing scripts...
 0(18510) parse_headers: flags=16384
 0(18510) end of header reached, state=9
 0(18510) DEBUG: get_hdr_field: <To> [20]; uri=[sip:666 at 10.3.3.7]
 0(18510) DEBUG: to body [<sip:666 at 10.3.3.7>
]
 0(18510) check_nonce(): comparing 
[4190d804c51f55efc7af5db65b7b1d2539cadbb6] and 
[4190d804c51f55efc7af5db65b7b1d2539cadbb6]
 0(18510) query="select password from subscriber where 
username='bangieff' AND domain='asterisk'"
 0(18510) HA1 string calculated: fe6a6d50bebb95056a4a4cd70c12bf8d
 0(18510) check_response(): Our result = 'edab854b21ebc3308185694bcf441641'
 0(18510) check_response(): Authorization is OK
 0(18510) save_rpid(): rpid value is ''
 0(18510) check_via_address(10.10.0.13, 10.10.0.13, 0)
 0(18510) Sending:
INVITE sip:666 at 10.3.3.7 SIP/2.0
Via: SIP/2.0/UDP 10.3.3.7;branch=0
Via: SIP/2.0/UDP 10.10.0.13;branch=z9hG4bK1d7e814619765104
From: "Bangieff testing" <sip:bangieff at 10.3.3.7>;tag=fd9a2b996ea63547
To: <sip:666 at 10.3.3.7>
Contact: <sip:bangieff at 10.10.0.13>
Proxy-Authorization: DIGEST username="bangieff", realm="asterisk", 
algorithm=MD5, uri="sip:666 at 10.3.3.7", 
nonce="4190d804c51f55efc7af5db65b7b1d2539cadbb6", 
response="edab854b21ebc3308185694bcf441641"
Call-ID: 3ec72f37e210ae30 at 10.10.0.13
CSeq: 52161 INVITE
User-Agent: Grandstream BT100 1.0.4.54
Max-Forwards: 70
Allow: INVITE,ACK,CANCEL,BYE,NOTIFY,REFER,OPTIONS,INFO,SUBSCRIBE
Content-Type: application/sdp
Content-Length: 169

v=0
o=bangieff 8000 8000 IN IP4 10.10.0.13
s=SIP Call
c=IN IP4 10.10.0.13
t=0 0
m=audio 5004 RTP/AVP 18 8
a=rtpmap:18 G729/8000
a=rtpmap:8 PCMA/8000
a=ptime:20
.
 0(18510) orig. len=830, new_len=866, proto=1
 0(18510) DEBUG:destroy_avp_list: destroing list (nil)
 0(18510) receive_msg: cleaning up
 0(18510) SIP Reply  (status):
 0(18510)  version: <SIP/2.0>
 0(18510)  status:  <407>
 0(18510)  reason:  <Proxy Authentication Required>
 0(18510) parse_headers: flags=1
 0(18510) Found param type 232, <branch> = <0>; state=16
 0(18510) end of header reached, state=5
 0(18510) parse_headers: Via found, flags=1
 0(18510) parse_headers: this is the first via
 0(18510) After parse_msg...
 0(18510) forward_reply: found module tm, passing reply to it
 0(18510) DEBUG: t_check: msg id=4 global id=0 T start=0xffffffff
 0(18510) parse_headers: flags=17
 0(18510) Found param type 232, <branch> = <z9hG4bK1d7e814619765104>; 
state=16
 0(18510) end of header reached, state=5
 0(18510) parse_headers: Via found, flags=17
 0(18510) parse_headers: this is the second via
 0(18510) DEBUG: add_param: tag=as4540c185
 0(18510) end of header reached, state=29
 0(18510) DEBUG: get_hdr_field: <To> [35]; uri=[sip:666 at 10.3.3.7]
 0(18510) DEBUG: to body [<sip:666 at 10.3.3.7>]
 0(18510) get_hdr_field: cseq <CSeq>: <52161> <INVITE>
 0(18510) parse_headers: flags=4
 0(18510) DEBUG: t_reply_matching: failure to match a transaction
 0(18510) DEBUG: t_check: msg id=4 global id=4 T end=(nil)
 0(18510) parse_headers: flags=2
 0(18510)  old size: 500, new size: 464
 0(18510) build_res_from_sip_res: copied size: orig:79, new: 43, rest: 
421 msg=
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 10.10.0.13;branch=z9hG4bK1d7e814619765104
From: "Bangieff testing" <sip:bangieff at 10.3.3.7>;tag=fd9a2b996ea63547
To: <sip:666 at 10.3.3.7>;tag=as4540c185
Call-ID: 3ec72f37e210ae30 at 10.10.0.13
CSeq: 52161 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER
Contact: <sip:666 at 10.3.3.7:5061>
Proxy-Authenticate: Digest realm="asterisk", nonce="2c53d86c"
Content-Length: 0


 0(18510) update_sock_struct_from_via: using via host
 0(18510) update_sock_struct_from_via: trying SRV lookup
 0(18510)  reply forwarded to 10.10.0.13:0
 0(18510) DEBUG:destroy_avp_list: destroing list (nil)
 0(18510) receive_msg: cleaning up
 0(18510) SIP Request:
 0(18510)  method:  <ACK>
 0(18510)  uri:     <sip:666 at 10.3.3.7>
 0(18510)  version: <SIP/2.0>
 0(18510) parse_headers: flags=1
 0(18510) Found param type 232, <branch> = <z9hG4bK1d7e814619765104>; 
state=16
 0(18510) end of header reached, state=5
 0(18510) parse_headers: Via found, flags=1
 0(18510) parse_headers: this is the first via
 0(18510) After parse_msg...
 0(18510) preparing to run routing scripts...
 0(18510) parse_headers: flags=4
 0(18510) DEBUG: add_param: tag=as4540c185
 0(18510) end of header reached, state=29
 0(18510) DEBUG: get_hdr_field: <To> [35]; uri=[sip:666 at 10.3.3.7]
 0(18510) DEBUG: to body [<sip:666 at 10.3.3.7>]
 0(18510) check_via_address(10.10.0.13, 10.10.0.13, 0)
 0(18510) Sending:
ACK sip:666 at 10.3.3.7 SIP/2.0
Via: SIP/2.0/UDP 10.3.3.7;branch=0
Via: SIP/2.0/UDP 10.10.0.13;branch=z9hG4bK1d7e814619765104
From: "Bangieff testing" <sip:bangieff at 10.3.3.7>;tag=fd9a2b996ea63547
To: <sip:666 at 10.3.3.7>;tag=as4540c185
Contact: <sip:bangieff at 10.10.0.13>
Proxy-Authorization: DIGEST username="bangieff", realm="asterisk", 
algorithm=MD5, uri="sip:666 at 10.3.3.7", 
nonce="4190d804c51f55efc7af5db65b7b1d2539cadbb6", 
response="b56d7b82e7c8b44f13abf5a8352d32f5"
Call-ID: 3ec72f37e210ae30 at 10.10.0.13
CSeq: 52161 ACK
User-Agent: Grandstream BT100 1.0.4.54
Max-Forwards: 70
Allow: INVITE,ACK,CANCEL,BYE,NOTIFY,REFER,OPTIONS,INFO,SUBSCRIBE
Content-Length: 0

.
 0(18510) orig. len=637, new_len=673, proto=1
 0(18510) DEBUG:destroy_avp_list: destroing list (nil)
 0(18510) receive_msg: cleaning up
 0(18510) SIP Request:
 0(18510)  method:  <INVITE>
 0(18510)  uri:     <sip:666 at 10.3.3.7>
 0(18510)  version: <SIP/2.0>
 0(18510) parse_headers: flags=1
 0(18510) Found param type 232, <branch> = <z9hG4bK39325a8b2b992ff0>; 
state=16
 0(18510) end of header reached, state=5
 0(18510) parse_headers: Via found, flags=1
 0(18510) parse_headers: this is the first via
 0(18510) After parse_msg...
 0(18510) preparing to run routing scripts...
 0(18510) parse_headers: flags=16384
 0(18510) end of header reached, state=9
 0(18510) DEBUG: get_hdr_field: <To> [20]; uri=[sip:666 at 10.3.3.7]
 0(18510) DEBUG: to body [<sip:666 at 10.3.3.7>
]
 0(18510) pre_auth(): Invalid nonce value received
 0(18510) build_auth_hf(): 'Proxy-Authenticate: Digest realm="asterisk", 
nonce="4190d804c51f55efc7af5db65b7b1d2539cadbb6"
'
 0(18510) parse_headers: flags=-1
 0(18510) get_hdr_field: cseq <CSeq>: <52162> <INVITE>
 0(18510) DEBUG: get_hdr_body : content_length=169
 0(18510) found end of header
 0(18510) check_via_address(10.10.0.13, 10.10.0.13, 0)
 0(18510) DEBUG:destroy_avp_list: destroing list (nil)
 0(18510) receive_msg: cleaning up
 0(18510) SIP Request:
 0(18510)  method:  <ACK>
 0(18510)  uri:     <sip:666 at 10.3.3.7>
 0(18510)  version: <SIP/2.0>
 0(18510) parse_headers: flags=1
 0(18510) Found param type 232, <branch> = <z9hG4bK39325a8b2b992ff0>; 
state=16
 0(18510) end of header reached, state=5
 0(18510) parse_headers: Via found, flags=1
 0(18510) parse_headers: this is the first via
 0(18510) After parse_msg...
 0(18510) preparing to run routing scripts...
 0(18510) parse_headers: flags=4
 0(18510) DEBUG: add_param: tag=89f3a2e99dcf9447240c5dd5d06c7672.d4ff
 0(18510) end of header reached, state=29
 0(18510) DEBUG: get_hdr_field: <To> [62]; uri=[sip:666 at 10.3.3.7]
 0(18510) DEBUG: to body [<sip:666 at 10.3.3.7>]
 0(18510) DEBUG: sl_filter_ACK : local ACK found -> dropping it!
 0(18510) DEBUG:destroy_avp_list: destroing list (nil)
 0(18510) receive_msg: cleaning up




Jan Janak wrote:

>On 09-11 16:17, Martin Bangiev wrote:
>  
>
>>Hi all,
>>I have ttrouble making IP phone (BudgeTone-100) + Ser + Asterisk work 
>>together with authentication
>>I installed and setup the ser according to the instructions in the 
>>howto-s with enabled mysql authentication.
>>The ser and the asterisk are working together on a single maschine 
>>(10.3.3.7). Ser is listening on port 5060 and asterisk is on port 5061.
>>What I want is when the IP phone (10.10.0.13) get authenticated to be 
>>forwarded from ser to asterisk.
>>Here is my route script (it's quite simple i think):
>>route{
>>   if (!proxy_authorize("asterisk", "subscriber")) {
>>     proxy_challenge("asterisk", "0");
>>     break;
>>   };
>>   forward(10.3.3.7, 5061);
>>}
>>
>>here is a piece of the ser's output:
>>0(16841) check_nonce(): comparing 
>>[4190d1a0be145d87dc84c516175f8b46bc4923d6] and 
>>[4190d1a0be145d87dc84c516175f8b46bc4923d6]
>>0(16841) query="select password from subscriber where 
>>username='bangieff' AND domain='asterisk'"
>>0(16841) HA1 string calculated: fe6a6d50bebb95056a4a4cd70c12bf8d
>>0(16841) check_response(): Our result = '6362285d3385465321ce523620522056'
>>0(16841) check_response(): Authorization is OK
>>0(16841) save_rpid(): rpid value is ''
>>0(16841) check_via_address(10.10.0.13, 10.10.0.13, 0)
>>0(16841) Sending:
>>
>>    
>>
> 
>  It says it was sucessful. What was in the log after the last message
>  (Sending:)
>
>    Jan.
>
>  
>

More information about the sr-users mailing list