[Serusers] Can't Register Cisco ATA - www_challege Fails

Iqbal iqbal at gigo.co.uk
Fri Apr 29 01:48:17 CEST 2005 

if (!www_authorize("sip1.jmusa.com","subscriber"))

try
if (!www_authorize("","subscriber"))

that should pick up info from TO header field for REGISTER request, also
do the same for the proxy_auth, that will use it from the FROM header

Iqbal

On 4/28/2005, "Aaron W" <walsham at gmail.com> wrote:

>I have SER setup on 10.9.8.7 which is on the internet.  I have a Cisco
>ATA at home beind a linksys router.  The ATA has an non-routeable ip
>of 192.168.1.107, while the public IP of my linksys router is 1.2.3.4 
>I can not get the cisco ATA to register, and i dont know why.  I have
>posted results on Ngrep, also some debugging info from SER and my
>acutal ser.cfg  In the setup for the ATA I gave it the proxy as an IP
>address (10.9.8.7), there is no place in the cisco config (that I can
>find) to specify a domain/realm.  And the DNS server that my linksys
>router has doesnt have a route to sip1.jmusa.com  Is that the problem,
>if so whats the best way around it?
>
>Results of ngrep:
>
>U 1.2.3.4:5060 -> 10.9.8.7:5060
>  REGISTER sip:10.9.8.7SIP/2.0..Via: SIP/2.0/UDP
>192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6
>  a..From: Aaron <sip:8306 at 10.9.8.7;user=phone>;tag=3424024559..To:
>Aaron <sip:8306 at 10.9.8.7;
>  user=phone>..Call-ID: 2834281883 at 192.168.1.107..CSeq: 3
>REGISTER..Contact: Aaron <sip:8306 at 192.168.1.
>  107:5060;user=phone;transport=udp>;expires=3600..User-Agent: Cisco
>ATA 188  v3.2.0 atasip (041111A)..
>  Authorization: Digest
>username="8306",realm="sip1.jmusa.com",nonce="427023d34e56189a2adcddfb16228dde9
>  f51f0eb",uri="sip:10.9.8.7",response="7b9e7ec34e8d4f8157fb66e140f95cbe"..Content-Length:
>0....
>#
>U 10.9.8.7:5060 -> 1.2.3.4:5060
>  SIP/2.0 100 Trying..Via: SIP/2.0/UDP
>192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6a;received=69.14
>  2.66.52..From: Aaron
><sip:8306 at 10.9.8.7;user=phone>;tag=3424024559..To: Aaron
><sip:8306 at 65.199.1
>  91.83;user=phone>..Call-ID: 2834281883 at 192.168.1.107..CSeq: 3
>REGISTER..Server: Sip EXpress router (0
>  .9.0 (i386/linux))..Content-Length: 0..Warning: 392 10.9.8.7:5060
>"Noisy feedback tells:  pid=91
>  53 req_src_ip=1.2.3.4 req_src_port=5060
>in_uri=sip:10.9.8.7out_uri=sip:10.9.8.7via_c
>  nt==1"....
>#
>U 10.9.8.7:5060 -> 1.2.3.4:5060
>  SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
>192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6a;rport=50
>  60;received=1.2.3.4..From: Aaron
><sip:8306 at 10.9.8.7;user=phone>;tag=3424024559..To: Aaron <
>  sip:8306 at 10.9.8.7;user=phone>;tag=b27e1a1d33761e85846fc98f5f3a7e58.a0aa..Call-ID:
>2834281883 at 192
>  .168.1.107..CSeq: 3 REGISTER..WWW-Authenticate: Digest
>realm="jmusa.com", nonce="427147ef446cc27cc8b6
>  502323243e02f9b5dfb6"..Server: Sip EXpress router (0.9.0
>(i386/linux))..Content-Length: 0..Warning: 3
>  92 10.9.8.7:5060 "Noisy feedback tells:  pid=9153 req_src_ip=1.2.3.4
>req_src_port=5060 in_u
>  ri=sip:10.9.8.7out_uri=sip:10.9.8.7via_cnt==1"....
>
>
>My messages:
>Apr 28 16:26:33 sip1 /sbin/ser[9148]: CLIENT NAT TEST 7 IS TRUE: From
>sip:8306 at 10.9.8.7;user=phone, To sip:8306 at 10.9.8.7;user=phone, Call
>ID: 2834281883 at 192.168.1.107, MESASGE ID 2
>Apr 28 16:26:33 sip1 /sbin/ser[9148]: BEGIN WWW AUTH: From
>sip:8306 at 10.9.8.7;user=phone, To sip:8306 at 10.9.8.7;user=phone, Call
>ID: 2834281883 at 192.168.1.107, MESASGE ID 2
>Apr 28 16:26:33 sip1 /sbin/ser[9148]: WWW AUTHFAIL PRE CHALLEGE: From
>sip:8306 at 10.9.8.7;user=phone, To sip:8306 at 10.9.8.7;user=phone, Call
>ID: 2834281883 at 192.168.1.107, MESASGE ID 2
>---Then nothing else......
>
>
>My ser.cfg (snipped)
>----snip----
>	if (method=="INVITE") {
>			route(3);
>			break;
>		} else if (method=="REGISTER") {
>			route(2);
>			break;
>----snip----
>route[2] {
>	# -----------------------------------------------------------------
>	# REGISTER Message Handler
>	# ----------------------------------------------------------------
>	sl_send_reply("100", "Trying");
>	if (!search("^Contact: \*") && client_nat_test("7")) {
>		xlog("L_ERR","CLIENT NAT TEST 7 IS TRUE: From %fu, To %tu, Call ID:
>%ci, MESASGE ID %mi");
>		setflag(6);
>		fix_nated_register();
>		force_rport();
>	};
>xlog("L_ERR","BEGIN WWW AUTH: From %fu, To %tu, Call ID: %ci, MESASGE ID %mi");
>	if (!www_authorize("sip1.jmusa.com","subscriber")) {
>xlog("L_ERR"," WWW AUTHFAIL PRE CHALLEGE: From %fu, To %tu, Call ID:
>%ci, MESASGE ID %mi");
>		www_challenge("sip1.jmusa.com","0");
>xlog("L_ERR"," WWW AUTHFAIL POST CHALLEGE From %fu, To %tu, Call ID:
>%ci, MESASGE ID %mi");
>		break;
>	};
>
>	if (!check_to()) {
>		sl_send_reply("401", "Unauthorized");
>		break;
>	};
>	consume_credentials();
>	if (!save("location")) {
>		sl_reply_error();
>	};
>}
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
>
>

More information about the sr-users mailing list