[Serusers] Aastra Intelligate Registration Problem
Martin Koenig
martin.koenig at toplink-plannet.de
Tue Feb 15 11:53:19 CET 2005
Hello,
we have a problem with the SIP trunk of an Aastra Intelligate PBX.
Registration fails with the SER error message "pre_auth(): Credentials
received are not filled properly". SER is 0.8.14.
See ngrep:
#
U 2005/02/15 11:40:46.093312 aastra_intelligate:5060 -> toplink_proxy:5060
REGISTER sip:toplink-voice.de SIP/2.0.
Via: SIP/2.0/UDP
aastra_intelligate:5060;branch=fc15d6ace7866108222849a9dd6303d8.
To: username<sip:username at toplink-voice.de:5060>.
From: username<sip:username at toplink-voice.de:5060>;tag=f52ad23f5a30a9cd.
Call-ID: 182a55ff8fb00e0d31a6f7cb9b8c22b9 at aastra_intelligate.
CSeq: 2289 REGISTER.
Max-Forwards: 70.
Expires: 3000.
Contact: <sip:username at aastra_intelligate>.
Allow: ACK,BYE,CANCEL,INVITE.
User-Agent: Aastra Intelligate.
Content-Length: 0.
.
#
U 2005/02/15 11:40:46.093883 toplink_proxy:5060 -> aastra_intelligate:5060
SIP/2.0 401 Unauthorized.
Via: SIP/2.0/UDP
aastra_intelligate:5060;branch=fc15d6ace7866108222849a9dd6303d8.
To:
username<sip:username at toplink-voice.de:5060>;tag=16ac3fc2258766c821c391b58b08db64.9f29.
From: username<sip:username at toplink-voice.de:5060>;tag=f52ad23f5a30a9cd.
Call-ID: 182a55ff8fb00e0d31a6f7cb9b8c22b9 at aastra_intelligate.
CSeq: 2289 REGISTER.
WWW-Authenticate: Digest realm="toplink-voice.de",
nonce="4211d2da1728b0bd58773cf042217a138e8508ca", qop="auth".
Content-Length: 0.
.
#
U 2005/02/15 11:40:46.321069 aastra_intelligate:5060 -> toplink_proxy:5060
REGISTER sip:toplink-voice.de SIP/2.0.
Via: SIP/2.0/UDP
aastra_intelligate:5060;branch=c46c24632f85f6b001dca195835600a4.
To: username<sip:username at toplink-voice.de:5060>.
From: username<sip:username at toplink-voice.de:5060>;tag=f52ad23f5a30a9cd.
Call-ID: 182a55ff8fb00e0d31a6f7cb9b8c22b9 at aastra_intelligate.
CSeq: 2290 REGISTER.
Max-Forwards: 70.
Expires: 3000.
Contact: <sip:username at aastra_intelligate>.
Allow: ACK,BYE,CANCEL,INVITE.
Authorization: Digest
nc=00000001,nonce="4211d2da1728b0bd58773cf042217a138e8508ca",qop=auth,realm="toplink-voice.de",response="62989172348871cf1fd92b4bc9bc3be2",uri="sip:toplink-voice.de",username="username".
User-Agent: Aastra Intelligate.
Content-Length: 0.
.
#
U 2005/02/15 11:40:46.321559 toplink_proxy:5060 -> aastra_intelligate:5060
SIP/2.0 400 Bad Request.
Via: SIP/2.0/UDP
aastra_intelligate:5060;branch=c46c24632f85f6b001dca195835600a4.
To:
username<sip:username at toplink-voice.de:5060>;tag=16ac3fc2258766c821c391b58b08db64.f64f.
From: username<sip:username at toplink-voice.de:5060>;tag=f52ad23f5a30a9cd.
Call-ID: 182a55ff8fb00e0d31a6f7cb9b8c22b9 at aastra_intelligate.
CSeq: 2290 REGISTER.
Content-Length: 0.
When I take a look at the Authorization Header of the PBX:
Authorization: Digest nc=00000001,
nonce="4211d2da1728b0bd58773cf042217a138e8508ca",
qop=auth,
realm="toplink-voice.de",
response="62989172348871cf1fd92b4bc9bc3be2",
uri="sip:toplink-voice.de",
username="username"
It is obvious that the cnonce is missing.
According to RFC2617 it should be present, right?
Quote RFC2617:
"cnonce
This MUST be specified if a qop directive is sent (see above), and
MUST NOT be specified if the server did not send a qop directive in
the WWW-Authenticate header field. The cnonce-value is an opaque
quoted string value provided by the client and used by both client
and server to avoid chosen plaintext attacks, to provide mutual
authentication, and to provide some message integrity protection.
See the descriptions below of the calculation of the response-
digest and request-digest values."
Could anyone please verify this? Testing with the SIPgate.de SER proxy,
registration works. How is this possible if PBX is not sending RFC2617
compilant Authorization headers?
With best regards,
Martin Koenig
More information about the sr-users
mailing list