[OpenSER-Users] Problem with asterisk authenticating on invite

Stagg Shelton stagg at sheltonjohns.com
Mon Jun 30 21:04:22 CEST 2008


Thanks for the info.  I downloaded 1.3.2-notls and was able to make it  
work after it returned a -2 instead of the -5 I was receiving from the  
1.3.1.  I think that the 1.3.1 version that I was testing with was  
probably a trunk version.  Anyways now that both sides are configured  
properly it is working the way I intended.

Stagg

On Jun 30, 2008, at 12:07 PM, flavio wrote:

> Hi Stagg,
>
> Check the UAC module, if you want to send credentials to Asterisk (I  
> have tested OpenSER 1.3.2 and Asterisk 1.4, it works). Another way  
> is to integrate Asterisk and OpenSER using realtime (there is a  
> tutorial in the www.openser.org website), with this integration, the  
> same user existing in OpenSER will be valid in the Asterisk Server.  
> There is the ugly way too (autocreatepeer=yes or insecure =invite in  
> the peer) in the Asterisk Server, but make sure that only OpenSER  
> can send SIP requests to your Asterisk Server or you can get into  
> big security problems.
>
> Cheers,
>
> Flavio
>
>
> ----- Original Message ----- From: "Stagg Shelton" <stagg at sheltonjohns.com 
> >
> To: <users at lists.openser.org>
> Sent: Monday, June 30, 2008 11:21 AM
> Subject: Re: [OpenSER-Users] Problem with asterisk authenticating on  
> invite
>
>
>> I am using proxy_authorize & proxy_challenge on the invite.
>>
>>        if (!(method=="REGISTER"))
>>        {
>>          if (!allow_trusted())
>>          {
>>              if (!proxy_authorize("", "subscriber")) {
>>                $var(debug) = proxy_authorize("", "subscriber");
>>                xlog("Not Proxy Authorize: $var(debug)");
>>                      proxy_challenge("", "0");
>>                      exit;
>>              }
>>              if (!check_from()) {
>>                      sl_send_reply("403","Forbidden auth ID");
>>                      exit;
>>              }
>>
>>              consume_credentials();
>>              # caller authenticated
>>          }
>>        }
>>
>>
>> Below is the output I see in the log file when this path is executed.
>>
>> Jun 30 10:10:47 rolecall /sbin/openser[15625]: Not Proxy Authorize:  
>> -4
>> Jun 30 10:10:47 rolecall /sbin/openser[15629]: Not Proxy Authorize:  
>> -5
>> Jun 30 10:10:47 rolecall /sbin/openser[15625]: Not Proxy Authorize:  
>> -5
>> Jun 30 10:10:47 rolecall /sbin/openser[15627]: Not Proxy Authorize:  
>> -5
>>
>> As you can see on the initial invite the credentials are not found
>> which is to be expected.  But on the subsequent invites OpenSER is
>> returning the generic error which doesn't tell me a whole lot.  Can
>> you tell me how to obtain more verbose debugging.
>>
>> Is it possible that OpenSER is using the From tag and not the
>> credentials supplied in the Proxy-Authorization header?
>>
>> Thank You
>> Stagg Shelton
>>
>> On Jun 30, 2008, at 4:21 AM, Bogdan-Andrei Iancu wrote:
>>
>>> Hi Stagg,
>>>
>>> For INVITEs, use proxy_challenge() + proxy_authorize() functions and
>>> not the www_xxxxxxx() functions.
>>>
>>> Regards,
>>> Bogdan
>>>
>>> Stagg Shelton wrote:
>>>> I've been trying to work through openser successfully
>>>> authenticating a  user on an INVITE.  I've tried using
>>>> www_challenge and  proxy_challenge.  Each time, OpenSER will
>>>> respond to the INVITE with  the appropriate Authentication header
>>>> depending on what I'm using, and  asterisk will resend the INVITE
>>>> with the Digest credentials.  I've  determined that OpenSER returns
>>>> a -5 when processing either  www_authorize or proxy_authorize and
>>>> the INVITE has the Digest  credentials.
>>>>
>>>> The authentication seems to work just fine when asterisk Registers
>>>> to  openser.  Are there any known issues with asterisk
>>>> authenticating  during an INVITE?  I would prefer to do it this way
>>>> in case the PBX  loses its primary network connectivity and is
>>>> failing to a secondary  route, or some other reason that would
>>>> cause the IP address to change.
>>>>
>>>> I am currently using OpenSER 1.3.1
>>>>
>>>> Thank You
>>>> Stagg Shelton
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.openser.org
>>>> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>>>>
>>>>
>>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.openser.org
>> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>





More information about the sr-users mailing list