[Kamailio-Users] Auth problems with 1.5.1
Raúl Alexis Betancor Santana
rabs at dimension-virtual.com
Tue May 26 00:52:01 CEST 2009
Hi all,
I have retest and don't know what's happens, because it doesn't run.
That is what a I did, step by step:
- edit kamctlrc and set all DB related params
- kamdbctl create (all ok)
- kamctl add 185 at 192.168.2.130 kajun (all ok)
- start kamailio 1.5.1
- Force the Snom360 phone to REGISTER
ngrep trace:
#
U 2009/05/25 23:44:37.689150 192.168.2.119:2048 -> 192.168.2.130:5060
REGISTER sip:192.168.2.130 SIP/2.0
Via: SIP/2.0/UDP 192.168.2.119:2048;branch=z9hG4bK-8mrgci7gcjq9;rport
From: <sip:185 at 192.168.2.130>;tag=7l7xgqxf5f
To: <sip:185 at 192.168.2.130>
Call-ID: 3c282b0cc303-jlk76rjijtqs
CSeq: 546 REGISTER
Max-Forwards: 70
Contact: <sip:185 at 192.168.2.119:2048;line=b5fdc3kc>;flow-id=1;q=1.0;
+sip.instance="<urn:uuid:2748f855-1f70-45c6-9ffd-50e2b11628da>";audio;mobility="fixed";duplex="full";description="snom360";actor="principal";events="dialog";methods="INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO"
User-Agent: snom360/7.1.30
Supported: gruu
Allow-Events: dialog
X-Real-IP: 192.168.2.119
Expires: 3600
Content-Length: 0
#
U 2009/05/25 23:44:37.689458 192.168.2.130:5060 -> 192.168.2.119:2048
SIP/2.0 100 Trying
Via: SIP/2.0/UDP
192.168.2.119:2048;branch=z9hG4bK-8mrgci7gcjq9;rport=2048;received=192.168.2.119
From: <sip:185 at 192.168.2.130>;tag=7l7xgqxf5f
To: <sip:185 at 192.168.2.130>
Call-ID: 3c282b0cc303-jlk76rjijtqs
CSeq: 546 REGISTER
Server: Kamailio (1.5.1-notls (i386/linux))
Content-Length: 0
#
U 2009/05/25 23:44:37.689687 192.168.2.130:5060 -> 192.168.2.119:2048
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP
192.168.2.119:2048;branch=z9hG4bK-8mrgci7gcjq9;rport=2048;received=192.168.2.119
From: <sip:185 at 192.168.2.130>;tag=7l7xgqxf5f
To: <sip:185 at 192.168.2.130>;tag=f8f2ab2c1295e90ed7dbb499b30f44b2.fb06
Call-ID: 3c282b0cc303-jlk76rjijtqs
CSeq: 546 REGISTER
WWW-Authenticate: Digest realm="192.168.2.130",
nonce="4a1b20810000000748f00008d2fae44c0a31cce41858b148"
Server: Kamailio (1.5.1-notls (i386/linux))
Content-Length: 0
#
U 2009/05/25 23:44:37.907937 192.168.2.119:2048 -> 192.168.2.130:5060
REGISTER sip:192.168.2.130 SIP/2.0
Via: SIP/2.0/UDP 192.168.2.119:2048;branch=z9hG4bK-untugk2mv3id;rport
From: <sip:185 at 192.168.2.130>;tag=7l7xgqxf5f
To: <sip:185 at 192.168.2.130>
Call-ID: 3c282b0cc303-jlk76rjijtqs
CSeq: 547 REGISTER
Max-Forwards: 70
Contact: <sip:185 at 192.168.2.119:2048;line=b5fdc3kc>;flow-id=1;q=1.0;
+sip.instance="<urn:uuid:2748f855-1f70-45c6-9ffd-50e2b11628da>";audio;mobility="fixed";duplex="full";description="snom360";actor="principal";events="dialog";methods="INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO"
User-Agent: snom360/7.1.30
Supported: gruu
Allow-Events: dialog
X-Real-IP: 192.168.2.119
Authorization: Digest
username="185",realm="192.168.2.130",nonce="4a1b20810000000748f00008d2fae44c0a31cce41858b148",uri="sip:192.168.2.130",response="619143fed6a91de711026326d4bf0e67",algorithm=MD5
Expires: 3600
Content-Length: 0
#
U 2009/05/25 23:44:37.908456 192.168.2.130:5060 -> 192.168.2.119:2048
SIP/2.0 100 Trying
Via: SIP/2.0/UDP
192.168.2.119:2048;branch=z9hG4bK-untugk2mv3id;rport=2048;received=192.168.2.119
From: <sip:185 at 192.168.2.130>;tag=7l7xgqxf5f
To: <sip:185 at 192.168.2.130>
Call-ID: 3c282b0cc303-jlk76rjijtqs
CSeq: 547 REGISTER
Server: Kamailio (1.5.1-notls (i386/linux))
Content-Length: 0
#
U 2009/05/25 23:44:37.965604 192.168.2.130:5060 -> 192.168.2.119:2048
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP
192.168.2.119:2048;branch=z9hG4bK-untugk2mv3id;rport=2048;received=192.168.2.119
From: <sip:185 at 192.168.2.130>;tag=7l7xgqxf5f
To: <sip:185 at 192.168.2.130>;tag=f8f2ab2c1295e90ed7dbb499b30f44b2.f66d
Call-ID: 3c282b0cc303-jlk76rjijtqs
CSeq: 547 REGISTER
WWW-Authenticate: Digest realm="192.168.2.130",
nonce="4a1b208100000008470ae7a9af3aba2178f305584e6cf034"
Server: Kamailio (1.5.1-notls (i386/linux))
Content-Length: 0
############
Syslog output:
May 25 23:44:37 salma sbc01[21984]: New request BI:0 - M=REGISTER
RURI=sip:192.168.2.130 F=sip:185 at 192.168.2.130 T=sip:185 at 192.168.2.130
IP=192.168.2.119 ID=3c282b0cc303-jlk76rjijtqs
May 25 23:44:37 salma sbc01[21984]: Register authentication failed BI:0 -
M=REGISTER RURI=sip:192.168.2.130 F=sip:185 at 192.168.2.130
T=sip:185 at 192.168.2.130 IP=192.168.2.119 ID=3c282b0cc303-jlk76rjijtqs RC=-4
May 25 23:44:37 salma sbc01[21978]: New request BI:0 - M=REGISTER
RURI=sip:192.168.2.130 F=sip:185 at 192.168.2.130 T=sip:185 at 192.168.2.130
IP=192.168.2.119 ID=3c282b0cc303-jlk76rjijtqs
May 25 23:44:37 salma sbc01[21978]: Register authentication failed BI:0 -
M=REGISTER RURI=sip:192.168.2.130 F=sip:185 at 192.168.2.130
T=sip:185 at 192.168.2.130 IP=192.168.2.119 ID=3c282b0cc303-jlk76rjijtqs RC=-2
The first -4 rc it's ok, it correspond to the first REGISTER phone sends
without credentials, but second rc -2 could not be OK at all. I have recheck
the password on the phone, I also try with other phones and with sipsak with
the same result.
What I have on the .cfg file is:
[...]
loadmodule "auth.so"
modparam("auth", "nonce_expire", 300)
modparam("auth", "realm_prefix", "sip.")
modparam("auth", "rpid_suffix", ";party=calling;id-type=subscriber;screen=yes")
modparam("auth", "rpid_avp", "$avp(s:rpid)")
loadmodule "auth_db.so"
modparam("auth_db", "db_url", "postgres://openser:XXXXXXX@localhost:5435/voip5")
modparam("auth_db", "user_column", "username")
modparam("auth_db", "domain_column", "domain")
modparam("auth_db", "password_column", "password")
modparam("auth_db", "password_column_2", "ha1b")
modparam("auth_db", "calculate_ha1", 0)
modparam("auth_db", "use_domain", 1)
modparam("auth_db", "load_credentials", "$avp(s:caller_uuid)=uuid")
[...]
if(!www_authorize("", "subscriber"))
{
xlog("L_INFO", "Register authentication failed BI:
$T_branch_idx - M=$rm RURI=$ru F=$fu T=$tu IP=$si I
D=$ci RC=$rc\n");
www_challenge("", "0");
exit;
}
[...]
And I have no clue about what is happening, because if I do the same with
openser 1.3.2, all runs ok.
--
Raúl Alexis Betancor Santana
Dimensión Virtual
More information about the sr-users
mailing list