[SR-Users] SIP Autentication Failed
Daniel-Constantin Mierla
miconda at gmail.com
Mon Mar 7 21:27:11 CET 2016
Hello,
have you mangled the sip message you pasted here? I see a white space in
front of username in From/To headers, which can lead in mismatching the
authentication username with caller id username.
Cheers,
Daniel
On 07/03/16 21:08, Bruno Henrique Gomes Gouvêa wrote:
> Hello,
>
> I did a tcpdump as directed, the softphone I use to test (Zoiper)
> tries to send a register without authorization header when receiving
> sip 401, it sends a new register with the authorization headers. This
> second attempt to register is in the log and still does not allow the
> correct authentication.
> I took a look at the packet that kamailio is receiving and still could
> not find the problem, someone has idea?
>
>
> REGISTER sip: pabx999999.ligou.me
> <http://pabx999999.ligou.me>; transport = UDP SIP / 2.0
> Via: SIP / 2.0 / UDP
> 189.13.125.28:49288;branch=z9hG4bK-d8754z-f96a8271ea34f240-1---d8754z-
> Max-Forwards: 70
> Contact: <sip: 101_pabx999999.ligou.me at 189.13.125.28
> <mailto:101_pabx999999.ligou.me at 189.13.125.28>: 49288; rinstance =
> 98fe0089b166bd85; transport = UDP>
> To: <sip: 101_pabx999999.ligou.me at pabx999999.ligou.me
> <mailto:101_pabx999999.ligou.me at pabx999999.ligou.me>; transport = UDP>
> From: <sip: 101_pabx999999.ligou.me at pabx999999.ligou.me
> <mailto:101_pabx999999.ligou.me at pabx999999.ligou.me>; transport =
> UDP>; tag = 9d3ef068
> Call-ID: YWQ5YzU4ZTc4MGU5NWE3OGI3Y2U2YjdmZDA0YTFmZmE.
> CSeq: 3 REGISTER
> Expires: 3600
> Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE,
> OPTIONS, INFO, SUBSCRIBE
> Supported: replaces, norefersub, extended-refer, timer,
> X-cisco-serviceuri
> User-Agent: Z 3.6.25251 r25476
> Authorization: Digest username="101_pabx999999.ligou.me
> <http://101_pabx999999.ligou.me>",realm="pabx999999.ligou.me
> <http://pabx999999.ligou.me>",nonce="Vt3evVbd3ZGT5CKFEKVFXx3NZHKisGcp",uri="sip:pabx999999.ligou.me
> <http://pabx999999.ligou.me>;transport=UDP",response="6b3a6709fa3ec3ad313811a704ffb6d9",algorithm=MD5
> Allow-Events: presence, KPML
> Content-Length: 0
>
>
> Thank you!
>
>
> --------------------------------------------
>
> Bruno H. G. Gouvêa
>
> CEO - CiberCloud LTDA
> http://cibercloud.com.br <http://cibercloud.com.br/>
> http://ligou.me <http://ligou.me/>
>
>
> ---
> Bruno H. G. Gouvêa
>
>
> Tel.: (31)99554646 <tel:%2831%2999554646>
> ---
>
>
> 2016-03-07 16:42 GMT-03:00 Daniel-Constantin Mierla <miconda at gmail.com
> <mailto:miconda at gmail.com>>:
>
> Hello,
>
> can you look at the SIP traffic and see if the realm parameter for
> authrozation is matching what you have in the config. The logs
> messages show:
>
> Mar 7 10:59:13 p /usr/sbin/kamailio[29558]: ERROR: *** cfgtrace: c=[//etc/kamailio/kamailio.cfg] l=946 a=27 n=auth_check
> Mar 7 10:59:13 p /usr/sbin/kamailio[29558]: DEBUG: auth_db [authorize.c:486]: auth_check(): realm [pabx999999.ligou.me <http://pabx999999.ligou.me>] table [subscriber] flags [0]
> Mar 7 10:59:13 p /usr/sbin/kamailio[29558]: DEBUG: auth [api.c:86]: pre_auth(): auth:pre_auth: Credentials with realm 'pabx999999.ligou.me <http://pabx999999.ligou.me>' not found
> Mar 7 10:59:13 p /usr/sbin/kamailio[29558]: DEBUG: auth_db [authorize.c:252]: digest_authenticate_hdr(): no credentials
>
>
> Meaning that headers with expected realm were not found.
>
> You can eventually make available the output of ngrep for a
> registration exposing the issue.
>
> Cheers,
> Daniel
>
>
> On 07/03/16 17:10, Bruno Henrique Gomes Gouvêa wrote:
>> Hello,
>>
>> Thanks for the reply.
>>
>> Debug log: http://pasted.co/63d576ae
>>
>> --------------------------------------------
>>
>> Bruno H. G. Gouvêa
>>
>> CEO - CiberCloud LTDA
>> http://cibercloud.com.br <http://cibercloud.com.br/>
>> http://ligou.me <http://ligou.me/>
>>
>>
>> ---
>> Bruno H. G. Gouvêa
>>
>>
>> Tel.: (31)99554646 <tel:%2831%2999554646>
>> ---
>>
>>
>> 2016-03-04 18:17 GMT-03:00 Bruno Henrique Gomes Gouvêa
>> <brunohenriquebh at gmail.com <mailto:brunohenriquebh at gmail.com>>:
>>
>> Hello,
>>
>> First excuse any mistakes in English. I'm working on a
>> platform that makes use of integrated Kamailio with asterisk
>> (Elastix mt).
>>
>> This platform allows the login of my SIP clients via the
>> extension number and the client's domain, where the kamailio
>> after authentication change the username to sip EXTENSION + _
>> + DOMAIN (expected by Asterisk) and sends to the asterisk.
>>
>> I need the client can also send the sip user in standard
>> EXTENSION + _ + DOMAIN, for it changed the view subscriber to
>> also return a username record in the format that the
>> softphone is sending, but the platform still seems not
>> authenticate the REGISTER using new way functions in
>> auth_check ("$ FD", "subscriber", "0") and auth_challenge ("$
>> FD", "0").
>>
>> Thus works:
>> Login: 101
>> Domain/server: pabx999999.ligou.me <http://pabx999999.ligou.me>
>> Password: PASSWORD_PLAIN
>>
>>
>>
>> This way does not work:
>> Login: 101_pabx999999.ligou.me <http://101_pabx999999.ligou.me>
>> Domain/server: pabx999999.ligou.me <http://pabx999999.ligou.me>
>> Password: PASSWORD_PLAIN
>>
>>
>> Already got a good look at the documentation and could not
>> find the problem, could give me some help?
>>
>>
>> Kamailio.cfg: http://pasted.co/db8fb3a2
>> Execution debug log: http://pasted.co/49bfe5bf
>> Contents view subscriber:
>> +-----------------------------+---------------------+---------------+------+
>> | username | domain | ha1
>> | ha1b |
>> +-----------------------------+---------------------+---------------+------+
>> | admin | pabx999999.ligou.me
>> <http://pabx999999.ligou.me> | PASSWORD_PLAIN| NULL |
>> | adminIM | pabx999999.ligou.me
>> <http://pabx999999.ligou.me> | PASSWORD_PLAIN| NULL |
>> | 101 | pabx999999.ligou.me
>> <http://pabx999999.ligou.me> | PASSWORD_PLAIN| NULL |
>> | 103 | pabx999999.ligou.me
>> <http://pabx999999.ligou.me> | PASSWORD_PLAIN| NULL |
>> | 103IM | pabx999999.ligou.me
>> <http://pabx999999.ligou.me> | PASSWORD_PLAIN| NULL |
>> | admin_pabx999999.ligou.me
>> <http://admin_pabx999999.ligou.me> | pabx999999.ligou.me
>> <http://pabx999999.ligou.me> | PASSWORD_PLAIN| NULL |
>> | adminIM_pabx999999.ligou.me
>> <http://adminIM_pabx999999.ligou.me> | pabx999999.ligou.me
>> <http://pabx999999.ligou.me> | PASSWORD_PLAIN| NULL |
>> | 101_pabx999999.ligou.me <http://101_pabx999999.ligou.me>
>> | pabx999999.ligou.me <http://pabx999999.ligou.me> |
>> PASSWORD_PLAIN| NULL |
>> | 103_pabx999999.ligou.me <http://103_pabx999999.ligou.me>
>> | pabx999999.ligou.me <http://pabx999999.ligou.me> |
>> PASSWORD_PLAIN| NULL |
>> | 103IM_pabx999999.ligou.me
>> <http://103IM_pabx999999.ligou.me> | pabx999999.ligou.me
>> <http://pabx999999.ligou.me> | PASSWORD_PLAIN| NULL |
>>
>> --------------------------------------------
>>
>> Bruno H. G. Gouvêa
>>
>>
>> ---
>>
>>
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org>
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
> --
> Daniel-Constantin Mierla
> http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> - http://www.linkedin.com/in/miconda
> Kamailio Advanced Training, Berlin, March 7-9, 2016 - http://www.asipto.com
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
> list
> sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org>
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, March 7-9, 2016 - http://www.asipto.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20160307/f186c231/attachment.html>
More information about the sr-users
mailing list