[SR-Users] SIP Autentication Failed

Bruno Henrique Gomes Gouvêa brunohenriquebh at gmail.com
Mon Mar 7 21:30:55 CET 2016


Sorry, my mail client change text, correct is (without blank space):

   REGISTER sip:pabx999999.ligou.me;transport=UDP SIP/2.0
        Via: SIP/2.0/UDP 189.13.125.28:49288
;branch=z9hG4bK-d8754z-f96a8271ea34f240-1---d8754z-
        Max-Forwards: 70
        Contact: <sip:101_pabx999999.ligou.me at 189.13.125.28:49288
;rinstance=98fe0089b166bd85;transport=UDP>
        To: <sip:101_pabx999999.ligou.me at pabx999999.ligou.me;transport=UDP>
        From: <sip:101_pabx999999.ligou.me at pabx999999.ligou.me
;transport=UDP>;tag=9d3ef068
        Call-ID: YWQ5YzU4ZTc4MGU5NWE3OGI3Y2U2YjdmZDA0YTFmZmE.
        CSeq: 3 REGISTER
        Expires: 3600
        Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS,
INFO, SUBSCRIBE
        Supported: replaces, norefersub, extended-refer, timer,
X-cisco-serviceuri
        User-Agent: Z 3.6.25251 r25476
        Authorization: Digest username="101_pabx999999.ligou.me",realm="
pabx999999.ligou.me",nonce="Vt3evVbd3ZGT5CKFEKVFXx3NZHKisGcp",uri="sip:
pabx999999.ligou.me
;transport=UDP",response="6b3a6709fa3ec3ad313811a704ffb6d9",algorithm=MD5
        Allow-Events: presence, kpml
        Content-Length: 0

--------------------------------------------

Bruno H. G. Gouvêa

CEO - CiberCloud LTDA
http://cibercloud.com.br
http://ligou.me


---
 Bruno H. G. Gouvêa


 Tel.: (31)99554646
---


2016-03-07 17:27 GMT-03:00 Daniel-Constantin Mierla <miconda at gmail.com>:

> Hello,
>
> have you mangled the sip message you pasted here? I see a white space in
> front of username in From/To headers, which can lead in mismatching the
> authentication username with caller id username.
>
> Cheers,
> Daniel
>
>
> On 07/03/16 21:08, Bruno Henrique Gomes Gouvêa wrote:
>
> Hello,
>
> I did a tcpdump as directed, the softphone I use to test (Zoiper) tries to
> send a register without authorization header when receiving sip 401, it
> sends a new register with the authorization headers. This second attempt to
> register  is in the log and still does not allow the correct authentication.
> I took a look at the packet that kamailio is receiving and still could not
> find the problem, someone has idea?
>
>
>         REGISTER sip: pabx999999.ligou.me; transport = UDP SIP / 2.0
>         Via: SIP / 2.0 / UDP 189.13.125.28:49288
> ;branch=z9hG4bK-d8754z-f96a8271ea34f240-1---d8754z-
>         Max-Forwards: 70
>         Contact: <sip: 101_pabx999999.ligou.me at 189.13.125.28: 49288;
> rinstance = 98fe0089b166bd85; transport = UDP>
>         To: <sip: 101_pabx999999.ligou.me at pabx999999.ligou.me; transport
> = UDP>
>         From: <sip: 101_pabx999999.ligou.me at pabx999999.ligou.me;
> transport = UDP>; tag = 9d3ef068
>         Call-ID: YWQ5YzU4ZTc4MGU5NWE3OGI3Y2U2YjdmZDA0YTFmZmE.
>         CSeq: 3 REGISTER
>         Expires: 3600
>         Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS,
> INFO, SUBSCRIBE
>         Supported: replaces, norefersub, extended-refer, timer,
> X-cisco-serviceuri
>         User-Agent: Z 3.6.25251 r25476
>         Authorization: Digest username="101_pabx999999.ligou.me",realm="
> pabx999999.ligou.me",nonce="Vt3evVbd3ZGT5CKFEKVFXx3NZHKisGcp",uri="sip:
> pabx999999.ligou.me
> ;transport=UDP",response="6b3a6709fa3ec3ad313811a704ffb6d9",algorithm=MD5
>         Allow-Events: presence, KPML
>         Content-Length: 0
>
>
> Thank you!
>
>
> --------------------------------------------
>
> Bruno H. G. Gouvêa
>
> CEO - CiberCloud LTDA
> http://cibercloud.com.br
> http://ligou.me
>
>
> ---
>  Bruno H. G. Gouvêa
>
>
>  Tel.: (31)99554646
> ---
>
>
> 2016-03-07 16:42 GMT-03:00 Daniel-Constantin Mierla < <miconda at gmail.com>
> miconda at gmail.com>:
>
>> Hello,
>>
>> can you look at the SIP traffic and see if the realm parameter for
>> authrozation is matching what you have in the config. The logs messages
>> show:
>>
>> Mar  7 10:59:13 p /usr/sbin/kamailio[29558]: ERROR: *** cfgtrace: c=[//etc/kamailio/kamailio.cfg] l=946 a=27 n=auth_check
>> Mar  7 10:59:13 p /usr/sbin/kamailio[29558]: DEBUG: auth_db [authorize.c:486]: auth_check(): realm [pabx999999.ligou.me] table [subscriber] flags [0]
>> Mar  7 10:59:13 p /usr/sbin/kamailio[29558]: DEBUG: auth [api.c:86]: pre_auth(): auth:pre_auth: Credentials with realm 'pabx999999.ligou.me' not found
>> Mar  7 10:59:13 p /usr/sbin/kamailio[29558]: DEBUG: auth_db [authorize.c:252]: digest_authenticate_hdr(): no credentials
>>
>>
>> Meaning that headers with expected realm were not found.
>>
>> You can eventually make available the output of ngrep for a registration
>> exposing the issue.
>>
>> Cheers,
>> Daniel
>>
>>
>> On 07/03/16 17:10, Bruno Henrique Gomes Gouvêa wrote:
>>
>> Hello,
>>
>> Thanks for the reply.
>>
>> Debug log: http://pasted.co/63d576ae
>>
>> --------------------------------------------
>>
>> Bruno H. G. Gouvêa
>>
>> CEO - CiberCloud LTDA
>> http://cibercloud.com.br
>> http://ligou.me
>>
>>
>> ---
>>  Bruno H. G. Gouvêa
>>
>>
>>  Tel.: (31)99554646
>> ---
>>
>>
>> 2016-03-04 18:17 GMT-03:00 Bruno Henrique Gomes Gouvêa <
>> brunohenriquebh at gmail.com>:
>>
>>> Hello,
>>>
>>> First excuse any mistakes in English. I'm working on a platform that
>>> makes use of integrated Kamailio with asterisk (Elastix mt).
>>>
>>> This platform allows the login of my SIP clients via the extension
>>> number and the client's domain, where the kamailio after authentication
>>> change the username to sip EXTENSION + _ + DOMAIN (expected by Asterisk)
>>> and sends to the asterisk.
>>>
>>> I need the client can also send the sip user in standard EXTENSION + _ +
>>> DOMAIN, for it changed the view subscriber to also return a username record
>>> in the format that the softphone is sending, but the platform still seems
>>> not authenticate the REGISTER using new way functions in auth_check ("$
>>> FD", "subscriber", "0") and auth_challenge ("$ FD", "0").
>>>
>>> Thus works:
>>> Login: 101
>>> Domain/server: pabx999999.ligou.me
>>> Password: PASSWORD_PLAIN
>>>
>>>
>>>
>>> This way does not work:
>>> Login: 101_pabx999999.ligou.me
>>> Domain/server: pabx999999.ligou.me
>>> Password: PASSWORD_PLAIN
>>>
>>>
>>> Already got a good look at the documentation and could not find the
>>> problem, could give me some help?
>>>
>>>
>>> Kamailio.cfg: <http://pasted.co/db8fb3a2>http://pasted.co/db8fb3a2
>>> Execution debug log: <http://pasted.co/49bfe5bf>
>>> http://pasted.co/49bfe5bf
>>> Contents view subscriber:
>>>
>>> +-----------------------------+---------------------+---------------+------+
>>> | username                    | domain              | ha1           |
>>> ha1b |
>>>
>>> +-----------------------------+---------------------+---------------+------+
>>> | admin                       | pabx999999.ligou.me | PASSWORD_PLAIN|
>>> NULL |
>>> | adminIM                     | pabx999999.ligou.me | PASSWORD_PLAIN|
>>> NULL |
>>> | 101                         | pabx999999.ligou.me | PASSWORD_PLAIN|
>>> NULL |
>>> | 103                         | pabx999999.ligou.me | PASSWORD_PLAIN|
>>> NULL |
>>> | 103IM                       | pabx999999.ligou.me | PASSWORD_PLAIN|
>>> NULL |
>>> | admin_pabx999999.ligou.me   | pabx999999.ligou.me | PASSWORD_PLAIN|
>>> NULL |
>>> | adminIM_pabx999999.ligou.me | pabx999999.ligou.me | PASSWORD_PLAIN|
>>> NULL |
>>> | 101_pabx999999.ligou.me     | pabx999999.ligou.me | PASSWORD_PLAIN|
>>> NULL |
>>> | 103_pabx999999.ligou.me     | pabx999999.ligou.me | PASSWORD_PLAIN|
>>> NULL |
>>> | 103IM_pabx999999.ligou.me   | pabx999999.ligou.me | PASSWORD_PLAIN|
>>> NULL |
>>>
>>> --------------------------------------------
>>>
>>> Bruno H. G. Gouvêa
>>>
>>>
>>> ---
>>>
>>>
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing listsr-users at lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>> --
>> Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>> Kamailio Advanced Training, Berlin, March 7-9, 2016 - http://www.asipto.com
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>
> --
> Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
> Kamailio Advanced Training, Berlin, March 7-9, 2016 - http://www.asipto.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20160307/869bb5e3/attachment.html>


More information about the sr-users mailing list