[OpenSER-Users] Problem with asterisk authenticating on invite

Stagg Shelton stagg at sheltonjohns.com
Mon Jun 30 16:21:39 CEST 2008 

I am using proxy_authorize & proxy_challenge on the invite.

         if (!(method=="REGISTER"))
         {
           if (!allow_trusted())
           {
               if (!proxy_authorize("", "subscriber")) {
                 $var(debug) = proxy_authorize("", "subscriber");
                 xlog("Not Proxy Authorize: $var(debug)");
                       proxy_challenge("", "0");
                       exit;
               }
               if (!check_from()) {
                       sl_send_reply("403","Forbidden auth ID");
                       exit;
               }

               consume_credentials();
               # caller authenticated
           }
         }


Below is the output I see in the log file when this path is executed.

Jun 30 10:10:47 rolecall /sbin/openser[15625]: Not Proxy Authorize: -4
Jun 30 10:10:47 rolecall /sbin/openser[15629]: Not Proxy Authorize: -5
Jun 30 10:10:47 rolecall /sbin/openser[15625]: Not Proxy Authorize: -5
Jun 30 10:10:47 rolecall /sbin/openser[15627]: Not Proxy Authorize: -5

As you can see on the initial invite the credentials are not found  
which is to be expected.  But on the subsequent invites OpenSER is  
returning the generic error which doesn't tell me a whole lot.  Can  
you tell me how to obtain more verbose debugging.

Is it possible that OpenSER is using the From tag and not the  
credentials supplied in the Proxy-Authorization header?

Thank You
Stagg Shelton

On Jun 30, 2008, at 4:21 AM, Bogdan-Andrei Iancu wrote:

> Hi Stagg,
>
> For INVITEs, use proxy_challenge() + proxy_authorize() functions and  
> not the www_xxxxxxx() functions.
>
> Regards,
> Bogdan
>
> Stagg Shelton wrote:
>> I've been trying to work through openser successfully  
>> authenticating a  user on an INVITE.  I've tried using  
>> www_challenge and  proxy_challenge.  Each time, OpenSER will  
>> respond to the INVITE with  the appropriate Authentication header  
>> depending on what I'm using, and  asterisk will resend the INVITE  
>> with the Digest credentials.  I've  determined that OpenSER returns  
>> a -5 when processing either  www_authorize or proxy_authorize and  
>> the INVITE has the Digest  credentials.
>>
>> The authentication seems to work just fine when asterisk Registers  
>> to  openser.  Are there any known issues with asterisk  
>> authenticating  during an INVITE?  I would prefer to do it this way  
>> in case the PBX  loses its primary network connectivity and is  
>> failing to a secondary  route, or some other reason that would  
>> cause the IP address to change.
>>
>> I am currently using OpenSER 1.3.1
>>
>> Thank You
>> Stagg Shelton
>> _______________________________________________
>> Users mailing list
>> Users at lists.openser.org
>> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>>
>>
>

More information about the Users mailing list