[OpenSER-Users] Problem with asterisk authenticating on invite
flavio
flavio at asteriskguide.com
Mon Jun 30 18:07:06 CEST 2008
Hi Stagg,
Check the UAC module, if you want to send credentials to Asterisk (I have
tested OpenSER 1.3.2 and Asterisk 1.4, it works). Another way is to
integrate Asterisk and OpenSER using realtime (there is a tutorial in the
www.openser.org website), with this integration, the same user existing in
OpenSER will be valid in the Asterisk Server. There is the ugly way too
(autocreatepeer=yes or insecure =invite in the peer) in the Asterisk Server,
but make sure that only OpenSER can send SIP requests to your Asterisk
Server or you can get into big security problems.
Cheers,
Flavio
----- Original Message -----
From: "Stagg Shelton" <stagg at sheltonjohns.com>
To: <users at lists.openser.org>
Sent: Monday, June 30, 2008 11:21 AM
Subject: Re: [OpenSER-Users] Problem with asterisk authenticating on invite
>I am using proxy_authorize & proxy_challenge on the invite.
>
> if (!(method=="REGISTER"))
> {
> if (!allow_trusted())
> {
> if (!proxy_authorize("", "subscriber")) {
> $var(debug) = proxy_authorize("", "subscriber");
> xlog("Not Proxy Authorize: $var(debug)");
> proxy_challenge("", "0");
> exit;
> }
> if (!check_from()) {
> sl_send_reply("403","Forbidden auth ID");
> exit;
> }
>
> consume_credentials();
> # caller authenticated
> }
> }
>
>
> Below is the output I see in the log file when this path is executed.
>
> Jun 30 10:10:47 rolecall /sbin/openser[15625]: Not Proxy Authorize: -4
> Jun 30 10:10:47 rolecall /sbin/openser[15629]: Not Proxy Authorize: -5
> Jun 30 10:10:47 rolecall /sbin/openser[15625]: Not Proxy Authorize: -5
> Jun 30 10:10:47 rolecall /sbin/openser[15627]: Not Proxy Authorize: -5
>
> As you can see on the initial invite the credentials are not found
> which is to be expected. But on the subsequent invites OpenSER is
> returning the generic error which doesn't tell me a whole lot. Can
> you tell me how to obtain more verbose debugging.
>
> Is it possible that OpenSER is using the From tag and not the
> credentials supplied in the Proxy-Authorization header?
>
> Thank You
> Stagg Shelton
>
> On Jun 30, 2008, at 4:21 AM, Bogdan-Andrei Iancu wrote:
>
>> Hi Stagg,
>>
>> For INVITEs, use proxy_challenge() + proxy_authorize() functions and
>> not the www_xxxxxxx() functions.
>>
>> Regards,
>> Bogdan
>>
>> Stagg Shelton wrote:
>>> I've been trying to work through openser successfully
>>> authenticating a user on an INVITE. I've tried using
>>> www_challenge and proxy_challenge. Each time, OpenSER will
>>> respond to the INVITE with the appropriate Authentication header
>>> depending on what I'm using, and asterisk will resend the INVITE
>>> with the Digest credentials. I've determined that OpenSER returns
>>> a -5 when processing either www_authorize or proxy_authorize and
>>> the INVITE has the Digest credentials.
>>>
>>> The authentication seems to work just fine when asterisk Registers
>>> to openser. Are there any known issues with asterisk
>>> authenticating during an INVITE? I would prefer to do it this way
>>> in case the PBX loses its primary network connectivity and is
>>> failing to a secondary route, or some other reason that would
>>> cause the IP address to change.
>>>
>>> I am currently using OpenSER 1.3.1
>>>
>>> Thank You
>>> Stagg Shelton
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.openser.org
>>> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.openser.org
> http://lists.openser.org/cgi-bin/mailman/listinfo/users
More information about the Users
mailing list