[OpenSER-Users] Problem with asterisk authenticating on invite

Bogdan-Andrei Iancu bogdan at voice-system.ro
Mon Jun 30 18:25:58 CEST 2008 

Hi Stagg,

set the debug level to 6 and you will get the logs from openser - this 
will help you identify why the auth is rejected.

Regards,
Bogdan

PS: you can send the logs to me if you do not manage to read them (also 
attach the SIP trace)

Stagg Shelton wrote:
> I am using proxy_authorize & proxy_challenge on the invite.
>
>          if (!(method=="REGISTER"))
>          {
>            if (!allow_trusted())
>            {
>                if (!proxy_authorize("", "subscriber")) {
>                  $var(debug) = proxy_authorize("", "subscriber");
>                  xlog("Not Proxy Authorize: $var(debug)");
>                        proxy_challenge("", "0");
>                        exit;
>                }
>                if (!check_from()) {
>                        sl_send_reply("403","Forbidden auth ID");
>                        exit;
>                }
>
>                consume_credentials();
>                # caller authenticated
>            }
>          }
>
>
> Below is the output I see in the log file when this path is executed.
>
> Jun 30 10:10:47 rolecall /sbin/openser[15625]: Not Proxy Authorize: -4
> Jun 30 10:10:47 rolecall /sbin/openser[15629]: Not Proxy Authorize: -5
> Jun 30 10:10:47 rolecall /sbin/openser[15625]: Not Proxy Authorize: -5
> Jun 30 10:10:47 rolecall /sbin/openser[15627]: Not Proxy Authorize: -5
>
> As you can see on the initial invite the credentials are not found  
> which is to be expected.  But on the subsequent invites OpenSER is  
> returning the generic error which doesn't tell me a whole lot.  Can  
> you tell me how to obtain more verbose debugging.
>
> Is it possible that OpenSER is using the From tag and not the  
> credentials supplied in the Proxy-Authorization header?
>
> Thank You
> Stagg Shelton
>
> On Jun 30, 2008, at 4:21 AM, Bogdan-Andrei Iancu wrote:
>
>   
>> Hi Stagg,
>>
>> For INVITEs, use proxy_challenge() + proxy_authorize() functions and  
>> not the www_xxxxxxx() functions.
>>
>> Regards,
>> Bogdan
>>
>> Stagg Shelton wrote:
>>     
>>> I've been trying to work through openser successfully  
>>> authenticating a  user on an INVITE.  I've tried using  
>>> www_challenge and  proxy_challenge.  Each time, OpenSER will  
>>> respond to the INVITE with  the appropriate Authentication header  
>>> depending on what I'm using, and  asterisk will resend the INVITE  
>>> with the Digest credentials.  I've  determined that OpenSER returns  
>>> a -5 when processing either  www_authorize or proxy_authorize and  
>>> the INVITE has the Digest  credentials.
>>>
>>> The authentication seems to work just fine when asterisk Registers  
>>> to  openser.  Are there any known issues with asterisk  
>>> authenticating  during an INVITE?  I would prefer to do it this way  
>>> in case the PBX  loses its primary network connectivity and is  
>>> failing to a secondary  route, or some other reason that would  
>>> cause the IP address to change.
>>>
>>> I am currently using OpenSER 1.3.1
>>>
>>> Thank You
>>> Stagg Shelton
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.openser.org
>>> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>       
>
>
> _______________________________________________
> Users mailing list
> Users at lists.openser.org
> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>
>

More information about the Users mailing list