Re: [asterisk-users] multi step auth?

2018-05-09 Thread Daniel Tryba 
On Tue, May 08, 2018 at 03:04:55PM -0500, Jeff LaCoursiere wrote:
> Thats till doesn't change the SIP header.?? Basically they want to send a RE
> INVITE and authenticate my DID number.?? But my DID number does not have a
> peer or user entry in sip.conf.?? Perhaps I am answering my own question,
> but is that the only way this is going to work?

Maybe you should post their requirments (instead of your rephrasing of
them). Do they actually want to have different from/to and contact(!) in
one SIP dialog? But AFAIK you don't have such control in Asterisk, you
can only influence the original INVITE and than have Asterisk respond
to a auth challenge, which you can influence with defaultuser according
to sip.conf.

So experiment with something like
[user]
fromuser=thenumber
defaultuser=theusername
remotesecret=thepassword

and see what the fromuser in request is and what the authentication user
in the Authorization header is in step 3, according to sip.conf remarks
it should be:

From: 
To:
Authorization: Digest username="defaultuser"


-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] multi step auth?

2018-05-08 Thread Kseniya Blashchuk 
Try to set fromuser=number in your sip provider peer configuration

On Tue, May 8, 2018, 11:05 PM Jeff LaCoursiere  wrote:

>
> Thats till doesn't change the SIP header.  Basically they want to send a
> RE INVITE and authenticate my DID number.  But my DID number does not have
> a peer or user entry in sip.conf.  Perhaps I am answering my own question,
> but is that the only way this is going to work?
>
> Thanks,
>
> j
>
>
> On 05/08/2018 02:54 PM, Khalil Khamlichi wrote:
>
> try adding a + sign for the number
>
> same => n,Set(CALLERID(all)=17864089672 <+17864089672>)
>
>
>
>
> On Tue, May 8, 2018, 8:51 PM Jeff LaCoursiere 
> wrote:
>
>>
>> I *am* doing that, as I assumed it would be required just for the 911
>> mapping we have provided, but that doesn't change the SIP header.
>>
>> Cheers,
>>
>> j
>>
>> On 05/08/2018 02:41 PM, Khalil Khamlichi wrote:
>>
>> try setting the callerid with
>>
>> same => n,Set(CALLERID(all)=17864089672 <17864089672>)
>>
>> ofcourse for each customer you will need to provide his own did.
>>
>>
>> On Tue, May 8, 2018, 8:37 PM Jeff LaCoursiere 
>> wrote:
>>
>>> Hi,
>>>
>>> We have been using Voxbone for some time for origination, and they now
>>> offer E911 services.  We are trying to set this up and having trouble
>>> meeting their authentication requirements.
>>>
>>> I setup a peer as I normally would, with user/pass as they supplied
>>> ("lacoursj", "pass"), but my calls are rejected.  Their support is asking
>>> that I follow this auth mechanism:
>>>
>>> 1st step - You send an INVITE message.
>>> 2nd step - We respond with a 407.
>>> 3rd step - You send a RE INVITE message including your credentials.
>>>
>>>  The tricky bit seems to be that they want the original INVITE to look
>>> like:
>>>
>>> From: ;tag=as00771983.
>>> To:  .
>>> Contact: .
>>>
>>> The "1786..." above is meant to be the DID number that is placing the
>>> 911 call. Our DID numbers don't have peer or user entries in sip.conf. My
>>> peer isn't sending that, though, it is sending:
>>>
>>> From: ;tag=as00771983.
>>> To:  .
>>> Contact: .
>>>
>>> They claim that 'lacoursj' shouldn't be sent until step 3.
>>>
>>> I have never been asked to authenticate this way... can asterisk
>>> chan_sip do it?
>>>
>>> Cheers,
>>> j
>>> --
>>> _
>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>
>>> Check out the new Asterisk community forum at:
>>> https://community.asterisk.org/
>>>
>>> New to Asterisk? Start here:
>>>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>>
>>> asterisk-users mailing list
>>> To UNSUBSCRIBE or update options visit:
>>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>>
>>
>>
>> --
>> _
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> Check out the new Asterisk community forum at:
>> https://community.asterisk.org/
>>
>> New to Asterisk? Start here:
>>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at:
> https://community.asterisk.org/
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users

-- 
--
BR, Kseniya
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] multi step auth?

2018-05-08 Thread Jeff LaCoursiere 


Thats till doesn't change the SIP header.  Basically they want to send a 
RE INVITE and authenticate my DID number.  But my DID number does not 
have a peer or user entry in sip.conf.  Perhaps I am answering my own 
question, but is that the only way this is going to work?


Thanks,

j

On 05/08/2018 02:54 PM, Khalil Khamlichi wrote:

try adding a + sign for the number

same => n,Set(CALLERID(all)=17864089672 <+17864089672>)




On Tue, May 8, 2018, 8:51 PM Jeff LaCoursiere > wrote:



I *am* doing that, as I assumed it would be required just for the
911 mapping we have provided, but that doesn't change the SIP header.

Cheers,

j

On 05/08/2018 02:41 PM, Khalil Khamlichi wrote:

try setting the callerid with

same => n,Set(CALLERID(all)=17864089672 <17864089672>)

ofcourse for each customer you will need to provide his own did.


On Tue, May 8, 2018, 8:37 PM Jeff LaCoursiere
mailto:j...@stratustalk.com>> wrote:

Hi,

We have been using Voxbone for some time for origination, and
they now offer E911 services.  We are trying to set this up
and having trouble meeting their authentication requirements.

I setup a peer as I normally would, with user/pass as they
supplied ("lacoursj", "pass"), but my calls are rejected. 
Their support is asking that I follow this auth mechanism:

1st step - You send an INVITE message.
2nd step - We respond with a 407.
3rd step - You send a RE INVITE message including your
credentials.

 The tricky bit seems to be that they want the original
INVITE to look like:

From: ;tag=as00771983.
To: 
.
Contact: .

The "1786..." above is meant to be the DID number that is
placing the 911 call. Our DID numbers don't have peer or user
entries in sip.conf. My peer isn't sending that, though, it
is sending:

From: ;tag=as00771983.
To: 
.
Contact: .

They claim that 'lacoursj' shouldn't be sent until step 3.

I have never been asked to authenticate this way... can
asterisk chan_sip do it?

Cheers,

j
-- 
_

-- Bandwidth and Colocation Provided by
http://www.api-digital.com --

Check out the new Asterisk community forum at:
https://community.asterisk.org/

New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users





-- 
_

-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at:
https://community.asterisk.org/

New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users





-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] multi step auth?

2018-05-08 Thread Khalil Khamlichi 
try adding a + sign for the number

same => n,Set(CALLERID(all)=17864089672 <+17864089672>)




On Tue, May 8, 2018, 8:51 PM Jeff LaCoursiere  wrote:

>
> I *am* doing that, as I assumed it would be required just for the 911
> mapping we have provided, but that doesn't change the SIP header.
>
> Cheers,
>
> j
>
> On 05/08/2018 02:41 PM, Khalil Khamlichi wrote:
>
> try setting the callerid with
>
> same => n,Set(CALLERID(all)=17864089672 <17864089672>)
>
> ofcourse for each customer you will need to provide his own did.
>
>
> On Tue, May 8, 2018, 8:37 PM Jeff LaCoursiere 
> wrote:
>
>> Hi,
>>
>> We have been using Voxbone for some time for origination, and they now
>> offer E911 services.  We are trying to set this up and having trouble
>> meeting their authentication requirements.
>>
>> I setup a peer as I normally would, with user/pass as they supplied
>> ("lacoursj", "pass"), but my calls are rejected.  Their support is asking
>> that I follow this auth mechanism:
>>
>> 1st step - You send an INVITE message.
>> 2nd step - We respond with a 407.
>> 3rd step - You send a RE INVITE message including your credentials.
>>
>>  The tricky bit seems to be that they want the original INVITE to look
>> like:
>>
>> From: ;tag=as00771983.
>> To:  .
>> Contact: .
>>
>> The "1786..." above is meant to be the DID number that is placing the 911
>> call. Our DID numbers don't have peer or user entries in sip.conf. My peer
>> isn't sending that, though, it is sending:
>>
>> From: ;tag=as00771983.
>> To:  .
>> Contact: .
>>
>> They claim that 'lacoursj' shouldn't be sent until step 3.
>>
>> I have never been asked to authenticate this way... can asterisk chan_sip
>> do it?
>>
>> Cheers,
>> j
>> --
>> _
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> Check out the new Asterisk community forum at:
>> https://community.asterisk.org/
>>
>> New to Asterisk? Start here:
>>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at:
> https://community.asterisk.org/
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] multi step auth?

2018-05-08 Thread Jeff LaCoursiere 


I *am* doing that, as I assumed it would be required just for the 911 
mapping we have provided, but that doesn't change the SIP header.


Cheers,

j

On 05/08/2018 02:41 PM, Khalil Khamlichi wrote:

try setting the callerid with

same => n,Set(CALLERID(all)=17864089672 <17864089672>)

ofcourse for each customer you will need to provide his own did.


On Tue, May 8, 2018, 8:37 PM Jeff LaCoursiere > wrote:


Hi,

We have been using Voxbone for some time for origination, and they
now offer E911 services.  We are trying to set this up and having
trouble meeting their authentication requirements.

I setup a peer as I normally would, with user/pass as they
supplied ("lacoursj", "pass"), but my calls are rejected. Their
support is asking that I follow this auth mechanism:

1st step - You send an INVITE message.
2nd step - We respond with a 407.
3rd step - You send a RE INVITE message including your credentials.

 The tricky bit seems to be that they want the original INVITE to
look like:

From: ;tag=as00771983.
To:  .
Contact: .

The "1786..." above is meant to be the DID number that is placing
the 911 call. Our DID numbers don't have peer or user entries in
sip.conf. My peer isn't sending that, though, it is sending:

From: ;tag=as00771983.
To:  .
Contact: .

They claim that 'lacoursj' shouldn't be sent until step 3.

I have never been asked to authenticate this way... can asterisk
chan_sip do it?

Cheers,

j
-- 
_

-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at:
https://community.asterisk.org/

New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users





-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] multi step auth?

2018-05-08 Thread Khalil Khamlichi 
try setting the callerid with

same => n,Set(CALLERID(all)=17864089672 <17864089672>)

ofcourse for each customer you will need to provide his own did.


On Tue, May 8, 2018, 8:37 PM Jeff LaCoursiere  wrote:

> Hi,
>
> We have been using Voxbone for some time for origination, and they now
> offer E911 services.  We are trying to set this up and having trouble
> meeting their authentication requirements.
>
> I setup a peer as I normally would, with user/pass as they supplied
> ("lacoursj", "pass"), but my calls are rejected.  Their support is asking
> that I follow this auth mechanism:
>
> 1st step - You send an INVITE message.
> 2nd step - We respond with a 407.
> 3rd step - You send a RE INVITE message including your credentials.
>
>  The tricky bit seems to be that they want the original INVITE to look
> like:
>
> From: ;tag=as00771983.
> To:  .
> Contact: .
>
> The "1786..." above is meant to be the DID number that is placing the 911
> call. Our DID numbers don't have peer or user entries in sip.conf. My peer
> isn't sending that, though, it is sending:
>
> From: ;tag=as00771983.
> To:  .
> Contact: .
>
> They claim that 'lacoursj' shouldn't be sent until step 3.
>
> I have never been asked to authenticate this way... can asterisk chan_sip
> do it?
>
> Cheers,
> j
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at:
> https://community.asterisk.org/
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] multi step auth?

2018-05-08 Thread Jeff LaCoursiere 

Hi,

We have been using Voxbone for some time for origination, and they now 
offer E911 services.  We are trying to set this up and having trouble 
meeting their authentication requirements.


I setup a peer as I normally would, with user/pass as they supplied 
("lacoursj", "pass"), but my calls are rejected.  Their support is 
asking that I follow this auth mechanism:


1st step - You send an INVITE message.
2nd step - We respond with a 407.
3rd step - You send a RE INVITE message including your credentials.

 The tricky bit seems to be that they want the original INVITE to look 
like:


From: ;tag=as00771983.
To: .
Contact: .

The "1786..." above is meant to be the DID number that is placing the 
911 call. Our DID numbers don't have peer or user entries in sip.conf. 
My peer isn't sending that, though, it is sending:


From: ;tag=as00771983.
To: .
Contact: .

They claim that 'lacoursj' shouldn't be sent until step 3.

I have never been asked to authenticate this way... can asterisk 
chan_sip do it?


Cheers,

j
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users