I have it working, authenticating in Kamailio. And just works. But there is a farm with lots of Asterisk and i was looking for an easy way to do not modify secret= and permit= on every Asterisk Machine... Thats why i was looking for that..
2016-03-31 10:55 GMT+02:00 Marrold <[email protected]>: > Why not just authenticate on Kamailio in that case? > > Also, be aware that the Authorization Username ($au) is included in SIP > digest authentication. $au and $fu aren't necessarily the same, but on > most end points the default is to use the same value for both. If you > manipulate $fu or $au it may cause auth issues. > > On Thu, Mar 31, 2016 at 9:49 AM, Alberto Sagredo < > [email protected]> wrote: > >> Hi Marrold. I want to authenticate user on Kamailio but want Asterisk to >> see them registered with kamailio ip as contact. >> >> I making also some manipulations in $fu as users are different >> (emp_xxx_ext) in kamailio than in Asterisk xxx_ext >> >> Thanks >> >> 2016-03-31 10:48 GMT+02:00 Marrold <[email protected]>: >> >>> Why not just relay the registration messages to Asterisk itself? What's >>> the use case? >>> >>> Cheers >>> >>> On Thu, Mar 31, 2016 at 9:34 AM, Alberto Sagredo < >>> [email protected]> wrote: >>> >>>> Hi >>>> >>>> Im trying to modify example for Asterisk/Kamailio integration that >>>> miconda did, and trying to handle Forwarded register to Asterisk in an >>>> authenticated way instead removing secret in asterisk. >>>> >>>> I have made this changes >>>> >>>> >>>> route[REGFWD] { >>>> >>>> if(!is_method("REGISTER")) >>>> >>>> { >>>> >>>> return; >>>> >>>> } >>>> >>>> >>>> >>>> $var(rip) = $var(astip); >>>> >>>> $uac_req(method)="REGISTER"; >>>> >>>> $uac_req(ruri)="sip:" + $var(rip) + ":" + $var(astport); >>>> >>>> $uac_req(furi)="sip:" + $(au{s.substr,8,0}) + "@" + $var(rip); >>>> >>>> $uac_req(turi)="sip:" + $(au{s.substr,8,0}) + "@" + $var(rip); >>>> >>>> $uac_req(hdrs)="Contact: <sip:" + $au + "@" >>>> >>>> + $sel(cfg_get.kamailio.bindip) >>>> >>>> + ":" + $sel(cfg_get.kamailio.bindport) >>>> + ">\r\n"; >>>> >>>> if($sel(contact.expires) != $null) >>>> >>>> $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + >>>> $sel(contact.expires) + "\r\n"; >>>> >>>> else >>>> >>>> $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + >>>> $hdr(Expires) + "\r\n"; >>>> >>>> >>>> xlog("Dentro de REGFWD"); >>>> >>>> >>>> t_on_failure("REG_AST"); >>>> >>>> >>>> uac_req_send(); >>>> >>>> >>>> } >>>> >>>> >>>> >>>> >>>> failure_route[REG_AST] { >>>> >>>> >>>> if (t_is_canceled()) { >>>> >>>> exit; >>>> >>>> } >>>> >>>> >>>> xlog("Dentro de REG AST"); >>>> >>>> >>>> if(t_check_status("401|407")) { >>>> >>>> xlog("Dentro de 401"); >>>> >>>> $avp(auser) = "test"; >>>> >>>> $avp(apass) = "test"; >>>> >>>> uac_auth(); >>>> >>>> t_relay(); >>>> >>>> exit; >>>> >>>> } >>>> >>>> } >>>> >>>> >>>> What i see on traces: >>>> >>>> >>>> U x.x.x..240:5060 -> x.x.x..56:5060 >>>> >>>> REGISTER sip:x.x.x.56:5060 SIP/2.0. >>>> >>>> Via: SIP/2.0/UDP >>>> x.x.x.240;branch=z9hG4bKfb46.a47535d4000000000000000000000000.0. >>>> >>>> To: <sip:[email protected]>. >>>> >>>> From: <sip:[email protected]>;tag=533cb9e91f4b999cf76861cbb9ed54ed-6a4f. >>>> >>>> CSeq: 10 REGISTER. >>>> >>>> Call-ID: [email protected]. >>>> >>>> Max-Forwards: 70. >>>> >>>> Content-Length: 0. >>>> >>>> User-Agent: ANY. >>>> >>>> Contact: <sip:[email protected]:5060>. >>>> >>>> Expires: 3600. >>>> >>>> . >>>> >>>> >>>> # >>>> >>>> U x.x.x.56:5060 -> x.x.x..240:5060 >>>> >>>> SIP/2.0 401 Unauthorized. >>>> >>>> Via: SIP/2.0/UDP x.x.x..240 >>>> ;branch=z9hG4bKfb46.a47535d4000000000000000000000000.0;received= >>>> x.x.x..240;rport=5060. >>>> >>>> From: <sip:[email protected]>;tag=533cb9e91f4b999cf76861cbb9ed54ed-6a4f. >>>> >>>> To: <sip:[email protected]>;tag=as62b47138. >>>> >>>> Call-ID: [email protected]. >>>> >>>> CSeq: 10 REGISTER. >>>> >>>> Server: FPBX-2.11.0(11.17.1). >>>> >>>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, >>>> INFO, PUBLISH, MESSAGE. >>>> >>>> Supported: replaces, timer. >>>> >>>> WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", >>>> nonce="59e39692". >>>> >>>> Content-Length: 0. >>>> >>>> . >>>> >>>> >>>> But Kamailio is not sending authentication . >>>> >>>> Any idea what could be wrong? Or any tip to do what i try. >>>> >>>> The idea is that a sip endpoint register with authentication on >>>> kamailio and it sends register with authentication to asterisk. >>>> >>>> Thanks in advance >>>> >>>> >>>> >>>> _______________________________________________ >>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >>>> [email protected] >>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users >>>> >>>> >>> >>> _______________________________________________ >>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >>> [email protected] >>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users >>> >>> >> >> _______________________________________________ >> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >> [email protected] >> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users >> >> > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > [email protected] > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > >
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list [email protected] http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
