Hi Iñaki, have you check with ngrep if the second REGISTER (with the same nonce) is by chance a retransmission of the first one ? maybe everuthing is ok, you just have retransmissions and they generated the nonce re-used problem.
Regards, Bogdan Sergio Gutierrez wrote: > Hello Iñaki. > > Thanks for your answer. > > I am facing the problem both with Grandstream HT-487 and with Zoiper > softphone. > > Thanks and regards. > > Sergio. > > On Wed, Jun 10, 2009 at 4:12 PM, Iñaki Baz Castillo <[email protected] > <mailto:[email protected]>> wrote: > > El Miércoles, 10 de Junio de 2009, Sergio Gutierrez escribió: > > Hello to all members. > > > > I am running OpenSIPS 1.5.1 with MySQL authentication and > authorization > > backend; after some minutes of running, I am getting the > following error in > > log: > > > > Jun 10 16:00:55 [25744] DBG:auth:reserve_nonce_index: second= 13, > > sec_monit= 1, index= 5 > > Jun 10 16:00:55 [25744] DBG:auth:build_auth_hf: nonce index= 5 > > Jun 10 16:00:55 [25744] DBG:auth:build_auth_hf: > 'Proxy-Authenticate: Digest > > realm="200.13.225.250", > > nonce="4a2f928500000005acf87663581a317e2716f2ae64017424" > > Jun 10 16:00:55 [25744] DBG:auth:check_nonce: comparing > > [4a2f928500000005acf87663581a317e2716f2ae64017424] and > > [4a2f928500000005acf87663581a317e2716f2ae64017424] > > Jun 10 16:00:55 [25744] DBG:auth:post_auth: nonce index= 5 > > Jun 10 16:00:55 [25744] DBG:auth:check_nonce: comparing > > [4a2f928500000005acf87663581a317e2716f2ae64017424] and > > [4a2f928500000005acf87663581a317e2716f2ae64017424] > > Jun 10 16:00:55 [25744] DBG:auth:post_auth: nonce index= 5 > > Jun 10 16:00:55 [25744] DBG:auth:is_nonce_index_valid: nonce > already used > > Jun 10 16:00:55 [25744] DBG:auth:post_auth: nonce index not valid > > > > With this, calls fail as I am checking authorization at INVITE. > Register > > works without any problem. > > > > Any hint on this? > > It means that, even if the digest response is valid, it's has been > already > used (most probably by the same UA). This is configurable in > OpenSIPS: you can > set OpenSIPS to allow multiple usage of same digest response or not. > > Usually, a SIP device sends a request, receives a challenge, > generates the > digest response and resends the same requests with credentials. > The next time the device sends a request, it directly adds the > previous > credentials. The server can accept it (since it's valid and hasn't > yet expires > in the server) or can refuse it by replying 401/407 with a new > digest nonce. > Then the UA should generate a new request containing credentials > according to > this nonce. > > Your UA seems not to do it. Which phone are you using? > > > > > -- > Iñaki Baz Castillo <[email protected] <mailto:[email protected]>> > > _______________________________________________ > Users mailing list > [email protected] <mailto:[email protected]> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > -- > Sergio Gutiérrez > ------------------------------------------------------------------------ > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
