Re: [OpenSIPS-Users] Cannot get registration to work with v3.2.8??

Tue, 06 Sep 2022 01:43:39 -0700 

Hi Bob,

The key log is this one:
Aug 30 18:19:05 [17809] DBG:auth:pre_auth: credentials with given realm not found 


Basically OpenSIPS says it does not find the "digilink.net" realm in the 
provided auth header in REGISTER. As a quick experiment, could you use 
the empty string "" for realm (instead of "digilink.net") in the 
www_authorize/challenge() functions ?


Best regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
  https://www.opensips.org/events/Summit-2022Athens/

On 8/31/22 4:31 AM, Bob Atkins wrote:

Hi.

Have been a long time OpenSER user in a production environment.

I managed to convert to OpenSIPS v3.2.8 on a CentOS 7 system and is 
working based on IP authentication however, I just cannot get sip 
registrations to work that used to work fine with OpenSER. I'm using a 
SPA112 running 1.4.1(SR5) as a test device. This device registers just 
fine with Asterisk and OpenSER v1.1 with exactly the same credentials 
but no matter what I have tried it just won't register with OpenSIPS 
v3.2.8.



I am using auth_db and mysql. I have verified that all sql data is 
correct.


I have been banging my head against the screen for hours to no avail.


In reviewing the debug and log output I can clearly see that something 
is wrong because the user name and domain are both <null>?



www_authorize returns [-4] which means (no credentials) - credentials 
were not found in request.



There is no reason why the credentials should not be there - they have 
certainly not been consumed before this point.



This same device registers just fine with /_*exactly *_/the same 
credentials to both OpenSER v1.1 and asterisk servers.



Would be grateful if anyone can shed some light on this because it 
seems to me that something inside auth or auth_db is broken and not 
extracting the registration credentials from the REGISTER message.


This code worked just fine in OpenSER v1.1

if (method=="REGISTER") {
   #xlog("L_INFO","[$rm][$ft][$tt] Processing registration");
   if (!www_authorize("digilink.net", "subscriber")) {
   #xlog("L_INFO","[$rm][$ft][$tt] Challenging peer");
    www_challenge("digilink.net", "0");
    exit;
};

xlog("L_INFO","[$rm][$ft][$tt] Registered $fu from $si");
save("location");
exit;
};

This is the code in the OpenSIPS 3.2.8 config that is failing:

Here are the module loads and various defines:

loadmodule "options.so"
loadmodule "textops.so"
#### SIGNALING module
loadmodule "signaling.so"

#### StateLess module
loadmodule "sl.so"

#### Transaction Module
loadmodule "tm.so"
modparam("tm", "enable_stats", 1)
modparam("tm", "fr_timeout", 9)
modparam("tm", "fr_inv_timeout", 120)
modparam("tm", "restart_fr_on_each_reply", 0)
modparam("tm", "onreply_avp_mode", 1)

#### Record Route Module
loadmodule "rr.so"
/* do not append from tag to the RR */
modparam("rr", "append_fromtag", 1)

loadmodule "uac.so"
#modparam("uac","restore_mode","auto")
modparam("uac","rr_from_store_param","dns_uac_param")
modparam("uac","restore_mode","none")

#### MAX ForWarD module
loadmodule "maxfwd.so"

#### SIP MSG OPerationS module
loadmodule "sipmsgops.so"

#### FIFO Management Interface
loadmodule "mi_fifo.so"
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
modparam("mi_fifo", "fifo_mode", 0666)

#### USeR LOCation module
loadmodule "usrloc.so"
modparam("usrloc", "nat_bflag", "NAT")

modparam("usrloc", "working_mode_preset", 
"single-instance-sql-write-back")

modparam("usrloc", "db_url", "mysql://opensips:??????@localhost/opensips")

loadmodule "nathelper.so"
modparam("nathelper", "received_avp", "$avp(rcv)")
modparam("nathelper", "natping_interval", 30) # Ping interval 30 s

modparam("nathelper", "ping_nated_only", 1)    # Ping only clients 
behind NAT


#### MYSQL module
loadmodule "db_mysql.so"

loadmodule "avpops.so"

#### AUTH Db module
loadmodule "auth.so"
loadmodule "auth_db.so"
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "user_column", "username")
modparam("auth_db", "password_column", "password")
modparam("auth_db", "use_domain", 0)

modparam("auth_db", "db_url", 
"mysql://opensips:??????@localhost/opensips")

modparam("auth_db", "load_credentials", "")

#### REGISTRAR module
loadmodule "registrar.so"
modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT")
modparam("registrar", "min_expires", 120)
modparam("registrar", "max_expires", 3600)
modparam("registrar", "default_expires", 3600)
modparam("registrar", "max_contacts", 5)
modparam("registrar", "received_avp", "$avp(rcv)")

#### Pike DOS protection
loadmodule "pike.so"
modparam("pike", "sampling_time_unit", 3)
modparam("pike", "reqs_density_per_unit", 20)

#### DIALOG module
loadmodule "dialog.so"
modparam("dialog", "dlg_match_mode", 1)
modparam("dialog", "default_timeout", 21600)  # 6 hours timeout
modparam("dialog", "db_mode", 0)
modparam("dialog", "profiles_with_value", "trunkCalls")

#### ACCounting module
loadmodule "acc.so"
/* what special events should be accounted ? */
modparam("acc", "report_cancels", 1)
modparam("acc", "early_media", 1)
/* by default we do not adjust the direct of the sequential requests.
   if you enable this parameter, be sure to enable "append_fromtag"
   in "rr" module */
modparam("acc", "detect_direction", 0)
modparam("acc", "acc_callid_column", "sip_callid")
modparam("acc", "acc_sip_code_column", "sip_status")
modparam("acc", "acc_method_column", "sip_method")
modparam("acc", "acc_to_tag_column", "totag")
modparam("acc", "acc_from_tag_column", "fromtag")

modparam("acc", "extra_fields", "db:sip_from; sip_to; in_uri; out_uri; 
username; from_uri; to_uri; domain; du")

modparam("acc", "db_url", "mysql://opensips:??????@localhost/opensips")
loadmodule "proto_udp.so"

---- [snip] ----

if (is_method("REGISTER")) {
    xlog("L_INFO", "REGISTER: [$tu] request");
    xlog("L_INFO","[$rm][$ft][$tt] Processing registration");

    $var(x)=www_authorize("digilink.net", "subscriber");

    xlog("L_INFO", "REGISTER: www_authorize returned [$var(x)] to 
authenticate with [$rU]$ru credential");

    if (!$var(x)) {
        xlog("L_INFO","[$rm][$ft][$tt] Challenging peer");

        www_challenge("digilink.net", "auth,auth-int", 
"MD5,MD5-sess,SHA-256,SHA-256-sess");

        exit;
    } else {
        xlog("L_ALERT", "REGISTER: URI [$tu] - FAILED");

        xlog("L_ALERT", "REGISTER: URI [$tu] - FAILED! User is not 
authorized to authenticate with [$rU]$ru credential");

        exit;
    }

    xlog("L_INFO", "REGISTER: URI [$tu] - Succeeded");
    xlog("L_INFO","[$rm][$ft][$tt] Registered $fu from $si");
    save("location");
    exit;
}
Debug out shows:

Aug 30 18:19:05 [17809] DBG:core:parse_msg: SIP Request:
Aug 30 18:19:05 [17809] DBG:core:parse_msg:  method: <REGISTER>
Aug 30 18:19:05 [17809] DBG:core:parse_msg:  uri: <sip:23.253.166.155>
Aug 30 18:19:05 [17809] DBG:core:parse_msg:  version: <SIP/2.0>
Aug 30 18:19:05 [17809] DBG:core:parse_headers: flags=ffffffffffffffff

Aug 30 18:19:05 [17809] DBG:core:parse_via_param: found param type 
232, <branch> = <z9hG4bK-18367abe>; state=16

Aug 30 18:19:05 [17809] DBG:core:parse_via: end of header reached, state=5

Aug 30 18:19:05 [17809] DBG:core:parse_headers: via found, 
flags=ffffffffffffffff

Aug 30 18:19:05 [17809] DBG:core:parse_headers: this is the first via

Aug 30 18:19:05 [17809] DBG:core:_parse_to: end of header reached, 
state=10
Aug 30 18:19:05 [17809] DBG:core:_parse_to: display={"PPC Fax"}, 
ruri={sip:[email protected]}
Aug 30 18:19:05 [17809] DBG:core:get_hdr_field: <To> [43]; 
uri=[sip:[email protected]]
Aug 30 18:19:05 [17809] DBG:core:get_hdr_field: to body ["PPC Fax" 
<sip:[email protected]>

]

Aug 30 18:19:05 [17809] DBG:core:get_hdr_field: cseq <CSeq>: <86682> 
<REGISTER>

Aug 30 18:19:05 [17809] DBG:core:get_hdr_field: content_length=0
Aug 30 18:19:05 [17809] DBG:core:get_hdr_field: found end of header
Aug 30 18:19:05 [17809] DBG:core:receive_msg: After parse_msg...

Aug 30 18:19:05 [17809] DBG:core:receive_msg: preparing to run routing 
scripts...
Aug 30 18:19:05 [17809] DBG:pike:mark_node: search on branch 205 
(top=0x7fde48de8f80)

Aug 30 18:19:05 [17809] DBG:pike:mark_node: only first 1 were matched!

Aug 30 18:19:05 [17809] DBG:pike:pike_check_req: src IP 
[205.147.62.19],node=0x7fde48de8f80; hits=[3,1],[0,0] node_flags=2 
func_flags=8

Aug 30 18:19:05 [17809] DBG:maxfwd:is_maxfwd_present: value = 70
Aug 30 18:19:05 [17809] DBG:core:parse_to_param: tag=1584d16f8a45809ao1

Aug 30 18:19:05 [17809] DBG:core:parse_to_param: end of header 
reached, state=11
Aug 30 18:19:05 [17809] DBG:core:_parse_to: end of header reached, 
state=29
Aug 30 18:19:05 [17809] DBG:core:_parse_to: display={"PPC Fax"}, 
ruri={sip:[email protected]}
Aug 30 18:19:05 [17809] SIP message size: 572 bytesAug 30 18:19:05 
[17809] DBG:core:comp_scriptvar: int 27: 572 / 2048

Aug 30 18:19:05 [17809] DBG:core:parse_headers: flags=78
Aug 30 18:19:05 [17809] DBG:core:parse_headers: flags=200
Aug 30 18:19:05 [17809] DBG:rr:find_first_route: No Route headers found
Aug 30 18:19:05 [17809] DBG:rr:loose_route: There is no Route HF
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19

Aug 30 18:19:05 [17809] Unknown source [205.147.62.19]: 
[sip:[email protected]] request

Aug 30 18:19:05 [17809] DBG:core:parse_headers: flags=ffffffffffffffff

Aug 30 18:19:05 [17809] DBG:core:parse_params: Parsing params 
for:[expires=300]
Aug 30 18:19:05 [17809] REGISTER: [sip:[email protected]] 
request from sip:23.253.166.155 at 205.147.62.19

Aug 30 18:19:05 [17809] DBG:core:parse_headers: flags=14000

Aug 30 18:19:05 [17809] DBG:core:pv_get_authattr: no 
[Proxy-]Authorization header

Aug 30 18:19:05 [17809] DBG:core:parse_headers: flags=14000

Aug 30 18:19:05 [17809] DBG:core:pv_get_authattr: no 
[Proxy-]Authorization header
Aug 30 18:19:05 [17809] 
[REGISTER][1584d16f8a45809ao1][<null>]@[<null>] - Processing registration

Aug 30 18:19:05 [17809] DBG:core:parse_headers: flags=4000

Aug 30 18:19:05 [17809] DBG:auth:pre_auth: credentials with given 
realm not found
Aug 30 18:19:05 [17809] REGISTER: www_authorize returned [-4] to 
authenticate with [<null>]sip:23.253.166.155 credential
Aug 30 18:19:05 [17809] REGISTER: URI [sip:[email protected]] 
- FAILEDAug 30 18:19:05 [17809] REGISTER: URI 
[sip:[email protected]] - FAILED! User is not authorized to 
authenticate with [<null>]sip:23.253.166.155 credential

Aug 30 18:19:05 [17809] DBG:core:destroy_avp_list: destroying list (nil)
Aug 30 18:19:05 [17809] DBG:core:receive_msg: cleaning up


----



Thank you,
Bob


_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users






















					Reply via email to