Hi Bob,
Use the below to double check which party is failing in computing the
right auth response.
https://openplatform.xyz/sip_register_digest_authentication.html
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
https://www.opensips.org/events/Summit-2022Athens/
On 9/7/22 10:46 PM, Bob Atkins wrote:
Iancu,
Thank you!! You identified the problem. Turns out that I had failed to
add the IP for the OpenSIPS proxy to a firewall that was blocking the
response from this new sip server (facepalm) to the device :-(
So, once I fixed the firewall I thought that would be it... Not my luck.
Now it is challenging and /_*rejecting!*_/ The HA1 is failing to
compare! But the passwords are correct! Now I am really mystified.
I created identical DB entries for this unit in both the original
OpenSER system and the OpenSIPS system.
Registration to the OpenSER system works perfectly - HA1 validates.
When I change the sip server to the new system, to OpenSIPS system
fails due to mismatched HA1. Whaaa.... ?!?!
Mismatched HA1 would imply a password failure but I have absolutely,
positively verified the passwords in both database entries and the
/_*only*_/ thing I change on the device is the sip server. It should
just register on the new system. I have attached packet capture of the
transaction between the device and teh OpenSIPSs system.
I have absolutely, positively copied and pasted (no trailing nl or
spaces) and verified that the passwords are the same in both databases
and also the same on the device.
OpenSER DB subscriber entery
phplib_id username domain password first_name last_name phone
email_address datetime_created datetime_modified confirmation flag
sendnotification greeting ha1 ha1b allow_find timezone rpid
domn uuid customerID customerName
3105738133 3105738133 digilink.net XXXXXXXX PPC Home Fax
3105738133
7/5/2012 16:36 11/7/2021 13:58
o
0 \N \N \N \N 72 DigiLink Internet
Services
OpenSIPS DB subscriber entry
id username domain password cr_preferred_carrier first_name
last_name phone email_address datetime_created datetime_modified
confirmation flag sendnotification greeting allow_find timezone
customerID customerName ha1 ha1_sha256 ha1_sha512t256 rpid
1 3105738133 digidial XXXXXXXX \N PPC Home Fax 3105738133
[email protected] 7/5/2012 16:36 11/7/2021 13:58
0
72 DigiLink Internet Services \N
Registration code:
OpenSER system:
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
if (method=="REGISTER") {
#xlog("L_INFO","[$rm][$ft][$tt] Processing
registration");
if (!www_authorize("digilink.net", "subscriber")) {
#xlog("L_INFO","[$rm][$ft][$tt]
Challenging peer");
www_challenge("digilink.net", "0");
exit;
};
xlog("L_INFO","[$rm][$ft][$tt] Registered $fu from
$si");
save("location");
exit;
};
==============
OpenSIPS system
#### AUTH Db module
loadmodule "auth.so"
loadmodule "auth_db.so"
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "use_domain", 1)
modparam("auth_db", "user_column", "username")
modparam("auth_db", "password_column", "password")
modparam("auth_db", "load_credentials", "")
if (is_method("REGISTER")) {
xlog("L_INFO", "REGISTER: [$tu] request from [$si]");
xlog("L_INFO","[$ft][$au]@[$ad] - Processing registration");
xlog("L_INFO", "REGISTER: www_authorize returned [$var(x)]
to authenticate with [$rU]$ru credential");
if (!www_authorize("digilink.net", "subscriber")) {
xlog("L_INFO","CHALLENGE: [$ft][$tt]");
www_challenge("digilink.net","auth","MD5");
exit;
} else {
xlog("L_ALERT", "REGISTER: URI [$tu][$rU]$ru
credential from [$si] - FAILED!");
sl_send_reply(403, "Not Authorized!");
exit;
}
xlog("L_INFO", "REGISTER: URI [$tu] - [$rm][$ft][$tt]
Registered $fu from $si");
save("location");
exit;
}
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
