'Re: [SR-Users] uacreg get error on 2nd 401: error uac_reg_tm_callback(): authentication failed'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       serusers
Subject:    Re: [SR-Users] uacreg get error on 2nd 401: error uac_reg_tm_callback(): authentication failed
From:       Алексей Якимкин <ayakimkin () gmail ! com>
Date:       2022-07-15 11:13:12
Message-ID: CA+cY-YvD76+w8xwEPN42jN=1-FkhJ7jaFd+E483UzaBSBdY+xQ () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/related)]

[Attachment #4 (multipart/alternative)]

My provider says the 2nd 401 comes because I used auth_username without
domain part. If I change auth_username to "login@ip.provider.com" they send
401 than 201ok.

чт, 14 июл. 2022 г. в 19:03, Алексей Якимкин \
<ayakimkin@gmail.com>:

> Hello,
> 
> I try to register on provider`s pbx
> 
> version: kamailio 5.7.0-dev0 (x86_64/linux)
> 
> modparam("uac", "reg_db_url", "mysql://kamailio:123@localhost/kamailio")
> modparam("uac", "reg_contact_addr", "1.1.1.1:5060")
> modparam("uac", "reg_retry_interval", 120); # for failed registrations
> modparam("uac", "reg_keep_callid", 1)
> modparam("uac","restore_mode","auto")
> 
> uacreg table:
> 
> +----+---------+------------+-----------+----------------+-----------------+-------+ \
> ----------------+------------------+----------+---------------------+---------+-------+-----------+--------------+------------------+
>  | id | l_uuid  | l_username | l_domain  | r_username     | r_domain
> > realm | auth_username  | auth_password    | auth_ha1 | auth_proxy
> > expires | flags | reg_delay | contact_addr | socket           |
> 
> +----+---------+------------+-----------+----------------+-----------------+-------+ \
> ----------------+------------------+----------+---------------------+---------+-------+-----------+--------------+------------------+
>  |  1 | 1234567 | pbx        | 127.0.0.1 | login | ip.provider.ru   |
> > login | password|          | sip:...com   |     120 |     0 |         0
> > > 10.130.0.23:5060 |
> 
> I see this two 401 replies
> [image: изображение.png]
> 
> 1st REGISTER
> Via: SIP/2.0/UDP 1.1.1.1:5060
> ;branch=z9hG4bK589d.8183f2e6000000000000000000000000.0
> To: <sip:login@ip.provider.com>
> From: <sip:login@ip.provider.com
> > ;tag=f9cf84029bbf24b61836c3d9fef7b7ae-78a2ffe1
> CSeq: 10 REGISTER
> Call-ID: 6818f1b436befce1-21980@10.130.0.23
> Max-Forwards: 70
> Content-Length: 0
> User-Agent: server
> Contact: <sip:1234567@1.1.1.1:5060>
> Expires: 120
> 
> 1st 401
> WWW-Authenticate: Digest algorithm=MD5,realm=".......org",nonce="
> *56806a6f32c49a3afea043c2fa42381f*",domain="sip:......org",qop="auth",
> *stale=FALSE*
> 
> 2nd REGISTER
> Authorization: Digest username="login", realm=".....", nonce="
> *56806a6f32c49a3afea043c2fa42381f*", uri="sip:......com", qop=auth,
> nc=00000001, cnonce="357420659",
> response="6e300c9f7f4d81095f29b5408f8d5191", algorithm=MD5
> 
> 2nd 401
> WWW-Authenticate: Digest algorithm=MD5,realm=".....org",nonce="
> *3b9586f6d31a76e509eb204d8a030415*",domain="sip:.....org",qop="auth",
> *stale=TRUE*
> 
> I think kamailio need to sent 3nd REGISTER with a new nonce, because
> stale=true. But it interrupts register with error:
> 
> Jul 14 18:41:00 opensips kamailio[21936]: 10(21949) DEBUG: {2 11 REGISTER
> 6818f1b436befcf7-21980@10.130.0.23} uac [uac_reg.c:852]:
> uac_reg_tm_callback(): completed with status 401 [uuid: 1234567]
> Jul 14 18:41:00 opensips kamailio[21936]: 10(21949) ERROR: {2 11 REGISTER
> 6818f1b436befcf7-21980@10.130.0.23} uac [uac_reg.c:933]:
> uac_reg_tm_callback(): authentication failed for <1234567>
> 
> Can I get kamailio to send REGISTER after the second 401-reply?
> Can I intercept this REGISTER and 401 in kamailio.conf? Is there any
> examples?
> I know about this instruction
> https://kamailio.org/docs/modules/5.7.x/modules/uac.html :)
> 
> Itried in request_route
> xlog("L_NOTICE", "uac 114411 1 remote fU $fU user [$rU] on [$rd] via [$du]
> $Ri \n");
> if (uac_reg_request_to("$fU", 0)) {
> xlog("L_NOTICE", "uac 114411 Found remote user [$rU] on
> [$rd] via [$du]\n");
> t_on_failure("REMOTE_AUTH");
> 
> #t_relay();
> }
> 
> And failure_route
> failure_route[REMOTE_AUTH] {
> if ($T_reply_code == 401 or $T_reply_code == 407) {
> xlog("L_NOTICE", "uac 114411 Remote asked for
> authentication\n");
> uac_auth();
> }
> }
> 
> but I haven't got logs on register request, 401 reply.
> 
> 
> 
> --
> Best regards,
> Alex
> 
> 

-- 
С уважением,
Якимкин Алексей

[Attachment #7 (text/html)]

<div dir="ltr"><div>My provider says the 2nd 401 comes because I used auth_username \
without domain part. If I change auth_username to &quot;<a \
href="mailto:login@ip.provider.com">login@ip.provider.com</a>&quot; they send 401 \
than 201ok.<br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">чт, 14 июл. 2022 г. в 19:03, Алексей Якимкин \
&lt;<a href="mailto:ayakimkin@gmail.com">ayakimkin@gmail.com</a>&gt;:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div \
dir="ltr"><div>Hello,</div><div><br></div><div>I try to register on provider`s \
pbx</div><div><br></div><div>version: kamailio 5.7.0-dev0 (x86_64/linux) \
<br></div><div><br></div><div>modparam(&quot;uac&quot;, &quot;reg_db_url&quot;, \
&quot;mysql://kamailio:123@localhost/kamailio&quot;)<br>modparam(&quot;uac&quot;, \
&quot;reg_contact_addr&quot;, &quot;<a href="http://1.1.1.1:5060" \
target="_blank">1.1.1.1:5060</a>&quot;)<br>modparam(&quot;uac&quot;, \
&quot;reg_retry_interval&quot;, 120); # for failed \
registrations<br>modparam(&quot;uac&quot;, &quot;reg_keep_callid&quot;, \
1)<br>modparam(&quot;uac&quot;,&quot;restore_mode&quot;,&quot;auto&quot;)</div><div><br></div><div>uacreg \
table:<br></div><div>+----+---------+------------+-----------+----------------+------- \
----------+-------+----------------+------------------+----------+---------------------+---------+-------+-----------+--------------+------------------+<br>| \
id | l_uuid   | l_username | l_domain   | r_username       | r_domain            | \
realm | auth_username   | auth_password      | auth_ha1 | auth_proxy               | \
expires | flags | reg_delay | contact_addr | socket                \
|<br>+----+---------+------------+-----------+----------------+-----------------+----- \
--+----------------+------------------+----------+---------------------+---------+-------+-----------+--------------+------------------+<br>| \
1 | 1234567 | pbx            | 127.0.0.1 | login | <a href="http://ip.provider.ru" \
target="_blank">ip.provider.ru</a>    |          | login | password|               | \
sip:...com    |       120 |       0 |             0 |                     | <a \
href="http://10.130.0.23:5060" target="_blank">10.130.0.23:5060</a> \
|</div><div><br></div><div>I see this two 401 replies <br></div><div><img \
src="cid:ii_l5l6zjcv0" alt="изображение.png" style="margin-right: 0px;" \
width="366" height="137"></div><div><br></div><div>1st REGISTER</div><div>Via: \
SIP/2.0/UDP 1.1.1.1:5060;branch=z9hG4bK589d.8183f2e6000000000000000000000000.0<br>To: \
&lt;<a href="mailto:sip%3Alogin@ip.provider.com" \
target="_blank">sip:login@ip.provider.com</a>&gt;<br>From: &lt;<a \
href="mailto:sip%3Alogin@ip.provider.com" \
target="_blank">sip:login@ip.provider.com</a>&gt;;tag=f9cf84029bbf24b61836c3d9fef7b7ae-78a2ffe1<br>CSeq: \
10 REGISTER<br>Call-ID: <a href="mailto:6818f1b436befce1-21980@10.130.0.23" \
target="_blank">6818f1b436befce1-21980@10.130.0.23</a><br>Max-Forwards: \
70<br>Content-Length: 0<br>User-Agent: server<br>Contact: &lt;<a \
href="http://sip:1234567@1.1.1.1:5060" \
target="_blank">sip:1234567@1.1.1.1:5060</a>&gt;<br>Expires: \
120</div><div><br></div><div>1st 401</div><div>WWW-Authenticate: Digest \
algorithm=MD5,realm=&quot;.......org&quot;,nonce=&quot;<b>56806a6f32c49a3afea043c2fa42 \
381f</b>&quot;,domain=&quot;sip:......org&quot;,qop=&quot;auth&quot;,<b>stale=FALSE</b></div><div><br></div><div>2nd \
REGISTER</div><div>Authorization: Digest username=&quot;login&quot;, \
realm=&quot;.....&quot;, nonce=&quot;<b>56806a6f32c49a3afea043c2fa42381f</b>&quot;, \
uri=&quot;sip:......com&quot;, qop=auth, nc=00000001, cnonce=&quot;357420659&quot;, \
response=&quot;6e300c9f7f4d81095f29b5408f8d5191&quot;, \
algorithm=MD5</div><div><br></div><div>2nd 401</div><div>WWW-Authenticate: Digest \
algorithm=MD5,realm=&quot;.....org&quot;,nonce=&quot;<b>3b9586f6d31a76e509eb204d8a0304 \
15</b>&quot;,domain=&quot;sip:.....org&quot;,qop=&quot;auth&quot;,<b>stale=TRUE</b></div><div><br></div><div>I \
think kamailio need to sent 3nd REGISTER with a new nonce, because stale=true. But it \
interrupts register with error:<br></div><div><br></div><div>Jul 14 18:41:00 opensips \
kamailio[21936]: 10(21949) DEBUG: {2 11 REGISTER <a \
href="mailto:6818f1b436befcf7-21980@10.130.0.23" \
target="_blank">6818f1b436befcf7-21980@10.130.0.23</a>} uac [uac_reg.c:852]: \
uac_reg_tm_callback(): completed with status 401 [uuid: 1234567]<br>Jul 14 18:41:00 \
opensips kamailio[21936]: 10(21949) ERROR: {2 11 REGISTER <a \
href="mailto:6818f1b436befcf7-21980@10.130.0.23" \
target="_blank">6818f1b436befcf7-21980@10.130.0.23</a>} uac [uac_reg.c:933]: \
uac_reg_tm_callback(): authentication failed for \
&lt;1234567&gt;</div><div><br></div><div>Can I get kamailio to send REGISTER after \
the second 401-reply?</div><div>Can I intercept this REGISTER and 401 in \
kamailio.conf? Is there any examples?<br></div><div>I know about this instruction <a \
href="https://kamailio.org/docs/modules/5.7.x/modules/uac.html" \
target="_blank">https://kamailio.org/docs/modules/5.7.x/modules/uac.html</a> \
:)<br></div><div><br></div><div>Itried in \
request_route</div><div>xlog(&quot;L_NOTICE&quot;, &quot;uac 114411 1 remote fU $fU \
user [$rU] on [$rd] via [$du] $Ri \n&quot;);<br>if \
(uac_reg_request_to(&quot;$fU&quot;, 0)) {<br>                        \
xlog(&quot;L_NOTICE&quot;, &quot;uac 114411 Found remote user [$rU] on [$rd] via \
[$du]\n&quot;);<br>                        \
t_on_failure(&quot;REMOTE_AUTH&quot;);<br><br>                        #t_relay();<br> \
}</div><div><br></div><div>And failure_route<br></div><div>failure_route[REMOTE_AUTH] \
{<br>            if ($T_reply_code == 401 or $T_reply_code == 407) {<br>              \
xlog(&quot;L_NOTICE&quot;, &quot;uac 114411 Remote asked for \
authentication\n&quot;);<br>                        uac_auth();<br>            \
}<br>}</div><div><br></div><div>but I haven&#39;t got logs on register request, 401 \
reply.<br></div><div><br></div><div><br></div><div><br></div>-- <br><div \
dir="ltr">Best regards,</div><div>Alex</div><div><br></div></div> \
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" \
class="gmail_signature">С уважением,<br>Якимкин Алексей</div>

["=?UTF-8?B?0LjQt9C+0LHRgNCw0LbQtdC90LjQtS5wbmc=?=" (image/png)]

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[prev in list] [next in list] [prev in thread] [next in thread] 