[prev in list] [next in list] [prev in thread] [next in thread]
List: serusers
Subject: Re: [SR-Users] uacreg get error on 2nd 401: error uac_reg_tm_callback(): authentication failed
From: Алексей Якимкин <ayakimkin () gmail ! com>
Date: 2022-07-15 11:13:12
Message-ID: CA+cY-YvD76+w8xwEPN42jN=1-FkhJ7jaFd+E483UzaBSBdY+xQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/related)]
[Attachment #4 (multipart/alternative)]
My provider says the 2nd 401 comes because I used auth_username without
domain part. If I change auth_username to "login@ip.provider.com" they send
401 than 201ok.
чт, 14 июл. 2022 г. в 19:03, Алексей Якимкин \
<ayakimkin@gmail.com>:
> Hello,
>
> I try to register on provider`s pbx
>
> version: kamailio 5.7.0-dev0 (x86_64/linux)
>
> modparam("uac", "reg_db_url", "mysql://kamailio:123@localhost/kamailio")
> modparam("uac", "reg_contact_addr", "1.1.1.1:5060")
> modparam("uac", "reg_retry_interval", 120); # for failed registrations
> modparam("uac", "reg_keep_callid", 1)
> modparam("uac","restore_mode","auto")
>
> uacreg table:
>
> +----+---------+------------+-----------+----------------+-----------------+-------+ \
> ----------------+------------------+----------+---------------------+---------+-------+-----------+--------------+------------------+
> | id | l_uuid | l_username | l_domain | r_username | r_domain
> > realm | auth_username | auth_password | auth_ha1 | auth_proxy
> > expires | flags | reg_delay | contact_addr | socket |
>
> +----+---------+------------+-----------+----------------+-----------------+-------+ \
> ----------------+------------------+----------+---------------------+---------+-------+-----------+--------------+------------------+
> | 1 | 1234567 | pbx | 127.0.0.1 | login | ip.provider.ru |
> > login | password| | sip:...com | 120 | 0 | 0
> > > 10.130.0.23:5060 |
>
> I see this two 401 replies
> [image: изображение.png]
>
> 1st REGISTER
> Via: SIP/2.0/UDP 1.1.1.1:5060
> ;branch=z9hG4bK589d.8183f2e6000000000000000000000000.0
> To: <sip:login@ip.provider.com>
> From: <sip:login@ip.provider.com
> > ;tag=f9cf84029bbf24b61836c3d9fef7b7ae-78a2ffe1
> CSeq: 10 REGISTER
> Call-ID: 6818f1b436befce1-21980@10.130.0.23
> Max-Forwards: 70
> Content-Length: 0
> User-Agent: server
> Contact: <sip:1234567@1.1.1.1:5060>
> Expires: 120
>
> 1st 401
> WWW-Authenticate: Digest algorithm=MD5,realm=".......org",nonce="
> *56806a6f32c49a3afea043c2fa42381f*",domain="sip:......org",qop="auth",
> *stale=FALSE*
>
> 2nd REGISTER
> Authorization: Digest username="login", realm=".....", nonce="
> *56806a6f32c49a3afea043c2fa42381f*", uri="sip:......com", qop=auth,
> nc=00000001, cnonce="357420659",
> response="6e300c9f7f4d81095f29b5408f8d5191", algorithm=MD5
>
> 2nd 401
> WWW-Authenticate: Digest algorithm=MD5,realm=".....org",nonce="
> *3b9586f6d31a76e509eb204d8a030415*",domain="sip:.....org",qop="auth",
> *stale=TRUE*
>
> I think kamailio need to sent 3nd REGISTER with a new nonce, because
> stale=true. But it interrupts register with error:
>
> Jul 14 18:41:00 opensips kamailio[21936]: 10(21949) DEBUG: {2 11 REGISTER
> 6818f1b436befcf7-21980@10.130.0.23} uac [uac_reg.c:852]:
> uac_reg_tm_callback(): completed with status 401 [uuid: 1234567]
> Jul 14 18:41:00 opensips kamailio[21936]: 10(21949) ERROR: {2 11 REGISTER
> 6818f1b436befcf7-21980@10.130.0.23} uac [uac_reg.c:933]:
> uac_reg_tm_callback(): authentication failed for <1234567>
>
> Can I get kamailio to send REGISTER after the second 401-reply?
> Can I intercept this REGISTER and 401 in kamailio.conf? Is there any
> examples?
> I know about this instruction
> https://kamailio.org/docs/modules/5.7.x/modules/uac.html :)
>
> Itried in request_route
> xlog("L_NOTICE", "uac 114411 1 remote fU $fU user [$rU] on [$rd] via [$du]
> $Ri \n");
> if (uac_reg_request_to("$fU", 0)) {
> xlog("L_NOTICE", "uac 114411 Found remote user [$rU] on
> [$rd] via [$du]\n");
> t_on_failure("REMOTE_AUTH");
>
> #t_relay();
> }
>
> And failure_route
> failure_route[REMOTE_AUTH] {
> if ($T_reply_code == 401 or $T_reply_code == 407) {
> xlog("L_NOTICE", "uac 114411 Remote asked for
> authentication\n");
> uac_auth();
> }
> }
>
> but I haven't got logs on register request, 401 reply.
>
>
>
> --
> Best regards,
> Alex
>
>
--
С уважением,
Якимкин Алексей
[Attachment #7 (text/html)]
<div dir="ltr"><div>My provider says the 2nd 401 comes because I used auth_username \
without domain part. If I change auth_username to "<a \
href="mailto:login@ip.provider.com">login@ip.provider.com</a>" they send 401 \
than 201ok.<br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">чт, 14 июл. 2022 г. в 19:03, Алексей Якимкин \
<<a href="mailto:ayakimkin@gmail.com">ayakimkin@gmail.com</a>>:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div \
dir="ltr"><div>Hello,</div><div><br></div><div>I try to register on provider`s \
pbx</div><div><br></div><div>version: kamailio 5.7.0-dev0 (x86_64/linux) \
<br></div><div><br></div><div>modparam("uac", "reg_db_url", \
"mysql://kamailio:123@localhost/kamailio")<br>modparam("uac", \
"reg_contact_addr", "<a href="http://1.1.1.1:5060" \
target="_blank">1.1.1.1:5060</a>")<br>modparam("uac", \
"reg_retry_interval", 120); # for failed \
registrations<br>modparam("uac", "reg_keep_callid", \
1)<br>modparam("uac","restore_mode","auto")</div><div><br></div><div>uacreg \
table:<br></div><div>+----+---------+------------+-----------+----------------+------- \
----------+-------+----------------+------------------+----------+---------------------+---------+-------+-----------+--------------+------------------+<br>| \
id | l_uuid | l_username | l_domain | r_username | r_domain | \
realm | auth_username | auth_password | auth_ha1 | auth_proxy | \
expires | flags | reg_delay | contact_addr | socket \
|<br>+----+---------+------------+-----------+----------------+-----------------+----- \
--+----------------+------------------+----------+---------------------+---------+-------+-----------+--------------+------------------+<br>| \
1 | 1234567 | pbx | 127.0.0.1 | login | <a href="http://ip.provider.ru" \
target="_blank">ip.provider.ru</a> | | login | password| | \
sip:...com | 120 | 0 | 0 | | <a \
href="http://10.130.0.23:5060" target="_blank">10.130.0.23:5060</a> \
|</div><div><br></div><div>I see this two 401 replies <br></div><div><img \
src="cid:ii_l5l6zjcv0" alt="изображение.png" style="margin-right: 0px;" \
width="366" height="137"></div><div><br></div><div>1st REGISTER</div><div>Via: \
SIP/2.0/UDP 1.1.1.1:5060;branch=z9hG4bK589d.8183f2e6000000000000000000000000.0<br>To: \
<<a href="mailto:sip%3Alogin@ip.provider.com" \
target="_blank">sip:login@ip.provider.com</a>><br>From: <<a \
href="mailto:sip%3Alogin@ip.provider.com" \
target="_blank">sip:login@ip.provider.com</a>>;tag=f9cf84029bbf24b61836c3d9fef7b7ae-78a2ffe1<br>CSeq: \
10 REGISTER<br>Call-ID: <a href="mailto:6818f1b436befce1-21980@10.130.0.23" \
target="_blank">6818f1b436befce1-21980@10.130.0.23</a><br>Max-Forwards: \
70<br>Content-Length: 0<br>User-Agent: server<br>Contact: <<a \
href="http://sip:1234567@1.1.1.1:5060" \
target="_blank">sip:1234567@1.1.1.1:5060</a>><br>Expires: \
120</div><div><br></div><div>1st 401</div><div>WWW-Authenticate: Digest \
algorithm=MD5,realm=".......org",nonce="<b>56806a6f32c49a3afea043c2fa42 \
381f</b>",domain="sip:......org",qop="auth",<b>stale=FALSE</b></div><div><br></div><div>2nd \
REGISTER</div><div>Authorization: Digest username="login", \
realm=".....", nonce="<b>56806a6f32c49a3afea043c2fa42381f</b>", \
uri="sip:......com", qop=auth, nc=00000001, cnonce="357420659", \
response="6e300c9f7f4d81095f29b5408f8d5191", \
algorithm=MD5</div><div><br></div><div>2nd 401</div><div>WWW-Authenticate: Digest \
algorithm=MD5,realm=".....org",nonce="<b>3b9586f6d31a76e509eb204d8a0304 \
15</b>",domain="sip:.....org",qop="auth",<b>stale=TRUE</b></div><div><br></div><div>I \
think kamailio need to sent 3nd REGISTER with a new nonce, because stale=true. But it \
interrupts register with error:<br></div><div><br></div><div>Jul 14 18:41:00 opensips \
kamailio[21936]: 10(21949) DEBUG: {2 11 REGISTER <a \
href="mailto:6818f1b436befcf7-21980@10.130.0.23" \
target="_blank">6818f1b436befcf7-21980@10.130.0.23</a>} uac [uac_reg.c:852]: \
uac_reg_tm_callback(): completed with status 401 [uuid: 1234567]<br>Jul 14 18:41:00 \
opensips kamailio[21936]: 10(21949) ERROR: {2 11 REGISTER <a \
href="mailto:6818f1b436befcf7-21980@10.130.0.23" \
target="_blank">6818f1b436befcf7-21980@10.130.0.23</a>} uac [uac_reg.c:933]: \
uac_reg_tm_callback(): authentication failed for \
<1234567></div><div><br></div><div>Can I get kamailio to send REGISTER after \
the second 401-reply?</div><div>Can I intercept this REGISTER and 401 in \
kamailio.conf? Is there any examples?<br></div><div>I know about this instruction <a \
href="https://kamailio.org/docs/modules/5.7.x/modules/uac.html" \
target="_blank">https://kamailio.org/docs/modules/5.7.x/modules/uac.html</a> \
:)<br></div><div><br></div><div>Itried in \
request_route</div><div>xlog("L_NOTICE", "uac 114411 1 remote fU $fU \
user [$rU] on [$rd] via [$du] $Ri \n");<br>if \
(uac_reg_request_to("$fU", 0)) {<br> \
xlog("L_NOTICE", "uac 114411 Found remote user [$rU] on [$rd] via \
[$du]\n");<br> \
t_on_failure("REMOTE_AUTH");<br><br> #t_relay();<br> \
}</div><div><br></div><div>And failure_route<br></div><div>failure_route[REMOTE_AUTH] \
{<br> if ($T_reply_code == 401 or $T_reply_code == 407) {<br> \
xlog("L_NOTICE", "uac 114411 Remote asked for \
authentication\n");<br> uac_auth();<br> \
}<br>}</div><div><br></div><div>but I haven't got logs on register request, 401 \
reply.<br></div><div><br></div><div><br></div><div><br></div>-- <br><div \
dir="ltr">Best regards,</div><div>Alex</div><div><br></div></div> \
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" \
class="gmail_signature">С уважением,<br>Якимкин Алексей</div>
["=?UTF-8?B?0LjQt9C+0LHRgNCw0LbQtdC90LjQtS5wbmc=?=" (image/png)]
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic