[OpenSER-Users] Proxy Authorization - Two Digests

Bogdan-Andrei Iancu bogdan at voice-system.ro
Wed Apr 23 15:46:25 CEST 2008


Hi Ash,

I guess you first need to decide where you want to have the 
authentication done - either on openser, either on asterisk. But it 
should be a single place.

Regards,
Bogdan

Ash Rah wrote:
> Hello,
>
> I am trying to make a design like below to work.
>
> X-Lite ----- OpenSER ----- Asterisk ----->(PSTN Calls)
>
> X-Lite registers with OpenSer and PSTN calls are routed through Asterisk 
> from OpenSER. When a call is sent to Asterisk, Asterisk tries to 
> authenticate the user on X-Lite. I maintain same username and password 
> for both OpenSER and Asterisk.
>
> Now when an INVITE from X-Lite hits OpenSER, it goes through the 
> following script and is asked for Proxy Authorization:
>
> if (!proxy_authorize("","subscriber")) {
>                         proxy_challenge("","0");
>                         exit;
> }
>
> When I dial a PSTN number from X-Lite, X-Lite at some point, ends up 
> sending two Digests (one for OpenSER and one for Atserisk) in same 
> INVITE but gets stuck with Proxy Authorization failure (from OpenSER). 
> If I take off the above proxy_authorize section from OpenSER script, 
> everything works fine.
>
> Can anyone suggest a solution to this.
>
> Thanks in advance.
>
>
>
> U 2008/04/23 13:28:42.314669 110.110.110.110:26986 -> 120.120.120.120:5060
> INVITE sip:6048484848484 at sip.dummydomain.com SIP/2.0.
> Via: SIP/2.0/UDP 
> 172.16.40.14:26986;branch=z9hG4bK-d87543-886860777744b40e-1--d87543-;rport.
> Max-Forwards: 70.
> Contact: <sip:1274229212 at 110.110.110.110:26986>.
> To: "6048484848484"<sip:6048484848484 at sip.dummydomain.com>.
> From: "1274229212"<sip:1274229212 at sip.dummydomain.com>;tag=7d74b26b.
> Call-ID: ZjIyNDQzOWIxZTM2MWJjMTgzNmE1YWE3ZDY1M2RjZWE..
> CSeq: 3 INVITE.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, 
> SUBSCRIBE, INFO.
> Content-Type: application/sdp.
> Proxy-Authorization: Digest 
> username="1274229212",realm="asterisk",nonce="01d3972c",uri="sip:6048484848484 at sip.dummydomain.com",response="ff9058f8ea89c55d0b110d4eccf27e9c",algorithm=MD5.
> Proxy-Authorization: Digest 
> username="1274229212",realm="sip.dummydomain.com",nonce="480ee655da312e1c8f977cae40a747d26f7e9c5f",uri="sip:6048484848484 at sip.dummydomain.com",response="361700cce632c00ff70ede5e5126c6ac",algo
> rithm=MD5.
> User-Agent: X-Lite release 1011s stamp 41150.
> Content-Length: 333.
> .
> v=0.
> o=- 9 2 IN IP4 172.16.40.14.
> s=CounterPath X-Lite 3.0.
> c=IN IP4 172.16.40.14.
> t=0 0.
> m=audio 45136 RTP/AVP 0 101.
> a=alt:1 3 : gpvy8HMY JXNZYRF+ 172.16.40.14 45136.
> a=alt:2 2 : 8S3XPC3M 6q9Z76Pq 192.168.38.1 45136.
> a=alt:3 1 : rISpUdBc PRYZ7B/8 192.168.23.1 45136.
> a=fmtp:101 0-15.
> a=rtpmap:101 telephone-event/8000.
> a=sendrecv.
>
>
> U 2008/04/23 13:28:42.314910 120.120.120.120:5060 -> 110.110.110.110:26986
> SIP/2.0 407 Proxy Authentication Required.
> Via: SIP/2.0/UDP 
> 172.16.40.14:26986;branch=z9hG4bK-d87543-886860777744b40e-1--d87543-;rport=26986;received=110.110.110.110.
> To: 
> "6048484848484"<sip:6048484848484 at sip.dummydomain.com>;tag=058e81974577b8ca6a831d36c0f6fe25.d85d.
> From: "1274229212"<sip:1274229212 at sip.dummydomain.com>;tag=7d74b26b.
> Call-ID: ZjIyNDQzOWIxZTM2MWJjMTgzNmE1YWE3ZDY1M2RjZWE..
> CSeq: 3 INVITE.
> Proxy-Authenticate: Digest realm="sip.dummydomain.com", 
> nonce="480ee6560e7141c28e990448575d0918ce86a82d".
> Server: OpenSER (1.3.1-notls (i386/linux)).
> Content-Length: 0.
>
> _______________________________________________
> Users mailing list
> Users at lists.openser.org
> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>
>   





More information about the Users mailing list