[OpenSER-Users] Proxy Authorization - Two Digests

Ash Rah ash at droshta.net
Thu Apr 24 00:55:32 CEST 2008


Unfortunately I need to authenticate in both places. Any suggestion will 
be greatly appreciated.

Bogdan-Andrei Iancu wrote:
> Hi Ash,
>
> I guess you first need to decide where you want to have the 
> authentication done - either on openser, either on asterisk. But it 
> should be a single place.
>
> Regards,
> Bogdan
>
> Ash Rah wrote:
>> Hello,
>>
>> I am trying to make a design like below to work.
>>
>> X-Lite ----- OpenSER ----- Asterisk ----->(PSTN Calls)
>>
>> X-Lite registers with OpenSer and PSTN calls are routed through 
>> Asterisk from OpenSER. When a call is sent to Asterisk, Asterisk 
>> tries to authenticate the user on X-Lite. I maintain same username 
>> and password for both OpenSER and Asterisk.
>>
>> Now when an INVITE from X-Lite hits OpenSER, it goes through the 
>> following script and is asked for Proxy Authorization:
>>
>> if (!proxy_authorize("","subscriber")) {
>>                         proxy_challenge("","0");
>>                         exit;
>> }
>>
>> When I dial a PSTN number from X-Lite, X-Lite at some point, ends up 
>> sending two Digests (one for OpenSER and one for Atserisk) in same 
>> INVITE but gets stuck with Proxy Authorization failure (from 
>> OpenSER). If I take off the above proxy_authorize section from 
>> OpenSER script, everything works fine.
>>
>> Can anyone suggest a solution to this.
>>
>> Thanks in advance.
>>
>>
>>
>> U 2008/04/23 13:28:42.314669 110.110.110.110:26986 -> 
>> 120.120.120.120:5060
>> INVITE sip:6048484848484 at sip.dummydomain.com SIP/2.0.
>> Via: SIP/2.0/UDP 
>> 172.16.40.14:26986;branch=z9hG4bK-d87543-886860777744b40e-1--d87543-;rport. 
>>
>> Max-Forwards: 70.
>> Contact: <sip:1274229212 at 110.110.110.110:26986>.
>> To: "6048484848484"<sip:6048484848484 at sip.dummydomain.com>.
>> From: "1274229212"<sip:1274229212 at sip.dummydomain.com>;tag=7d74b26b.
>> Call-ID: ZjIyNDQzOWIxZTM2MWJjMTgzNmE1YWE3ZDY1M2RjZWE..
>> CSeq: 3 INVITE.
>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, 
>> SUBSCRIBE, INFO.
>> Content-Type: application/sdp.
>> Proxy-Authorization: Digest 
>> username="1274229212",realm="asterisk",nonce="01d3972c",uri="sip:6048484848484 at sip.dummydomain.com",response="ff9058f8ea89c55d0b110d4eccf27e9c",algorithm=MD5. 
>>
>> Proxy-Authorization: Digest 
>> username="1274229212",realm="sip.dummydomain.com",nonce="480ee655da312e1c8f977cae40a747d26f7e9c5f",uri="sip:6048484848484 at sip.dummydomain.com",response="361700cce632c00ff70ede5e5126c6ac",algo 
>>
>> rithm=MD5.
>> User-Agent: X-Lite release 1011s stamp 41150.
>> Content-Length: 333.
>> .
>> v=0.
>> o=- 9 2 IN IP4 172.16.40.14.
>> s=CounterPath X-Lite 3.0.
>> c=IN IP4 172.16.40.14.
>> t=0 0.
>> m=audio 45136 RTP/AVP 0 101.
>> a=alt:1 3 : gpvy8HMY JXNZYRF+ 172.16.40.14 45136.
>> a=alt:2 2 : 8S3XPC3M 6q9Z76Pq 192.168.38.1 45136.
>> a=alt:3 1 : rISpUdBc PRYZ7B/8 192.168.23.1 45136.
>> a=fmtp:101 0-15.
>> a=rtpmap:101 telephone-event/8000.
>> a=sendrecv.
>>
>>
>> U 2008/04/23 13:28:42.314910 120.120.120.120:5060 -> 
>> 110.110.110.110:26986
>> SIP/2.0 407 Proxy Authentication Required.
>> Via: SIP/2.0/UDP 
>> 172.16.40.14:26986;branch=z9hG4bK-d87543-886860777744b40e-1--d87543-;rport=26986;received=110.110.110.110. 
>>
>> To: 
>> "6048484848484"<sip:6048484848484 at sip.dummydomain.com>;tag=058e81974577b8ca6a831d36c0f6fe25.d85d. 
>>
>> From: "1274229212"<sip:1274229212 at sip.dummydomain.com>;tag=7d74b26b.
>> Call-ID: ZjIyNDQzOWIxZTM2MWJjMTgzNmE1YWE3ZDY1M2RjZWE..
>> CSeq: 3 INVITE.
>> Proxy-Authenticate: Digest realm="sip.dummydomain.com", 
>> nonce="480ee6560e7141c28e990448575d0918ce86a82d".
>> Server: OpenSER (1.3.1-notls (i386/linux)).
>> Content-Length: 0.
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.openser.org
>> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>>
>>   
>
>
>





More information about the Users mailing list