[OpenSIPS-Users] Cannot get registration to work with v3.2.8??

Bogdan-Andrei Iancu bogdan at opensips.org
Thu Sep 8 06:16:54 UTC 2022 

Hi Bob,


Use the below to double check which party is failing in computing the 
right auth response.

https://openplatform.xyz/sip_register_digest_authentication.html


Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
   https://www.opensips.org/events/Summit-2022Athens/

On 9/7/22 10:46 PM, Bob Atkins wrote:
> Iancu,
>
> Thank you!! You identified the problem. Turns out that I had failed to 
> add the IP for the OpenSIPS proxy to a firewall that was blocking the 
> response from this new sip server (facepalm) to the device :-(
>
> So, once I fixed the firewall I thought that would be it...  Not my luck.
>
> Now it is challenging and /_*rejecting!*_/ The HA1 is failing to 
> compare! But the passwords are correct!  Now I am really mystified.
>
> I created identical DB entries for this unit in both the original 
> OpenSER system and the OpenSIPS system.
>
> Registration to the OpenSER system works perfectly - HA1 validates. 
> When I change the sip server to the new system, to OpenSIPS system 
> fails due to mismatched HA1. Whaaa.... ?!?!
>
> Mismatched HA1 would imply a password failure but I have absolutely, 
> positively verified the passwords in both database entries and the 
> /_*only*_/ thing I change on the device is the sip server. It should 
> just register on the new system. I have attached packet capture of the 
> transaction between the device and teh OpenSIPSs system.
>
> I have absolutely, positively copied and pasted (no trailing nl or 
> spaces) and verified that the passwords are the same in both databases 
> and also the same on the device.
>
> OpenSER DB subscriber entery 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> phplib_id 	username 	domain 	password 	first_name 	last_name 	phone 
> email_address 	datetime_created 	datetime_modified 	confirmation 	flag 
> 	sendnotification 	greeting 	ha1 	ha1b 	allow_find 	timezone 	rpid 
> domn 	uuid 	customerID 	customerName
> 3105738133 	3105738133 	digilink.net 	XXXXXXXX 	PPC Home 	Fax 
> 3105738133 	
> 	7/5/2012 16:36 	11/7/2021 13:58 	
> 	o 	
> 	
> 	
> 	
> 	0 	\N 	\N 	\N 	\N 	72 	DigiLink Internet Services
>
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> OpenSIPS DB subscriber entry 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> 	
> id 	username 	domain 	password 	cr_preferred_carrier 	first_name 
> last_name 	phone 	email_address 	datetime_created 	datetime_modified 
> confirmation 	flag 	sendnotification 	greeting 	allow_find 	timezone 
> customerID 	customerName 	ha1 	ha1_sha256 	ha1_sha512t256 	rpid
> 1 	3105738133 	digidial 	XXXXXXXX 	\N 	PPC Home 	Fax 	3105738133 
> bob at planeparts.com 	7/5/2012 16:36 	11/7/2021 13:58 	
> 	0 	
> 	
> 	
> 	
> 	72 	DigiLink Internet Services 	\N
>
>
>
> Registration code:
>
> OpenSER system:
>
> modparam("auth_db", "calculate_ha1", yes)
> modparam("auth_db", "password_column", "password")
>
>                 if (method=="REGISTER") {
>                             #xlog("L_INFO","[$rm][$ft][$tt] Processing 
> registration");
>
>                     if (!www_authorize("digilink.net", "subscriber")) {
>                                 #xlog("L_INFO","[$rm][$ft][$tt] 
> Challenging peer");
>                         www_challenge("digilink.net", "0");
>                         exit;
>                     };
>
>                     xlog("L_INFO","[$rm][$ft][$tt] Registered $fu from 
> $si");
>                     save("location");
>                     exit;
>                 };
>
> ==============
> OpenSIPS system
>
> #### AUTH Db module
> loadmodule "auth.so"
> loadmodule "auth_db.so"
> modparam("auth_db", "calculate_ha1", 1)
> modparam("auth_db", "use_domain", 1)
> modparam("auth_db", "user_column", "username")
> modparam("auth_db", "password_column", "password")
> modparam("auth_db", "load_credentials", "")
>
>
>         if (is_method("REGISTER")) {
>             xlog("L_INFO", "REGISTER: [$tu] request from [$si]");
>             xlog("L_INFO","[$ft][$au]@[$ad] - Processing registration");
>             xlog("L_INFO", "REGISTER: www_authorize returned [$var(x)] 
> to authenticate with [$rU]$ru credential");
>
>             if (!www_authorize("digilink.net", "subscriber")) {
>                 xlog("L_INFO","CHALLENGE: [$ft][$tt]");
>                 www_challenge("digilink.net","auth","MD5");
>                 exit;
>             } else {
>                 xlog("L_ALERT", "REGISTER: URI [$tu][$rU]$ru 
> credential from [$si] - FAILED!");
>                 sl_send_reply(403, "Not Authorized!");
>                 exit;
>             }
>
>             xlog("L_INFO", "REGISTER: URI [$tu] - [$rm][$ft][$tt] 
> Registered $fu from $si");
>             save("location");
>             exit;
>         }
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20220908/42e9cbe8/attachment.html>

More information about the Users mailing list