[OpenSIPS-Users] Cannot get registration to work with v3.2.8??

Bob Atkins bob at digilink.net
Thu Sep 8 07:29:59 UTC 2022 

Iancu,

I'm not sure what the point of this would be. Even if it showed that 
OpenSIPS was calculating incorrectly - then what?

The device registers just fine with both asterisk and OpenSER v1.1 with 
exactly the same parameters.

The device is calculating the response correctly for 2 other systems.

  OpenSIPS is clearly getting it wrong. The question is why? Or even 
how. This is a pretty basic calculation.

---
Bob



On 9/7/2022 11:16 PM, Bogdan-Andrei Iancu wrote:
> Hi Bob,
>
>
> Use the below to double check which party is failing in computing the 
> right auth response.
>
> https://openplatform.xyz/sip_register_digest_authentication.html
>
>
> Regards,
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>    https://www.opensips-solutions.com
> OpenSIPS Summit 27-30 Sept 2022, Athens
>    https://www.opensips.org/events/Summit-2022Athens/
> On 9/7/22 10:46 PM, Bob Atkins wrote:
>> Iancu,
>>
>> Thank you!! You identified the problem. Turns out that I had failed 
>> to add the IP for the OpenSIPS proxy to a firewall that was blocking 
>> the response from this new sip server (facepalm) to the device :-(
>>
>> So, once I fixed the firewall I thought that would be it...  Not my luck.
>>
>> Now it is challenging and /_*rejecting!*_/ The HA1 is failing to 
>> compare! But the passwords are correct!  Now I am really mystified.
>>
>> I created identical DB entries for this unit in both the original 
>> OpenSER system and the OpenSIPS system.
>>
>> Registration to the OpenSER system works perfectly - HA1 validates. 
>> When I change the sip server to the new system, to OpenSIPS system 
>> fails due to mismatched HA1. Whaaa.... ?!?!
>>
>> Mismatched HA1 would imply a password failure but I have absolutely, 
>> positively verified the passwords in both database entries and the 
>> /_*only*_/ thing I change on the device is the sip server. It should 
>> just register on the new system. I have attached packet capture of 
>> the transaction between the device and teh OpenSIPSs system.
>>
>> I have absolutely, positively copied and pasted (no trailing nl or 
>> spaces) and verified that the passwords are the same in both 
>> databases and also the same on the device.
>>
>> OpenSER DB subscriber entery 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> phplib_id 	username 	domain 	password 	first_name 	last_name 	phone 
>> email_address 	datetime_created 	datetime_modified 	confirmation 
>> flag 	sendnotification 	greeting 	ha1 	ha1b 	allow_find 	timezone 
>> rpid 	domn 	uuid 	customerID 	customerName
>> 3105738133 	3105738133 	digilink.net 	XXXXXXXX 	PPC Home 	Fax 
>> 3105738133 	
>> 	7/5/2012 16:36 	11/7/2021 13:58 	
>> 	o 	
>> 	
>> 	
>> 	
>> 	0 	\N 	\N 	\N 	\N 	72 	DigiLink Internet Services
>>
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> OpenSIPS DB subscriber entry 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> 	
>> id 	username 	domain 	password 	cr_preferred_carrier 	first_name 
>> last_name 	phone 	email_address 	datetime_created 	datetime_modified 
>> confirmation 	flag 	sendnotification 	greeting 	allow_find 	timezone 
>> customerID 	customerName 	ha1 	ha1_sha256 	ha1_sha512t256 	rpid
>> 1 	3105738133 	digidial 	XXXXXXXX 	\N 	PPC Home 	Fax 	3105738133 
>> bob at planeparts.com 	7/5/2012 16:36 	11/7/2021 13:58 	
>> 	0 	
>> 	
>> 	
>> 	
>> 	72 	DigiLink Internet Services 	\N
>>
>>
>>
>> Registration code:
>>
>> OpenSER system:
>>
>> modparam("auth_db", "calculate_ha1", yes)
>> modparam("auth_db", "password_column", "password")
>>
>>                 if (method=="REGISTER") {
>>                             #xlog("L_INFO","[$rm][$ft][$tt] 
>> Processing registration");
>>
>>                     if (!www_authorize("digilink.net", "subscriber")) {
>> #xlog("L_INFO","[$rm][$ft][$tt] Challenging peer");
>>                         www_challenge("digilink.net", "0");
>>                         exit;
>>                     };
>>
>>                     xlog("L_INFO","[$rm][$ft][$tt] Registered $fu 
>> from $si");
>>                     save("location");
>>                     exit;
>>                 };
>>
>> ==============
>> OpenSIPS system
>>
>> #### AUTH Db module
>> loadmodule "auth.so"
>> loadmodule "auth_db.so"
>> modparam("auth_db", "calculate_ha1", 1)
>> modparam("auth_db", "use_domain", 1)
>> modparam("auth_db", "user_column", "username")
>> modparam("auth_db", "password_column", "password")
>> modparam("auth_db", "load_credentials", "")
>>
>>
>>         if (is_method("REGISTER")) {
>>             xlog("L_INFO", "REGISTER: [$tu] request from [$si]");
>>             xlog("L_INFO","[$ft][$au]@[$ad] - Processing registration");
>>             xlog("L_INFO", "REGISTER: www_authorize returned 
>> [$var(x)] to authenticate with [$rU]$ru credential");
>>
>>             if (!www_authorize("digilink.net", "subscriber")) {
>>                 xlog("L_INFO","CHALLENGE: [$ft][$tt]");
>>                 www_challenge("digilink.net","auth","MD5");
>>                 exit;
>>             } else {
>>                 xlog("L_ALERT", "REGISTER: URI [$tu][$rU]$ru 
>> credential from [$si] - FAILED!");
>>                 sl_send_reply(403, "Not Authorized!");
>>                 exit;
>>             }
>>
>>             xlog("L_INFO", "REGISTER: URI [$tu] - [$rm][$ft][$tt] 
>> Registered $fu from $si");
>>             save("location");
>>             exit;
>>         }
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20220908/c0b65114/attachment-0001.html>

More information about the Users mailing list