[SR-Users] uac_auth problem
Daniel-Constantin Mierla
miconda at gmail.com
Wed Apr 16 13:06:13 CEST 2014
Hello,
there is a limitation of uac_auth() mentioned in the readme of uac
module. Perhaps asterisk doesn't accept the follow up request with
credentials having the same cseq value.
You should just configure asterisk to allow traffic from kamailio based
on ip address, without username/password authentication.
Cheers,
Daniel
On 16/04/14 09:19, neumann wrote:
> Hi all sorry for my english!
> Iam trying to authenticate as uac on 3rd party server(Asterisk).
> Kamailio get 401, send next invite with DIGEST but Asterisk send 401
> again(((
> Asterisk don’t write in log what auth is failed.
>
>
> 115.600045 xxx.xxx.xxx.xxx -> yyy.yyy.yyy.yyy SIP/SDP 1093 Request:
> INVITE sip:321321231 at xxx.xxx.xxx.xxx, with session description
> 115.601818 yyy.yyy.yyy.yyy -> xxx.xxx.xxx.xxx SIP 674 Status: 401
> Unauthorized
> 115.602470 xxx.xxx.xxx.xxx -> yyy.yyy.yyy.yyy SIP 389 Request: ACK
> sip:321321231 at xxx.xxx.xxx.xxx
> 115.604310 xxx.xxx.xxx.xxx -> yyy.yyy.yyy.yyy SIP/SDP 1267 Request:
> INVITE sip:321321231 at xxx.xxx.xxx.xxx, with session description
> 115.605537 yyy.yyy.yyy.yyy -> xxx.xxx.xxx.xxx SIP 674 Status: 401
> Unauthorized
> 115.606431 xxx.xxx.xxx.xxx -> yyy.yyy.yyy.yyy SIP 389 Request: ACK
> sip:321321231 at xxx.xxx.xxx.xxx
>
> My aster peer:
>
> [kamailio]
> type=peer
> defaultuser=kamailio
> secret=1234
> host=dynamic
> disallow=all
> allow=alaw
> nat=no
> qualify=yes
>
>
>
> My kamailio config:
>
>
> modparam("uac","auth_username_avp","$avp(s:uac_user)")
> modparam("uac","auth_password_avp","$avp(s:uac_pass)")
> modparam("uac","auth_realm_avp","$avp(s:uac_realm)")
>
> route[DISPATCH_OUT] {
> if(!ds_select_dst( 4, 8)){
> send_reply("404", "No destination");
> exit;
> }
> t_set_fr(0,2000);
> t_on_failure("RTF_DISPATCH_OUT");
> t_relay();
> exit;
> }
>
> failure_route[RTF_DISPATCH_OUT] {
> if (t_is_canceled()) {
> exit;
> }
>
> if ( t_check_status("401|407") ) {
> $avp(s:uac_user) = "kamailio";
> $avp(s:uac_pass) = "1234";
> $avp(s:uac_realm) = "asterisk";
> if (isflagset(7)) {
> t_reply("513","Authentication failed");
> xlog("L_INFO", "[%ci]: Remote authentication failed\n");
> break;
> }
>
> if (uac_auth()) {
> xlog("L_INFO", "401/407 message recived");
> # mark that auth was performed
> setflag(7);
> # trigger again the failure route
> t_on_failure("RTF_DISPATCH_OUT");
> # repeat the request with auth response this time
> append_branch();
> #t_relay_to_udp("94.25.100.198","5060");
> t_relay();
> break;
> } else {
> xlog("L_INFO", "uac_auth filed!!!!!!!!!!!");
> }
> t_reply("514","Unknow authentication peer");
> xlog("L_INFO", "[%ci]: Unknown authentication peer.\n");
> break;
> }
>
> # next DST - only for 500 or local timeout
> if (t_check_status("500") or t_check_status("480") or
> (t_branch_timeout() and !t_branch_replied())){
> ds_mark_dst("p");
> if(ds_next_dst()){
> t_set_fr(0,2000);
> t_on_failure("RTF_DISPATCH_OUT");
> route(RELAY);
> exit;
> }
> }
> }
>
>
>
> ————————————
>
> Timofeev Dmitry
> VoIP Engineer
> Linux, Asterisk, Freeswitch, Cisco solutions
> Skype: itsroot
> icq: 227227933
>
>
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140416/1af2265a/attachment.html>
More information about the sr-users
mailing list