<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
there is a limitation of uac_auth() mentioned in the readme of uac
module. Perhaps asterisk doesn't accept the follow up request with
credentials having the same cseq value.<br>
<br>
You should just configure asterisk to allow traffic from kamailio
based on ip address, without username/password authentication.<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<div class="moz-cite-prefix">On 16/04/14 09:19, neumann wrote:<br>
</div>
<blockquote
cite="mid:223F0572-4F41-435D-B3FE-FD41AD7D363E@gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div>
<div>Hi all sorry for my english!</div>
<div>Iam trying to authenticate as uac on 3rd party
server(Asterisk).</div>
<div>Kamailio get 401, send next invite with DIGEST but Asterisk
send 401 again(((</div>
<div>Asterisk don’t write in log what auth is failed.</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div>115.600045 xxx.xxx.xxx.xxx -> yyy.yyy.yyy.yyy SIP/SDP
1093 Request: INVITE <a moz-do-not-send="true"
href="sip:321321231@xxx.xxx.xxx.xxx">sip:321321231@xxx.xxx.xxx.xxx</a>,
with session description</div>
<div>115.601818 yyy.yyy.yyy.yyy -> xxx.xxx.xxx.xxx SIP 674
Status: 401 Unauthorized</div>
<div>115.602470 xxx.xxx.xxx.xxx -> yyy.yyy.yyy.yyy SIP 389
Request: ACK <a moz-do-not-send="true"
href="sip:321321231@xxx.xxx.xxx.xxx">sip:321321231@xxx.xxx.xxx.xxx</a></div>
<div>115.604310 xxx.xxx.xxx.xxx -> yyy.yyy.yyy.yyy SIP/SDP
1267 Request: INVITE <a moz-do-not-send="true"
href="sip:321321231@xxx.xxx.xxx.xxx">sip:321321231@xxx.xxx.xxx.xxx</a>,
with session description</div>
<div>115.605537 yyy.yyy.yyy.yyy -> xxx.xxx.xxx.xxx SIP 674
Status: 401 Unauthorized</div>
<div>115.606431 xxx.xxx.xxx.xxx -> yyy.yyy.yyy.yyy SIP 389
Request: ACK <a moz-do-not-send="true"
href="sip:321321231@xxx.xxx.xxx.xxx">sip:321321231@xxx.xxx.xxx.xxx</a></div>
</div>
<div><br>
</div>
<div>My aster peer:</div>
<div><br>
</div>
<div>
<div>[kamailio]</div>
<div>type=peer</div>
<div>defaultuser=kamailio</div>
<div>secret=1234</div>
<div>host=dynamic</div>
<div>disallow=all</div>
<div>allow=alaw</div>
<div>nat=no</div>
<div>qualify=yes</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>My kamailio config:</div>
<div><br>
</div>
<div><br>
</div>
<div>modparam("uac","auth_username_avp","$avp(s:uac_user)")</div>
<div>modparam("uac","auth_password_avp","$avp(s:uac_pass)")</div>
<div>modparam("uac","auth_realm_avp","$avp(s:uac_realm)")</div>
</div>
<div><br>
</div>
<div>route[DISPATCH_OUT] {</div>
<div>
<div> if(!ds_select_dst( 4, 8)){</div>
<div> send_reply("404", "No destination");</div>
<div> exit;</div>
<div> }</div>
<div> t_set_fr(0,2000);</div>
<div> t_on_failure("RTF_DISPATCH_OUT");</div>
<div> t_relay();</div>
<div> exit;</div>
<div>}</div>
</div>
<div><br>
</div>
<div>failure_route[RTF_DISPATCH_OUT] {</div>
<div> if (t_is_canceled()) {</div>
<div> exit;</div>
<div> }</div>
<div><br>
</div>
<div> <span class="Apple-tab-span" style="white-space:pre"> </span>if
( t_check_status("401|407") ) {</div>
<div> <span class="Apple-tab-span" style="white-space:pre">
</span>$avp(s:uac_user) = "kamailio";</div>
<div> <span class="Apple-tab-span" style="white-space:pre">
</span>$avp(s:uac_pass) = "1234";</div>
<div> <span class="Apple-tab-span" style="white-space:pre">
</span>$avp(s:uac_realm) = "asterisk";</div>
<div> </div>
<div> <span class="Apple-tab-span" style="white-space:pre">
</span>if (isflagset(7)) {</div>
<div> <span class="Apple-tab-span"
style="white-space:pre"> </span>t_reply("513","Authentication
failed");</div>
<div> <span class="Apple-tab-span"
style="white-space:pre"> </span>xlog("L_INFO", "[%ci]: Remote
authentication failed\n");</div>
<div> <span class="Apple-tab-span"
style="white-space:pre"> </span>break;</div>
<div> <span class="Apple-tab-span" style="white-space:pre">
</span> }</div>
<div><br>
</div>
<div> <span class="Apple-tab-span" style="white-space:pre">
</span>if (uac_auth()) {</div>
<div> <span class="Apple-tab-span"
style="white-space:pre"> </span>xlog("L_INFO", "401/407
message recived");</div>
<div> <span class="Apple-tab-span"
style="white-space:pre"> </span># mark that auth was
performed</div>
<div> <span class="Apple-tab-span"
style="white-space:pre"> </span>setflag(7);</div>
<div> <span class="Apple-tab-span"
style="white-space:pre"> </span># trigger again the failure
route</div>
<div> <span class="Apple-tab-span"
style="white-space:pre"> </span>t_on_failure("RTF_DISPATCH_OUT");</div>
<div> <span class="Apple-tab-span"
style="white-space:pre"> </span># repeat the request with
auth response this time</div>
<div> <span class="Apple-tab-span"
style="white-space:pre"> </span>append_branch();</div>
<div> <span class="Apple-tab-span"
style="white-space:pre"> </span>#t_relay_to_udp("94.25.100.198","5060");</div>
<div> <span class="Apple-tab-span"
style="white-space:pre"> </span>t_relay();</div>
<div> <span class="Apple-tab-span"
style="white-space:pre"> </span>break;</div>
<div> <span class="Apple-tab-span" style="white-space:pre">
</span> } else {</div>
<div> <span class="Apple-tab-span"
style="white-space:pre"> </span>xlog("L_INFO", "uac_auth
filed!!!!!!!!!!!");</div>
<div> <span class="Apple-tab-span" style="white-space:pre">
</span>}</div>
<div> <span class="Apple-tab-span" style="white-space:pre">
</span>t_reply("514","Unknow authentication peer");</div>
<div> <span class="Apple-tab-span" style="white-space:pre">
</span>xlog("L_INFO", "[%ci]: Unknown authentication peer.\n");</div>
<div> <span class="Apple-tab-span" style="white-space:pre">
</span>break;</div>
<div> <span class="Apple-tab-span" style="white-space:pre"> </span>}</div>
<div><br>
</div>
<div> <span class="Apple-tab-span" style="white-space:pre">
</span> # next DST - only for 500 or local timeout</div>
<div> <span class="Apple-tab-span" style="white-space:pre">
</span>if (t_check_status("500") or t_check_status("480") or
(t_branch_timeout() and !t_branch_replied())){</div>
<div> <span class="Apple-tab-span" style="white-space:pre">
</span>ds_mark_dst("p");</div>
<div> if(ds_next_dst()){</div>
<div> t_set_fr(0,2000);</div>
<div> t_on_failure("RTF_DISPATCH_OUT");</div>
<div> route(RELAY);</div>
<div> exit;</div>
<div> }</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div style="color: rgb(0, 0, 0); letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap:
break-word; -webkit-nbsp-mode: space; -webkit-line-break:
after-white-space;">————————————<br>
<br>
Timofeev Dmitry<br>
VoIP Engineer<br>
Linux, Asterisk, Freeswitch, Cisco solutions<br>
Skype: itsroot<br>
icq: 227227933<br>
<br>
<br>
</div>
</div>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla - <a class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>
<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a></pre>
</body>
</html>