<div dir="ltr"><div><div><div>Hi Muhammad,<br></div>If the users MUST authenticate to Kamailio first,This means that Kamailio should be aware of the SIP users exist in the Asterisk DB to be able to authenticate them and NOT receive 401 Unauthorized error message from Kamailio.<br></div>My question now might be simple but it a point of confusion to me and it is how to tell Kamailio about the SIP users in the Asterisk DB ?!<br></div><br>Best Regards,<br><div><div><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Nov 16, 2014 at 3:01 PM, Muhammad Shahzad <span dir="ltr"><<a href="mailto:shaheryarkh@gmail.com" target="_blank">shaheryarkh@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>This seems to be fine. The user MUST authenticate to Kamailio, only then Kamailio will create REGISTER request that is send to asterisk. That's the key security feature behind the idea.<br><br></div>Look at the register architecture diagram,<br><br><a href="http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb#registration" target="_blank">http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb#registration</a><br><br></div>Thank you.<br><br><br></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Sat, Nov 15, 2014 at 10:31 PM, Mahmoud Ramadan Ali <span dir="ltr"><<a href="mailto:cisco.and.more.blog@gmail.com" target="_blank">cisco.and.more.blog@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr"><div><div><div>Hi Dears,<br></div>I'm trying to configure Kamailio as SBC in multi home mode for Asterisk by authenticating the inbound SIP registration requests,i'm following this tutorial <a href="http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb" target="_blank">http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb</a> to achieve this goal. i have modified the necessary changes like the Asterisk DB URL and the SIP table name and Username and password column and verified the connection.<br><br></div><div>My topology like this <b>Asterisk (192.168.100.10) <span style="color:rgb(255,0,0)"><span style="background-color:rgb(255,255,255)"> <----Internal:192.168.100.1---->Kamailio<---External:192.168.50.1-----> </span></span>SIP Phone (192.168.50.2)</b><br></div>But when trying to register a SIP phone Kamailio does NOT forward the authentication request to Asterisk and sends 401 Unauthorized error message.I've attached my config file if any one wants to check it and thanks in advance.<br></div><div>Best Regards<br></div><div><br><br>U <a href="http://192.168.50.2:37297" target="_blank">192.168.50.2:37297</a> -> <a href="http://192.168.50.1:5060" target="_blank">192.168.50.1:5060</a><br>REGISTER sip:192.168.50.1;transport=UDP SIP/2.0.<br>Via: SIP/2.0/UDP 192.168.50.2:37297;branch=z9hG4bK-d8754z-a46e0c7c9d98fe52-1---d8754z-;rport;transport=UDP.<br>Max-Forwards: 70.<br>Contact: <sip:1001@192.168.50.2:37297;rinstance=1d7c44dbcb8a7a2f;transport=UDP>.<br>To: <<a href="mailto:sip%3A1001@192.168.50.1" target="_blank">sip:1001@192.168.50.1</a>;transport=UDP>.<br>From: <<a href="mailto:sip%3A1001@192.168.50.1" target="_blank">sip:1001@192.168.50.1</a>;transport=UDP>;tag=1d222e19.<br>Call-ID: NTc2NDBjMGQ2YWFmZjdmNWI0MzVmN2Y4NzYyODJlMTc..<br>CSeq: 2 REGISTER.<br>Expires: 70.<br>Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO, SUBSCRIBE.<br>Supported: replaces, norefersub, extended-refer, timer, X-cisco-serviceuri.<br>User-Agent: Z 3.2.21357 r21367.<br>Authorization: Digest username="1001",realm="192.168.50.1",nonce="VGfAuFRnv4wMvoTG7wA9tqYD9fgZDe3D",uri="sip:192.168.50.1;transport=UDP",response="8bbd01d879250585eafee4f510689f73",algorithm=MD5.<br>Allow-Events: presence, kpml.<br>Content-Length: 0.<br>#<br>U <a href="http://192.168.50.1:5060" target="_blank">192.168.50.1:5060</a> -> <a href="http://192.168.50.2:37297" target="_blank">192.168.50.2:37297</a><br>SIP/2.0 401 Unauthorized.<br>Via: SIP/2.0/UDP 192.168.50.2:37297;branch=z9hG4bK-d8754z-a46e0c7c9d98fe52-1---d8754z-;rport=37297;transport=UDP.<br>To: <<a href="mailto:sip%3A1001@192.168.50.1" target="_blank">sip:1001@192.168.50.1</a>;transport=UDP>;tag=b27e1a1d33761e85846fc98f5f3a7e58.fe8b.<br>From: <<a href="mailto:sip%3A1001@192.168.50.1" target="_blank">sip:1001@192.168.50.1</a>;transport=UDP>;tag=1d222e19.<br>Call-ID: NTc2NDBjMGQ2YWFmZjdmNWI0MzVmN2Y4NzYyODJlMTc..<br>CSeq: 2 REGISTER.<br>WWW-Authenticate: Digest realm="192.168.50.1", nonce="VGfAuFRnv4wMvoTG7wA9tqYD9fgZDe3D".<br>Server: kamailio (4.1.6 (i386/linux)).<br>Content-Length: 0.<br></div></div>
<br></div></div>_______________________________________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br></blockquote></div><br></div>
<br>_______________________________________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
<a href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br></blockquote></div><br></div>