Hi Mohamed,

Thanks again for being patient and helpful in helping me to do the integration between Kamailio and Asterisk ! but i have two questions for you friend.

1.What is the $retcode variable and how to make use of it because i read about it and can NOT get the exact idea about its function ?

2.If we need to insert the $retcode variable to get the error code generated by the AUTH route to know the root cause of the problem so can i ask you to do that for me ?! i know it might seem to be ridiculous from your perspective but NOT from mine ! i do NOT have experience with scripting.I've attached my configuration file and i will be thankful to you Mohamed if you changed it by adding the variable so i can test again and feedback.
Thanks in advance.


On Tue, Nov 18, 2014 at 3:26 PM, Muhammad Shahzad <shaheryarkh@gmail.com> wrote:
OK, there are two parts of the setup.

1. SIP user registers on Kamailio.
2. Kamailio registers on Asterisk (using SIP user credentials).

As long as part 1 is not done, part 2 will not work. So lets break down the problem, first just forget part 2 and try to register SIP user on kamailio. Why it fails? There may be many reason, e.g.

a). bad username,
b). bad password,
c). bad realm,
d). expired or stale nonce
and so on..

The easiest way to identify what is causing this failure is edit your config, go to route[AUTH] block and in inside IF block of auth_check print the value of $retcode variable using xlog. After save, exit (config file), restart kamailio and attempt to register again, look at kamailio logs in syslog facility local0 (/var/log/syslog in debian / ubuntu or /var/log/message in centos / redhat). If the value of $retcode variable is printed, then compare it with this list of error codes,

http://kamailio.org/docs/modules/4.2.x/modules/auth_db.html#idp89440

This should tell you what is wrong where? Fix that and only after that you need to worry about asterisk side.

Thank you.


On Tue, Nov 18, 2014 at 3:20 AM, Mahmoud Ramadan Ali <cisco.and.more.blog@gmail.com> wrote:
Hi Mohamed,
Thank you for your interest in helping me,I've configured the the auth_db module with the Asterisk DB URL and the SIP username and password table name and verified the MYSQL remote connection from Kamailio to the Asterisk DB and get connected as predicted.

I tried to register a phone after applying the changes and Kamailio forwarded the register request to Asterisk only once and without successful authentication ! now i didn't change anything in the configuration file and can NOT get any registration requests forwarded from Kamailio to Asterisk and get only events on Kamailio that it can NOT register the incoming registration request like this.

root@debian:/usr/local/etc/kamailio# ngrep -W byline -d eth1 port 5060
U 192.168.50.2:50886 -> 192.168.50.1:5060
REGISTER sip:192.168.50.1 SIP/2.0.
Via: SIP/2.0/UDP 192.168.50.2:50886;branch=z9hG4bK-d8754z-cb65023b979d0a36-1---d8754z-;rport.
Max-Forwards: 70.
Contact: <sip:1001@192.168.50.2:50886;rinstance=8000799665fa4b54>.
To: "Mahmoud Ramadan Ali"<sip:1001@192.168.50.1>.
From: "Mahmoud Ramadan Ali"<sip:1001@192.168.50.1>;tag=9f381b5f.
Call-ID: MzcxNzYwMmUyN2E0M2FkMWRmOTI0ZjNkMjJmNWNhYTc.
CSeq: 2 REGISTER.
Expires: 3600.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO.
User-Agent: X-Lite 4.7.1 74247--W6.1.
Authorization: Digest username="1001",realm="192.168.50.1",nonce="VGqbxVRqmpngschsiE6AuMiOfCS/MIp7",uri="sip:192.168.50.1",response="1788f6b9cfc322b863a93c91f3b623dc",algorithm=MD5.
Content-Length: 0.
#
U 192.168.50.1:5060 -> 192.168.50.2:50886
SIP/2.0 401 Unauthorized.
Via: SIP/2.0/UDP 192.168.50.2:50886;branch=z9hG4bK-d8754z-cb65023b979d0a36-1---d8754z-;rport=50886.
To: "Mahmoud Ramadan Ali"<sip:1001@192.168.50.1>;tag=b27e1a1d33761e85846fc98f5f3a7e58.0bcb.
From: "Mahmoud Ramadan Ali"<sip:1001@192.168.50.1>;tag=9f381b5f.
Call-ID: MzcxNzYwMmUyN2E0M2FkMWRmOTI0ZjNkMjJmNWNhYTc.
CSeq: 2 REGISTER.
WWW-Authenticate: Digest realm="192.168.50.1", nonce="VGqbxVRqmpngschsiE6AuMiOfCS/MIp7".
Server: kamailio (4.1.6 (i386/linux)).
Content-Length: 0.

But when using the Ngrep command on Asterisk to capture traffic on port 5050 or even 5060 i get no thing ! other troubleshooting steps i followed including :
1.Verfiying the Mysql connection from Kamailio and the account tabe name and SIP username / password column.

root@debian:/usr/local/etc/kamailio# mysql -u sipuser -h 192.168.100.10 -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 149
Server version: 5.1.73 Source distribution

Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> use asterisk;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> SELECT * FROM sip;
+------+------------------+---------------------------------+-------+
| id   | keyword          | data                            | flags |
+------+------------------+---------------------------------+-------+
| 1001 | pickupgroup      |                                 |    22 |
| 1001 | callgroup        |                                 |    21 |
| 1001 | encryption       | no                              |    20 |
| 1001 | icesupport       | no                              |    19 |
| 1001 | force_avp        | no                              |    18 |
| 1001 | avpf             | no                              |    17 |
| 1001 | transport        | udp,tcp,tls                     |    16 |
| 1001 | qualifyfreq      | 60                              |    15 |
| 1001 | qualify          | yes                             |    14 |
| 1001 | port             | 5050                            |    13 |
| 1001 | nat              | no                              |    12 |
| 1001 | type             | friend                          |    11 |
| 1001 | sendrpid         | no                              |    10 |
| 1001 | trustrpid        | yes                             |     9 |
| 1001 | host             | dynamic                         |     8 |
| 1001 | context          | from-internal                   |     7 |
| 1001 | canreinvite      | no                              |     6 |
| 1001 | dtmfmode         | rfc2833                         |     5 |
| 1001 | secret           | 1001secret                      |     4 |
| 1001 | secret_origional | 1001secret                      |     3 |
| 1001 | sipdriver        | chan_sip                        |     2 |
| 1001 | dial             | SIP/1001                        |    25 |
| 1002 | pickupgroup      |                                 |    22 |
| 1002 | callgroup        |                                 |    21 |
| 1002 | encryption       | no                              |    20 |
| 1002 | icesupport       | no                              |    19 |
| 1002 | force_avp        | no                              |    18 |
| 1002 | avpf             | no                              |    17 |
| 1002 | transport        | udp,tcp,tls                     |    16 |
| 1002 | qualifyfreq      | 60                              |    15 |
| 1002 | qualify          | yes                             |    14 |
| 1002 | port             | 5060                            |    13 |
| 1002 | nat              | no                              |    12 |
| 1002 | type             | friend                          |    11 |
| 1002 | sendrpid         | no                              |    10 |
| 1002 | trustrpid        | yes                             |     9 |
| 1002 | host             | dynamic                         |     8 |
| 1002 | context          | from-internal                   |     7 |
| 1002 | canreinvite      | no                              |     6 |
| 1002 | dtmfmode         | rfc2833                         |     5 |
| 1002 | secret           | 1002secret                      |     4 |
| 1002 | secret_origional | 1002secret                      |     3 |
| 1002 | sipdriver        | chan_sip                        |     2 |
| 1002 | dial             | SIP/1002                        |    25 |
| 1002 | disallow         |                                 |    23 |
| 1002 | allow            |                                 |    24 |
| 1002 | accountcode      |                                 |    26 |
| 1002 | mailbox          | 1002@device                     |    27 |
| 1002 | deny             | 0.0.0.0/0.0.0.0                 |    28 |
| 1002 | permit           | 0.0.0.0/0.0.0.0                 |    29 |
| 1002 | account          | 1002                            |    30 |
| 1002 | callerid         | Ahmed Ramadan's Device <1002>   |    31 |
| 1001 | disallow         |                                 |    23 |
| 1001 | allow            |                                 |    24 |
| 1001 | accountcode      |                                 |    26 |
| 1001 | mailbox          | 1001@device                     |    27 |
| 1001 | deny             | 0.0.0.0/0.0.0.0                 |    28 |
| 1001 | permit           | 0.0.0.0/0.0.0.0                 |    29 |
| 1001 | account          | 1001                            |    30 |
| 1001 | callerid         | Mahmoud Ramadan's Device <1001> |    31 |
+------+------------------+---------------------------------+-------+
60 rows in set (0.00 sec)
 
2.Verifying that Asterisk can listen at 5050 which is the same Asterisk port configured on Kamailio.

[root@Asterisk VM 01 ~]# asterisk -r
Asterisk 11.13.1, Copyright (C) 1999 - 2013 Digium, Inc. and others.
Created by Mark Spencer <markster@digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'core show license' for details.
=========================================================================
Connected to Asterisk 11.13.1 currently running on Asterisk VM 01 (pid = 2456)
Asterisk VM 01*CLI> sip show settings


Global Settings:
----------------
  UDP Bindaddress:        0.0.0.0:5050

I know it is a long message but i wanted to give you all the INFO you might need also I've attached my configuration file so you can check it.Thank you Mohamed for your assistance.

On Sun, Nov 16, 2014 at 8:25 PM, Muhammad Shahzad <shaheryarkh@gmail.com> wrote:
Because both kamailio and asterisk use the same db table for authentication, see the auth_db module parameters in kamailio config.

The REGISTER request from sip user is authenticated by kamailio using auth_db module and upon success kamailio generates REGISTER request back to asterisk (using the credentials sent by sip user for authentication with kamailio), this request is now authenticated by asterisk using realtime sip users interface.

Thank you.



On Sun, Nov 16, 2014 at 2:53 PM, Mahmoud Ramadan Ali <cisco.and.more.blog@gmail.com> wrote:
Hi Muhammad,
If the users MUST authenticate to Kamailio first,This means that Kamailio should be aware of the SIP users exist in the Asterisk DB to be able to authenticate them and NOT receive 401 Unauthorized error message from Kamailio.
My question now might be simple but it a point of confusion to me and it is how to tell Kamailio about the SIP users in the Asterisk DB ?!

Best Regards,


On Sun, Nov 16, 2014 at 3:01 PM, Muhammad Shahzad <shaheryarkh@gmail.com> wrote:
This seems to be fine. The user MUST authenticate to Kamailio, only then Kamailio will create REGISTER request that is send to asterisk. That's the key security feature behind the idea.

Look at the register architecture diagram,

http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb#registration

Thank you.



On Sat, Nov 15, 2014 at 10:31 PM, Mahmoud Ramadan Ali <cisco.and.more.blog@gmail.com> wrote:
Hi Dears,
I'm trying to configure Kamailio as SBC in multi home mode for Asterisk by authenticating the inbound SIP registration requests,i'm following this tutorial http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb  to achieve this goal. i have modified the necessary changes like the Asterisk DB URL and the SIP table name and Username and password column and verified the connection.

My topology like this Asterisk (192.168.100.10)  <----Internal:192.168.100.1---->Kamailio<---External:192.168.50.1-----> SIP Phone (192.168.50.2)
But when trying to register a SIP phone Kamailio does NOT forward the authentication request to Asterisk and sends 401 Unauthorized error message.I've attached my config file if any one wants to check it and thanks in advance.
Best Regards


U 192.168.50.2:37297 -> 192.168.50.1:5060
REGISTER sip:192.168.50.1;transport=UDP SIP/2.0.
Via: SIP/2.0/UDP 192.168.50.2:37297;branch=z9hG4bK-d8754z-a46e0c7c9d98fe52-1---d8754z-;rport;transport=UDP.
Max-Forwards: 70.
Contact: <sip:1001@192.168.50.2:37297;rinstance=1d7c44dbcb8a7a2f;transport=UDP>.
To: <sip:1001@192.168.50.1;transport=UDP>.
From: <sip:1001@192.168.50.1;transport=UDP>;tag=1d222e19.
Call-ID: NTc2NDBjMGQ2YWFmZjdmNWI0MzVmN2Y4NzYyODJlMTc..
CSeq: 2 REGISTER.
Expires: 70.
Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO, SUBSCRIBE.
Supported: replaces, norefersub, extended-refer, timer, X-cisco-serviceuri.
User-Agent: Z 3.2.21357 r21367.
Authorization: Digest username="1001",realm="192.168.50.1",nonce="VGfAuFRnv4wMvoTG7wA9tqYD9fgZDe3D",uri="sip:192.168.50.1;transport=UDP",response="8bbd01d879250585eafee4f510689f73",algorithm=MD5.
Allow-Events: presence, kpml.
Content-Length: 0.
#
U 192.168.50.1:5060 -> 192.168.50.2:37297
SIP/2.0 401 Unauthorized.
Via: SIP/2.0/UDP 192.168.50.2:37297;branch=z9hG4bK-d8754z-a46e0c7c9d98fe52-1---d8754z-;rport=37297;transport=UDP.
To: <sip:1001@192.168.50.1;transport=UDP>;tag=b27e1a1d33761e85846fc98f5f3a7e58.fe8b.
From: <sip:1001@192.168.50.1;transport=UDP>;tag=1d222e19.
Call-ID: NTc2NDBjMGQ2YWFmZjdmNWI0MzVmN2Y4NzYyODJlMTc..
CSeq: 2 REGISTER.
WWW-Authenticate: Digest realm="192.168.50.1", nonce="VGfAuFRnv4wMvoTG7wA9tqYD9fgZDe3D".
Server: kamailio (4.1.6 (i386/linux)).
Content-Length: 0.

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users



_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users



_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users



_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users



_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users



_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users