14 Apr
2005
14 Apr
'05
2:02 p.m.
So Daniel like i understand the problem is my radius configuration,
another thing is that my ATA sending the same stuff, i mean if i will
change the sip server to different one where i installed freeradius
with ser it's working fine.
Daniel where i can start to fix that problem.?
Thank you very much for your time.
On 4/14/05, Alex <alexandergav(a)gmail.com> wrote:
So Daniel like i understand the problem is my radius
configuration,
another thing is that my ATA sending the same stuff, i mean if i will
change the sip server to different one where i installed freeradius
with ser it's working fine.
Daniel where i can start to fix that problem.?
Thank you very much for your time.
On 4/14/05, Daniel-Constantin Mierla <daniel(a)voice-system.ro> wrote:
The second REGISTER (the block 3) must contains
the response to the
authentication challenge carried by 401 reply (block 2). That means that
the block 3 must contain an Authorization header with authentication
credentials computed according to HTTP-Digest authentication mechanism
(RFC2617). Also, see the section 22.Usage of HTTP Authentication in SIP
RFC3261 for more about user authentication in SIP.
Daniel
On 04/14/05 13:16, Alex wrote:
Sorry Daniel , i didn't get that, I send here
4 blocks, 1 one is the
register request the 2 is the reply from the server, 3 is the register
request, 4 is the reply from the server. If you can please point me to
the problem. Because like i see the 2 register requests (1,3 blocks)
are the same.
On 4/14/05, Daniel-Constantin Mierla <daniel(a)voice-system.ro> wrote:
As you can see, the second REGISTER does not
contain the authentication
credentials (No Authorization header) in response to 401 reply. So,
either you didn't configure the phone to authenticate or the Grandstream
HT286 1.0.5.18 is faulty.
Daniel
On 04/14/05 12:35, Alex wrote:
>Daniel thanks
>btw it's clean installation of Red Hat Enterprise Linux AS release 3
>ser-08.14 , freeradius-1.2 , radiusclient-4.8
>
>i am sending ngrep port 5060
>i have here 2 requests of register and the replies to register.
>
>
>xxx.xxx.xxx.xxx - sipserverip
>telephoneip - ip where the call coming from
>Phonenumber - phone number
>
>--------------------------------------------------------------------------------------------------
>
>U telephoneip:10739 -> xxx.xxx.xxx.xxx:5060
> REGISTER sip:xxx.xxx.xxx.xxx SIP/2.0..Via: SIP/2.0/UDP
>telephoneip:10000;branch=z9hG4bK98514c3b052d7df6..From: "Test Alex" <
> sip:Phonenumber@xxx.xxx.xxx.xxx;user=phone>;tag=50673f1baca1958c..To:
><sip:Phonenumber@xxx.xxx.xxx.xxx;user=phone>..Contact: <sip
> :Phonenumber@telephoneip:10000;user=phone>..Call-ID:
>1cff1b8955b8fa5c@10.0.0.4..CSeq: 106 REGISTER..Expires:
>3600..User-Agent
> : Grandstream HT286 1.0.5.18..Max-Forwards: 70..Allow:
>INVITE,ACK,CANCEL,BYE,NOTIFY,REFER,OPTIONS,INFO,SUBSCRIBE..Content-Lengt
> h: 0....
>#
>U xxx.xxx.xxx.xxx:5060 -> telephoneip:10000
> SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
>telephoneip:10000;branch=z9hG4bK98514c3b052d7df6..From: "Test Alex"
><sip:Phonenumber@xxx.xxx.xxx.xxx;user=phone>;tag=50673f1baca1958c..To:
><sip:Phonenumber@xxx.xxx.xxx.xxx;user=phone>;tag=b27e1a1d33761e85846fc9
> 8f5f3a7e58.f894..Call-ID: 1cff1b8955b8fa5c@10.0.0.4..CSeq: 106
>REGISTER..WWW-Authenticate: Digest realm="xxx.xxx.xxx.xxx", nonc
> e="425e3ac34dc9509392435c11fb260f41420049c7"..Server: Sip EXpress
>router (0.8.14 (i386/linux))..Content-Length: 0..Warning: 392
> xxx.xxx.xxx.xxx:5060 "Noisy feedback tells: pid=1912
>req_src_ip=telephoneip req_src_port=10739 in_uri=sip:xxx.xxx.xxx.xxx
> out_uri=sip:xxx.xxx.xxx.xxx via_cnt==1"....
>#
>
>U telephoneip:10740 -> xxx.xxx.xxx.xxx:5060
> REGISTER sip:xxx.xxx.xxx.xxx SIP/2.0..Via: SIP/2.0/UDP
>telephoneip:10000;branch=z9hG4bK98514c3b052d7df6..From: "Test Alex" <
> sip:Phonenumber@xxx.xxx.xxx.xxx;user=phone>;tag=50673f1baca1958c..To:
><sip:Phonenumber@xxx.xxx.xxx.xxx;user=phone>..Contact: <sip
> :Phonenumber@telephoneip:10000;user=phone>..Call-ID:
>1cff1b8955b8fa5c@10.0.0.4..CSeq: 106 REGISTER..Expires:
>3600..User-Agent
> : Grandstream HT286 1.0.5.18..Max-Forwards: 70..Allow:
>INVITE,ACK,CANCEL,BYE,NOTIFY,REFER,OPTIONS,INFO,SUBSCRIBE..Content-Lengt
> h: 0....
>#
>U xxx.xxx.xxx.xxx:5060 -> telephoneip:10000
> SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
>telephoneip:10000;branch=z9hG4bK98514c3b052d7df6..From: "Test Alex"
><sip:Phonenumber@xxx.xxx.xxx.xxx;user=phone>;tag=50673f1baca1958c..To:
><sip:Phonenumber@xxx.xxx.xxx.xxx;user=phone>;tag=b27e1a1d33761e85846fc9
> 8f5f3a7e58.f894..Call-ID: 1cff1b8955b8fa5c@10.0.0.4..CSeq: 106
>REGISTER..WWW-Authenticate: Digest realm="xxx.xxx.xxx.xxx", nonc
> e="425e3acb812b5b2e8aa023e3fcffc618dc4cf661"..Server: Sip EXpress
>router (0.8.14 (i386/linux))..Content-Length: 0..Warning: 392
> xxx.xxx.xxx.xxx:5060 "Noisy feedback tells: pid=1885
>req_src_ip=telephoneip req_src_port=10740 in_uri=sip:xxx.xxx.xxx.xxx
> out_uri=sip:xxx.xxx.xxx.xxx via_cnt==1"....
>#
>
>
>tell me if you need something else.
>
>
>On 4/14/05, Daniel-Constantin Mierla <daniel(a)voice-system.ro> wrote:
>
>
>
>
>>Could you post the network dump with REGISTER/401/REGISTER messages? I
>>will take a look to see if something is wrong.
>>
>>
>>On 04/14/05 12:16, Alex wrote:
>>
>>
>>
>>
>>
>>>Digest realm is the same for the register requests.
>>>furthermore the realm in To tag is correct.
>>>
>>>
>>>
>>>
>>>
>>>
>>Did you mean To URI instead of To tag?
>>
>>Daniel
>>
>>
>>
>>
>>
>>>what else it can be.
>>>Thanks for any help.
>>>
>>>On 4/14/05, Daniel-Constantin Mierla <daniel(a)voice-system.ro> wrote:
>>>
>>>
>>>
>>>
>>>
>>>
>>>>Watch the network traffic (ngrep or ethereal on port 5060) and check the
>>>>realm from 401 is the same as the one from next REGISTER. Also, when
>>>>you use the empty realm parameter to radius_ww_authorize() and
>>>>www_challenge(), the realm is taken from To URI.
>>>>
>>>>Daniel
>>>>
>>>>
>>>>On 04/14/05 08:08, Alex wrote:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>Hi guys maybe someone can find the problem, i still can't see
anything
>>>>>going to radius authentication. (the radius logs are empty)
>>>>>
>>>>>the register request is coming but it's not going to authenticate
>>>>>through the radius.
>>>>>Any help will be appreciated.
>>>>>
>>>>>here is the debug from ser :
>>>>>---------------------------------------------------------------------------------------------
>>>>>14(1036) parse_headers: flags=-1
>>>>>14(1036) check_via_address(62.219.158.191, 62.219.158.191, 1)
>>>>>14(1036) DEBUG:destroy_avp_list: destroing list (nil)
>>>>>14(1036) receive_msg: cleaning up
>>>>>9(1012) SIP Request:
>>>>>9(1012) method: <REGISTER>
>>>>>9(1012) uri: <sip:xxx.xxx.xxx.xxx>
>>>>>9(1012) version: <SIP/2.0>
>>>>>9(1012) parse_headers: flags=1
>>>>>9(1012) Found param type 232, <branch> =
<z9hG4bKfc5751413c832e6d>; state=16
>>>>>9(1012) end of header reached, state=5
>>>>>9(1012) parse_headers: Via found, flags=1
>>>>>9(1012) parse_headers: this is the first via
>>>>>9(1012) After parse_msg...
>>>>>9(1012) preparing to run routing scripts...
>>>>>9(1012) REGISTER: Authenticating user
>>>>>9(1012) parse_headers: flags=4
>>>>>9(1012) end of header reached, state=9
>>>>>9(1012) DEBUG: get_hdr_field: <To> [45];
>>>>>uri=[sip:phonenumber@xxx.xxx.xxx.xxx;user=phone]
>>>>>9(1012) DEBUG: to body
[<sip:phonenumber@xxx.xxx.xxx.xxx;user=phone>
>>>>>]
>>>>>
>>>>>9(1012) parse_headers: flags=4096
>>>>>9(1012) get_hdr_field: cseq <CSeq>: <103>
<REGISTER>
>>>>>9(1012) DEBUG: get_hdr_body : content_length=0
>>>>>9(1012) found end of header
>>>>>9(1012) pre_auth(): Credentials with given realm not found
>>>>>9(1012) REGISTER: challenging user
>>>>>9(1012) build_auth_hf(): 'WWW-Authenticate: Digest
>>>>>realm="xxx.xxx.xxx.xxx",
>>>>>nonce="425e063022afc1142ed6730d46da41692ff3ed57"
>>>>>
>>>>>_______________________________________________
>>>>>Serusers mailing list
>>>>>serusers(a)lists.iptel.org
>>>>>http://lists.iptel.org/mailman/listinfo/serusers
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>
>>>
>>>
>
>
>